1. Who is responsible for the processing of your data?
The data controller is Cybersec Hub S.L. (“Zerod”), whose details are set out below:
Data controller: Cybersec Hub S.L.
Postal address: Barcelona, Street Josep Irla i Bosch, 1, (08034)
Email address: email@example.com
Contact of Zerod's Data Protection Officer: firstname.lastname@example.org
Zerod is a platform that finds for you the most suitable cybersecurity professional all over the world for all type of business needs.
2. What personal data do we process and where do they come from? purposes and legitimate basis for processing
As a result of registration on the Zerod website: www.zerod.io (the “Website”), and of the various requests for the purchase of products or the provision of services that may be carried out through the same, Zerod may process the following categories of personal data that Users provide for the purposes set out below and in accordance with the various legitimate bases.
The data collected will in all cases be processed for the purposes specified and in no case in a manner incompatible with those purposes.
2.1 Identification and contact details of Users or their representatives by virtue of the contractual relationship
Users' identification and contact details include the following, and will be provided at the time of registration:
a. Customer: name, company, email, fiscal data, role, phone, payment data.
b. Cybersecurity professional: ID, name + surname, fiscal data, email, phone, payment data.
The identification and contact data will be used for the following purposes:
c. Use and navigation of the Website;
d. Manage your status as a Zerod User;
e. Communicate to you the benefits and advantages you enjoy as a Zerod User; and,
f. Receive the information requested.
This processing is necessary to formalize your status as a Zerod User or to provide you with the service you request. In the event that you object to the processing of your data related to your registration as a Zerod User or to the contracting of any product or service, this will result in the immediate cancellation of your User status or the non-provision of the product or service contracted. The legitimate basis for such processing is the contractual or organic relationship that binds you to Zerod.
2.2 Identifying and contact details of Users or their representatives by virtue of legitimate interest
The identification and contact data described in section 2.1. above may also be used for the following purposes:
a. To offer or recommend Zerod services or products that may be of interest to you.
b. create a commercial profile that allows us to optimize the above purpose.
Under no circumstances will automated decisions be taken on the basis of this profile for any purpose other than that indicated. In particular, the commercial profile will in no case be used for financial scoring purposes.
The legitimate basis for such processing is legitimate interest.
2.3 Data relating to the processing of payments under the contractual relationship
Data relating to the processing of payments include credit card number, bank account number etc. This data does not necessarily have to be provided at the time of registration but may be added by Users in their profile at their own discretion. Data relating to payment processing shall be used to enable the processing of payments for contracted services between Users. For this purpose, Zerod will store or communicate such data to payment platforms in accordance with paragraph 4 below. The legitimate basis for such processing is the contractual or organic relationship between you and Zerod.
2.4 Data derived from the use of the Zerod website
The data derived from the use of the Zerod website includes, among others, data derived from the use of the Website by the User each time he/she interacts with the Website. This data, together with identification and contact data, will be used for the following purposes:
a. Offer or recommend Zerod services or products that may be of interest to you after you have ceased to be a User, or after the provision of the services contracted or for which you have shown interest.
b. Offer or recommend you services or products of third parties that may be of interest to you.
c. Periodically send you our newsletter by email. You can unsubscribe from the newsletter at any time by sending a message to the following contact address email@example.com.
This processing will only be carried out if you have given your consent by ticking the box provided for this purpose. Failure to consent to any of the purposes indicated will not entail any consequence in the contractual or organic relationship you have with Zerod.
We remind you that, at any time, you may object to the processing of your data, especially in the case of the sending of commercial offers. Any information, offer or recommendation may be sent by any physical or telematic means (email, fax, SMS, social networks, mobile applications, etc.).
The legitimate basis for such processing is express consent.
3. How long will your data be kept?
The personal data you provide to us will be retained for as long as it is necessary for the purpose for which it was collected.
In any case, once you have left Zerod or the last contract or service you contracted with Zerod has ended, for whatever reason, your data will be automatically cancelled after 10 years, in the case of former patients, or 3 years, in the case of former customers.
You may revoke your consent at any time, in which case we will also delete your data.
Your data will be deleted by blocking. With this method, Zerod will not have access to your data and will only process them in order to make them available to the public or judicial authorities and to meet any liabilities related to the processing of the data, in particular for the exercise and defense of claims before the Spanish Data Protection Agency. We will keep your data blocked for the periods provided for in the applicable provisions or, where applicable, in the contractual relations maintained with Zerod, proceeding to their physical deletion once these periods have elapsed.
4. To whom will your data be communicated?
It is necessary for the provision of the services to allow certain service providers to process data on behalf of the controller and as processors of personal data. These third parties designated by Zerod may be:
a. Payment intermediation service platforms: for the purpose of enabling the payment of contracted services between Users.
b. User identification platforms: that assess Users’ documents and prove their identity.
i. Customer service providers: for the purpose of managing any incidents that may arise during the request for or provision of the service.
ii. Other: legal consultancy services, IT services, etc.
Your personal data will not be disclosed to third parties unless required by law, in the vital interest of the data subject or with the prior consent of the data subject.
All information provided to us will be treated confidentially and in strict compliance with the security obligations necessary to prevent access by unauthorized third parties.
5. Technical and organizational measures
In order to guarantee the confidentiality, integrity and availability of your personal data, Zerod has implemented the following measures:
a. We carry out security tests and audits on all our technologies on a regular basis (pentest, code review, etc.).
b. Our solution is hosted on Microsoft Azure Cloud, which has all the required security certifications (ISO 27001, SOC, etc.).
c. We review and implement all necessary access controls to our systems (law of least privilege), as well as MFA measures.
d. We maintain a log history to deal with any anomalous activity and to be able to deal with the incident appropriately.
e. Our solution is fully resilient with high availability, and we guarantee 99.9% service availability.
f. All our sensitive data is properly encrypted both in transit and at rest, using the most secure protocols on the market.
6. What are your rights?
You may exercise your rights of access, portability, rectification, erasure, restriction and objection to not being subject to a decision based solely on automated processing. You may also withdraw your consent at any time.
I. The right of access allows you to know and obtain, free of charge, information about your personal data undergoing processing.
II. The right of portability allows you to request that we provide your data in a structured, commonly used, machine-readable and interoperable format or, where technology permits, that we transmit your data directly to another data controller.
III. The right of rectification allows you to correct errors, to amend data that proves to be inaccurate or incomplete and to ensure the accuracy of the information undergoing processing.
IV. The right of erasure allows you to request the deletion, without prejudice to the duty to block, of the data undergoing processing.
V. The right of restriction allows you, in certain cases provided for by law, to request that your data be blocked and access to it be limited solely for the purpose of formulating, exercising, or defending claims, protecting the rights of another natural or legal person, or for reasons of public interest.
VI. The right to object allows you to request that the processing of your personal data not be carried out or be stopped.
VII. The right not to be subject to a decision based solely on automated means, if the decision produces legal effects on you or similarly significantly affects you.
To exercise the rights specified above, you can use the forms available at: www.zerod.io
You may also exercise any of these rights by contacting Zerod’s Data Protection Officer by sending an email to: firstname.lastname@example.org; or by post to: Barcelona, calle Josep Irla i Bosch, 1, (08034). You must provide a copy of your ID card or official document that accredits you.
You also have the right to lodge a complaint with the Spanish Data Protection Agency. The necessary information is available at: www.agpd.es.