Privacy Policy

Data controller

AppSec Services sp. z o.o., Makowa 11, 86-022 Aleksandrowo, Poland acts as the data controller for services delivered through appsecservices.com and related communication channels.

You can reach our privacy team at contact@appsecservices.com for any questions about this policy or to exercise your rights.

Personal data we process

We collect the minimum scope of personal data necessary to respond to enquiries, deliver projects, and comply with regulatory requirements.

• Identity data such as name, job title, and company.
• Contact details including email address, phone number, and preferred language.
• Project context you voluntarily provide in briefs, attachments, or call summaries.
• Technical metadata from website access logs and security monitoring (IP address, browser, timestamps).

Lawful bases for processing

We rely on the following GDPR legal bases depending on the interaction:

• Performance of a contract or steps at your request before entering into a contract.
• Compliance with legal obligations applicable to our accounting and security assurance processes.
• Legitimate interests in securing our infrastructure, preventing abuse, and improving our services.
• Consent when legally required for optional marketing communications.

How we use personal data

We use personal data to:

• Respond to enquiries, prepare proposals, and manage customer relationships.
• Deliver, monitor, and improve contracted services including security testing and hosting.
• Provide mandatory notices, invoices, and legal documentation.
• Maintain security logs, detect threats, and enforce usage policies.

Data retention

We retain personal data only for as long as necessary to fulfil the purposes described above or to meet statutory requirements. Business correspondence is kept for up to 6 years in line with Polish commercial law. Security logs are retained for a maximum of 12 months unless required for incident investigation.

Data recipients and transfers

We never sell personal data. We share it only with trusted processors that support our operations, such as cloud hosting providers, email platforms, payment processors, and security monitoring vendors. Each processor is bound by data processing agreements and adequate security safeguards.

When personal data is transferred outside the European Economic Area, we rely on Standard Contractual Clauses or other lawful transfer mechanisms to ensure equivalent protection.

Security measures

We implement physical, administrative, and technical controls aligned with OWASP ASVS and ISO 27001 practices, including encryption in transit and at rest, role-based access control, ongoing vulnerability management, and incident response procedures.

Your rights

You can exercise the following rights under GDPR by contacting us:

• Access your personal data and obtain a copy.
• Rectify inaccurate or incomplete data.
• Request erasure ("right to be forgotten") in justified cases.
• Restrict or object to processing based on legitimate interests.
• Portability of data you provided to us in a structured format.
• Withdraw consent for marketing at any time without affecting prior processing.
• Lodge a complaint with the President of the Personal Data Protection Office (UODO).

Cookies and similar technologies

We use strictly necessary cookies to secure the website and remember your language choice. Analytical cookies are only activated with your consent. Detailed information about cookie categories, retention, and management options is described in the Cookie Policy.

Policy updates

We review this privacy policy at least once per year or whenever our processing activities change. Significant updates will be communicated through the website or direct notice.

Contact

If you have questions or wish to exercise your rights, contact our data protection team at contact@appsecservices.com or mail AppSec Services sp. z o.o., Makowa 11, 86-022 Aleksandrowo, Poland.