1. Introduction
At Binalyze, we take your privacy seriously and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, and safeguard your data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Definitions
-
Personal Data: Any of information relating to an identified or identifiable natural person.
-
Processing: Any operation or set of operations performed on personal data, whether or not by automated means.
-
Data Subject: An individual whose personal data is processed.
-
Data Controller: The entity that determines the purposes and means of processing personal data.
-
Data Processor: The entity that processes personal data on behalf of the Data Controller.
-
Consent: A freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which they signify agreement to the processing of personal data.
3. Management Commitment
Our leadership team is committed to maintaining the highest standards of data protection. We provide the necessary resources and support to implement and maintain this Privacy Policy, ensuring we meet and exceed data protection requirements.
4. Personal Data Collection
We collect personal data for various purposes, including:
-
Providing and enhancing our services.
-
Communicating with customers and partners.
-
Complying with legal and regulatory obligations.
5. Types of Personal Data Collected
The types of personal data we may collect include:
-
Contact information (name, email address and phone number).
-
Billing information.
-
Usage data (IP address, browser type, access times).
-
Any other information provided by the Data Subject.
6. Legal Basis for Processing
We process personal data based on one or more of the following legal bases:
-
The Data Subject has given consent to the processing of their personal data.
-
Processing is necessary for the performance of a contract to which the Data Subject is a party.
-
Processing is necessary for compliance with a legal obligation.
-
Processing is necessary to protect the vital interests of the Data Subject or another natural person.
-
Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller.
-
Processing is necessary for the purposes of legitimate interests pursued by the Data Controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the Data Subject.
7. Use of Personal Data
We use personal data for the following purposes:
-
To provide and manage our services.
-
To communicate with customers and partners.
-
To conduct data analysis and research to improve our services.
-
To comply with legal and regulatory requirements.
-
To protect the rights, property, or safety of Binalyze OÜ, our employees, and others.
8. Data Subject Rights
Data Subjects have the following rights regarding their personal data:
-
Right to Access: The right to request access to and obtain a copy of their personal data.
-
Right to Rectification: The right to request correction of inaccurate or incomplete personal data.
-
Right to Erasure: The right to request deletion of personal data, subject to certain conditions.
-
Right to Restrict Processing: The right to request restriction of processing of their personal data.
-
Right to Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit those data to another Data Controller.
-
Right to Object: The right to object to the processing of their personal data, particularly for direct marketing purposes.
-
Right to Withdraw Consent: The right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
9. Data Security
We implement appropriate technical and organisational measures to ensure the security of personal data, including:
-
Encryption: Applying encryption to protect personal data.
-
Access Controls: Restricting access to personal data to authorised personnel only.
-
Incident Response: Establishing procedures to respond to data breaches and security incidents.
-
Regular Audits: Conducting regular audits to ensure the effectiveness of security measures.
10. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by law. We establish clear data retention policies to ensure compliance with this principle.
11. Third-Party Disclosure
We may disclose personal data to third parties under the following circumstances:
-
Service Providers: We engage third-party service providers to perform functions on our behalf, subject to data protection agreements.
-
Legal Obligations: We may disclose personal data to comply with legal obligations or to protect our rights and interests.
-
Business Transfers: In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity.
12. International Transfers
When transferring personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place to protect the data in accordance with GDPR and UK data protection requirements.
13. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to collect usage data and improve our services. Data Subjects can manage cookie preferences through their browser settings.
14. Contact Information
If you have any questions about this Privacy Policy or how we handle your personal data, we’re here to help. Please reach out to us at:
Email: [email protected]
14.1 EU Representative (GDPR Article 27)
For individuals located in the European Union, Binalyze OÜ has designated its Data Protection Officer (DPO) as the company’s EU Representative under Article 27 of the General Data Protection Regulation (GDPR).
EU Representative / DPO Contact Details:
Name: İhsan Burak Tolga
Address: Hobujaama 4, Tallinn, Estonia, 10151
Email: [email protected]
Data subjects within the EU may contact our EU Representative / DPO regarding any questions, requests, or concerns related to this Privacy Policy or the processing of their personal data.
15. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make significant changes, we’ll notify you through appropriate channels.
16. Google User Data – Tornado Extension
Binalyze OÜ provides an additional standalone application named “Tornado”, which integrates with Google services through Google Authentication (OAuth). This section describes how Tornado accesses, uses, stores, and protects Google user data in accordance with Google API Services User Data Policy and applicable data protection laws, including GDPR.
16.1 Data Accessed
Through Google OAuth, Tornado may access the following Google user data, strictly limited to what is necessary for the application’s functionality:
-
Basic Google account information (such as email address and account identifier)
-
Google Workspace metadata and content explicitly authorized by the user (e.g., file metadata, document content, or email metadata, depending on granted scopes)
-
Authentication and authorization tokens required to securely access permitted Google services
Tornado does not access Google user data beyond the scopes explicitly consented to by the user during the authorization process.
16.2 Data Usage
Google user data accessed by Tornado is used solely for the following purposes:
-
Enabling and improving Tornado’s functionality and user experience
-
Performing actions explicitly initiated by the user within the application
-
Supporting security, troubleshooting, and operational integrity of the service
Google user data is not used for advertising, profiling, or any purpose unrelated to Tornado’s core functionality.
16.3 Data Sharing
Binalyze OÜ does not sell, rent, or share Google user data with third parties for marketing or advertising purposes.
Google user data may be shared only in the following limited circumstances:
-
With trusted service providers acting as data processors on behalf of Binalyze OÜ, strictly for infrastructure, security, or operational support, and subject to contractual data protection obligations
-
When required to comply with applicable laws, regulations, or lawful requests by public authorities
All third-party access, where applicable, is limited to the minimum data necessary to perform the specified function.
16.4 Data Storage & Protection
Google user data is stored and processed using industry-standard security measures, including:
-
Encryption of data in transit and at rest
-
Strict access controls and role-based authorization
-
Logging and monitoring to detect unauthorized access
-
Secure infrastructure hosted in compliance with recognized security standards
Access to Google user data is restricted to authorized personnel with a legitimate business need.
16.5 Data Retention & Deletion
Google user data is retained only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable law.
Users may request deletion of their Google user data at any time by contacting [email protected]. Upon verified request, Binalyze OÜ will delete the relevant Google user data without undue delay, unless retention is required for legal or regulatory purposes.