Personal data

What personal data does Holm Security process and where?

Business-related data

Holm Security stores information used for common business purposes (like company name, contact person, contact email, and contact phone). According to GDPR, this does not require any specific agreement.

Newsletters

Starting from May 2018, newsletters are only sent to existing customers, who thought default terms and conditions, comply with receiving newsletters. To unsubscribe from the newsletter, please use the unsubscribe link at the bottom of the newsletter.

Encrypted data storage

Data storage for personal data is encrypted. 

Location of data

Data for customers within Europe is stored and processed in the EEA (European Economic Area) region. Currently, the location is Sweden. 

Subcontractors

Holm Security has no subcontractors that process end customers' personal data.

Holm Security VMP

The following information describes the personal data processed and stored in relation to each product.

Web Application Scanning
The product Web Application Scanning scans for exposed personal data on websites, like personal IDs. Identified personal data is presented in Security Center and stored in the platform. In the scan policy, there's a possibility to exclude tests related to personal data. If the tests are excluded, no personal data will be processed or stored. 

Personal data processed and stored for this product when related tests are active:

  • Personal IDs
  • Credit card numbers

Phishing & Awareness Training
The product Phishing & Awareness Training requires that personal email addresses be imported to Security Center and stored on the platform. These email addresses are used for simulating email attacks. Personal names can be imported or entered manually into Security Center to be used in the simulations. Personal data processed and stored for this product:

  • Name
  • Email address
  • Simulation and awareness training behavior data and statistics

System & Network Scanning

Scanner Appliance and external scanners (cloud scanners)

No personal data is processed when using the product System & Network Scanning with a Scanner Appliance or external scanners (cloud scanners).

Device Agent

When using the product System & Network Scanning with the software endpoint agent Device Agent, the following personal data will be processed and stored:

  • Name
  • Email address
  • Username
  • MAC address
  • IP address

Cloud Scanning

The product doesn't process any personal data.

API Scanning

The product doesn't process any personal data.