Effective Date: May 23, 2018|Last update: Oct 17, 2019
Who we are
References to "we", "our" or "us" in this privacy and cookies policy (“Privacy & Cookies Policy”) mean Probely – Soluções de Cibersegurança, Lda, a limited liability company registered at the Gondomar Commercial Registry Office under registration and tax number 514413735, with fully subscribed and paid-up share capital of € 290.06. Our registered office is at Praçeta de Avilhó, n.º 2, 1º Esquerdo, Traseiras, 4460-686 Custóias. You may contact us at [email protected]
For the purposes of data protection laws, we are the "Data Processor" in respect of the personal information collected through our website located at https://probely.com/ (“Site”).
We collect certain information through our Site, including through the products and services provided on the Site. This Privacy & Cookies Policy lays out our policies and procedures surrounding the collection and handling of any such data that identifies an individual user or that could be used to contact or locate him or her personally (“Personally Identifiable Information” or “PII”).
This Privacy & Cookies Policy applies only to our Site and to the products and services provided through our Site. It does not apply to any third-party site or service linked to our Site or recommended or referred by our Site, through our products or services, or by our staff. And it does not apply to any other website, product, or service operated by us, or to any of our offline activities.
The PII and other sensitive data we collect
We automatically collect the following PII from users that visit our Site:
- IP address
- web browser type and version
- operating system
- a list of URLs starting with a referring site, your activity on Our Site, and the site you exit to
When setting up an individual account on the Site, it is mandatory to provide, and we will record, the following PII:
- email address
- company name, industry and size
In addition, when you become a paying customer, we will consequently record the following PII, regarding the billing information:
- VAT number
- Zip code
In addition to the above, we collect and process, on an anonymous basis, data related to the use of our Site, such as the pages visited, the time spent on each page, etc.
In order to provide the service to our customers, our product also collects the following information:
- Target URL and settings (including testing credentials if provided)
- Vulnerability details including Requests/Responses for each vulnerability found
- Product logs, including the URLs tested and full requests (temporarily, up to 60 days)
Our use of PII
All personal data is stored securely in accordance with the EU General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). For more details on security see section 6, below.
We are the owners of the anonymous data related to the use of our Site and may use such anonymous data for statistical or commercial purposes.
Under GDPR we will ensure that your personal data is processed lawfully, fairly, and transparently, without adversely affecting your rights. We will only process your personal data if at least one of the following basis applies:
- you have given consent to the processing of your personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which you are a party or in order to take steps at the request of you prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which we are subject;
- processing is necessary to protect the vital interests of you or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
Protection of PII and other sensitive data
As owners of a security product, we take PII security very seriously. The following list is a non-exhaustive list of security controls we implemented to protect our infrastructure, our product and your PII:
- We only allow communications to our servers, that host our product and site, through a secure channel (HTTPS) using TLS. HTTPS allows for the authentication of the visited website and protection of the privacy and integrity of the exchanged data.
- All of our infrastructure is hosted in one of the top cloud providers, where security has been scrutinized. We use managed services supplied by the cloud provider to the highest possible extent. We also use their security features and controls, to segregate and monitor our service networks, for audit logs and for security event management. The frontend, backend and database servers use private and segregated networks controlled by security groups.
- We also follow the best security practices, including (but not limited to):
- Principle of the least privilege (to access our systems and data),
- Encryption of sensitive data at rest,
- Server hardening and security updates,
- Requiring 2-factor authentication to access our systems,
- Central logging
- Secure Software Development Life cycle, including periodic security assessments (manual and using Probely)
Notwithstanding the security measures that We take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take suitable precautions when transmitting to Us data via the internet.
Third party access to your PII
We give or may give in the future certain independent contractor’s access to PII (“Data Processors”). No Data Processor will be retained without first entering into contracts in which they agree to protect PII using procedures reasonably similar to ours and will only process PII in accordance with our instructions.
We may also disclose PII to attorneys and investors bound to confidentiality restrictions and to law enforcement authorities, courts and public regulators, whenever such is required by applicable legislation. Finally, we may share PII in connection with a transaction of all or substantially all of our assets.
We are entitled to use and share anonymous statistical data regarding the usage of our Site to third parties for any purpose we deem suitable.
You can access and change any PII we store by contacting us directly at the following e-mail address: [email protected] The access and correction of your PII is free-of-charge. You acknowledge, however, that all PII you provide must be accurate and updated.
You may also oppose, at any time and free of charge, the use of your PII for direct marketing or any other form of commercial use. Should you wish to do so after receiving an e-mail or SMS from us, we will provide you with a simple option to opt-out or remove yourself from our marketing directory. You may also withdraw your consent to our processing of your PII whenever such processing is dependent on consent. This may be done simply by sending us an email to [email protected]
Furthermore, you may at any time request that we delete or limit the PII we hold related to you. You may also request the portability of your PII in accordance and within the limits of applicable law. It is your right to also request that we notify third parties with whom we may have shared your PII and also request that they comply with your instructions.
Should you wish, you may file a complaint with a privacy regulatory body. In Portugal, the entity responsible for enforcing privacy law is the Comissão Nacional da Protecção de Dados.
Where we store your PII and for how long
All the PII regarding our users is stored on secure servers located within the European Union. We will inform our users should we eventually change our policy.
Our objective is that our users have a long-lasting relationship with our Site, even if visits are not very frequent. We will store your PII and your account will continue to be active for three years following your last interaction with our Site. Prior to closing your account, we will notify you asking you whether you wish to maintain your account active.
After a deletion request, your PII will be retained for up to 3 months as part of back-up procedures.
Amendment of this Privacy & Cookies Policy
We may change this Privacy & Cookies Policy at any time by posting a new version on this page or on a successor page. The new version will become effective on the date it is posted, which will be listed at the top of the page as the new Effective Date.
For any clarification regarding our Privacy & Cookies Policy, please feel free to contact us at [email protected]