BSEC.LV

Privacy Policy

GDPR Compliant

Privacy Policy

Last updated: January 14, 2025

This Privacy Policy describes how BSEC.LV Community Hub collects, uses, and protects your information in compliance with the EU General Data Protection Regulation (GDPR).

Your GDPR Rights

As an EU resident, you have specific rights regarding your personal data under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing.

1. Data Controller

BSEC.LV Community Hub acts as the data controller for personal information collected through this platform.

Contact Information:

Email: privacy@bsec.lv

Data Protection Officer: dpo@bsec.lv

Address: [To be provided by organization]

2. Information We Collect

Anonymous Submissions

By default, all story and CVE submissions are completely anonymous. We do not collect or store:

  • • IP addresses
  • • Browser fingerprints
  • • Personal identifiers
  • • Location data

Optional Contact Information

If you voluntarily provide contact information:

  • • Email addresses (for clarification purposes only)
  • • This information is never published or shared
  • • Used only for direct communication about your submission
  • • You can request deletion at any time

Technical Data

We collect minimal technical information for security and functionality:

  • • Server logs for security monitoring (automatically deleted after 30 days)
  • • Basic analytics for improving user experience (anonymized)
  • • Error logs for technical troubleshooting (no personal data)
3. Legal Basis for Processing

Legitimate Interest (Article 6(1)(f) GDPR)

Processing anonymous cybersecurity information to improve community security awareness and knowledge sharing.

Consent (Article 6(1)(a) GDPR)

When you voluntarily provide contact information, we process it based on your explicit consent, which you can withdraw at any time.

Public Interest (Article 6(1)(e) GDPR)

Sharing cybersecurity information serves the public interest of improving digital security for the community.

4. Data Sharing and Disclosure

CVE Reports

Technical details of vulnerability reports may be shared with:

  • • cert.lv (Latvia's Computer Emergency Response Team)
  • • Affected software vendors for remediation
  • • Security research community (anonymized)

Anonymous Stories

Published stories are completely anonymized and may be shared publicly for educational purposes.

Important

We never share personal contact information. All shared data is either anonymous or technical in nature.

5. Data Retention

Anonymous Submissions

Retained indefinitely for community benefit, as they contain no personal data.

Contact Information

Deleted within 90 days unless you request earlier deletion or ongoing communication is needed.

Server Logs

Automatically deleted after 30 days for security and performance monitoring.

Analytics Data

Anonymized usage statistics retained for 24 months to improve service quality.

6. Your Rights Under GDPR

Right of Access

Request a copy of personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data ("right to be forgotten").

Right to Restrict Processing

Limit how we process your personal data.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests.

Exercising Your Rights

To exercise any of these rights, contact us at privacy@bsec.lv. We will respond within 30 days as required by GDPR.

7. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • • End-to-end encryption for data transmission
  • • Secure server infrastructure with regular security updates
  • • Access controls and authentication for administrative functions
  • • Regular security audits and vulnerability assessments
  • • Data minimization - we collect only what is necessary
  • • Anonymous-by-design architecture
8. International Data Transfers

All data processing occurs within the European Union. If international transfers become necessary, we will:

  • • Ensure adequate protection through adequacy decisions or appropriate safeguards
  • • Implement Standard Contractual Clauses where required
  • • Notify users of any changes to data processing locations
9. Contact Information and Complaints

Contact Us

Privacy Questions: privacy@bsec.lv

Data Protection Officer: dpo@bsec.lv

General Contact: contact@bsec.lv

Supervisory Authority

If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the Latvian Data State Inspectorate or your local supervisory authority.

10. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

  • • Post the updated policy on this page
  • • Update the "Last updated" date
  • • Notify users of significant changes via email (if contact information is available)
  • • Maintain previous versions for reference