Skip to content

Privacy Policy

Privacy Policy for Test and Secure. How we collect, use, and protect personal data and scan results.

Privacy Policy

Last Updated: January 25, 2026

1. Who We Are (Data Controller)

The Data Controller responsible for your personal data is:

MATEUSZ KAWKA MADE BY KAWKA ul. Polnych Kwiatów 6 05-191 Miękoszynek Poland

Tax ID (NIP): PL5311708979 Contact Email: contact@testandsecure.com

If you have questions regarding your privacy, please contact us at the email address above.

2. Scope

This policy applies to the Test and Secure website, our vulnerability scanning services, order processing, report delivery, and support communication.

3. Personal Data We Collect

We collect only the data necessary to deliver our services. Providing this data is voluntary but necessary to enter into a contract and perform the requested scans.

Account & Contact Data

  • Name, email address, company name (if provided).
  • Content of support messages and unique Order IDs.

Order & Transaction Data

  • Service package selection, scan scope details.
  • Billing information required for invoicing (we do not store full credit card numbers; these are handled securely by our payment processors).

Technical & Scan Data

  • Target URL(s) and IP addresses you provide for scanning.
  • Security findings, vulnerabilities, and metadata generated during the scan.

Usage & Security Logs

  • User IP address, browser user agent, access timestamps, and basic server request logs (used for security monitoring and troubleshooting).

4. Purposes & Legal Bases (GDPR Art. 6)

We process your data based on the following legal grounds:

  1. Contract Performance (Art. 6(1)(b)): To process your orders, perform the security scans, and deliver the reports to you.
  2. Legitimate Interest (Art. 6(1)(f)): To ensure the security of our own infrastructure, prevent fraud/abuse of our scanner, and improve service performance.
  3. Legal Obligation (Art. 6(1)(c)): To comply with tax, accounting, and consumer protection regulations (e.g., keeping invoices).
  4. Consent (Art. 6(1)(a)): Used only for optional activities (e.g., marketing newsletters or non-essential cookies), if you explicitly opt-in.

5. Cookies

We use cookies and similar technologies to ensure our website functions correctly. For details on how we use them and how to manage your preferences, please refer to our Cookies Policy at /cookies-policy.

6. Sharing & Processors

We never sell your personal data. We share data only with trusted third-party processors necessary to operate our business.

We utilize the following categories of recipients:

  • Hosting & Infrastructure: OVHcloud (servers located within the European Union) to host the website and secure data.
  • Email Delivery Services: To send you scan reports and transactional emails.
  • Payment Processors: To securely handle payments.
  • Accounting Services: To process invoices and tax obligations.

All processors act under a Data Processing Agreement (DPA) and process data only according to our instructions.

7. International Transfers

Our primary hosting infrastructure (OVHcloud) is located within the European Economic Area (EEA), ensuring your data is protected under GDPR standards.

If we use auxiliary service providers (e.g., for email delivery or analytics) located outside the EEA, we ensure appropriate safeguards are in place, such as the European Commission’s Standard Contractual Clauses (SCCs) or reliance on the Data Privacy Framework (DPF).

8. Data Retention

We adhere to the principle of storage limitation:

  • Scan Reports: Retained for 30 days after completion to allow you to download them, after which they are securely deleted.
  • Billing Records: Retained for 5 years (plus the current year) as required by tax laws.
  • Support Messages: Retained for up to 24 months for continuity of support.
  • Server Logs: Retained typically for 30–90 days for security auditing.

9. Security Measures

We implement industry-standard technical and organizational measures to protect your data, including:

  • Encryption: TLS (SSL) for data in transit and encryption for sensitive data at rest.
  • Access Control: Strict role-based access control (RBAC) and least-privilege principles for our staff.
  • Monitoring: Regular security audits and logging.

10. Automated Decision-Making

We do not use your personal data for automated decision-making or profiling that produces legal effects concerning you.

11. Your Rights (GDPR)

Under the GDPR, you have the following rights:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure ("Right to be forgotten"): Request deletion of your data (unless we are legally required to keep it, e.g., for tax purposes).
  • Right to Restriction: Request to limit how we use your data.
  • Right to Object: Object to processing based on legitimate interests.
  • Right to Portability: Receive your data in a structured, machine-readable format.

To exercise any of these rights, please contact us at: contact@testandsecure.com.

12. Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority. In Poland, this is the President of the Personal Data Protection Office (UODO).

13. Changes to This Policy

We may update this Privacy Policy from time to time. The latest version will always be available on this page with the "Last Updated" date at the top.