Privacy Policy

Privacy Policy

The administrator and owner of the websites www.defensive-security.com and www.edu.defensive-security.com (hereinafter referred to as the Website) is the company Defensive Security Holding Sp. z o.o., headquartered in Wilkowice, at ul. Kamienna 1E, 43-365 Wilkowice, registered in the Register of Entrepreneurs maintained by the District Court in Bielsko-Biała, VIII Commercial Division of the National Court Register under KRS number: 0001067062, NIP: 9372756070, REGON: 526836257, with share capital of PLN 5,000.00 (hereinafter referred to as Defensive Security).

Contact Regarding the Processing of Users’ Personal Data

As part of the implementation of the Data Protection System (SODO) at Defensive Security, it was decided not to appoint a Data Protection Officer. For matters related to personal data protection and privacy, you may contact us via email at m@defensive-security.com.

Purposes of Personal Data Processing

The purposes, duration, legal basis, and legitimate interests for processing personal data are as follows:

Legal basis for processing personal data:
Article 6 of the GDPR outlines six possible grounds for processing personal data:

  1. Consent of the data subject.

  2. Performance or preparation of a contract.

  3. Compliance with a legal obligation.

  4. Protection of vital interests.

  5. Execution of tasks arising from legal or public authority.

  6. Pursuit of legitimate interests.

Processing purposes include:

  1. Responding to inquiries submitted via the contact form – Article 6(1)(b) GDPR.

    • Duration: Until claims related to the subject of communication expire.

  2. Newsletter management – Articles 6(1)(a), (b), (f) GDPR.

    • Duration: Until consent is withdrawn.

    • Legitimate interest: External communication.

  3. Order handling – Article 6(1)(b) GDPR.

    • Duration: Until claims under the agreement expire.

  4. Comment management – Articles 6(1)(b), (f) GDPR.

    • Duration: Until consent is withdrawn or the Website ceases to exist.

    • Legitimate interest: External communication.

  5. Correspondence management – Article 6(1)(f) GDPR.

    • Duration: Until claims related to the subject of communication expire.

    • Legitimate interest: External communication.

  6. Tax and accounting obligations – Article 6(1)(c) GDPR, in conjunction with applicable tax laws.

    • Duration: As required by tax and other regulations.

  7. Creating archives for legal purposes – Article 6(1)(f) GDPR.

    • Duration: Until claims expire.

    • Legitimate interest: Legal security of the administrator.

  8. Social media management – Article 6(1)(f) GDPR.

    • Duration: As long as the communication system exists in social media platforms used.

    • Legitimate interest: External communication.

  9. External communication analysis and statistics – Article 6(1)(f) GDPR.

    • Duration: Five years after the end of communication through a given channel.

    • Legitimate interest: Improving service efficiency and quality.

  10. YouTube player and newsletter form functionality – Article 6(1)(f) GDPR.

    • Duration: Until the Website ceases to exist.

    • Legitimate interest: External communication.

  11. Service preparation and execution – Article 6(1)(b) GDPR.

    • Duration: Until claims related to communication or agreements expire.

  12. Customer satisfaction research – Article 6(1)(f) GDPR.

    • Duration: Five years after communication ends.

    • Legitimate interest: Improving service quality.

  13. Direct marketing of own services – Article 6(1)(f) GDPR.

    • Duration: Until an objection is raised.

    • Legitimate interest: Marketing own products to clients.

  14. Providing commercial information through electronic communication – Article 6(1)(a) GDPR.

    • Duration: Until consent is withdrawn.

    • Legitimate interest: Marketing offerings.

Additional Information about Personal Data and Users’ Rights

The Administrator may transfer personal data outside the European Economic Area for services such as Podia.com and payment processors like Stripe and PayPal. The Administrator does not make decisions solely based on automated processing, including profiling, which would have legal effects or significantly affect the User.

Users’ Rights

Users have the right to:

  1. Withdraw consent to data processing.

  2. Request rectification of their data.

  3. Limit processing to storage or agreed-upon actions if the data is incorrect or processed without a basis.

  4. Object to processing based on legitimate interests or request data deletion, provided a justified situation is presented.

  5. Access data, receive copies, or transfer data to another entity.

  6. Lodge a complaint with a supervisory authority.

Data Recipients and Anonymous Data

Trusted partners may access data to perform necessary actions, including administrators of marketing systems, servers, or as required by law. Personal data includes names, company details, contact information, and payment details.

Anonymous data is processed for Website improvement, including access times, pages visited, user location, and browser details.

Cookies Policy

The Administrator uses cookies to enhance Website functionality. Users can manage cookie settings via their browser. Third-party tools, such as Google Analytics, may also store cookies to analyze usage.

Changes to the Privacy Policy

Defensive Security reserves the right to update this policy, which will be published on the Website.

Version 1 created on: October 31, 2023.