GDPR Compliance - ScanGrid Security Scanner

Our Commitment to GDPR Compliance

At ScanGrid, we are committed to ensuring the privacy and protection of your personal data. We have implemented comprehensive measures to comply with the General Data Protection Regulation (GDPR), which enhances the protection of EU citizens' personal data and increases the obligations of organizations handling this data.

ScanGrid as an Ad-Supported Free Platform

ScanGrid operates as an ad-supported free platform, making advanced security scanning tools accessible to everyone. While we display advertisements to support our free services, we ensure that all our data collection and processing practices comply with GDPR requirements. We are transparent about what data we collect, how we use it, and with whom we share it.

Data Controller Information

ScanGrid Security (referred to as "we," "us," or "our" in this policy) acts as the data controller for personal data collected through our website and services. If you have any questions about our GDPR compliance or how we handle your personal data, please contact our Data Protection Officer at dpo@scangrid.net.

Personal Data We Process

We may collect and process the following categories of personal data:

Account Information: Name, email address, and other contact details provided during account creation
Usage Data: Information about how you use our website and services, including scan targets, scan types selected, and scan results
Technical Data: IP address, browser type and version, time zone setting, operating system, and platform
Marketing Preferences: Your preferences in receiving marketing communications from us

Legal Basis for Processing

We process your personal data on the following legal grounds:

Consent: Where you have given explicit consent for us to process your personal data for specific purposes
Contract Performance: Processing necessary for the performance of our contract with you
Legitimate Interests: Processing necessary for our legitimate interests, provided these interests do not override your fundamental rights and freedoms
Legal Obligation: Processing necessary to comply with our legal obligations

Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

Right to Access: You can request a copy of the personal data we hold about you
Right to Rectification: You can request that we correct any inaccurate or incomplete personal data
Right to Erasure: You can request that we delete your personal data in certain circumstances
Right to Restrict Processing: You can request that we restrict the processing of your personal data in certain circumstances
Right to Data Portability: You can request to receive your personal data in a structured, commonly used, and machine-readable format
Right to Object: You can object to our processing of your personal data in certain circumstances
Rights Related to Automated Decision-Making: You can request human intervention in automated decision-making processes

To exercise any of these rights, please contact us at privacy@scangrid.net. We will respond to your request within one month.

Data Security

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

Encryption of personal data where appropriate
Regular testing and evaluation of the effectiveness of our security measures
Procedures to address and mitigate potential data breaches
Staff training on data protection and security

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure, and the purposes for which we process the data.

International Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do so, we ensure that appropriate safeguards are in place to protect your data, such as Standard Contractual Clauses approved by the European Commission.

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, particularly when implementing new technologies.

Updates to This Policy

We may update this GDPR compliance statement from time to time to reflect changes in our practices or regulatory requirements. We will notify you of any significant changes by posting a notice on our website or sending you an email.