Truesec Platform – Privacy Notice

  1. Introduction
  2. The Personal Data That We Process About You
  3. How We Use Your Personal Data
  4. Transfers of Personal Data
  5. How We Store Your Personal Data
  6. Your Rights
  7. How To Contact Us

 

1. Introduction

This privacy notice explains how Truesec Group AB, Org. No. 556690-8074, and its subsidiaries (“Truesec”), in the capacity of data controller, collect, use, maintain, and disclose personal data from you when you use the Truesec Platform.

If you have any questions, wish to exercise any of your rights under the EU General Data Protection Regulation (EU) 2016/679 (hereinafter, the “GDPR“) in relation to our processing of your personal data, or otherwise wish to come into contact with Truesec regarding our processing of your personal data, please also find contact details to us below.

2. The Personal Data That We Process About You

We process your personal data in order to be able to provide you with access to our Platform and share information with you there.

In this work, we process personal data that we have either been provided by you or your employer or that we have collected about you ourselves.

When you are invited to use our digital customer platform, you or your employer will provide the following data to us:

  • Your name.
  • Your work details, i.e. which company you work for and your professional title.
  • Your email address.

When you use our digital customer platform, we may collect the following data about you:

  • Attributes from your company identity provider, e.g. unique identifiers related to your account.
  • User account information, i.e. information on how you use the platform.

 3. How We Use Your Personal Data

3.1 Purposes

When your company decides if you will have access to our Platform, we use your personal data in relation to the platform for the purpose of:

  1. Verifying your identity and access rights when signing into the Platform. For this purpose, we process identity attributes from the identity provider used by your company.
  2. Providing access to the Platform and communicating with you regarding our services and business operations. For this purpose, we process your name, email address, and work details.
  3. Developing and improving our services and the Platform. For this purpose, we process your user account information.

3.2 Lawful Bases

The lawful basis for purpose No.1 above is that Truesec has a legitimate interest in verifying your identity to allow you access when logging onto the Platform.

The lawful basis for purpose No. 2 above is that Truesec has a legitimate interest in making the Platform accessible to our customers and being able to communicate with you regarding information relating to your company and our services.

The lawful basis for purpose No. 3 is that Truesec has a legitimate interest in developing and improving products, services, and the Platform.

4. Transfers of Personal Data

In order to provide the Platform and administer your company’s account, we must share some of your personal data with our partners and service providers (so-called” third parties”). This is only done to the extent necessary for us to improve and provide our products, services, and the Platform. We share your personal data with the following third parties and for the following reasons:

  • Auth0, for identity and access management.
  • Microsoft, for cloud storage in Azure.
  • Spotler SendPro, for email distribution service.

 

Personal data in the Platform is stored and processed in the EU/EEA.

5. How We Store Your Personal Data

All your personal data located in the Platform is securely stored.

The data we store in the Platform uses AES 256 encryption as default. Every instance of customer service uses unique keys and is provisioned in separate resources at the cloud provider we use. On top of this, the cloud provider also uses Storage Service Encryption (SSE), which adds an additional layer of encryption to the data at rest.

We have a strict access control system at play, that uses fenced network layers around the data and high demand on authentication with both regional controls, enforced MFA and validated control of devices from whom entitled personal can use to access the data. This setup is also reviewed every quarter based on our ISO 27001 policies.

We will keep your personal data for as long as you have a Platform user account, i.e. as long as your company is using our Platform or until you or your employer notifies us that the user account is no longer required.

Data related to Truesec’s managed security services, such as Managed Detection and Response, is stored in its entirety for the duration of the service delivery, unless otherwise separately agreed between Truesec and the client. This ensures we can deliver a high-quality service with traceability. Data is deleted as part of offboarding procedures for the individual services.

6. Your Rights

Under the GDPR, you have a number of rights in relation to our processing of your personal data. If you want to make use of these rights or have any other questions regarding your rights as a data subject whose personal data is under our processing, please contact us at our contact details above or send us an email at privacy@truesec.com.

The Right to Information and Access (Right of Access)

You have the right to request information about our processing of your personal data. Further, you have the right to request to receive copies of the categories of personal data that we process.

The Right to Rectification

You have the right to request that incorrect, inaccurate, and incomplete personal data about yourself be rectified. For your information, we will, upon our own initiative, rectify any personal data about you that we discover is incorrect, inaccurate, or otherwise incomplete.

The Right to Be Forgotten

Under certain conditions, you have the right to request that personal data about you be deleted.

The Right to Restriction of Processing

Under certain conditions, you have the right to request that the processing of your personal data be restricted.

The Right To Object to Processing

Under certain conditions, you have the right to object to our processing of your personal data if such processing is made on the lawful basis of our legitimate interest.

The Right to Data Portability

Under certain conditions, you have the right to request that we transfer the personal data that we have collected about you to another organization, or directly to you, in a structured, commonly used, and machine-readable format.

Revoking of Your Consent

You are at any time and free of charge entitled to revoke your consent to the processing of your personal data that is made on the lawful basis of your consent. We will then cease the said processing immediately. Such revoking of your consent can be made by either calling us at +46 (0)8 10 00 10 or by sending us an email at privacy@truesec.se.

Right to Complain

You also have the right to lodge a complaint with the Supervisory Authorities if you are dissatisfied with the way we process your personal data. You will find the contact information of the Swedish Supervisory Authority here: https://www.imy.se/privatperson/utfora-arenden/lamna-ett-klagomal/.

7. How To Contact Us

If you have any questions regarding how we process your personal data when you use the Platform, please contact us at:

Truesec Group AB

Address: Luntmakargatan 18, 111 37 Stockholm, Sweden

Phone: +46 810 00 10

Email: privacy@truesec.com.