We are EO SECURITY s.r.o., with its registered office at Lidická 2006/26, Černá Pole, 602 00 Brno, ID No. 05182662, registered in the Commercial Register kept at the Regional Court in Brno under file No. C 93979, e-mail (hereinafter also referred to as "we") and we would like to inform you how we will handle your personal data.

In this document you will find a detailed overview of what we as data controllers will do with your personal data, why we need it, how long we keep it or what rights you have in relation to your personal data.

We may obtain your personal data in various situations. We provide you with ethical hacking services and also operate an e-shop available at Because we are committed to your privacy first and foremost, we want to show you that your personal information is safe with us.

We process personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and on the repeal of Directive 95/46/EC (General Data Protection Regulation) (hereinafter also referred to as "GDPR").

We fully understand that this area is not the easiest to understand, so if you have any questions, please do not hesitate to write to us at the aforementioned e-mail address. We will be more than happy to explain further.


We will process your personal data in the following cases:

  • If you contact us on our website via the form at, we will process:
    • Your name, email address, phone number, the company you are writing from and the information you provide in your message.
  • When you contact us via the chat window on our website, we will process:
    • Technical data, messages you send us and other information you provide in connection with your inquiries and communications.
  • When you wish to make a purchase on our e-shop, we will process:
    • Personal information required to set up a user account (if you choose to do so), such as your email address and other information you provide to us when using your user account.
    • Personal data when filling in the order, which is your name, surname, address, e-mail, telephone number and other data necessary for issuing an invoice.
  • Personal data that we collect when we enter into other contracts together or when we provide our services to you. In this case, we process identification data, contact information and other data necessary for the provision of services and the conclusion of contracts.
  • Information about your activity on our website. By visiting our website, your activity on the website is recorded. We use cookies technology to analyse traffic on our website. Further information about the use of cookies is set out in Appendix A of this Privacy Policy.

  • If you contact us via the contact form or chat window, we will process personal data for the purpose of processing your request or answering your enquiry based on our legitimate interest in ensuring communication between you and us. If a contractual relationship should subsequently arise between us as a result of the communication, this personal data will also be processed for the purposes of fulfilling this contractual relationship, concluding a contract, etc. The legal basis will thus also be the fulfilment of contractual obligations pursuant to Article 6(1)(b) GDPR.
  • We process personal data obtained from the e-shop and when providing services for the purpose of delivering goods, providing services or creating a user account, where the legal basis is the performance of contractual obligations under Article 6(1)(b) GDPR. In addition, we will need your personal data in order to comply with our legal obligations, in particular in connection with accounting and VAT. Therefore, the legal basis for processing will also be the fulfilment of legal obligations under Article 6(1)(c) GDPR. In order to protect our own claims, for example, if you fail to pay us any amount or there is another dispute between us, we will also process personal data on the basis of our legitimate interest which is to protect our legal claims.
  • We use the information obtained from cookies mainly for the purpose of analysing the manner in which you use our website or to offer you the features of our website and e-shop. The legal basis will be either your consent or our legitimate interest in providing basic marketing.
  • From time to time, we will send you an email offering you our additional services or products. This may occur mainly because you have become our customer and we may do so-called direct marketing based on legitimate interest. However, you can opt out of receiving commercial communications at any time, either before submitting any form or in any email we send you. However, if you are not a customer of ours, we will only send you emails offering our services or products provided that you actively opt-in to receive such emails. Also in these cases, the rule that you can opt out of receiving commercial communications and thus refuse them in the future will be respected.

If we process personal data for purposes other than those set out above, we will always assess the legal basis on which we may do so and, where appropriate, we will obtain your consent to process your personal data.


Since we are not able to manage all services and the e-shop ourselves, we use other entities, which we call recipients of personal data in accordance with the GDPR.

The following recipients have access to your personal data:

  • the company providing secure communication of the emails we send you, which is Proton Technologies AG. The company is located in Switzerland; therefore, the transfer is based on a corresponding protection decision, the text of which is available here;
  • the company that ensures the technical functioning of the e-shop and the platform on which the e-shop operates, which is Shoptet, a.s;
  • the provider of the chat window, which is the company, s.r.o.;
  • our external accountant;
  • a company that sends out mass emails;
  • our internal CRM;
  • our employees working with us under a cooperation agreement or similar agreement.

We process your personal data on the territory of the European Union or in countries that have set up adequate data protection as in the European Union.


We will only process your personal data for as long as is necessary to fulfil the above purposes for which it was collected - providing services and products, completing requested transactions, or for other necessary purposes such as complying with our legal obligations, resolving disputes and legally enforcing our agreements. These needs may vary for different types of data in the context of different products and services, and therefore the actual retention period may vary significantly. Our primary contractual relationship is with each other, so we will process personal data for as long as that contractual relationship lasts. The law also provides us with various rules for document retention, an example being 10 years for the retention of accounting documents and information required with regard to VAT.

In any case, we observe the principle of storage limitation and if your personal data is no longer needed for the purposes for which it was collected, we will delete it, unless you give us your consent to its further processing.


You have the following rights in relation to our processing of your personal data:

  • the right of access to your personal data;
  • the right to correction;
  • the right to erasure ("right to be forgotten");
  • the right to restrict data processing;
  • the right to object to the processing;
  • the right to data portability;
  • the right to file a complaint regarding the processing of personal data.

Your rights are explained below to give you a clearer idea of their content.

The right of access means that you can ask us at any time to confirm whether or not the personal data concerning you are being processed and, if so, for what purposes, to what extent, to whom they are disclosed, how long we will process them, whether you have the right to rectification, erasure, restriction of processing or to object, where we obtained the personal data and whether automated decision-making, including possible profiling, is occurring on the basis of the processing of your personal data.  You also have the right to receive a copy of your personal data.

The right to correction means that you can at any time ask us to correct or complete your personal data if it is inaccurate or incomplete.

The right to erasure means that we must erase your personal data if (i) it is no longer necessary for the purposes for which it was collected or otherwise processed, (ii) the processing is unlawful, (iii) you raise an objection to the processing and there are no overriding legitimate grounds for the processing, (iv) we are under a legal obligation to do so, or (v) you withdraw your consent in relation to the personal data for which you have given your consent to the processing.

The right to restrict data processing means that until we have resolved any disputed issues regarding the processing of your personal data, we may not process your personal data in any other way than by storing it and, where necessary, using it only with your consent or for the establishment, exercise or defence of legal claims.

The right to object to the processing means that you can object to the processing of your personal data we process on the basis of the performance for direct marketing purposes or on the grounds of legitimate interest, including profiling based on our legitimate interest. If you object to processing for direct marketing purposes, your personal data will no longer be processed for such purposes. If you object to processing based on other grounds, we will evaluate the objection and then inform you whether we have complied with the objection and will no longer process your data, or that the objection was not justified and processing will continue. In any case, processing will be restricted until the objection is resolved.

The right to data portability means that you have the right to retrieve personal data concerning you which you have provided to us on the basis of consent or contract and which is also processed by automated means, in a structured, commonly used and machine-readable format, and to have that personal data forwarded directly to another controller.

If you have a privacy related comment or complaint, query or exercise any of your rights, please contact us at the address. We will respond to your questions or comments within one month.

Our activities are also supervised by the Office for Personal Data Protection, to whom you can file a complaint if you are dissatisfied. You can find out more on its website (


Our policy may be subject to change from time to time. We will post any changes to our Privacy Policy at and will notify you in more detail if there are significant changes (for some services, we may notify you of policy changes by email). We maintain previous versions of this policy for you to access in the future. We will send you these versions at your request.

This policy is effective from 01.10.2021