Privacy

We take our data privacy obligations extremely seriously at Binalyze and as an EU registered company we are required to conform to GDPR. You can read our privacy policy below or download a copy here.

Binalyze Online Privacy Notice

1. General

1.1  This website is operated by Binalyze OÜ (“we” or “us”) that provides forensics solutions (“Service”) to individuals and companies as its clients. We recognize the importance of your privacy and are committed to protecting your personal data. This privacy notice (“Notice”) explains the principles on how we collect and use information when you visit the website https://binalyze.com/ („Website“), subscribe to our newsletter, you or the legal entity you work at or represent wishes to conclude a contract with us or receive our products through our distributor, requests for a demo or a free trial of our products, or take any other actions on our Website, which entail us receiving and processing your personal data.

1.2  For the purposes of providing the Service, we may access information about evidence types that can be broadly categorised as system, disk, memory, browser, NTFS, registry, network, event logs, WMI, process execution and other evidence, and artefacts that can be broadly categorised as server, Microsoft applications, communications, social, productivity, utilities, developer tools and cloud artefacts. Regarding data, which we access due to the provision of the Service, we act as a data processor and the processing of such data is governed by the data processing agreement concluded with our client, i.e. you or the legal entity you work at or represent as a data controller. The data controller is responsible for such processing and is obliged to provide you information about such data processing.

1.3  We process your personal data as described in this Notice and in accordance with applicable legislation, including the European Union’s General Data Protection Regulation (2016/679) and the national data protection laws of the Republic of Estonia, as applicable towards the personal data controller stated in Section 2 of this Notice.

1.4  In case you disclose any personal data regarding any third person(s) (e.g. your employee, management board member, co-worker, etc.) to us, you are obligated to refer them to this Notice.

2. Personal Data Controller

2.1  For the personal data processing purposes brought out in Section 4 of this Notice, the controller of your personal data is:

Binalyze OÜ
Registry code: 14434021
Address: Narva mnt 5, 10117, Tallinn, Estonia
E-mail: [email protected]

2.2  In case of personal data protection related inquiries, please contact us by writing to: [email protected]

3. Categories and Sources of Personal Data

3.1  Personal data are information that can be used to directly or indirectly uniquely identify, contact, or locate you as a private individual (“Personal Data”). The source of the collected Personal Data depends on how you interact with us. We may obtain and process the following categories of Personal Data:

3.1.1  Main data: name, e-mail address, phone number, legal entity’s name (“Main Data”).
Source: Personal Data you directly provide to us upon submitting your information via the Website.

3.1.2  For concluding and managing our contractual relationship, we process the following data: Main Data, Communication Data, payment details such as debit/credit card number, billing address. If you represent a legal entity, we additionally collect the legal entity’s name, registry code and your job title (“Contract Data”).
Source: Personal Data you directly provide to us or Personal Data provided to us by the legal entity you represent.

3.1.3  If you interact with us via the Website, live chat, or e-mails, we process the following Personal Data: Main Data, Contract Data, contents of your message. Additionally, we may supplement the Personal Data that you have provided to us directly with information that has been obtained from publicly available resources and registrars („Communication Data“).
Source: Personal Data you directly provide to us upon contacting us and the information we have obtained from publicly available resources, such as LinkedIn and HubSpot, and registrars, such as country specific commercial registrars.

3.1.4  Upon visiting the Website, our server processes the following data: IP address, access-provider, referring and exit URL, date, time, access tokens, session key, browser type and version, operating system, your navigation on the Website, amount and state of transferred data (“Technical Data”).
Source: While you are browsing through the Website, the Website itself generates or collects the Technical Data from your device automatically.

3.1.5  Cookie data. We implement cookies on the Website, for optimising the Website and its functionalities. The cookies may collect your Personal Data. For further information on the purposes and functions of the cookies, please see our cookie notice.

3.2  If you do not provide the required information, we may not be able to provide you with our products, contact you or fulfil any other purposes provided in Section 4 of this Notice.

4. Legal basis and purposes for processing the Personal Data

4.1  Our legal basis to process your Personal Data depends on the objective and context in which we collect the Personal Data. The following depicts a descriptive list of processing purposes that are linked to the specific data categories and legal basis for processing:

Processing purpose Legal basis for the processing purpose Personal Data used for the processing purpose
Handling pre-contractual negotiations and communications, concluding of the contract and managing the contractual relationship If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us Main Data, Communication Data, Contract Data
Responding to your enquiries and requests submitted via the Website, live chat, or e-mail, including submissions regarding partnership and receiving a demo Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties If you as a natural person wish to become or are already our client or partner and the enquiry or request is related to your potential or ongoing customer or partnering relationship with us, the legal basis is taking and implementing the pre-contractual measures of the contract or performing the contract concluded between us If you as a representative of legal entity, who wishes to become or is already our client or partner and the enquiry or request is related to the legal entity’s potential or ongoing customer or partnering relationship with us, the legal basis is our legitimate interest in taking and implementing the pre-contractual measures of a contract or performing the contract concluded between the legal entity and us Main Data, Communication Data
Performing the contract by delivering the purchased products (including providing you with free trial of our product), contacting you regarding the purchased products If the purchase is submitted by a natural person, the legal basis is performance of contract concluded between us If the purchase is submitted by a legal entity, the legal basis is our legitimate interest in performing the contract concluded between the legal entity and us Main Data, Contract Data, Communication Data
Gathering information about you from publicly available resources and registrars for the purposes of creating client segments and customising the information we provide to you about our business Our legitimate interest in ensuring effective relations management with potential customers, partners and interested parties Communication Data
Sending newsletters and other marketing information regarding us and our business via e-mail Consent given upon subscribing to our newsletter Main Data, Communications Data
Administering newsletter subscription list Our legitimate interest in ensuring valid legal basis for sending newsletters and recording given and withdrawn consents (subscriptions) Main Data
Diagnosing and repairing problems with the Website Our legitimate interest in providing data security and preventing fraudulent actions related to the Website; ensuring the functioning of the Website Technical Data
Making available the basic functions of the Website and administering the Website, including gathering information about visitor’s navigation on the Website Our legitimate interest in providing the Website and understanding use patterns of the Website to be able to better the Website and enhance the user experience Technical Data
Data exchange with our distributors and co-operation partners for facilitating the provision of our products Our mutual legitimate interest in providing you with our product through our distributor or co-operation partner Main Data, Contract Data
Storing information containing Personal Data in our backup systems Our legitimate interest in ensuring continuity and security of data processing operations All data categories named in Section 3.1
Disclosing data to our service providers or law enforcement and supervisory authorities Our legitimate interest in utilising the information technology infrastructure and services provided by our service providers or performance of our legal obligation All data categories named in Section 3.1
Intra-group data disclosures and transfers Our legitimate interest in utilising common technical infrastructure and performing internal administrative tasks All data categories named in Section 3.1
Arrange the sale or merger of our company and provide information for conducting the legal or other audit and the data exchange thereof Our legitimate interest in facilitating proper due diligence process and business continuity by ensuring a successful merger, acquisition or restructuring of the company All data categories named in Section 3.1
Establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure in relation to our, our users’ or employees’ rights Our legitimate interest in facilitating effective establishment, exercise, or defence of legal claims All data categories named in Section 3.1

4.2  We may process your Personal Data for other purposes, provided that we disclose the purposes and use to you at the relevant time, and that you either consent to the proposed use of the Personal Data, other legal grounds exist for the new processing purposes or the new purpose is compatible with the original purpose brought out above.

5. Personal Data retention period

5.1  Your Personal Data shall be stored insofar as reasonably necessary to attain the objectives stated in Section 4 of this Notice, or until the legal obligation stipulates that we do so. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the processing purposes and whether we can achieve these purposes through other means, and applicable statutory obligations. Whilst retaining the Personal Data, we take into account the viable need to resolve disputes and enforce the contract between us or anonymize your Personal Data and retain this anonymized information indefinitely.

5.2  Main Data and Contract Data, which are related to transactions, will be retained for 7 years as of the end of the financial year the transaction was recorded in our accounting ledgers.

5.3  In case the legal basis for processing your Personal Data is consent and you decide to withdraw the consent, we will stop processing Personal Data for the previously communicated purpose, however, we will retain a note regarding your withdrawal for the purposes of administering your decision and our data processing activities at least for a period of 1 years.

5.4  After the expiry of the retention period determined in accordance with Section 5 of this Notice or the termination of the legal basis for processing purpose, we may retain the materials containing the Personal Data in the backup systems, from which the corresponding materials will be deleted after the end of the backup cycle. We ensure that during the backup period appropriate safeguards are applied and the backed-up materials are put beyond the use.

6. Sharing your personal data and data transfers

6.1  We disclose your Personal Data to third parties only in accordance with this Notice to recipients who have undertaken to observe confidentiality or are subject to statutory confidentiality. Your Personal Data will be disclosed to our employees who due to their duties have the necessity to process your Personal Data.

6.2  Only if necessary, for fulfilling our statutory or contractual obligations, we may disclose your Personal Data to the following recipients:

Type of the recipient Purpose of disclosure
Law enforcement and supervisory authorities We disclose your Personal Data to law enforcement and supervisory authorities only if we are under a duty to disclose or share these data in order to comply with legal obligations (for example, if required to do so under applicable law, by a court order or for the purposes of prevention of fraud or other crime)
Professional advisors (legal advisors, accounting, auditors etc) In case not operating as data processors, conducting and supporting our regular business activities
Providers of support services related to fulfilling the contract For the purposes of performing our obligation related to the fulfilment of the contract we may disclose Personal Data to support service providers, such as payment service providers
IT-service providers In case not acting as data processor, providing IT solutions necessary for daily business functions
Distributors and co-operation partners Facilitating the provision of our products through our distributor or co-operation partner
Group entities Utilising common technical infrastructure and performing internal administrative tasks
Potential business acquirers, investors, and business transferee(s) If necessary and required for successfully transferring our business or for the purposes of mergers and acquisitions, your Personal Data may be disclosed to the specified acquirers and their representatives and / or legal counsels

6.3  In addition to the data recipients brought out in Section 6.2 of the Notice, we may disclose Personal Data to third party service providers who act as data processors and may operate the technical infrastructure that we need to host, store, manage and maintain the daily business. The following depicts the main categories with examples of our authorised processors, their location and reason for processing:

Category of the authorised processor Processing purpose Safeguard Location
Providers of IT-services Providing IT-solutions necessary for the daily business functions (e.g. Microsoft Azure) Data processing agreements, standard contractual clauses World-wide, including the USA
Providers of marketing and customer management software services Providing analytical insight and marketing tools for bettering daily business functions (e.g. MailChimp, HubSpot) Data processing agreements, standard contractual clauses World-wide, including the USA

6.4  To ensure that our service providers adhere to adequate data protection standards, we have concluded with all service providers engaged in the processing of Personal Data on our behalf written data processing agreements to ensure compliance with such standards. For service providers located outside the European Union or the European Economic Area (“EU/EEA”), we take special security measures (using EU Standard Contractual Clauses approved by the European Commission) to ensure that a level of protection of Personal Data comparable to that applicable in the EU/EEA is applicable to your Personal Data. We monitor the compliance of our service providers with the above requirements. Upon your request we will make available further information on the safeguards applied.

7. Your rights as a data subject

7.1  We have a legal obligation to ensure that your Personal Data is kept accurate and up to date. We kindly ask you to assist us to comply with this obligation by ensuring that you inform us of any changes that have to be made to any of your Personal Data that we are processing.

7.2  You may, at any time, exercise the following rights with respect to our processing of your Personal Data by contacting us via contact information referred to in this Notice:

7.2.1  Right to access: you have the right to request access to any data that can be considered your Personal Data. This includes the right to be informed on whether we process your Personal Data, what Personal Data categories are being processed by us, and the purpose of our data processing;

7.2.2  Right to rectification: you have the right to request rectification and updating of your Personal Data if you believe that we are processing inaccurate or incomplete Personal Data;

7.2.3  Right to object: you are entitled to object to certain processing of Personal Data, including for example, the processing of your Personal Data for marketing purposes or when we otherwise base our processing of your Personal Data on our legitimate interest;

7.2.4  Right to restrict Personal Data processing: you have the right to request that we restrict the processing of your Personal Data if: (i) you wish to dispute the accuracy of certain Personal Data we are processing, such right applies until we have had the opportunity to satisfy ourselves of the accuracy of the personal data; (ii) we have been processing your Personal Data unlawfully, but you only request the restriction of the use of the Personal Data in question instead of its deletion; (iii) we no longer need the Personal Data for the original purposes of processing, but you still need such Personal Data to assert, exercise or defend against legal claims; (iv) you have objected to our processing of certain of items of your Personal Data until a determination is made whether or not your concerns are outweighed by our legitimate interests in processing your Personal Data;

7.2.5  Right to erasure: you may request your Personal Data to be erased if the Personal Data is no longer necessary for the purposes for which it was collected, or if you consider that the processing is unlawful, or if you consider that the Personal Data has to be erased to enable us to comply with a legal requirement;

7.2.6  Right to data portability: if your Personal Data is being automatically processed with your consent or on the basis of a mutual contractual relationship, you may request that we provide you that Personal Data in a structured, commonly used and machine-readable format. Moreover, you may request that the Personal Data is transmitted to another controller. Bear in mind that the latter can only be done if that is technically feasible;

7.2.7  Right to withdraw your consent: in cases where the processing is based on your consent, you have the right to withdraw your consent to such processing at any time by contacting us or using relevant tools provided on the Website;

7.2.8  Right to contact the supervisory authority: if you are not satisfied with our response to your request in relation to Personal Data or you believe we are processing your Personal Data not in accordance with the law, you can lodge your complaint with the Estonian Data Protection Inspectorate (in Estonian Andmekaitse Inspektsioon) at [email protected] (https://www.aki.ee/).

7.3  Please note that prior to answering your request, we may ask you to provide additional information for the purposes of authenticating you and evaluating your request regarding your rights brought out in Section 7.2 of the Notice.

8. Amendments to this notice

8.1  This Notice may be amended or modified from time to time to reflect changes in the way we process Personal Data and, in such case, the most recent version of the Notice will appear on this page. Please check back periodically, and especially before you provide any new personally identifiable information.

 

Version: April 2021