Privacy Policy – Customers
Privacy Policy
1. Introduction
Soltreex s.r.o. (“Company,” “we,” “us,” or “our”) is a leading cybersecurity and information security company. We specialize in protecting data, managing cyber risks, and ensuring compliance with international security standards.
We take privacy and data protection seriously and comply with the following laws and standards:
International Standards (ISO/IEC):
• ISO/IEC 27001:2022 – Information Security Management System (ISMS)
• ISO/IEC 27701:2019 – Privacy Information Management System (PIMS)
• ISO/IEC 27017:2015 – Cloud Security Controls
• ISO/IEC 27018:2019 – Protection of Personal Data in Cloud Computing
• ISO/IEC 27032:2012 – Cybersecurity Guidelines
• ISO/IEC 27035:2016 – Information Security Incident Management
• ISO/IEC 31000:2018 – Risk Management Framework
• ISO/IEC 29100:2011 – Privacy Framework
• ISO/IEC 22301:2019 – Business Continuity Management System (BCMS)
Legal and Regulatory Compliance:
• General Data Protection Regulation (GDPR) (EU) 2016/679
• Czech Act No. 110/2019 Coll. on Personal Data Processing
• NIS2 Directive (EU) 2022/2555 – Network and Information Security Directive
• Czech Cybersecurity Act No. 181/2014 Coll.
This Privacy Policy explains how we collect, process, store, and protect personal and business data in accordance with the highest international and legal standards.
2. Scope of This Policy
This policy applies to:
• All visitors to our website (www.soltreex.com)
• Customers, business partners, and suppliers who interact with our services
• Job applicants, employees, and contractors
• Any individual whose personal data is processed by Soltreex
3. What Data We Collect
We collect and process only the data necessary for our cybersecurity services, business operations, legal compliance, and client interactions.
3.1 Personal Data
We may collect personal data such as:
• Full name, job title, company name
• Contact details (email, phone number, address)
• Identification details (contract numbers, customer IDs)
• Communication records, including emails and chat logs
3.2 Technical and Security Data
To protect our systems and detect security threats, we collect:
• IP addresses and device identifiers (for security monitoring)
• System and network logs (for cybersecurity audits and incident response)
• Behavioral data related to service usage (for fraud detection and security enhancement)
• Cookies and tracking technologies (to improve website security and performance)
3.3 Business and Employee Data
• Client, partner, and supplier information
• Financial and contractual details
• Employee and job applicant data (including security clearances, background checks, certifications)
• Data required for compliance with cybersecurity frameworks (ISO 27001, NIS2, etc.)
4. How We Use Your Data
We process your data for the following purposes:
• Cybersecurity and IT security services – penetration testing, security audits, incident response, and threat intelligence
• Regulatory compliance – adherence to GDPR, ISO standards, NIS2 Directive, and Czech cybersecurity laws
• Security monitoring and fraud prevention – detecting, investigating, and mitigating cyber threats
• Client relationship management – communication, contract execution, invoicing, and technical support
• Human resources and recruitment – processing job applications and managing employees
• Legal compliance and dispute resolution – fulfilling legal obligations and responding to authorities
We implement strict security controls to safeguard all data and ensure compliance with ISO cybersecurity and privacy frameworks.
5. Legal Basis for Processing
Our data processing is based on:
• Legitimate interest – cybersecurity monitoring, fraud detection, service improvement
• Contractual necessity – fulfilling agreements with clients, suppliers, and employees
• Legal obligations – compliance with Czech and EU regulations
• Consent – when explicitly required, such as for marketing communications or optional analytics tracking
6. Data Security and Compliance with ISO Standards
We implement security measures aligned with ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27032, ISO/IEC 27035, and ISO/IEC 22301, including:
• Access control and authentication mechanisms (role-based access, multi-factor authentication)
• Data encryption and secure storage (TLS encryption, secure databases, cryptographic controls)
• Network security and intrusion detection (firewalls, SIEM systems, 24/7 threat monitoring)
• Regular security audits and vulnerability assessments (penetration testing, compliance reviews)
• Incident response and breach mitigation (ISO 27035-based security response protocols)
• Business continuity and disaster recovery (ISO 22301-based risk management)
All employees and contractors undergo cybersecurity training and must comply with strict internal security policies.
7. Data Sharing and International Transfers
We do not sell or rent personal data. However, we may share personal data with:
• Trusted service providers (e.g., cloud hosting, cybersecurity monitoring tools) under strict confidentiality agreements
• Regulatory authorities or law enforcement if required by Czech or EU law
• Business partners when necessary for cybersecurity services (with contractual safeguards)
For international data transfers outside the EEA, we ensure compliance with GDPR-approved mechanisms, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) for intra-group transfers
• ISO 27018 compliance for cloud service providers handling personal data
8. Data Retention Policy
We retain personal data only for as long as necessary for:
• Regulatory and legal requirements
• Security and cybersecurity incident investigations
• Business continuity and disaster recovery purposes
After the retention period expires, data is securely deleted or anonymized following ISO 27001 data disposal best practices.
9. Your Rights Under GDPR
Under GDPR and Czech data protection laws, you have the following rights:
• Right to access – Obtain a copy of your personal data
• Right to rectification – Correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) – Request deletion of data under certain conditions
• Right to restrict processing – Limit how we process your data
• Right to data portability – Receive your data in a structured format
• Right to object – Object to processing, including for marketing purposes
• Right to withdraw consent – If processing is based on consent, you can withdraw it at any time
• Right to lodge a complaint – File a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů)
To exercise your rights, contact us at info@soltreex.com
10. Cookies and Tracking Technologies
We use cookies and tracking technologies to:
• Enhance website security and user experience
• Detect fraudulent activity and cyber threats
• Improve website performance through analytics
You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.
11. Contact Information
For any privacy-related inquiries, please contact:
Soltreex s.r.o.
📧 Email: info@soltreex.cz
📍 Address: Soltreex s.r.o., ID: CZ21466190, Štorkánova 3235/14, Smíchov, 150 00 Prague 5, Czech Republic
12. Updates to This Policy
We may update this Privacy Policy periodically. The latest version will always be available on our website.
Last updated: [Date]
This Privacy Policy integrates GDPR, Czech law, ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 27032, ISO 27035, ISO 22301, and ISO 31000 to ensure strong data security, regulatory compliance, and privacy protection for Soltreexand its clients.
13. Data Breach Notification
In compliance with ISO/IEC 27035 (Information Security Incident Management) and GDPR Article 33, we have a structured incident response plan for handling data breaches. If a data breach occurs that may impact your personal data, we will:
1. Assess the risk and impact – Evaluate the extent of the breach and its potential consequences.
2. Take immediate corrective actions – Implement measures to contain and mitigate the breach.
3. Notify relevant authorities – If required by law, we will inform the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) within 72 hours.
4. Inform affected individuals – If the breach poses a high risk to your rights and freedoms, we will notify you as soon as possible.
5. Improve security measures – Implement additional safeguards to prevent future breaches.
We use ISO 27035-compliant incident response protocols to ensure rapid detection, containment, and resolution of security incidents.
14. Third-Party Services and Processors
We may engage third-party data processors (such as cloud service providers, cybersecurity monitoring firms, and IT support vendors) to help us deliver secure services. We ensure that:
• All third-party processors comply with ISO 27001 and GDPR requirements.
• Data processing agreements (DPAs) are in place with legally binding security and privacy clauses.
• Data is only shared under strict security conditions, with encryption and access controls.
Our key third-party service providers include:
• Cloud infrastructure providers (for hosting and security operations)
• Threat intelligence and cybersecurity firms (for proactive risk management)
• Payment processors and financial institutions (for secure transactions)
We regularly audit and assess third-party vendors for compliance with cybersecurity and privacy standards.
15. Children’s Data
Our services are not directed toward individuals under 18 years of age, and we do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take immediate steps to delete it.
If you believe a child’s data has been collected improperly, please contact us at info@soltreex.com.
16. Automated Decision-Making and Profiling
We do not engage in fully automated decision-making that has a legal or significant impact on individuals. However, we may use automated security monitoring and fraud detection algorithms to:
• Detect unauthorized access or cyber threats
• Identify suspicious activities based on behavior patterns
• Strengthen authentication and risk-based access control
All automated processes are regularly audited to ensure transparency, fairness, and compliance with GDPR Article 22.
17. Cross-Border Data Transfers
If we transfer personal data outside the European Economic Area (EEA), we ensure that it is protected through:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) for intra-group transfers
• Adequacy decisions issued by the European Commission for certain jurisdictions
• ISO 27018-compliant cloud security measures
Before transferring data internationally, we conduct a Transfer Impact Assessment (TIA) to evaluate the risks and ensure compliance with GDPR and ISO 27701.
18. Corporate Mergers, Acquisitions, and Restructuring
In the event of a merger, acquisition, or corporate restructuring, personal data may be transferred to the new entity. If such a transfer occurs:
• We will notify affected individuals before the transfer takes place.
• The new entity will continue to follow this Privacy Policy or provide an updated version.
• Data protection safeguards will remain in place to ensure security and compliance.
19. Compliance Audits and Certifications
We undergo regular security and compliance audits to ensure adherence to:
• ISO/IEC 27001 (Information Security Management System)
• ISO/IEC 27701 (Privacy Information Management System)
• ISO/IEC 22301 (Business Continuity Management System)
• NIS2 Directive (Cybersecurity and Critical Infrastructure Protection)
• GDPR and Czech data protection laws
External and internal audits verify that our security controls, risk management practices, and privacy policies align with global best practices.
20. How to Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, you may contact us:
Soltreex s.r.o.
📧 Email: info@soltreex.cz
📍 Address: Soltreex s.r.o., ID: CZ21466190, Štorkánova 3235/14, Smíchov, 150 00 Prague 5, Czech Republic
You also have the right to contact the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) at:
Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7, Czech Republic
Website: www.uoou.cz
21. Updates to This Privacy Policy
We may update this Privacy Policy to reflect:
• Changes in legal and regulatory requirements
• New cybersecurity risks and best practices
• Improvements in our data protection processes
The latest version of this Privacy Policy will always be available on our website.
Last updated: [02/02/2025]
This version of the Privacy Policy ensures full compliance with ISO standards, GDPR, NIS2 Directive, and Czech data protection laws while providing clarity and transparency for clients, partners, and regulatory authorities.
Privacy Policy
1. Introduction
Soltreex s.r.o. (“Company,” “we,” “us,” or “our”) is a leading cybersecurity and information security company. We specialize in protecting data, managing cyber risks, and ensuring compliance with international security standards.
We take privacy and data protection seriously and comply with the following laws and standards:
International Standards (ISO/IEC):
• ISO/IEC 27001:2022 – Information Security Management System (ISMS)
• ISO/IEC 27701:2019 – Privacy Information Management System (PIMS)
• ISO/IEC 27017:2015 – Cloud Security Controls
• ISO/IEC 27018:2019 – Protection of Personal Data in Cloud Computing
• ISO/IEC 27032:2012 – Cybersecurity Guidelines
• ISO/IEC 27035:2016 – Information Security Incident Management
• ISO/IEC 31000:2018 – Risk Management Framework
• ISO/IEC 29100:2011 – Privacy Framework
• ISO/IEC 22301:2019 – Business Continuity Management System (BCMS)
Legal and Regulatory Compliance:
• General Data Protection Regulation (GDPR) (EU) 2016/679
• Czech Act No. 110/2019 Coll. on Personal Data Processing
• NIS2 Directive (EU) 2022/2555 – Network and Information Security Directive
• Czech Cybersecurity Act No. 181/2014 Coll.
This Privacy Policy explains how we collect, process, store, and protect personal and business data in accordance with the highest international and legal standards.
2. Scope of This Policy
This policy applies to:
• All visitors to our website (www.soltreex.com)
• Customers, business partners, and suppliers who interact with our services
• Job applicants, employees, and contractors
• Any individual whose personal data is processed by Soltreex
3. What Data We Collect
We collect and process only the data necessary for our cybersecurity services, business operations, legal compliance, and client interactions.
3.1 Personal Data
We may collect personal data such as:
• Full name, job title, company name
• Contact details (email, phone number, address)
• Identification details (contract numbers, customer IDs)
• Communication records, including emails and chat logs
3.2 Technical and Security Data
To protect our systems and detect security threats, we collect:
• IP addresses and device identifiers (for security monitoring)
• System and network logs (for cybersecurity audits and incident response)
• Behavioral data related to service usage (for fraud detection and security enhancement)
• Cookies and tracking technologies (to improve website security and performance)
3.3 Business and Employee Data
• Client, partner, and supplier information
• Financial and contractual details
• Employee and job applicant data (including security clearances, background checks, certifications)
• Data required for compliance with cybersecurity frameworks (ISO 27001, NIS2, etc.)
4. How We Use Your Data
We process your data for the following purposes:
• Cybersecurity and IT security services – penetration testing, security audits, incident response, and threat intelligence
• Regulatory compliance – adherence to GDPR, ISO standards, NIS2 Directive, and Czech cybersecurity laws
• Security monitoring and fraud prevention – detecting, investigating, and mitigating cyber threats
• Client relationship management – communication, contract execution, invoicing, and technical support
• Human resources and recruitment – processing job applications and managing employees
• Legal compliance and dispute resolution – fulfilling legal obligations and responding to authorities
We implement strict security controls to safeguard all data and ensure compliance with ISO cybersecurity and privacy frameworks.
5. Legal Basis for Processing
Our data processing is based on:
• Legitimate interest – cybersecurity monitoring, fraud detection, service improvement
• Contractual necessity – fulfilling agreements with clients, suppliers, and employees
• Legal obligations – compliance with Czech and EU regulations
• Consent – when explicitly required, such as for marketing communications or optional analytics tracking
6. Data Security and Compliance with ISO Standards
We implement security measures aligned with ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27017, ISO/IEC 27018, ISO/IEC 27032, ISO/IEC 27035, and ISO/IEC 22301, including:
• Access control and authentication mechanisms (role-based access, multi-factor authentication)
• Data encryption and secure storage (TLS encryption, secure databases, cryptographic controls)
• Network security and intrusion detection (firewalls, SIEM systems, 24/7 threat monitoring)
• Regular security audits and vulnerability assessments (penetration testing, compliance reviews)
• Incident response and breach mitigation (ISO 27035-based security response protocols)
• Business continuity and disaster recovery (ISO 22301-based risk management)
All employees and contractors undergo cybersecurity training and must comply with strict internal security policies.
7. Data Sharing and International Transfers
We do not sell or rent personal data. However, we may share personal data with:
• Trusted service providers (e.g., cloud hosting, cybersecurity monitoring tools) under strict confidentiality agreements
• Regulatory authorities or law enforcement if required by Czech or EU law
• Business partners when necessary for cybersecurity services (with contractual safeguards)
For international data transfers outside the EEA, we ensure compliance with GDPR-approved mechanisms, including:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) for intra-group transfers
• ISO 27018 compliance for cloud service providers handling personal data
8. Data Retention Policy
We retain personal data only for as long as necessary for:
• Regulatory and legal requirements
• Security and cybersecurity incident investigations
• Business continuity and disaster recovery purposes
After the retention period expires, data is securely deleted or anonymized following ISO 27001 data disposal best practices.
9. Your Rights Under GDPR
Under GDPR and Czech data protection laws, you have the following rights:
• Right to access – Obtain a copy of your personal data
• Right to rectification – Correct inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) – Request deletion of data under certain conditions
• Right to restrict processing – Limit how we process your data
• Right to data portability – Receive your data in a structured format
• Right to object – Object to processing, including for marketing purposes
• Right to withdraw consent – If processing is based on consent, you can withdraw it at any time
• Right to lodge a complaint – File a complaint with the Czech Data Protection Authority (Úřad pro ochranu osobních údajů)
To exercise your rights, contact us at info@soltreex.com
10. Cookies and Tracking Technologies
We use cookies and tracking technologies to:
• Enhance website security and user experience
• Detect fraudulent activity and cyber threats
• Improve website performance through analytics
You can manage cookie preferences through your browser settings. For more details, see our Cookie Policy.
11. Contact Information
For any privacy-related inquiries, please contact:
Soltreex s.r.o.
📧 Email: info@soltreex.cz
📍 Address: Soltreex s.r.o., ID: CZ21466190, Štorkánova 3235/14, Smíchov, 150 00 Prague 5, Czech Republic
12. Updates to This Policy
We may update this Privacy Policy periodically. The latest version will always be available on our website.
Last updated: [Date]
This Privacy Policy integrates GDPR, Czech law, ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 27032, ISO 27035, ISO 22301, and ISO 31000 to ensure strong data security, regulatory compliance, and privacy protection for Soltreexand its clients.
13. Data Breach Notification
In compliance with ISO/IEC 27035 (Information Security Incident Management) and GDPR Article 33, we have a structured incident response plan for handling data breaches. If a data breach occurs that may impact your personal data, we will:
1. Assess the risk and impact – Evaluate the extent of the breach and its potential consequences.
2. Take immediate corrective actions – Implement measures to contain and mitigate the breach.
3. Notify relevant authorities – If required by law, we will inform the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) within 72 hours.
4. Inform affected individuals – If the breach poses a high risk to your rights and freedoms, we will notify you as soon as possible.
5. Improve security measures – Implement additional safeguards to prevent future breaches.
We use ISO 27035-compliant incident response protocols to ensure rapid detection, containment, and resolution of security incidents.
14. Third-Party Services and Processors
We may engage third-party data processors (such as cloud service providers, cybersecurity monitoring firms, and IT support vendors) to help us deliver secure services. We ensure that:
• All third-party processors comply with ISO 27001 and GDPR requirements.
• Data processing agreements (DPAs) are in place with legally binding security and privacy clauses.
• Data is only shared under strict security conditions, with encryption and access controls.
Our key third-party service providers include:
• Cloud infrastructure providers (for hosting and security operations)
• Threat intelligence and cybersecurity firms (for proactive risk management)
• Payment processors and financial institutions (for secure transactions)
We regularly audit and assess third-party vendors for compliance with cybersecurity and privacy standards.
15. Children’s Data
Our services are not directed toward individuals under 18 years of age, and we do not knowingly collect personal data from minors. If we become aware that a minor has provided us with personal data, we will take immediate steps to delete it.
If you believe a child’s data has been collected improperly, please contact us at info@soltreex.com.
16. Automated Decision-Making and Profiling
We do not engage in fully automated decision-making that has a legal or significant impact on individuals. However, we may use automated security monitoring and fraud detection algorithms to:
• Detect unauthorized access or cyber threats
• Identify suspicious activities based on behavior patterns
• Strengthen authentication and risk-based access control
All automated processes are regularly audited to ensure transparency, fairness, and compliance with GDPR Article 22.
17. Cross-Border Data Transfers
If we transfer personal data outside the European Economic Area (EEA), we ensure that it is protected through:
• Standard Contractual Clauses (SCCs) approved by the European Commission
• Binding Corporate Rules (BCRs) for intra-group transfers
• Adequacy decisions issued by the European Commission for certain jurisdictions
• ISO 27018-compliant cloud security measures
Before transferring data internationally, we conduct a Transfer Impact Assessment (TIA) to evaluate the risks and ensure compliance with GDPR and ISO 27701.
18. Corporate Mergers, Acquisitions, and Restructuring
In the event of a merger, acquisition, or corporate restructuring, personal data may be transferred to the new entity. If such a transfer occurs:
• We will notify affected individuals before the transfer takes place.
• The new entity will continue to follow this Privacy Policy or provide an updated version.
• Data protection safeguards will remain in place to ensure security and compliance.
19. Compliance Audits and Certifications
We undergo regular security and compliance audits to ensure adherence to:
• ISO/IEC 27001 (Information Security Management System)
• ISO/IEC 27701 (Privacy Information Management System)
• ISO/IEC 22301 (Business Continuity Management System)
• NIS2 Directive (Cybersecurity and Critical Infrastructure Protection)
• GDPR and Czech data protection laws
External and internal audits verify that our security controls, risk management practices, and privacy policies align with global best practices.
20. How to Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy, you may contact us:
Soltreex s.r.o.
📧 Email: info@soltreex.cz
📍 Address: Soltreex s.r.o., ID: CZ21466190, Štorkánova 3235/14, Smíchov, 150 00 Prague 5, Czech Republic
You also have the right to contact the Czech Data Protection Authority (Úřad pro ochranu osobních údajů) at:
Úřad pro ochranu osobních údajů
Pplk. Sochora 27
170 00 Praha 7, Czech Republic
Website: www.uoou.cz
21. Updates to This Privacy Policy
We may update this Privacy Policy to reflect:
• Changes in legal and regulatory requirements
• New cybersecurity risks and best practices
• Improvements in our data protection processes
The latest version of this Privacy Policy will always be available on our website.
Last updated: [02/02/2025]
This version of the Privacy Policy ensures full compliance with ISO standards, GDPR, NIS2 Directive, and Czech data protection laws while providing clarity and transparency for clients, partners, and regulatory authorities.