Privacy Policy

Last Updated: April 28, 2025

1. Introduction

NIS 2 Compliance Check ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our NIS 2 compliance assessment service, visit our website, or interact with us in any way.

We value transparency and want to ensure you understand how your data is handled. By using our services, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide when using our services, including:

  • Contact information (name, email address, phone number, job title)
  • Company information (name, address, industry sector, size)
  • Payment information (processed through secure third-party payment processors)
  • Responses to our NIS 2 compliance questionnaire
  • Information about your organization's technical infrastructure
  • Communications with our team

2.2 Information Collected Automatically

When you visit our website or use our services, we may automatically collect certain information, including:

  • IP address and device information
  • Browser type and version
  • Operating system
  • Pages visited and time spent on pages
  • Referral sources
  • TLS configuration data (as part of the security scan)
  • Email security configuration data (as part of the security scan)

2.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies to collect information about your browsing activities. These technologies help us analyze website traffic, customize content, and improve your experience. You can manage your cookie preferences through your browser settings.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide and improve our NIS 2 compliance assessment services
  • To generate your gap analysis report and provide actionable recommendations
  • To process payments and maintain billing records
  • To communicate with you about our services
  • To respond to your inquiries and provide customer support
  • To send service-related announcements and updates
  • To ensure the security and functionality of our website and services
  • To detect and prevent fraud or unauthorized access
  • To comply with legal obligations

4. Legal Basis for Processing

Under the General Data Protection Regulation (GDPR), we process your personal data based on the following legal grounds:

  • Contract fulfillment: Processing necessary to provide our services and fulfill our contractual obligations
  • Legitimate interests: Processing necessary for our legitimate business interests, such as improving our services, ensuring security, and preventing fraud
  • Consent: Processing based on your explicit consent, which you can withdraw at any time
  • Legal obligation: Processing necessary to comply with legal requirements

5. Data Retention

We retain your data for the following periods:

Data Category Retention Period Reason
Account information 7 years after last activity Business records, legal requirements
Assessment responses and results 30 days by default, longer if requested Service provision, benchmarking improvements
Technical scan data 30 days Service provision, technical improvements
Payment information 7 years Accounting, legal requirements
Communications 3 years after last contact Customer support, reference

At the end of these periods, we will securely delete or anonymize your data. You may request earlier deletion of your data as described in the "Your Rights" section.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. Our security measures include:

  • End-to-end encryption for all data in transit
  • Encryption of sensitive data at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Regular security training for our team
  • Hosting in EU-based servers with appropriate security certifications

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

7. Data Sharing and Disclosure

We may share your information with the following categories of recipients:

  • Service providers: Third-party vendors who help us provide our services (e.g., hosting providers, payment processors)
  • Professional advisors: Legal, financial, or other advisors who provide services to us
  • Legal authorities: Government authorities, law enforcement, or other third parties when required by law
  • Business transfers: In connection with a merger, acquisition, or sale of assets

We require all third parties to respect the security of your data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

8. International Data Transfers

We store and process your data exclusively on servers located within the European Union. In the unlikely event that we need to transfer your data outside the EU, we will ensure that appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission, to ensure that your data receives an adequate level of protection.

9. Your Rights

Under applicable data protection laws, you have the following rights:

  • Access: You can request a copy of the personal data we hold about you.
  • Rectification: You can request that we correct any inaccurate or incomplete personal data.
  • Erasure: You can request that we delete your personal data in certain circumstances.
  • Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
  • Data portability: You can request that we provide you with your personal data in a structured, commonly used, and machine-readable format.
  • Objection: You can object to our processing of your personal data in certain circumstances.
  • Withdraw consent: Where we rely on your consent to process your personal data, you can withdraw that consent at any time.

To exercise any of these rights, please contact us at info@nis2compliancecheck.com. We will respond to your request within 30 days.

You also have the right to lodge a complaint with a supervisory authority if you believe that our processing of your personal data infringes data protection laws.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe that your child has provided us with personal information, please contact us at info@nis2compliancecheck.com, and we will take steps to delete such information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

NIS 2 Compliance Check
Email: info@nis2compliancecheck.com
Phone: +32 2 123 4567
Address: Rue de la Loi 175, 1048 Brussels, Belgium

Our Data Protection Officer can be reached at info@nis2compliancecheck.com.