Radically Open Security

Privacy Policy of Radically Open Security

  • Radically Open Security (ROS) consists of a bunch of idealistic security researchers and we take privacy very seriously. Therefore we have limited the collection of personal data to the absolute minimum. However we do need to collect some personal data to carry out our services. If you’re a customer of ROS or a visitor of our website, this policy applies to you.
  • Definition of personal data
    Personal data is any information that can be used to identify an individual and may include for instance: your name, e-mail address, phone number, login credentials and personal identification numbers.
  • When and how we collect personal data
    Website and Cookies
    The website of Radically Open Security does not use cookies. Our website does not collect any personal data nor do we track, analyze, document, etc. how you browse or use our website.

    Using our services
    When you are interested in our services and you interact with ROS personal data is shared. Sometimes you provide us with data, sometimes data about you is requested. Personal data can be collected and used for the following processes:

    - When you send us a request to start an intake
    - When we contact you and discuss the scope of a potential assignment
    - When we prepare a proposal for an assignment
    - When we prepare and carry out an assignment
    - When we contact you with marketing and/or relevant messages
  • Types of data we do collect to provide our services
    - Contact details
    - Your name, telephone number and e-mail address
    - Data that identifies you
    - Your log-in credentials if we create accounts for our internal secure chat environment to discuss the (scope of) assignments, function at your organization
  • Why we collect data
    To perform our services
    Radically Open Security only collects personal data necessary to perform the services you are interested in or requested. We need your contact details to:
    - To respond to and track your requests
    - To deliver and discuss proposals, reports and other services you requested
    - To create and identify you as a user when introduced to our internal systems
    - To identify you as a user in our internal system
    - To process payments
    - To contact you from time to time to solicit feedback or request updates on your requests
    - To market specific ROS services and news of relevance to you
  • Sharing your data with third parties
    Tech businesses as ROS use third parties to help them host our environments, communicate with customers, power our emails etc. We partner with third parties who we believe are the best in their field at what they do. We do not share (nor need to) personal data with them in order to get our services to work well. We do not share any personal data with any third parties for marketing purposes. Staff members from ROS who provide ours services and have access to your personal data have all signed contracts and non-disclosure agreements.
  • Where and how long do we store your data at ROS
    We process and store all your data on servers in the Netherlands. We will retain your personal data for the period required to fulfill the purposes for which it has been collected and to provide you with our services. We do need take into account various legal requirements for keeping your data. Key requirements driving the need for collection, analysis and storage of personal data include for example:
    - Contractual obligations to carry out the requested services
    - Legal and tax compliance
    - Financial reporting
    As a cyber security consulting firm we collect a lot of other sensitive data due to the nature of our work. While this is not necessarily personal data, we take the protection and retention of the data collected during our projects very seriously. After maximum one year since the end date of the project we’ll archive all information related to the project offline. After maximum 3 years, we will delete the data permanently, unless other legal obligations or specific requests from you would prevent that. If you want to receive a copy of the data or if you want us to remove your data, please email us at support@radicallyopensecurity.com
  • Information and data security
    As we are a cyber security company we take security very seriously. We have physical, electronic, and managerial procedures to safeguard and secure the information we collect. Our pentesters regularly check and help improve the security of our own systems.
    We would like to ask you to take the following into account when interacting with us:
    - Even though we do use options of encryption and password protection on sensitive files; unfortunately no data transmission is guaranteed to be 100% secure
    - Please keep your login credentials to our internal chat environments secret and safe, this is your own responsibility
    If you believe your account has been breached, please contact us immediately at support@radicallyopensecurity.com
  • Your rights as an individual
    1. You have the right to access personal information we hold about you This includes the right to ask us supplementary information about:
    - the categories of data we’re processing
    - the purposes of data processing
    - the categories of third parties to whom the data may be disclosed
    - how long the data will be stored (or the criteria used to determine that period)
    - your other rights regarding our use of your data

    We will provide you with the information within one month of your request unless doing so would adversely affect the rights and freedoms of others. Of course we’ll inform you if we can’t meet your request.
    2. You have the right to make us correct any inaccurate personal data about you
    3. You have the right to be ‘forgotten’ by us
    4. You have the right to file a complaint regarding our use of your data
    We would kindly ask you to please tell us first, so we have a chance to address your concerns. If we fail in this, you can address any complaint to the National Data Protection Authority (The Autoriteit Persoonsgegevens in the Netherlands).

    If you want to exercise your rights please send us an email to support@radicallyopensecurity.com .
  • Final remarks
    If you have questions, suggestions for improvements or other remarks, we would love to hear from you we can make this policy even better. You can contact us by sending an email to support@radicallyopensecurity.com . As we continue to improve and keep our data and privacy protection up to par, changes to our policy will be posted on this page.