PRIVACY NOTICE

This privacy notice (hereinafter the “notice“) explains how SM7 Software OÜ (hereinafter the “company“ or “us“) collects or processes in any other manner the personal data of its clients and visitors of the website www.spiderfoot.net (hereinafter the “website“) and users of Spiderfoot HX platform (hereinafter the “platform”) - all such persons, including individual clients or the representatives of legal persons are referred to as “you” or the “data subject”.

This notice describes the processing of personal data (hereinafter the “data”) by the company as a data controller. This means that the company individually or along with others determine the purposes and means of the processing of personal data.

  1. DATA CONTROLLER

SM7 Software OÜ

Registry code: 14682776

Address: Sepapaja 6, 15551Tallinn, Estonia

Email: spiderfoot-alerts@intel471.com

  1. WHAT CATEGORIES OF PERSONAL DATA DO WE PROCESSES?

The personal data we process include, but is not limited to the following:

Main data: this includes e.g. first name, surname, email address, billing address, employer details (e.g. business name of your employer).

Sources of collection of data: we get the data from you when you sign up for our platform.

Profile data: this includes your username, password and preferences. 

Sources of collection of data: we get the data from you when you sign up and use our platform.

Transaction data: the details of transactions made from your payment account, including payer’s name, date of payment, currency, amount of payment and payment details.

Sources of collection of data: we get the data from you, from third persons in connection with the provision of services or from the financial institution providing the services to us.

Website visit data: this includes the data which is generated as a result of visiting and using the website (e.g. the data regarding how you use the website, the IP address, your location and browser type). Please see the explanation in section “Cookies and other web technologies” below.

Sources of collection of data: we get the data when you visit and use the website.

Platform usage data: this includes the data which is generated as a result of using the platform (e.g. the data regarding how you use the platform, the IP address, your location and browser type). Please see the explanation in section “Cookies and other web technologies” below.

Sources of collection of data: we get the data when you visit and use the platform.

  1. THE PURPOSE AND THE LEGAL GROUNDS FOR THE PROCESSING OF PERSONAL DATA

We rely on the following legal grounds upon processing of your personal data:

PROCESSING NECESSARY FOR THE FULFILMENT OF THE CONTRACT

We process the personal data on this legal ground if it is necessary for the fulfilment of the contract or for taking measures prior to concluding of such contract based on your request.

Purposes of processing

Categories of data

Pre-contractual relations, keeping and development of client relationship (concluding the contract, transferring the information related to fulfilment of the contract, handling of claims) and the provision of platform services.

Main data, profile data

Invoicing (making and submission of invoices, receiving of payments)

Main data, transaction data

PROCESSING NECESSARY FOR COMPLIANCE WITH A LEGAL OBLIGATION

We process the personal data on this legal ground if the legal obligation for processing arises from the law.

Purposes of processing

Categories of data

Bookkeeping (including storage of accounting source documents)

Main data, transaction data

Notification of and response to the information requests of public authorities and government institutions.

Main data, transaction data

LEGITIMATE INTEREST

The legitimate interest means that the company does not have to process your data necessarily for the fulfilment of contract and the company does not have the obligation arising from the law, but processing of personal data is still necessary. This may be necessary, e.g. for development of services and products provided by the company by improving them for you and to protect the property, clients and employees of the company, as well as for making business decisions.

You have the right to ask clarifications from the company regarding the processing based on the legitimate interest by sending the request to spiderfoot-alerts@intel471.com. You also have the right to send the objection, if you find that processing of your data for the purposes provided below infringes your rights.

The overview below regarding processing of data based on the legitimate interest is not exhaustive. The company may process your personal data for other purposes upon reasonable necessity and to the extent provided by the law.

Purposes of processing

Categories of data

Administration of our business, the website and the platform (including troubleshooting, testing, system maintenance, support, reporting and hosting of data).

Main data, profile data, website visit data, platform usage data

Keeping and development of client relationship (answering the requests, general customer service, information exchange)

Main data, profile data

CONSENT

In some cases, we need your consent for data processing. Based on your consent we can send you our newsletters, as well as the invitations to training and other events organized by the company.

You always have the right to withdraw the consent by sending us the respective email at spiderfoot-alerts@intel471.com.  Withdrawal of the consent does not affect the legality of the processing of your personal data prior to withdrawal.

Purposes of processing

Categories of data

Marketing activities (sending newsletters about our product.

Main data, profile data

Development of products and services - we retain and evaluate information on your recent visits to the website or the platform, how you move around different sections of the website or the platform for analytics purposes so that we can improve the functionality the website and the platform and make them more user-friendly.

Website visit data, platform usage data

  1. CATEGORIES OF RECIPIENTS OF PERSONAL DATA AND TRANSFER OF PERSONAL DATA TO THIRD COUNTRIES

In some cases, the company can transfer your personal data to third persons. These are categorized as follows:

Partners who provide the services to the company, e.g.:

All persons mentioned above process the personal data on behalf of the company and can use your personal data only for the provision of services agreed with the company and in limited cases.

Public authorities and supervisory bodies, e.g.:

We transfer your data to public authorities and supervisory bodies only if the law requires it.

We do not transfer your personal data outside Estonia, the European Union or the European Economic Area, nor to such third country or international organization, to the level of data protection of which the European Commission has not considered adequate. If it is still necessary (e.g. for provision of services), such transfer of personal data will take place only upon an appropriate legal basis, and we will take appropriate protective measures.

You have the right to get additional information about the transfer of your personal data by sending us the request by email at spiderfoot-alerts@intel471.com.

  1. RETENTION OF PERSONAL DATA

The company keeps your personal data for the period necessary for the achievement of purposes stated in this notice or until the law requires it.

For example, the company will retain accounting source documents for seven years as of the end of the financial year when a business transaction was recorded in the accounting journals and ledgers on the basis of the source document.

More specific terms of retention can be exercised by accessing your personal data. Please see the explanation in the section “Your rights regarding the personal data”.

  1. YOUR RIGHTS REGARDING THE PERSONAL DATA

Right of access to your data: you have the right to know, whether personal data concerning you are being processed or not, what is the purpose of processing and what are the categories of personal data. Besides, to whom the data is disclosed (especially the recipients in third countries), for how long the data is retained and what are your rights concerning rectification, erasure and restriction of the processing.

Right of rectification: you have the right to demand rectification of the personal data concerning you if the data are inaccurate or incomplete.

Right of erasure: in some cases, you have the right to demand erasure of the personal data concerning you, for example in case when you withdraw your consent and there are no other legal grounds for the processing of the data.

Right to restrict the processing: in some cases, you have the right to restrict processing of the personal data concerning you for a certain time (e.g. if you have objected the processing of personal data).

Right to object: you have the right to object to the processing of personal data, which is processed based on the legitimate interest, including profiling. Upon objection, the company will no longer process the personal data unless the company demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms.

Right to data portability: if processing of your personal data is based on your consent or the contract with the company and the data processing is carried out by automated means, then you have the right to receive the data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format. Also, you have the right to claim the company to transmit those data to another service provider if it is technically possible.

Right to turn to the company, supervisory authority or a court: if you want to exercise the above-mentioned rights, please send us an email at  spiderfoot-alerts@intel471.com. If you find that your rights have been breached, you have the right to turn to the Data Protection Inspectorate (Andmekaitse Inspektsioon) and/or court. The contact details of the Data Protection Inspectorate are available at www.aki.ee.

  1. COOKIES AND OTHER WEB TECHNOLOGIES

For the functioning of the website, and the platform we can sometimes store small files of data (cookies) to your device.

The cookie is a small text file which is saved by the website or the platform to your computer or a mobile device when you visit the website or use the platform. This allows the website or the platform to remember your activities and preferences (e.g. language and other preferences upon displaying the website) for a certain period. This way, you do not have to re-enter them each time you return to the website or browse it.

Our website and the platform use analytical software Google Analytics provided by Google Inc (hereinafter “Google”), which uses cookies. These are text files stored in your computer or a mobile device, which are used to analyze how you use the website or the platform. The information received via cookies on how you use the website, or the platform is transferred to Google. Google can transfer such data to third persons, if the law prescribes it or if these third persons process the data based on the authorization made by Google. You can stop using the cookies by choosing appropriate settings in your web browser. When doing this, you have to keep in mind that as a result, you may not be able to use all functions of the website or the platform.

The platform uses payment software Paddle provided by Paddle.com Market Limited (hereinafter “Paddle”), which uses cookies. These are text files stored in your computer or a mobile device, which are used to track the payment process when subscribing to services of the platform. The information received via cookies on how you use the website, or the platform is transferred to Paddle. Paddle can transfer such data to third persons, if the law prescribes it or if these third persons process the data based on the authorization made by Paddle. You can stop using the cookies by choosing appropriate settings in your web browser. When doing this, you have to keep in mind that as a result, you may not be able to use all functions of the platform.

  1. AMENDMENT OF THIS NOTICE

The company has the right to amend this notice unilaterally. The company will notify of amendment of this notice on its website, by email or in other manner.