Privacy & Data Protection

We take the protection of your personal data very seriously. We process personal data strictly in line with the GDPR and applicable German data protection laws and only to the extent necessary to provide and improve our services.

Controller
The controller responsible for data processing on this website is VORNAC (see Imprint). This is the point of contact for all questions related to privacy and your rights as a data subject.

Processed data and purposes
When you visit our website, server log files (IP address, date and time, URL, referrer, browser, operating system) are processed to ensure technical operation and IT security. Contact form and email inquiries are processed to answer your request and prepare or fulfil a contract for penetration testing services.

Legal bases
Data is processed on the basis of Article 6(1)(b) GDPR (performance of a contract or pre‑contractual measures) and Article 6(1)(f) GDPR (legitimate interest in secure, stable operation of the website and efficient communication). Where we rely on consent (e.g. analytics or marketing cookies), processing is based on Article 6(1)(a) GDPR.

Cookies and analytics
Only technically necessary cookies are set by default. Optional cookies for statistics or marketing, as well as third‑party tools (e.g. analytics, CDNs), are only activated after your explicit consent via the cookie banner, where you can change or withdraw your choice at any time.

Penetration testing data
For penetration testing engagements, we process only the data provided or approved by our clients. Test data and logs are stored in secure environments, strictly access‑controlled, used solely for the agreed assessment, and deleted or anonymised after the retention period defined in the contract. No test data is used to train public AI models.

Recipients and transfers
Technical service providers (e.g. hosting, monitoring, email, cloud GPU providers) may act as processors under data processing agreements in line with Article 28 GDPR. If data is transferred outside the EU/EEA, this is only done with appropriate safeguards such as Standard Contractual Clauses.

Retention
We store personal data only as long as necessary for the purposes described or as required by statutory retention periods. Log files are typically deleted or anonymised after a short period, unless longer storage is necessary to investigate security incidents.

Your rights
You have the right of access, rectification, erasure, restriction of processing, data portability and to object to processing under the conditions set out in Articles 15–21 GDPR. You also have the right to lodge a complaint with your competent data protection authority.

Contact
For questions about this privacy notice or to exercise your rights, contact us at the address given in the imprint or via the email address provided in the footer. We review and update this privacy notice regularly to reflect legal and technical changes.