GDPR Compliance Statement

PenTeCon operates primarily as a Data Processor when you use our platform to scan your proprietary domains and networks. You, the customer, are the Data Controller. You determine what assets to scan and how the resulting diagnostic data is utilized.

We act as a Data Controller only concerning the account information (such as your email address and billing details) required to maintain your subscription and access to the platform.

If you reside in the European Economic Area (EEA), you have specific data protection rights. PenTeCon aims to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data.

• The right to access, update or delete: You can perform these actions directly within your account settings.
• The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete.
• The right to object: You have the right to object to our processing of your Personal Data.
• The right of restriction: You have the right to request that we restrict the processing of your personal information.
• The right to data portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable format.
• The right to withdraw consent: You also have the right to withdraw your consent at any time where PenTeCon relied on your consent to process your personal information.

By default, PenTeCon utilizes cloud infrastructure located within the European Union (Frankfurt, Germany) for all EU customers. We utilize Standard Contractual Clauses (SCCs) for any necessary data transfers outside the EEA to ensure your data is protected to European standards.

PenTeCon engages certain third-party service providers (sub-processors) to assist in providing our services (e.g., cloud hosting, payment processing). We maintain up-to-date Data Processing Agreements (DPAs) with all sub-processors, ensuring they adhere to the same strict GDPR standards.