XRATOR

Privacy Policy

Last updated: July 2025

This privacy statement was last updated on July 2025 and applies to citizens and legal permanent residents of the European Economic Area and Switzerland.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.xrator.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. What Information We Collect

  • Website Usage: We collect information about how you use our website including pages visited, time spent, and technical information such as browser type and device information.
  • Contact Information: When you request security assessments, platform demonstrations, or contact us, we collect your name, business email, company name, job title, phone number, and related business information.
  • Security Assessment Data: For our free 24-hour security assessments, we collect domain names and external system information necessary to perform security scans.
  • Communication Records: We maintain records of our communications with you to provide consistent service and support.

2. How We Use Your Information

We use your personal data to:

  • Provide security assessments and deliver results
  • Respond to your inquiries and provide customer support
  • Improve our website and services
  • Communicate about our cybersecurity solutions and industry insights
  • Comply with legal obligations

3. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy.

4. Information Sharing

We do not sell your personal information to third parties.

We may share your information with:

The inclusion of full IP addresses is blocked by us.

  • Service providers who assist us in operating our website and delivering services
  • Legal authorities when required by law or court order
  • New owners in case of business transfer, merger, or acquisition

5. Data Security

We are committed to the security of personal data. We take appropriate security measures including encryption, access controls, and regular security reviews to limit abuse of and unauthorized access to personal data.

This ensures that only necessary persons have access to your data.

6. Data Retention

We retain your information for as long as necessary to provide services and comply with legal obligations:

  • Contact information: While you remain engaged with our services
  • Assessment data: Up to 24 months for service improvement
  • Website analytics: Up to 26 months for trend analysis

7. Third-Party Websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

8. Your Rights

You have the following rights:

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

9. Amendments to This Privacy Statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

10. Submitting a Complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Data Protection Authority.

12. Data Requests

For the most frequently submitted requests, we also offer you the possibility to use our data request form:

  • Name: Your first name
  • Name: Your last name
  • Email: your email address
  • [ ] Submit a request for access to the data we process about you.
  • [ ] Submit a request for deletion of the data if it is no longer relevant.
  • [ ] Submit a request to receive an export file of the data we process about you.