Privacy Policy

Thank you for your interest in our website. The protection of your personal data (hereinafter also referred to as „data“), which is processed when you use our website, is a great and very important concern to us. The term „personal data“ refers to all information that relates in any way to identified or identifiable persons. Types of data are, for example, your name, your address, your e-mail address, but also data about how you behave on vulnlab.com.

In the following, we would therefore like to inform you which data is collected when you visit our website and use our offers there, and how this data is processed or used by us in the following. We would also like to inform you about the accompanying protective measures we have taken in technical and organizational terms.

Please be aware that this Privacy Policy may be updated from time to time as a result of the implementation of new technologies and/or changes in the law. We will, of course, always take your interests into account in an appropriate manner in the event of any changes.

Person responsible, contact, data protection officer

The responsible party pursuant to Art. 4 No. 7 EU General Data Protection Regulation („DS-GVO“) is:

Martin Mielke Security Consulting
Wildwechsel 21a
15366 Hoppegarten

This is represented by the managing director Martin Mielke, ibid. You can also contact us via the e-mail address contact(at)vulnlab(dot)com.

If you have any questions or comments about this privacy policy or data protection in general, please contact our data protection officer. You can reach our data protection officer by e-mail at contact(at)vulnlab(dot)com or by mail to the attention of the data protection officer at the above address.

For the rest, we refer to our information in the imprint.

Legal basis for the processing of your data

Legal bases for the processing of personal data are:

Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 para. 1 p.1 lit. a) EU Data Protection Regulation (DS-GVO) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract, Art. 6 para. 1 p.1 lit. b) DS-GVO serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.

Insofar as processing of personal data is necessary for the fulfillment of a legal obligation to which our company is subject, Art. 6 para. 1 p. 1 lit. c) DS-GVO serves as the legal basis.

In the event that vital interests of the data subject or another natural person make processing of personal data necessary, Art. 6 (1) p. 1 lit. d) DS-GVO serves as the legal basis.

If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not override the first-mentioned interest, Art. 6 (1) p. 1 lit. f) DS-GVO serves as the legal basis for the processing.

Storage periods

The data processed by us will be deleted or restricted in its processing in compliance with the statutory provisions, in particular in accordance with Art. 17 and 18 DS-GVO. Unless expressly stated within the scope of this data protection declaration, we delete data stored by us as soon as it is no longer required for its intended purpose. Beyond the point in time when the purpose ceases to exist, data will only be retained if it is required for other and legally permissible purposes or if the data must continue to be retained due to legal retention obligations. In these cases, processing is restricted, i.e. blocked, and not processed for other purposes.

Server-Log-Data

For the informational use of our website, it is generally not necessary for you to actively provide personal data. Rather, in this case we only collect and use those of your data that your Internet browser automatically transmits to us. This includes:

Date and time of the retrieval of one of our web pages;
Time zone difference from Greenwich Mean Time (GMT);
your browser type;
the respective amount of data transferred;
the browser settings;
the operating system used;
the page you last visited;
the amount of data transferred and the access status (file transferred, file not found, etc.);
your IP address

The data is temporarily stored on our servers. We do not store this data together with any other personal data than that specified above. The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s computer. For this purpose, the IP address of the user must remain stored for the duration of the session. In addition, we create so-called log files. The storage of the created log files is done to ensure the security of our information technology systems. The log files contain all the data categories listed above, although IP addresses are shortened for the purpose of anonymization. A personal evaluation of the data, in particular for marketing purposes, does not take place.

The processing of the aforementioned data is technically necessary for the offer of a website according to Art. 6 para. 1 p.1 lit. b), lit. c), lit. f) DS-GVO in order to display our website correctly and to ensure stability and security. In particular, the purpose of creating log files is to be able to detect attacks on our systems. We usually delete the server log files 7, but no later than 30 days after your visit to this website.

Lab Data

When utilizing our lab services, we collect and process data necessary to provide and manage your access to the lab and its related functionalities. The data we collect and store includes the following:

  • Discord IDs: Stored for ranking purposes within the system. This data will only be retained until a user requests the removal of their ID from the ranking system.

  • Email Addresses: Stored for the duration of your active subscription to facilitate account management and communication. Once the subscription ends, this data is promptly deleted.

  • Voucher Codes: Stored only for the duration of the associated subscription to verify eligibility and access. Upon expiration of the subscription, the voucher code data is deleted.

This data is stored securely and is not shared with third parties unless legally required. The processing of this data is carried out in accordance with Art. 6 para. 1 p.1 lit. b), lit. c), lit. f) DS-GVO, as it is necessary for the provision and proper functioning of our services. Specifically, Discord IDs are processed to maintain rankings, and email addresses and voucher codes are processed to manage subscriptions and ensure access to the lab services.

Users may request the removal of their Discord ID from the ranking system at any time. Data associated with subscriptions is deleted immediately upon the termination of the subscription period to ensure compliance with data minimization principles.

Order processing and recipients of data

In some cases, we use external service providers who are bound by our instructions to process your data. These have been carefully selected and commissioned by us and are regularly monitored. The assignments are based on agreements on commissioned processing in accordance with Art. 28 DS-GVO. Independent processing for our own purposes does not take place through the commissioned processors. If you have any questions about our processors, please do not hesitate to contact us.

For the operation and hosting of this website, we use Squarespace, Inc., 225 Varick Street, 12th Floor, New York, NY 10014, USA, which processes all usage data, meta data, and communication data of visitors or customers of this website that arise during the operation of this website on our behalf. This processing is based on our legitimate interests in an efficient and secure provision of this online offer pursuant to Art. 6 (1) sentence 1 lit. f) of the GDPR. Squarespace complies with GDPR requirements and employs appropriate safeguards for data transfer outside the EU.

Your rights

You may, in accordance with the law, exercise the following free rights against the data controller:

Right to information (Art. 15 DS-GVO);
Right to rectification or erasure (Art. 16 and Art. 17 DS-GVO);
Right to restriction of processing (Art. 18 DS-GVO);
Right to data portability (Art. 20 DS-GVO);
Right to object to processing (Art. 21 DS-GVO).

You also have the right to lodge a complaint with a data protection supervisory authority about the processing of your personal data by the controller.

Contact us by e-mail or social media

We are happy to give you the opportunity to contact us. When you contact us, both on the subject of data protection and on all other concerns, we process the data you provide in order to deal with your concern and to be able to respond to you. The processing of your data in the context of contacting us by e-mail, telephone or via social media takes place – depending on the inquiry content – in the case of purely informational inquiries on the basis of your (presumed) consent pursuant to Art. 6 (1) sentence 1 lit. a) DS-GVO or pursuant to Art. 6 (1) sentence 1 lit. b) DS-GVO, insofar as the contacting is in connection with contractual performance obligations. The information provided by users on the basis of Art. 6 (1) p. 1 lit. b) DS-GVO may be stored in a customer relationship management system („CRM system“).

We will delete your contact requests within a few days after processing. If you contact us by e-mail for information purposes, you can object to the storage of your personal data at any time. In such a case, the conversation cannot be continued. Furthermore, you have the right to object to the storage of your personal data in a CRM system.

We will immediately delete your contact requests from our active systems after final processing, unless legal permissions or retention obligations allow or require further storage. If you apply to us by e-mail, for example, we will store your application data for a period of six months from the conclusion of the application process.

Data security

We secure our website and other systems by technical and organizational measures against loss, destruction, access and modification. Your data is only transmitted in encrypted form via a secure and specially hardened TLS connection.

You can see whether an individual page of our website is transmitted in encrypted form by the closed display of the locked key or lock symbol in the lower or upper status bar of your browser.

Our security measures are continuously improved in line with technological developments.

Presence in social media

We maintain presences in social media in order to be able to communicate with and inform customers and interested parties there. When calling up the respective networks, the terms and conditions of the operators apply.