Elemental Cyber Security, Inc. as operator of these pages takes the protection of your personal data very seriously. We always treat personal data, such as the name, address, email or telephone number of a natural person ('data subject'), confidentially and in accordance with the statutory data protection laws, in particular the European General Data Protection Regulation (GDPR).
1. General information
The use of our website is in general possible without providing personal data. Providing personal data such as name, address, telephone number or email remains optional. Elemental Cyber Security, Inc., as the responsible for the processing, has implemented technical and organizational measures to ensure a complete protection of the personal data collected and processed through this website. Nevertheless, Internet-based data transmissions can have security gaps (e.g. email communication), so that absolute protection cannot be guaranteed. For this reason, every person concerned is also free to transmit personal data to us by alternative means, e.g. by telephone, if this is required.
2. Terms used
This data protection policy refers to terms used by the European legislator for directives and regulations when adopting the General Data Protection Regulation (GDPR). Our data protection policy should be easy to read and understand both for the public and for our customers and business partners. To ensure this, we would like to explain the following terms used in this data protection policy:
a) Personal data
‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Data subject
‘Data subject’ is any identified or identifiable natural person whose personal data are processed by the controller.
‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
d) Restriction of Processing
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future.
‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyze or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements.
‘Pseudonymization’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
‘Controller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
‘Processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
‘Recipient’ means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry shall not be regarded as recipients; the processing of the data by those public authorities shall follow the applicable data protection rules according to the purposes of the processing.
j) Third Party
‘Third party’ means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data.
‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
3. Legal basis for the processing of personal data
Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a General Data Protection Regulation (GDPR) serves as the legal basis.
In the processing of personal data required for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures. Insofar as the processing of personal data is required to fulfil a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.
In the event that the vital interests of the data subject or another natural person require the processing of personal data, Article 6 para. 1 lit. d GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for processing.
4. Name and address of the controller
The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the EU member states as well as other data protection regulations is:
Elemental Cyber Security, Inc.
Mailing address: PO Box 27740, Las Vegas, 75074 NV, USA
5. Contracted processor
If, in the course of our processing, we disclose data to other persons and companies (contracted processors or third parties), transfer them or otherwise grant them access to the data, this shall only take place on the basis of a legal permit. For example, in accordance with Art. 6 para. 1 lit. b GDPR, the transmission of data to a payment service provider which is necessary for the fulfilment of the contract. You have consented to the transmission of the data, a legal obligation to do so or it is necessary on the basis of our legitimate interests (e.g. when using agents) to carry out the processing.
If we delegate the processing of data to third parties, this is done on the basis of Art. 28 GDPR within the framework of a so-called order processing contract.
6. Secure data transmission
According to Art. 32 GDPR we protect access to our pages by a secure transport encryption via HTTPS with Perfect Forward Secrecy and the current encryption protocol TLS 1.2. In this context we would like to remind you to keep your internet browser always up to date to ensure a secure data communication.
7. Collection of general data and information
On the websites of Elemental Cyber Security, Inc., a series of general data and information is recorded each time a person or an automated system accesses the website. This general data and information is stored in the log files of the server. The following information can be obtained:
- (a) used browser and version
- (b) the operating system of the accessing system
- (c) the URL from which an accessing system comes (referrer)
- (d) which files and pages were requested
- (e) the date and time of access
- (f) the accessing Internet Protocol address (IP address)
- (g) the Internet service provider of the accessing system and
- (h) any other data and information that may serve security purposes in the event of attacks on the IT systems we use.
With the use of these general data and information Elemental Cyber Security, Inc. does not make any conclusions about the data subject. Rather, this information is needed to:
- (1) deliver the contents of our website correctly
- (2) to optimize the content of our website as well as the advertising for it
- (3) to ensure the long-term functionality of the IT systems used, and
- (4) to provide law enforcement authorities with the information necessary for law enforcement in the event of a cyber-attack.
These anonymously collected data and information are therefore evaluated by Elemental Cyber Security, Inc. statistically and with the aim of increasing data protection and data security in order to ensure an optimal level of protection for the personal data processed by us. The anonymous data of the server log files are stored separately from all personal data provided by a data subject.
9. Contact via contact form or email
A contact form is available on our website which can be used for quick and easy electronic contact. If a user takes advantage of this possibility, the data entered in the input mask will be sent to us and saved. These are at most the following entries:
- • First and Last Name *
- • Company Name *
- • Job Title
- • Country *
- • Business Email *
- • Business Phone Number
- • Message *
Fields marked with a star * above are required. This allows us to contact you with your name via email. If you wish to be contacted by telephone, you can also enter your business phone number.
Alternatively, you can contact us via the email address provided. In this case, the user's personal data transmitted by email will be stored. In this context, the data will not be passed on to third parties. The data will only be used to process your request.
The legal basis for the processing of data is Art. 6 para. 1 lit. a GDPR if the user has given his consent. The legal basis for the processing of data transmitted in the course of sending an email is Art. 6 para. 1 lit. f GDPR. if the email contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 exp. 1 lit. b GDPR.
The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form and those that were sent by email, this is the case when the respective conversation with the user is finished. The conversation is terminated when it can be assumed from the circumstances that the facts in question have been finally clarified.
10. Data transmission to non-EU countries
We have deliberately decided against the use of certain web analysis services, mainly for data protection reasons. This enables us to ensure that no personal data (e.g. IP addresses) collected on our pages is transferred to countries outside the European Union and the European Economic Area EEA.
11. Automatic decision making
As a security cautious company, we refrain from automatic decision making or profiling in accordance with Art. 22 para. 1 and para. 4 GDPR.
12. Data erasure and storage
The personal data of the data subject will be deleted or blocked as soon as the purpose of storage ceases to apply. Furthermore, data may be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfilment of a contract.
13. Rights of data subjects
You have the opportunity to exercise your rights as a data subject at any time. Due to the quite large extent, we make the rights of data subjects available here as an overview:
- Right to information pursuant to Art. 15 GDPR
- Right to correction under Art. 16 GDPR
- Right to limitation of processing in accordance with Art. 18 GDPR
- Right to cancellation in accordance with Art. 17 GDPR
- Right to information in accordance with Art. 19 GDPR
- Right to data transferability in accordance with Art. 20 GDPR
- Right of objection according to Art. 21 GDPR
- Right to withdraw consent pursuant to Art. 7, para. 3 GDPR
- Right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR
To fully comply with our information obligations, we would like to refer you to https://gdpr-info.eu/chapter-3/ where you will find a detailed description of the rights of data subjects listed above.
If you wish to exercise your rights, please send an email to 'legal[at]ElementalSecurity.com' or send a letter to the address named in section 4.
In addition, you have the right to lodge a complaint with a supervisory authority pursuant to Art. 77 para. 1 GDPR. For further information, please contact your local supervisory authority.
14. Changes to this data privacy statement
We reserve the right to modify this data protection policy at any time to reflect the current legal situation and any changes to our online services. Therefore, please check the currently valid data protection policy every time you visit our pages.