This Data Protection Statement summarises how TervaX approaches the protection of personal data across our website and our client engagements. It complements our Privacy Policy, which describes in detail how we handle personal data collected through tervax.com.
As a cybersecurity company, safeguarding data is at the core of our work. This document is a template and should be reviewed by qualified counsel before you rely on it.
1. Our commitment
TervaX is committed to processing personal data lawfully, fairly, and transparently, and to protecting it with appropriate technical and organisational measures. We apply the principles of data minimisation, purpose limitation, and storage limitation: we collect only the personal data we need, use it only for the purposes for which it was provided, and keep it only for as long as necessary.
2. Our roles: controller and processor
In relation to personal data collected through our website, TervaX acts as a data controller — we decide how and why the data is used. This is described in our Privacy Policy.
In relation to personal data we handle while delivering security services to a client — for example, during a penetration test, an incident response engagement, or a forensic investigation — TervaX typically acts as a data processor, handling that data strictly on the client’s documented instructions and under the terms of the relevant engagement agreement and data-processing terms.
3. Security measures
We take appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing and against accidental loss, destruction, or damage. These measures include, as appropriate to the context:
- encryption of data in transit (the website is served over HTTPS) and, where appropriate, at rest;
- access controls that limit personal data to those who need it for a defined purpose;
- use of reputable hosting, content-delivery, and security providers under written terms;
- operational security practices consistent with recognised information-security management standards;
- confidentiality obligations for personnel and subcontractors who may handle personal data.
No system can be guaranteed to be completely secure, but we work continuously to maintain and improve the protections around the personal data we hold.
4. Providers and international transfers
Where we use third-party providers that process personal data on our behalf, we select them carefully and put written terms in place that require them to protect the data and to act only on our instructions. Where personal data is transferred internationally, we take steps to ensure it remains protected to the standards required by applicable data protection law, using appropriate safeguards such as standard contractual clauses.
5. Your rights and how to engage us
Depending on where you are located, you may have rights over your personal data, including rights of access, rectification, erasure, restriction, portability, and objection. These are described more fully in our Privacy Policy. To exercise any of these rights, or to ask a question about how we protect personal data, please email us at info@tervax.com.
Where we act as a processor on behalf of a client, requests from that client’s data subjects are generally handled by the client as controller; we support our clients in responding to such requests under the relevant engagement.
6. Incident and breach response
We maintain processes to detect, investigate, and respond to security incidents that may affect personal data. Where a personal-data breach occurs, we will assess it and, where required by applicable law or by our engagement terms, notify the relevant authorities and affected parties without undue delay.
7. How to contact us
If you have any questions about this Data Protection Statement or about how we protect personal data, you can contact us by email at info@tervax.com.