- Knowledge base
- Terms & conditions
- Personal data
-
Security updates
-
Product news
-
Next-Gen Vulnerability Management
-
Getting started
-
General
-
Operating status
-
Network & System Security
-
Web Application Security
-
Cloud Security
-
API Security
-
Phishing Simulation & Awareness Training
-
Attack Surface Management
-
Scanner Appliance
-
Device Agent
-
On-premise platform deployment
-
Asset management
-
Vulnerability manager
-
Reports
-
Digest reports
-
Organizer
-
Continuous monitoring
-
Integrations
-
Platform API
-
Remediation
-
Users
-
PCI DSS
-
Terms & conditions
-
Dashboard
What personal data does Holm Security process and where?
Business-related data
Holm Security stores information used for common business purposes (like company name, contact person, contact email, and contact phone). According to GDPR, this does not require any specific agreement.
Newsletters
Starting from May 2018, newsletters are only sent to existing customers, who thought default terms and conditions, comply with receiving newsletters. To unsubscribe from the newsletter, please use the unsubscribe link at the bottom of the newsletter.
Encrypted data storage
Data storage for personal data is encrypted.
Location of data
Data for customers within Europe is stored and processed in the EEA (European Economic Area) region. Currently, the location is Sweden.
Subcontractors
Holm Security has no subcontractors that process end customers' personal data.
Holm Security VMP
The following information describes the personal data processed and stored in relation to each product.
Web Application Scanning
The product Web Application Scanning scans for exposed personal data on websites, like personal IDs. Identified personal data is presented in Security Center and stored in the platform. In the scan policy, there's a possibility to exclude tests related to personal data. If the tests are excluded, no personal data will be processed or stored.
Personal data processed and stored for this product when related tests are active:
- Personal IDs
- Credit card numbers
Phishing & Awareness Training
The product Phishing & Awareness Training requires that personal email addresses be imported to Security Center and stored on the platform. These email addresses are used for simulating email attacks. Personal names can be imported or entered manually into Security Center to be used in the simulations. Personal data processed and stored for this product:
- Name
- Email address
- Simulation and awareness training behavior data and statistics
System & Network Scanning
Scanner Appliance and external scanners (cloud scanners)
No personal data is processed when using the product System & Network Scanning with a Scanner Appliance or external scanners (cloud scanners).
Device Agent
When using the product System & Network Scanning with the software endpoint agent Device Agent, the following personal data will be processed and stored:
- Name
- Email address
- Username
- MAC address
- IP address
Cloud Scanning
The product doesn't process any personal data.
API Scanning
The product doesn't process any personal data.