PentestHero is registered with the Dutch Chamber of Commerce under KVK Number:
You can contact us during business hours at (phone number) or email us at any time at firstname.lastname@example.org
You can write to our Data Controller at: (address)
Importantly, this policy addresses the privacy practices and standards as used by PentestHero and its contracted people. It does not include practices which might be used by any third-parties, including applications, partner applications, or third-parties utilizing our platform. PentestHero is not responsible for the privacy practices of third-parties. However, we will disclose any instance in which we give third-party application access to our website, platform, or services. Any data collected, stored, or requested by PentestHero will not be disclosed to third parties, except in cases of legal requirement.
- Cookies Policy
- What Data Do We Collect?
- How do We Use Data?
- How is Personal Data Processed and Disclosed?
- How is Personal Data Transferred?
- How do We Secure Your Personal Data?
- How Long Do We Store Personal Data?
- Your Rights Regarding Your Personal Data
- Third Parties
You can opt out of cookies at any time. You may also instruct your browser to stop accepting cookies. Doing so may limit certain features on PentestHero.
We utilize Cookies for the following reasons:
- Authentication – “Session ID” cookies are used to automate data entry, verify your account, and determine when you’re logged in.
- Security – We utilize cookies to review how people access our site, so that we can offer better security, maintain our terms of service, and protect users.
- Features/Services – Cookies enable functionality for user support, such as user authentication, log-in dates, and access dates
- Google Analytics – We utilize third-party cookies through Google Analytics for our advertising and marketing. Google Analytics collects data including number of visitors, how users came to the website, which website you came from, total number of times users visited the site, duration of stay, etc.
- Analytics – We utilize cookies to better understand how people use our website and application, with the intent of improving those services.
What Data Do We Collect?
PentestHero collects personal and impersonal data through our own and third-party services.
Users are often required to offer personal information including but not limited to name, email address, phone number, payment information, physical address, and other contact information on registration and when ordering services.
Requests for data are made when users create accounts, confirm accounts, onboard (individuals, teams, organizations), when requesting services, when making payments, and when otherwise requesting services from PentestHero. You may be asked to submit information such as your name and organization when opting into mailing lists, when downloading resources, when requesting a demonstration, or when requesting a Pentest as a non-customer.
PentestHero reserves the right to request additional information for security and verification purposes (in which case, compliance may be mandatory for continued access to our services), optional requests, or legal requests. In most cases, you can choose to opt out of additional requests for information.
- Identity and Contact – Name, Address, Telephone Number, Job Title, Job Function, etc.
- Business Identity – Business information provided as part of your contractual relationship with PentestHero
- Payment Data – Bank account, debit/credit card, security code numbers, billing information, and any additional information we may need for fraud prevention.
Information regarding third parties:
Should you provide information regarding third-parties other than yourself, you must do so with their explicit permission. You must ensure they understand how their information will be used by PentestHero and that they have given you permission to disclose it.
PentestHero automatically collects non-personal information, including data not protected under European regulation. Non-personal information does not identify the individual. This information may include IP addresses, search terms entered, ads clicked, spots on website clicked, browser and operating system, web pages visited, features interacted with, user content preferences, etc. We collect this information for marketing, optimizing our web properties, and for improving our services.
How Do We Use Personal Data?
PentestHero collects personal and non-personal data with the intent of improving the user experience. Some of the ways we utilize collected data include:
- To optimize and maintain Pentesthero.io. This includes aggregating user data, benchmarking best practices, and monitoring the functionality of our web properties. This includes developing the website based on user data and behavior, analyzing use patterns for UX purposes, and generating visitor and user statistics.
- To provide services requested by and agreed to by the user. E.g., registering you as a customer of PentestHero, to administer or process payments for services rendered, to deliver services, etc.
- To contact users with the intent of discussing PentestHero and its services. This may include sharing information related to PentestHero, the user account and services, the requested services, updates regarding those services, etc. Users can opt out of most communication but will still receive critical notifications relating to the account, until the termination of said account. We reserve the right to outsource this communication to third parties.
- To bill users for requested services
- To offer customer service and assistance for user accounts and services
- To comply with legal processes and law enforcement requests
- To conduct or transact business you have contracted us for, as we, in our sole subjective discretion, deem reasonable.
PentestHero does not knowingly collect or utilize information from anyone under the age of 18. Under our Terms of Service, persons under the age of 18 may not use our website, services, or connected web properties.
In some cases, local regulation may require that we collect Personal Data to process certain services. This means that refusal to provide Personal Data may result in refusal of service. For example, we are legally obliged to request Personal Information on requesting a payment. Should you fail to provide it, it may not be possible to finalize the payment.
How is Personal Data Processed and Disclosed?
We will never use your Personal Information to take automated decisions affecting or creating profiles other than as described above.
We may share your personal information including with:
- Our affiliates and partners. We will provide information regarding partners and affiliates on request. Write email@example.com with your request
- Third parties in connection with services we provide
- On a confidential basis with third parties we may employ for communication purposes
- Financial institutions, especially for fraud and crime prevention purposes
- Government and legal authorities such as law enforcement, attorneys, regulators, etc., where it is reasonably necessary for the establishment, exercise, or defense of a claim or dispute
- With service providers such as shared service centers, for any of the purposes listed above on our behalf and only in accordance with our instructions
How is Personal Data Transferred
In the case that it becomes necessary to transfer your information to another country, we will use, share, and safeguard that information as described in this policy.
- Should we transfer your data outside of the EU, we will do so only when the country offers the same level of data protection as the EU, or only when it is necessary for the services you requested.
- We will exercise all due caution to protect your data during transfer, including utilizing encryption, rigorously reviewing the authenticity and security standards of any partner, and ensuring the security standards of the network used for the transfer.
- We utilize data protection standards that are, at minimum, as those required by the EU and the Netherlands.
- PentestHero complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. This applies to the collection, use, and retention of personal information from EU member countries and the U.K.
Please contact us for a complete list of data protection standards.
How Do We Secure Your Personal Data?
PentestHero takes every reasonable precaution to protect and secure your personal data. These steps are important to us, especially because of the necessarily confidential nature of services rendered. Our security policy maintains standards for data protection, including but not limited to encrypted data transfer, HTTPS, and secure servers.
We regularly maintain networks and web properties, monitor for threats and risks, utilize third-party testing to ensure our continued compliance and security, and have rigorous procedures in place to deal with suspected vulnerabilities. In the case of a breach, we will notify affected parties and any applicable regulators as quickly as possible, under the full extent of applicable law.
How Long Do We Store Personal Data?
PentestHero will store personal data for as long as is necessary to fulfil the purposes of original collection, as well as to satisfy additional requirements regarding reporting, compliance, legal, accounting, etc.
Email us at firstname.lastname@example.org for specific data relating to your personal data on file, how long we store it, and possible deletion or control measures.
We will securely destroy personal information in accordance with applicable laws and regulations when we no longer require it for the purpose of original collection, or a further service requested by you.
Your Rights Regarding Your Personal Data
You hold the right to request changes, ensure the accuracy, and object to how we utilize data.
Accuracy – It is your responsibility to ensure the accuracy of any information which you have provided to us. PentestHero is not responsible for any losses or damages arising from inaccurate, inauthentic, or deficient personal information. Contact us at email@example.com or update your personal information via your user account.
Access – You have the right to request your personal information, except in the instance where it might infringe on the privacy of a third-party person, or if we are legally prevented from doing so. Email us at firstname.lastname@example.org for more information.
Objections – You may have the right to object to the processing of your personal information. In some cases, you may ask us to block, erase, and restrict your personal information. Depending on your contract, you may ask us to stop using and delete or erase your personal information at any time. You may request that we erase your personal information if it is no longer necessary for the purpose for which it was collected, or your personal information has been unlawfully processed. Email at us email@example.com to submit your request.
Porting – You have the right to request that some of your personal information be provided to you or to a data controller.
Withdrawing Consent – You may withdraw consent to our collection, usage, storage, and protection of your personal data at any time. Please follow opt-out links or write us at firstname.lastname@example.org for more information. Once we have received this notification, we will cease to utilize your information, after a processing period of no more than 30 days, unless there are compelling legitimate grounds for further processing, such as ongoing legal claims, ongoing financial transactions, etc.
If you believe your data privacy rights have been breached in any way, you have the right to lodge a complaint with applicable supervisory authorities, or to seek court remediation.
You may exercise any of the above rights at any time by contacting us at email@example.com. We will request proof of identity at this time.
We may hire, contract, or retain third-party services or suppliers to meet our business needs. It may be necessary to share your Personal Data with these suppliers. Any third-party has been selected under a rigorous evaluation process and will only process your data under our instructions, with the intent to fulfill a service requested by you. Should these suppliers be based in non-EU countries, data transfer will be carried out in compliance with GDP.
PentestHero will offer full disclosure before and when working with any third parties. In addition, we will offer individual opt-out for sharing sensitive data with third-parties other than our agents. Submit a request to firstname.lastname@example.org to request to limit the use of and disclosure of your personal information.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Contact us at email@example.com for information regarding third parties.