Become an MSP Partner

GDPR Compliance Statement

At DarkWebReport.io, we are committed to ensuring the protection and security of personal data in accordance with the EU General Data Protection Regulation (GDPR). This document outlines our approach to GDPR compliance and the measures we have implemented to protect the privacy rights of individuals in the European Union.

Data Controller and Data Processor Roles

DarkWebReport.io operates as both a data controller and a data processor:

  • As a Data Controller: We determine the purposes and means of processing personal data collected directly from our customers (MSPs) during account registration, customer support interactions, and marketing activities.
  • As a Data Processor: We process personal data on behalf of our MSP customers when they upload their clients’ data for dark web monitoring and threat intelligence services.

Lawful Basis for Processing

We process personal data under the following lawful bases as defined by GDPR:

  • Contract: Processing necessary for the performance of our contract with MSPs to provide dark web monitoring services.
  • Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, ensuring network security, and preventing fraud.
  • Consent: Processing based on specific, informed, and unambiguous consent for certain activities such as marketing communications.
  • Legal Obligation: Processing necessary to comply with our legal obligations.

Data Subject Rights

We respect and uphold the rights of data subjects under GDPR, including:

  • The right to be informed about how we use their personal data
  • The right of access to their personal data
  • The right to rectification of inaccurate personal data
  • The right to erasure (“right to be forgotten”)
  • The right to restrict processing
  • The right to data portability
  • The right to object to processing
  • Rights related to automated decision making and profiling

To exercise these rights, data subjects can contact us through the contact information provided at the end of this document.

Technical and Organizational Measures

We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including:

  • Encryption of personal data during transmission and at rest
  • Regular testing and evaluation of the effectiveness of security measures
  • Ability to ensure the ongoing confidentiality, integrity, and availability of processing systems
  • Process for regularly testing, assessing, and evaluating the effectiveness of security measures
  • Measures to restore access to personal data in the event of a physical or technical incident
  • Staff training on data protection and security practices

Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processing activities that are likely to result in a high risk to the rights and freedoms of individuals.

International Data Transfers

When transferring personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place through mechanisms such as:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) where applicable
  • Adequacy decisions by the European Commission for certain countries

Data Breach Notification

In the event of a personal data breach, we have procedures in place to:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible
  • Notify affected data subjects without undue delay when the breach is likely to result in a high risk to their rights and freedoms
  • Document all breaches, including the facts, effects, and remedial actions taken

Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our compliance with GDPR. The DPO serves as a point of contact for data subjects and supervisory authorities on all matters related to the processing of personal data.

MSP Responsibilities

As an MSP using our platform, you have certain responsibilities under GDPR when processing your clients’ data:

  • Ensure you have a lawful basis for processing your clients’ personal data
  • Inform your clients about how their data will be processed through our services
  • Obtain necessary consents where required
  • Respond to data subject requests in a timely manner
  • Ensure that your use of our platform complies with GDPR and other applicable data protection laws

Data Processing Agreement

We provide a Data Processing Agreement (DPA) to our MSP customers that outlines the terms and conditions for the processing of personal data in accordance with GDPR requirements.

GDPR Compliance Review

We regularly review and update our GDPR compliance measures to ensure they remain effective and up-to-date with regulatory changes and best practices.

Contact Information

For questions or concerns regarding our GDPR compliance or to exercise your data protection rights, please contact our Data Protection Officer:

Data Protection Officer
DarkWebReport.io
Email: [email protected]
Address: 123 Cyber Security Street, Digital City, DC 12345, USA