Privacy policy

Thank you for your interest in our privacy policy. This policy contains information about how we process your personal data and your rights according to the European GDPR (General Data Protection Regulation). References below to “we” or “us” refer to the operator of this website. We provide our website under Czech and European law.

Scope

The following privacy policy is valid for https://infosec-handbook.eu/ only. The privacy policy doesn’t cover third-party mirrors or archived versions of our website.


A short version of our privacy policy

  • Our web server processes your IP address. Processing your IP address is technically necessary to send our content to your client.
  • We do not store or log any personal data of you.
  • We do not track your browsing behavior. We do not try to identify you. We do not collect statistics. We do not serve ads.
  • Your rights are explained in Articles 15–21 and 77 of the European GDPR.
  • Feel free to contact us in case of any questions.
  • Read our security policy for security-related information.

Contact details

We are private individuals domiciled in different European countries, operating this website and its web server. Our server is physically located in Germany.

The controller in terms of the GDPR is:

Mr. Jakub Rytíř, M.Sc.
190 00 Praha 9, Vysočany
Czech Republic
Contact details


Contents


Definitions

The European GDPR defines several terms. The most important definitions are:

  • ‘personal data’ means any information relating to an identified or identifiable natural person (e.g., your name, e-mail address, and IP address).
  • ‘processing’ means any operation […] on personal data […] such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction

When we talk about “processing of personal data,” we mean any type of processing.


Processing by us

Default processing

Our server processes your IP address and metadata when you access our content. We do not store or log your IP address. The legal basis for processing your IP address, as explained above, is Article 6(1) f GDPR. Our legitimate interest is providing our content.

Processing in case of abnormal requests

If our server detects abnormal requests (e.g., port scans, attempts to access system files), we block the source IP address for 14 days. For auditing purposes, we store these blocked IP addresses for 14 days in encrypted files. The legal basis for processing your personal data is Article 6(1) f GDPR. Our legitimate interest is blocking attacks.


Processing on our behalf

The following processors carry out data processing on our behalf:

netcup GmbH, Germany

The netcup GmbH (read their privacy policy) provides our servers. The netcup GmbH stores and blocks IP addresses that attack their customers, including us. We concluded a data processing agreement according to Article 28 GDPR with netcup GmbH.

The legal basis for processing your personal data is Article 6(1) f GDPR. Our legitimate interest and the interest of the netcup GmbH is detecting/blocking attack-like behavior and proving our content.

Heinlein Support GmbH, Germany (e-mail only)

The Heinlein Support GmbH (read their privacy policy) provides our mail server. It isn’t necessary to send us any e-mails to access our website. If you decide to contact us, you agree that Heinlein Support GmbH and we process your personal data (e.g., name, e-mail address) to answer your request. We do not use your e-mail address for marketing purposes or tracking. We immediately delete your e-mails after your request is answered.

The legal basis for processing your personal data is Article 6(1) a GDPR. You can withdraw your consent with this at any time.


Your rights (Articles 15–20 GDPR)

According to Articles 15 to 20 of the GDPR, you have several rights concerning your personal data processed by us:

  • Art. 15: Right of access
  • Art. 16: Right to rectification
  • Art. 17: Right to erasure
  • Art. 18: Right to restriction of processing
  • Art. 19: Notification obligation regarding rectification or erasure of personal data or restriction of processing
  • Art. 20: Right to data portability

You can exercise your rights by contacting us.

Right to object (Article 21 GDPR)

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point e or f of Article 6(1) GDPR, including profiling based on those provisions. We no longer process the personal data unless we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of you or for the establishment, exercise or defence of legal claims. This doesn’t affect the lawfulness of processing based on consent before its withdrawal (point c of Article 13(2) GDPR).

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.


Changelog

We updated this page on Mar 28, 2021.