Privacy policy

HOME / PRIVACY POLICY

The protection of personal data is governed by the collection, storage, and processing of personal data by VERDATEK Oรœ that it collects from you when you order any of the services offered.

1. GENERAL

At VERDATEK Oรœ, we respect your right to privacy and strive for the highest level of protection of your personal information. When providing our services through our website and platforms, we act in accordance with applicable legislation, including:

  • The General Data Protection Regulation (EU Regulation 2016/679) ("GDPR")
  • Estonian Personal Data Protection Act
  • Canada's Personal Information Protection and Electronic Documents Act ("PIPEDA")
  • Electronic Communications Act
  • Other applicable local data protection laws

We will only use the information collected to perform the services we provide. VERDATEK Oรœ respects the confidentiality of personal data and privacy of users, and we take all reasonable measures to protect them from unauthorized access, misuse, or abuse.

We undertake that we will not under any circumstances forward personal or other information to third parties without express permission or allow third parties to access personal or other information about users, unless:

  • Requested by state authorities with legal authority
  • Required by law
  • Necessary for proceedings before courts or other state authorities
  • Required for the performance of our contractual obligations to you

The purpose of this Privacy Policy is to inform you of the purposes for which your personal information will be obtained, how it will be used, stored, and protected, and what your rights are in relation to the information we hold about you.

2. DATA CONTROLLER

The data controller is:

VERDATEK Oรœ Registration Code: 16650214 VAT Number: EE102700237 Address: Harju maakond, Tallinn, Lasnamรคe linnaosa, Sepapaja tn 6, 15551, Estonia Email: [email protected] Phone: +442 0 3808 9317 Website: verdatek.com

3. DEFINITIONS

User: Any person who visits our website, uses our services, applications, or platforms in any way.

Personal Data: Any information relating to an identified or identifiable natural person.

Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.

Data Subject: The individual to whom personal data relates.

4. PERSONAL DATA WE COLLECT AND PURPOSE OF PROCESSING

VERDATEK Oรœ collects, manages, processes, and stores the following personal data for the purposes of providing our services:

4.1 Information You Provide Directly:

  • Full name
  • Email address
  • Contact telephone number
  • Country of residence
  • Company name and business information (if applicable)
  • Billing and payment information
  • Service preferences and technical requirements

4.2 Information Collected Automatically:

  • IP address and device identifiers
  • Browser type and version
  • Operating system
  • Access times and dates
  • Pages visited and features used
  • Referring website addresses

4.3 Purposes of Processing:

  • To provide, maintain, and improve our services
  • To process transactions and send service-related communications
  • To respond to inquiries and provide customer support
  • To comply with legal obligations and resolve disputes
  • To detect, prevent, and address fraud, security issues, or technical problems
  • To send important notices about changes to our terms, policies, or services
  • With your consent, to send marketing communications about our services

4.4 Legal Basis for Processing:

Under GDPR and Estonian law, we process your personal data based on:

  • Contract performance: Processing necessary to fulfill our service agreement with you
  • Legal obligation: Processing required to comply with applicable laws
  • Legitimate interests: Processing necessary for our business operations, fraud prevention, and service improvement
  • Consent: Where you have provided explicit consent for specific processing activities

Under PIPEDA (Canadian law), we collect, use, and disclose personal information only for purposes that a reasonable person would consider appropriate in the circumstances, and only with your knowledge and consent except where otherwise permitted by law.

5. YOUR RIGHTS

You have the following rights regarding your personal data:

5.1 Right of Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.

5.2 Right to Rectification: You may request correction of inaccurate or incomplete personal data.

5.3 Right to Erasure ("Right to be Forgotten"): You may request deletion of your personal data under certain circumstances.

5.4 Right to Restriction of Processing: You may request that we limit the processing of your personal data in certain situations.

5.5 Right to Data Portability: You may request to receive your personal data in a structured, commonly used, and machine-readable format.

5.6 Right to Object: You may object to processing of your personal data based on legitimate interests or for direct marketing purposes.

5.7 Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

5.8 Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

To Exercise Your Rights:

Contact us at:

We will respond to your request within:

  • 30 days under GDPR/Estonian law
  • 30 days under PIPEDA (Canadian law), with possible extension to 60 days in complex cases

6. COMPLAINTS AND SUPERVISORY AUTHORITIES

For EU/Estonian Users: If you believe your rights have been violated, you may lodge a complaint with:

Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) Address: Tatari 39, 10134 Tallinn, Estonia Phone: +372 627 4135 Email: [email protected] Website: www.aki.ee

For Canadian Users: If you believe your rights have been violated, you may file a complaint with:

Office of the Privacy Commissioner of Canada Address: 30 Victoria Street, Gatineau, Quebec K1A 1H3 Phone: 1-800-282-1376 Email: [email protected] Website: www.priv.gc.ca

7. DATA RETENTION

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, accounting, or reporting requirements
  • Resolve disputes and enforce our agreements
  • Protect against fraudulent or illegal activity

Specific retention periods:

  • Account information: Duration of service relationship plus 7 years for legal and accounting purposes
  • Transaction records: 7 years from date of transaction
  • Communication records: 3 years from last contact
  • Marketing consent records: Until consent is withdrawn plus 3 years for compliance purposes

After the retention period expires, personal data will be securely deleted or anonymized.

8. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction, including:

  • Encryption of data in transit and at rest
  • Regular security assessments and audits
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your personal data, we cannot guarantee absolute security.

9. SHARING PERSONAL DATA WITH THIRD PARTIES

9.1 Service Providers: We may share your personal data with carefully selected third-party service providers who assist us in operating our business, including:

  • Cloud hosting providers
  • Payment processors
  • Customer support platforms
  • Analytics and monitoring services
  • Email and communication services

These service providers are contractually obligated to:

  • Process data only according to our instructions
  • Implement appropriate security measures
  • Comply with applicable data protection laws
  • Not use data for their own purposes

9.2 Legal Requirements: We may disclose personal data when required by law or in response to valid requests by public authorities, including:

  • Court orders or subpoenas
  • Law enforcement requests
  • National security requirements
  • Compliance with legal obligations

9.3 Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred as part of that transaction, subject to the same protections outlined in this Privacy Policy.

9.4 No Sale of Personal Data: We do not sell, rent, or trade your personal data to third parties for their marketing purposes.

10. INTERNATIONAL DATA TRANSFERS

VERDATEK Oรœ is based in Estonia (European Union). If you are accessing our services from outside the EU/EEA, please be aware that your personal data may be transferred to, stored, and processed in Estonia or other countries where we or our service providers operate.

For Transfers Outside the EU/EEA: When we transfer personal data outside the EU/EEA, we ensure appropriate safeguards are in place, such as:

  • EU Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Other legally recognized transfer mechanisms

For Canadian Users: We ensure that any cross-border transfers of personal data comply with PIPEDA requirements, including obtaining your consent where required and ensuring that foreign service providers provide comparable protection.

11. COOKIES AND TRACKING TECHNOLOGIES

Our website and services use cookies and similar tracking technologies. For detailed information about our use of cookies, including types of cookies used, purposes, and how to manage your cookie preferences, please refer to our separate Cookie Policy available at verdatek.com/cookie-policy.

12. CHILDREN'S PRIVACY

Our services are not directed to individuals under the age of 16 (or the applicable age of digital consent in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without parental consent, we will take steps to delete such information promptly.

13. AUTOMATED DECISION-MAKING AND PROFILING

We do not engage in automated decision-making or profiling that produces legal effects or similarly significantly affects you, except where:

  • Necessary for entering into or performing a contract with you
  • Authorized by applicable law
  • Based on your explicit consent

You have the right to object to automated decision-making and request human intervention in such decisions.

14. CHANGES TO THIS PRIVACY POLICY

We reserve the right to update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of significant changes by:

  • Posting a notice on our website
  • Sending an email to your registered email address
  • Other appropriate means of communication

The "Last Updated" date at the top of this policy indicates when it was last revised. We encourage you to review this Privacy Policy regularly to stay informed about how we protect your personal data.

Continued use of our services after changes to this Privacy Policy constitutes acceptance of the updated policy.

15. CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at:

VERDATEK Oรœ Data Protection Officer Email: [email protected] Address: Sepapaja tn 6, Tallinn, 15551, Estonia Phone: +442 0 3808 9317

We will respond to your inquiry as soon as possible and within the timeframes required by applicable law.

16. JURISDICTION-SPECIFIC PROVISIONS

16.1 For European Union / Estonian Users: This Privacy Policy complies with the GDPR and Estonian Personal Data Protection Act. The Estonian Data Protection Inspectorate serves as our lead supervisory authority.

16.2 For Canadian Users: This Privacy Policy complies with PIPEDA. We are committed to the ten fair information principles outlined in PIPEDA, including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

You have the right to access your personal information held by us and to challenge its accuracy. You may withdraw consent for collection, use, or disclosure of your personal information at any time, subject to legal or contractual restrictions and reasonable notice.

16.3 For Users in Other Jurisdictions: We comply with applicable local data protection laws in jurisdictions where we operate or have users. If you have specific questions about how local laws apply to your personal data, please contact us.

ACKNOWLEDGMENT

By using our services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

Leading cybersecurity platform providing AI-powered penetration testing, dark web monitoring, and comprehensive security assessments to protect your business 24/7.

Compliance & Standards
OWASP ISO 27001 PCI DSS GDPR NIS2 SOC 2 CCPA PIPEDA
SERVICES

PenTesting

Dark Web Monitoring

Free Security Scan

All Products

COMPANY

Home

Our Team

FAQ

Contacts

LEGAL

Terms of Service

Privacy Policy

CONTACTS

+44 (203) 808-9317

contact at cybertested.com

24/7 monitoring

EU and ECCC Logos

Supported by the European Cybersecurity Competence Centre and its members

Select Region & Language

Region
Language
Want to see CyberTested in action?
Book a Free Demo