1.1. Service Provider – OFFENSIVE OSINT Sp. z o. o.
1.2. Personal Data – information about an identified or identifiable natural person, determined through one or several specific factors that define the physical, physiological, genetic, mental, economic, cultural, or social identity, including device IP, internet identifier, and information collected through cookies and similar technologies.
1.4. GDPR – Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.
1.5. Website – the internet service operated by the Service Provider at https://www.os-surveillance.io/.
1.6. User – any natural person visiting the Website or using one or several services or functionalities described in this Policy.
2. Processing of Personal Data in Connection with the Use of the Website
2.1. In connection with the User's use of the Website, the Service Provider collects data necessary for providing specific offered services. The detailed rules and purposes of processing Personal Data collected during the use of the Website by the User are described below
3. Purposes and Legal Bases of Processing Personal Data on the Website
A) Use of the Website
3.1. Personal Data of all individuals using the Website are processed by the Service Provider:
3.1.1. for the purpose of providing electronic services concerning the provision of content collected on the Website to Users – in this case, the legal basis for processing is the necessity of processing for the performance of a contract (Article 6(1)(b) of the GDPR);
3.1.2. for the purpose of establishing and pursuing claims or defense against claims – the legal basis for processing is the legitimate interest of the Service Provider (Article 6(1)(f) of the GDPR) consisting of protecting its rights.
3.2. User's Personal Data may also be used by the Service Provider to direct marketing content to the User through various channels, such as email or MMS/SMS. Such actions are undertaken by the Service Provider only when the User has given their consent, which can be withdrawn at any time.
3.3. Personal Data are processed:
3.3.1. for the purpose of sending requested commercial information – the legal basis for processing, including profiling, is the legitimate interest of the Service Provider (Article 6(1)(f) of the GDPR) in connection with the given consent;
3.3.2. for analytical and statistical purposes – the legal basis for processing is the legitimate interest of the Service Provider (Article 6(1)(f) of the GDPR) consisting of conducting analyses of Users' activity on the Website to improve the applied functionalities.
5. Duration of Personal Data Processing
5.1. The duration of data processing by the Service Provider depends on the type of service provided and the purpose of processing. As a rule, data are processed for the period of service provision, until the consent given is withdrawn, or effective objection is raised to data processing when the legal basis for processing is the legitimate interest of the Service Provider.
5.2. The data processing period may be extended if processing is necessary to establish and pursue potential claims or defense against claims, and after this period, only to the extent required by law. After the processing period, data are permanently deleted or anonymized.
6. User's Rights
6.1. The User has the right to access the content of data and request their rectification, erasure, restriction of processing, the right to data portability, and the right to lodge a complaint with the supervisory authority responsible for the protection of Personal Data.
6.2. The User also has the right to object to the processing of data carried out on the basis of the legitimate interest of the Service Provider.
6.3. Insofar as the User's data are processed based on consent, this consent can be withdrawn at any time by contacting the Service Provider at [email protected].
7. Recipients of Personal Data
7.1. In connection with the provision of services, Personal Data will be disclosed to external entities, including, in particular, IT service providers enabling proper use of the Website.
7.2. With the User's consent, their data may also be shared with other entities for their own purposes, including marketing purposes.
7.3. The Service Provider reserves the right to disclose selected information about the User to competent authorities or third parties who request such information, based on an appropriate legal basis and in accordance with applicable law.
8. Transfer of Personal Data outside the EEA
8.1. The level of protection of Personal Data outside the European Economic Area (EEA) differs from that provided by European law. Therefore, the Service Provider transfers Personal Data outside the EEA only when necessary and ensuring an adequate level of protection, primarily through:
8.1.1. cooperation with entities processing Personal Data in countries for which the European Commission has issued an adequacy decision regarding the provision of an adequate level of protection of Personal Data;
8.1.2. application of standard contractual clauses issued by the European Commission;
8.1.3. application of binding corporate rules approved by the competent supervisory authority.
8.2. The Service Provider always informs about the intention to transfer Personal Data outside the EEA at the stage of their collection.
9. Security of Personal Data
9.1. The Service Provider continuously conducts risk analysis to ensure that Personal Data are processed securely, primarily by ensuring that access to data is limited to authorized individuals and only to the extent necessary for their tasks. The Service Provider ensures that all operations on Personal Data are recorded and carried out only by authorized employees and associates.
9.2. The Service Provider takes all necessary measures to ensure that its subcontractors and other cooperating entities provide a guarantee of applying appropriate security measures in each case when processing Personal Data on behalf of the Service Provider.