GDPR Compliance

GDPR Compliance

General Data Protection Regulation Compliance Statement

Last updated: October 9, 2025

1. Our Commitment to GDPR Compliance

PXL Security LTD. ("we", "our", or "us") is committed to protecting the privacy and personal data of all individuals, particularly those in the European Union (EU) and European Economic Area (EEA). We comply with the General Data Protection Regulation (GDPR) (EU) 2016/679 and related data protection laws.

This GDPR Compliance Statement outlines how we handle personal data, your rights under GDPR, and the measures we have implemented to ensure compliance with this important privacy regulation.

As a cybersecurity threat intelligence provider, we understand the critical importance of data protection and have designed our processes, systems, and policies to meet the highest standards of data privacy and security.

2. Lawful Basis for Processing

We process personal data only when we have a lawful basis under Article 6 of the GDPR:

Consent (Article 6(1)(a))

For marketing communications, cookies, and optional features where you have given clear consent.

Contract Performance (Article 6(1)(b))

To provide our cybersecurity services, process payments, and fulfill our contractual obligations.

Legal Obligation (Article 6(1)(c))

To comply with legal requirements such as tax obligations, regulatory compliance, and law enforcement requests.

Legitimate Interest (Article 6(1)(f))

For fraud prevention, security monitoring, service improvement, and business operations, balanced against your privacy rights.

3. Your Rights Under GDPR

If you are an EU/EEA resident, you have the following rights regarding your personal data:

Right of Access (Article 15)

Request confirmation of processing and copies of your personal data.

Right to Rectification (Article 16)

Request correction of inaccurate or incomplete personal data.

Right to Erasure (Article 17)

Request deletion of your personal data under certain circumstances.

Right to Restrict Processing (Article 18)

Request limitation of processing under specific conditions.

Right to Data Portability (Article 20)

Request transfer of your data in a structured, machine-readable format.

Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing.

4. Data Protection Measures

We have implemented comprehensive technical and organizational measures to ensure GDPR compliance:

Technical Safeguards

  • • End-to-end encryption for data transmission and storage
  • • Multi-factor authentication and access controls
  • • Regular security audits and vulnerability assessments
  • • Automated data backup and disaster recovery systems
  • • Network segmentation and intrusion detection systems

Organizational Measures

  • • Data Protection Officer (DPO) appointment and oversight
  • • Privacy by Design and Privacy by Default principles
  • • Regular employee training on data protection
  • • Data Processing Impact Assessments (DPIAs)
  • • Incident response and breach notification procedures

5. International Data Transfers

When transferring personal data outside the EU/EEA, we ensure adequate protection through:

  • Adequacy Decisions: Transfers to countries deemed adequate by the European Commission
  • Standard Contractual Clauses (SCCs): EU-approved contractual safeguards with third-party processors
  • Binding Corporate Rules: Internal data protection rules for group companies
  • Certification Schemes: Third-party certifications ensuring adequate protection levels

We regularly review and update our transfer mechanisms to ensure continued compliance with evolving regulations.

6. Data Retention and Deletion

We retain personal data only as long as necessary for the purposes outlined in our Privacy Policy:

Retention Schedule

  • • Account data: Duration of account + 3 years
  • • Financial records: 7 years (legal requirement)
  • • Support communications: 3 years after resolution
  • • Marketing data: Until consent is withdrawn
  • • Security logs: 1 year for incident investigation

At the end of retention periods, we securely delete or anonymize personal data using industry-standard methods that make recovery impossible.

7. Data Breach Notification

In the event of a personal data breach, we have established procedures to:

  1. Detect and Assess: Identify breaches in real-time through monitoring systems
  2. Contain and Investigate: Immediately contain the breach and investigate the cause
  3. Notify Authorities: Report to supervisory authorities within 72 hours if required
  4. Inform Data Subjects: Notify affected individuals without undue delay if high risk
  5. Document and Learn: Maintain breach records and implement preventive measures

We maintain a register of all data processing activities and breach incidents as required by GDPR Article 30.

10. Exercising Your Rights

To exercise your GDPR rights, please contact us using the information below:

Data Protection Officer: security [at] dfen [dot] ai

Privacy Team: security [at] dfen [dot] ai

Response Time: Within 30 days (1 month)

Verification: Identity verification may be required for security

When contacting us, please include:

  • • Your full name and account email
  • • Specific right you wish to exercise
  • • Any relevant supporting information
  • • Preferred method of response

11. Supervisory Authority Rights

You have the right to lodge a complaint with a supervisory authority if you believe we have not complied with GDPR requirements. You may contact:

  • • Your local EU/EEA data protection authority
  • • The authority in the country where you reside
  • • The authority where the alleged infringement occurred

We encourage you to contact us first to resolve any concerns, but this does not limit your right to approach supervisory authorities directly.

12. Updates to This Statement

We regularly review and update this GDPR Compliance Statement to reflect:

  • • Changes in data protection laws and regulations
  • • Updates to our data processing activities
  • • Improvements in our privacy practices
  • • Guidance from supervisory authorities

Significant updates will be communicated through:

  • • Email notifications to affected users
  • • Prominent notices on our website
  • • In-service notifications where appropriate

Your continued use of our services after updates constitutes acceptance of the revised statement.