Privacy Policy

for bluethreat.io including the BlueThreat Intelligence Threat Journal, contact.bluethreat.io, bluethreat.net and adani-it.de

1. Controller

Alexander Dani
Rüsseinaer Str. 7a
01683 Nossen
Germany
VAT ID: DE279868631
Email: imprint[at]bluethreat.io

The websites bluethreat.io including the BlueThreat Intelligence Threat Journal, contact.bluethreat.io, bluethreat.net and adani-it.de are operated in connection with the business presentation BlueThreat Intelligence. If BlueThreat Intelligence is not a separate legal entity, the operator named above remains the data protection controller.

2. General information on data processing

Personal data means any information relating to an identified or identifiable natural person. We process personal data exclusively in accordance with applicable data protection law, in particular the General Data Protection Regulation (GDPR).

3. Purposes and legal bases of processing

We process personal data in particular for the following purposes:

• Provision and technical operation of the website
• Handling inquiries and business communication
• IT security and prevention of misuse
• Documentation and traceability of business contacts

Legal bases may include in particular:

• Art. 6(1)(b) GDPR – pre-contractual measures and performance of a contract
• Art. 6(1)(c) GDPR – compliance with legal obligations
• Art. 6(1)(f) GDPR – legitimate interests, e.g. secure and stable website operation, handling inquiries, IT security
• Art. 6(1)(a) GDPR – consent, where obtained in a specific case

4. Hosting

This website is hosted by:

ALL-INKL.COM – Neue Medien Münnich
Hauptstraße 68
02742 Friedersdorf
Germany
Host privacy information

Processing takes place for the purpose of secure, stable and efficient website operation. Where required, a data processing agreement has been concluded with the hosting provider.

5. Server log files

When you access this website, technically necessary information is processed by the hosting provider in so-called server log files. This includes in particular:

• browser type and browser version
• operating system used
• referrer URL
• hostname of the accessing device
• date and time of the server request
• IP address

This processing is based on Art. 6(1)(f) GDPR for the purpose of secure and stable website operation, error analysis and misuse prevention.

6. Contact by email

If you contact us by email, we process the data you provide in order to handle your request and in case of follow-up questions. This may include your name, email address, company details, the content of your message and, where applicable, project-related information.

If your inquiry is aimed at entering into or preparing a contract, processing is based on Art. 6(1)(b) GDPR. In other cases, processing is based on Art. 6(1)(f) GDPR based on our legitimate interest in properly handling business inquiries.

Contact form

When you contact us via the contact form on contact.bluethreat.io, we process the information you provide, such as name, business email address, company name, role, country, industry, request focus and message content, in order to review and respond to your inquiry.

Please do not submit passwords, credential dumps, API keys, internal documents, customer data or sensitive evidence through the form. If sensitive information is relevant to your request, we will coordinate a suitable secure communication channel.

The legal basis is Art. 6(1)(b) GDPR where the request relates to pre-contractual communication, and Art. 6(1)(f) GDPR based on our legitimate interest in handling business inquiries, protecting our systems against misuse and documenting communication.

For spam and abuse prevention, technical security data such as IP address, browser/user-agent, timestamp and form submission metadata may be processed in a limited form. This data is used only for security, abuse prevention and request handling.

The submitted data is sent by email to BlueThreat Intelligence and stored only as long as necessary to process the inquiry, unless statutory retention obligations apply.

7a. Cyber Threat Intelligence and publicly available sources

For the purpose of cyber threat intelligence, exposure assessment, darknet monitoring and incident-response preparation, we may process information from publicly available sources and specialist threat-intelligence sources. This may include company names, domains, publicly visible ransomware-claim references, threat actor names, technical indicators and related contextual information.

Public ransomware monitoring sources such as RansomLook.io may be used as source material for internal assessment and public contextual reporting. Where such source material is used in blog articles, it is cited as a public source and treated as ransomware-claim data, not as independent confirmation of a security incident.

Where personal data is involved, processing is limited to what is necessary for security assessment, validation, contact handling, incident-response support and protection of legitimate business interests. The legal basis is Art. 6(1)(f) GDPR, unless another legal basis applies.

We do not publish leaked personal data, credentials, confidential documents, screenshots of stolen data or direct links to criminal infrastructure. The blog does not embed live RansomLook scripts, iframes or browser-side API calls; visitors are not connected to RansomLook merely by reading a static blog article.

7. Information provided in relation to video surveillance projects

If you send us information about properties, areas, access points, security requirements or planned video surveillance projects, we process this information solely to review, classify and handle your inquiry and to prepare a potential offer or project.

Please provide only the information required for an initial assessment. Personal data of third parties or particularly sensitive information should only be transmitted where necessary for the specific request.

8. Cookies and similar technologies

At present, this website does not use technically non-essential cookies or comparable tracking technologies unless expressly stated otherwise in this privacy policy.

Where only technically necessary technologies are used, this is done for the provision and secure execution of the website. If analysis, marketing or other non-essential technologies are introduced in the future, they will only be activated on the basis of any required consent and will be described separately here.

Technically necessary cookies

This website may use technically necessary cookies to provide basic website functions and the contact form and to support secure submission.

When the contact form on contact.bluethreat.io is opened or used, a session cookie named PHPSESSID may be set. It is used for technical session management, form processing and protection against misuse of the form.

The cookie is not used for analytics, advertising or tracking. It is not combined with other data and is not disclosed to third parties for marketing purposes.

Processing is based on Section 25(2) TDDDG to the extent the cookie is necessary to provide the service expressly requested by the user, and on Art. 6(1)(f) GDPR. Our legitimate interest is the secure, stable and misuse-protected operation of the contact form.

• Name: PHPSESSID
• Purpose: Technical session management, form processing and protection against misuse
• Provider: BlueThreat Intelligence / contact.bluethreat.io
• Storage period: Until the end of the respective session

9. Analytics and marketing tools

At present, no analytics or marketing tools are used on this website unless they are expressly named in this privacy policy.

10. Video surveillance – data protection classification

This website itself does not carry out video surveillance. It provides information about services in the field of video surveillance and security systems.

If video surveillance is actually operated at a physical site, the corresponding transparency obligations must be implemented separately for that site. In particular, affected persons must be informed before entering the monitored area. Additional full information may be provided on-site and/or online.

11. Recipients of data

Personal data is disclosed only where necessary to handle your request, perform a contract, comply with legal obligations or protect legitimate interests. Recipients may include technical service providers such as hosting providers.

12. Storage period

Personal data is stored only for as long as necessary for the respective processing purposes or as required by law. After that, the data will be deleted or processing will be restricted.

13. Your rights

You have the following rights under the applicable legal provisions in particular:

• right of access to your stored data
• right to rectification of inaccurate data
• right to erasure
• right to restriction of processing
• right to data portability
• right to object to processing based on Art. 6(1)(f) GDPR
• right to withdraw consent with effect for the future
• right to lodge a complaint with a supervisory authority

14. Competent supervisory authority

Saxon Data Protection and Transparency Commissioner
Maternistraße 17
01067 Dresden
Email: post@sdtb.sachsen.de
Website: www.datenschutz.sachsen.de

15. Data security

This website uses TLS/SSL encryption to protect the transmission of confidential content. You can recognize an encrypted connection by the browser address line (“https://”).

16. Updates and changes

We reserve the right to update this privacy policy if necessary due to technical, legal or organizational changes.