Arctic Security's Privacy Policy

We at Arctic Security Ltd. develop and publish this website and online services in order to serve you, other visitors and our customers who are interested in or using our products. This privacy policy explains why and how we, as a data controller, process your personal information and informs you of your rights as a data subject.

Data controller

Company name: Arctic Security Ltd.

Address: Elektroniikkatie 8, 90590 Oulu, Finland

Email: contact@arcticsecurity.com

Business ID:  2846252-2

Types of data collected

Our hosting, content delivery, analytics and spam protection services collect visitor information in form of IP-addresses and cookies automatically submitted by your web browser.

We also collect email addressesdomain namesIP-addresses and optionally your name and company if you submit them manually via forms on our website or by using our managed services and online products.

Purpose and legal basis for processing

We process your personal information for purposes of focusing and localizing marketing content, generating leads for our sales, distributing factual information and news about our company and products and measuring and improving the website user experience. If you use our managed services or online products then information you give us is used to provide you the services you subscibe to.

Legal basis for processing visitor information is our legitimate interests. We use analytics services to understand who visits our website and spam protection services to protect our website from abuse. Legal basis for processing email addresses, your name and company is explicit user consent.

Data sources

Hosting and content delivery

We use CloudCannon, Google Fonts, YouTube, GitHub and GitHub Pages to host and deliver our website and related content to you. In order to work as efficient content delivery platforms they may collect and use information that web browsers expose automatically, such as the browser version, IP address, site specific cookies, device identifiers, language preference, referring site, the time of access and user’s operating system. These services should collect only minimal information required to deliver the content and we don’t use these services to collect any information for processing. Some of these services may provide you an option to register directly as their user to improve the user experience. If you have directly registered to any of these services we advise you to study their respective privacy policies.

SPAM protection

We use Google’s reCAPTCHA for SPAM and abuse protection on our web forms. ReCAPTCHA aims to distinguish whether an input is made by a person or by automated processing. For this purpose reCAPTCHA collects and sends to Google information about user’s IP-address, web browser and Google related cookies. Google's privacy policy can be found at https://policies.google.com/privacy.

Analytics

We use Google Analytics and Google Tag Manager to collect information about our website visitors and their behaviour while on the website. We have configured these services to anonymize IP-addresses, and we have not enabled transaction ID or user ID tracking. Google provides means to opt-out from Google Analytics data collection at https://tools.google.com/dlpage/gaoptout. Google's privacy policy can be found at https://policies.google.com/privacy.

Marketing and customer relationship management (CRM)

When you request downloadable material or subscribe to our newsletter you provide us your email address. We use Zapier to deliver your request to our account on ActiveCampaign. Then ActiveCampaign service will handle your opt-in and store your email address for delivery and marketing automation purposes. When your relationship with us develops further your email address may be manually promoted to HubSpot service that we use for our customer relationship management (CRM).

Our managed services and online products

When using managed services and online products you subscribe to you may provide us IP-addresses, domain names or email addresses for purposes of checking 3rd party sources for relevant threat intelligence and cyber security information. We will use this information to do the checks you have requested and this may involve consulting 3rd party sources for any information relevant to the assets you have identified.

Your rights as a data subject

You have the following rights according to GDPR regarding the processing of your personal data. You can exercise your rights by contacting us by email.

Right of access: You have the right to check at any time, what personal information we have stored about you.

Right to object: You have the right to object our processing of your personal data, if you think that our processing does not happen according to the GDPR or if you think we have no lawful basis for processing your data.

Right to erasure: You have the right to remove your personal data at any time.

Right to data portability: You have the right to request a machine-readable summary of your personal data from us, so that you can transfer them to another service provider.

Right to lodge a complaint: You have the right to complain to the supervisory authority if you think we are in violation of your rights, in violation of GDPR, or the Finnish law regarding personal data protection. The supervisory authority in this case is the Office of the Data Protection Ombudsman (Tietosuojavaltuutettu) in Finland.

Right to object to direct marketing: You have the right to object to using your personal data for direct marketing purposes.

Duration of processing

Analytic services we use for the visitor information retain data up to 26 months. Email addresses submitted by the users are retained until user unsubscribes. If a subscriber requests a permanent opt-out from any future marketing then opt-out address is retained until person in question requests to be removed from the opt-out list.

Data recipients

Visitor information is processed only by named employees of Arctic Security Ltd., who are responsible for developing and maintaining the website. Email addresses and subscriptions are processed by our sales and marketing personnel. Currently we employ no subcontractors or other third parties to process any personal information.

Data transfers outside of EU

Content delivery services utilize geographically distributed servers in order to deliver the content efficiently, making it difficult to determine the actual location where short lived visitor data automatically submitted by the web browsers is stored.

External services are used by us for content delivery, SPAM protection, analytics and marketing do collect and process data outside of EU. Where possible we have configured these services to anonymize collected IP-addresses. We use only service providers that comply to adequate level of data privacy as required by the GDPR and that are committed to follow relevant EU regulations.

When using our managed services and online products as a subscriber, your asset information will be used to query 3rd party services for threat intelligence and cyber threat information in order to provide you the service you have requested. Due to nature of these feeds and sources, some of them may be outside EU but no personally identiable information will be transfered unless you have explicitly added that to the list of assets that you want us to make queries about.

Automated individual decision-making

Your personal data is not used for automated individual decision-making or profiling.

Data protection principles and measures

We don’t collect or  ask you for personal information unless we truly need it. We require a non-disclosure agreement (NDA) from all our employees who process personal information. We control and keep track of who has access to the services used to process the data. We use transport layer encryption (TLS) to protect your interaction with our website. We periodically review implementation of our website and any related services we rely on against this privacy policy.