Introduction
fenicolas GmbH ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you visit our website fedicolas.xyz or use our cybersecurity services. This policy complies with the General Data Protection Regulation (GDPR) and other applicable European data protection laws.
Data Controller
fenicolas GmbH is the data controller responsible for your personal data. Our contact details are:
Data Collection
The data we collect includes personal information that you provide directly to us and information automatically collected when you use our website and services. This includes:
- Contact Information: Name, email address, phone number, company name, and job title when you contact us or request our services
- Website Usage Data: IP address, browser type, device information, pages visited, time spent on pages, and referring websites
- Communication Data: Records of your communications with us, including emails, phone calls, and support tickets
- Service Data: Information related to the cybersecurity services we provide, including security assessments, monitoring data, and incident reports
- Marketing Data: Your preferences for receiving marketing communications and your interaction with our marketing materials
How We Use Your Information
We explain how we use your information for various legitimate business purposes under applicable data protection laws. The use of your data includes:
- Service Provision: To provide, maintain, and improve our cybersecurity services
- Communication: To respond to your inquiries, provide customer support, and send service-related communications
- Business Operations: To manage our business relationship with you, process payments, and maintain records
- Legal Compliance: To comply with legal obligations, resolve disputes, and enforce our agreements
- Marketing: To send you relevant information about our services (with your consent where required)
- Security: To protect our systems, prevent fraud, and ensure the security of our services
- Analytics: To analyse website usage and improve our online presence and services
Legal Basis for Processing
Under GDPR, we process your personal data based on the following legal grounds:
- Consent: Where you have given explicit consent for specific purposes
- Contract Performance: To perform our contractual obligations to provide services
- Legitimate Interests: For our legitimate business interests, such as improving services and marketing
- Legal Obligation: To comply with legal requirements and regulations
Data Sharing and Third Parties
We may share your personal data with trusted third parties in the following circumstances:
- Service Providers: Cloud hosting providers, email services, and analytics platforms that help us deliver our services
- Legal Requirements: When required by law, court order, or government authorities
- Business Partners: With your consent, to provide integrated services or solutions
- Professional Advisors: Lawyers, accountants, and other professional service providers
We ensure all third parties are bound by appropriate data protection agreements and process your data only as instructed by us.
International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA). If we transfer data outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions by the European Commission.
Data Retention
We retain your personal data only as long as necessary for the purposes outlined in this policy or as required by law. Our retention periods are:
- Contact Inquiries: 3 years from last contact
- Service Data: Duration of service agreement plus 7 years for legal compliance
- Marketing Data: Until you withdraw consent or 3 years of inactivity
- Website Analytics: 26 months maximum
- Financial Records: 10 years as required by German law
Your Rights
Under GDPR, you have the following rights regarding your personal data:
- Right of Access: Request copies of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your personal data
- Right to Restrict Processing: Limit how we process your data
- Right to Data Portability: Receive your data in a structured format
- Right to Object: Object to processing based on legitimate interests
- Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent
To exercise these rights, please contact us at privacy@fedicolas.xyz. We will respond within one month of receiving your request.
Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to enhance your browsing experience and analyse website usage. For detailed information about our cookie usage, please see our Cookie Policy.
Data Security
As a cybersecurity company, we implement robust security measures to protect your personal data, including:
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Access controls and authentication mechanisms
- Employee training on data protection
- Incident response procedures
Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will delete such information promptly.
Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy regularly.
Contact Us
If you have questions about this Privacy Policy, wish to exercise your rights, or need to contact us regarding data protection matters, please reach out to us:
You also have the right to lodge a complaint with the relevant data protection authority if you believe we have not handled your personal data in accordance with applicable laws.
Supervisory Authority
Our lead supervisory authority is the Berlin Commissioner for Data Protection and Freedom of Information (Berliner Beauftragte für Datenschutz und Informationsfreiheit). You may contact them if you have concerns about our data processing practices.