THREAT-WATCH

Privacy Policy

THREAT-WATCH
PUBLIC INFRASTRUCTURE
PRIVACY & DATA PROTECTION NOTICE
Effective Date: March 2026 | Version 3.0
1. Data Controller & Statutory Disclosure
In accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679 and Greek Law 4624/2019, the Data Controller for this digital perimeter (threat-watch.com) is:
Entity: Threat-Watch (Entity Under Formation / Υπό Σύσταση)
Natural Person Controller: Konstantinos Chatzistavrou, Founder & CEO, acting in his personal capacity as Data Controller until formal incorporation of the entity. Upon incorporation, controllership shall transfer to the legal entity and this notice shall be updated accordingly.
Registered Office: Pontou 15, Thessaloniki, Greece
Contact: [email protected]
Data Protection Officer: A Data Protection Officer has not yet been appointed. Given the current scale of operations (sole proprietorship, pre-incorporation), the thresholds under Art. 37 GDPR requiring mandatory DPO appointment are not met. Threat-Watch is committed to appointing a DPO as the organisation scales and the conditions of Art. 37(1) are triggered. In the interim, all data protection inquiries should be directed to [email protected].Note: This policy governs public web telemetry only. All managed security services, AI-driven threat containment, and processing of client telemetry are strictly governed by a bilateral Data Processing Agreement (DPA) and Service Level Agreement (SLA) executed upon formal engagement.
2. Exhaustive Scope of Processing & Legal Basis (Art. 6 GDPR)
Threat-Watch operates under a “Privacy by Design and Default” framework. We only process data where a verifiable legal basis exists.2.1 Pre-Contractual B2B Inquiries
We process Name, Corporate Email, and Company Entity data provided via our “Request Demo” interface.
Legal Basis: Legitimate Interest in facilitating enterprise partnerships (Art. 6(1)(f)). A Legitimate Interest Assessment (LIA) has been conducted and documented, balancing our interest in responding to business inquiries against the privacy interests of the data subjects. A copy of this assessment is available upon request. We note that in B2B contexts, the individual submitting an inquiry is typically an employee acting on behalf of their organisation, and we rely on legitimate interest rather than pre-contractual necessity to reflect this reality.2.2 Infrastructure Telemetry
We utilize Vercel Web Analytics to monitor perimeter integrity. This system employs cryptographic hashing of visitor data; it does not store IP addresses or Personally Identifiable Information (PII) in a retrievable format.
Legal Basis: Legitimate Interest (Art. 6(1)(f)) in maintaining the security of our network and information systems (Recital 49 GDPR). A Legitimate Interest Assessment has been performed and is available upon request.2.3 Necessity of Providing Data
The provision of personal data via our “Request Demo” interface is not a statutory or contractual requirement. However, failure to provide the requested data will prevent us from processing your inquiry or providing you with information about our services.
3. Recipients & Sub-Processors
In the course of delivering our public-facing website and processing demo inquiries, the following categories of third-party processors may receive personal data:Vercel Inc. (hosting and analytics) — processes anonymised telemetry data for website performance and security monitoring. Vercel is GDPR-compliant with EU data residency capabilities, and data is processed within the EEA. Vercel acts as a data processor under a Data Processing Agreement executed with the Data Controller.Beyond the above, we do not sell, rent, lease, or otherwise disclose personal data to third-party aggregators, advertising networks, or data brokers. An up-to-date list of sub-processors is available upon written request to [email protected].
4. Cookie Exclusion & ePrivacy Compliance
Threat-Watch maintains a Zero-Tracking Perimeter. We do not utilize Google Analytics, marketing pixels, or third-party retargeting scripts. Our infrastructure relies solely on essential, cookie-less telemetry that does not require a consent banner under the ePrivacy Directive (Directive 2002/58/EC), as no non-essential data is stored on the user’s terminal equipment.
5. Retention & Purge Protocols
Inquiry Data: If a formal business relationship is not established within 12 months of the final communication, all associated data is permanently purged from our internal routing systems.
Security Logs: Anonymous telemetry is retained for 30 days for the purpose of identifying malicious traffic patterns, after which it is automatically overwritten.
6. Data Sovereignty & International Transfers
All data is processed exclusively within the European Economic Area (EEA). In the event that a future operational change necessitates data transfers outside the EEA, we will implement appropriate safeguards in accordance with Chapter V GDPR (such as Standard Contractual Clauses or an adequacy decision) and update this notice accordingly. We do not employ automated decision-making or profiling for marketing purposes.
7. Data Subject Rights (Chapter III GDPR)
In accordance with Articles 12 through 22 of the GDPR, data subjects maintain the following rights in relation to their personal data:Right of Access (Art. 15) — You have the right to obtain confirmation as to whether personal data concerning you is being processed and, if so, to access that data and receive supplementary information.
Right to Rectification (Art. 16) — You have the right to have inaccurate personal data corrected without undue delay.
Right to Erasure (Art. 17) — You have the right to request the deletion of your personal data where one of the grounds specified in Art. 17(1) applies.
Right to Restriction of Processing (Art. 18) — You have the right to request restriction of processing in specific circumstances, such as where accuracy is contested or processing is unlawful.
Right to Data Portability (Art. 20) — Where processing is based on consent or contract and carried out by automated means, you have the right to receive your personal data in a structured, commonly used, machine-readable format.
Right to Object (Art. 21) — You have the right to object at any time to processing based on legitimate interest, including profiling. We shall cease processing unless we demonstrate compelling legitimate grounds.How to Exercise Your Rights
All requests must be submitted in writing to [email protected] or by post to our registered office. In accordance with Art. 12(2) GDPR, we will facilitate the exercise of your rights and will not charge a fee unless a request is manifestly unfounded or excessive (Art. 12(5)). To protect the security of personal data, we may request reasonable verification of the requester’s identity before processing the request, such as confirmation of the email address originally provided. We will respond to all valid requests within one month, with the possibility of extension by two further months for complex or numerous requests (Art. 12(3)).
8. Data Breach Notification
In the event of a personal data breach as defined in Art. 4(12) GDPR, Threat-Watch will notify the Hellenic Data Protection Authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach (Art. 33). Where the breach is likely to result in a high risk to the rights and freedoms of affected individuals, we will also notify those individuals directly without undue delay (Art. 34).
9. Changes to This Notice
Threat-Watch reserves the right to update this Privacy & Data Protection Notice at any time. Material changes will be communicated by publishing the revised notice on this page with an updated effective date and version number. Where changes significantly affect ongoing processing of personal data, we will make reasonable efforts to notify affected data subjects directly (e.g., via the email address provided during a demo request). The updated notice will govern all subsequent processing from the date of publication. We encourage visitors to review this notice periodically.
10. Regulatory Oversight
Data subjects have the statutory right to lodge a complaint regarding our processing activities with the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα):Postal Address: Kifissias 1-3, 115 23 Athens, Greece
Website: www.dpa.grThis right to complain exists without prejudice to any other administrative or judicial remedy.Threat-Watch — Securing Europe’s Mid-Market
[email protected] | threat-watch.com