Lösungen

Preise

Partner

Login

Kostenlose Beratung

Privacy Policy

The protection of your personal data is an important concern for us.

On this page, we inform you about what data we collect when you visit our website, newsletters, Perseus services, webinars and job applications, how we use it and what rights you have in relation to your data.

Table of Contents

General

This data protection declaration informs you about the type, scope and purpose of the processing of your personal data by the data controller in accordance with Articles 13 and 14 of the General Data Protection Regulation (GDPR).

The definitions of terms in accordance with Art. 4 GDPR are used.

Responsible persons

The data controller is Perseus Technologies GmbH (“Perseus“, “we“) with its registered office at Hagelberger Straße 53-54 in 10965 Berlin.

Data Protection Officer

We have appointed a data protection officer. This can be reached in writing at the address of the company’s registered office with the note “Data Protection Officer” or by e-mail at datenschutz@perseus.de.

Details of data processing by groups of data subjects

Website Visitors

If you are a visitor to our website under perseus.de (“Website”), we process your personal data as follows.
We use third-party services to do so. These services also include the use of cookies (essential, functional, marketing). Specific information on the individual cookies and individual setting options can be found under “Details” in our consent management platform Usercentrics.

There you can consent to processing and object to processing on the basis of legitimate interest. You can also use the “shield” symbol at the bottom left of the website to adjust your preferences at a later date or revoke your consent with effect for the future. Please note that without your consent, individual functions of the websites can only function to a limited extent.

Provision of Website Content –> Processing: Website Content

Purpose:

  • Establishment of the technical connection between the visitor’s end device and our website (implementation of the session)
  • Maintaining and improving the functionality of the website
  • Maintaining and improving the information security or data security (confidentiality, availability and integrity) of the website (data storage in log files)


Category of processed data:

  • Website Hoster – Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 US – AWS Region “eu-central-1” in Frankfurt a.M.


Third country data transfer:

  • no


Storage period or its criteria:

  • Session: Data deletion at the end of the respective session
  • Log files: Data deletion after 90 days or anonymization


Legal basis:

  • Art. 6 para. 1 b) and f) GDPR (performance of contract and legitimate interest)
Contact us

As a visitor to our websites, you can contact us via online form and request an initial offer.

–> Processing: Quotation Forms

Purpose:

  • Acceptance, examination and processing of requests
  • Preparation and provision of an initial offer
  • Customer Relationship Management


Categories of processed data:

  • Name
  • E-mail address
  • Phone number
  • At the time of sending the message, we store your IP address as well as the date and time of your registration in the contact form


Categories of recipients:

  • Form Provider – Brevo GmbH, Köpenicker Str. 126, 10179 Berlin
  • E-mail and telecommunications providers


Third country data transfer:

  • no


Storage period or its criteria:

  • 3 months after completion of the respective request


Legal basis:

  • Art. 6 para. 1 b) GDPR (performance of contract)
  • Art. 6 para. 1 f) GDPR (legitimate interest)
Appointment booking

For appointment bookings for a non-binding consultation on the services we offer via our website, we use the Calendly service.

–>Processing: Appointment booking via Calendly

Purpose:

  • Appointments for live demonstrations for interested parties
  • Calendar and comment function


Category of processed data:

  • Contact details via appointment form: name, e-mail address and company name
  • Content data of the contact (title, comment)


Category of recipients:

  • Appointment Scheduling – Calendly, Inc. , 115 E Main St., Ste A1B Buford, GA 30518, USA


Third country data transfer:

  • USA (Calendly Inc.) based on the EU standard data protection clauses Controller-Processor


Storage period or its criteria:

  • 3 months after completion of the respective request


Legal basis:

  • Art. 6 para. 1 b) GDPR (performance of contract)
  • Art. 6 para. 1 f) GDPR (legitimate interest
Website optimization and reach analysis (analyses and statistics)

We process personal data of website visitors for the purposes of website optimisation and reach analysis, as well as for the integration of marketing and social media functionalities. Detailed information on this data processing can be found in the Consent Management Platform under “Details”.

The legal basis for the processing for these purposes is Art. 6 para. 1 a) GDPR (consent). Consent to this processing may be withdrawn at any time during the duration of this browser session in which these settings are used.

Perseus customers and their employees
If you are a Perseus customer who uses Perseus services or its employees (data subject group), we process your personal data as follows. If Perseus processes personal data on behalf of Perseus (“order processing”), Perseus’ customers and other recipients of Perseus services may adopt the presentation as their own, inform the data subjects and thus fulfil their own information obligations pursuant to Articles 13 and 14 GDPR. In particular, the services or sub-services Perseus Cyber Security Services, Incident Response Management and Perseus Individual Phishing Campaigns can be provided by Perseus within the framework of order processing for customers or authorized recipients. It should then be noted that the legal basis for the processing is the legal basis on which Perseus processes the data. The legal basis for the customer or the authorized person as the data controller under data protection law, for whom Perseus may process the data on behalf of Perseus, may differ from this. The following services from Perseus are included:

Prevention
  • Perseus Cyber Security Services (PCSS) incl. sending of simulated phishing e-mails
  • Hazard warning
  • Perseus individual phishing campaigns

Risk assessment
  • Security Baseline Check (SBC)
  • Cyber Risk Dialogue (CRD)

Emergency assistance
  • Incident Response Management (IRM)

The details of the data processing, its purposes and legal bases for it, if applicable, the legitimate interests, possible recipients or categories of recipients of the personal data, transfer to third countries if applicable, and the storage period are presented in tabular form below.
Prevention –> Processing: Perseus Cyber Security Services (PCSS)

incl. sending of simulated phishing e-mails (order processing)

Purpose:

  • Establishing, maintaining and improving cybersecurity and data protection compliance with customers and beneficiaries
  • Technical and organisational data protection (data security) and cyber security (information security) to maintain confidentiality, availability and integrity of information and personal data
  • Implementation and evaluation of online training courses
  • Analysis of employee sensitivity
  • Raising awareness among employees


Categories of processed data:

  • Name
  • E-mail address
  • Company
  • Participation status and results of the online trainings
  • Course progress and learning behavior of the online trainings
  • Results of phishing checks
  • File information
  • Network information
  • Account Information
  • Device Identity


Categories of recipients:

  • Internal recipients in the customer company / at the authorized recipient (including administrators)
  • Processor of Perseus
    • Google Ireland Limited (“Google WebRisk”), Gordon House, Barrow Street, Dublin 4, Irland
    • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 US
    • Inboxroad B.V., De Lairessestraat 130, 1075 HL Amsterdam, The Netherlands
    • Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen
    • Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA
    • MongoDB Ireland Ltd. (“Atlas Database”), Building Two, 12 Merrion Square N, Dublin 2, D02 TX29, Irland
    • Celonis SE (“make.com“), Theresienstr. 6, 80333 Munich
    • Brevo GmbH, Köpenicker Str. 126, 10179 Berlin, Germany


Third country data transfer:

  • USA (Google, AWS, Freshworks, MongoDB) based on the EU standard data protection clauses Controller-Processor


Storage period or its criteria:

  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.


Legal basis:

  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Prevention –> Processing: Hazard Warning

Purpose:

  • Providing information on security vulnerabilities and cyber incidents

Categories of processed data:

  • Name
  • E-mail address

Categories of recipients:

  • Processor of Perseus
    • Freshworks Inc., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403, USA

Third country data transfer:

  • USA (Freshworks Inc.) based on the EU standard data protection clauses Controller-Processor

Storage period or its criteria:

  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.

Legal basis:

  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Prevention –> Processing: Perseus individual phishing campaigns (order processing)
Purpose:
  • Establishing, maintaining and improving cybersecurity and data protection compliance with customers and beneficiaries
  • Analysis of employee sensitivity
  • Raising awareness among employees

Categories of processed data:
  • Name
  • E-mail address
  • Company
  • Results of phishing checks

Categories of recipients:
  • Internal recipients in the customer company / at the authorized recipient (including administrators)
  • Processor of Perseus
    • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 US
    • Inboxroad B.V., De Lairessestraat 130, 1075 HL Amsterdam, The Netherlands

Third country data transfer:
  • USA (AWS) based on the EU standard data protection clauses Controller-Processor

Storage period or its criteria:
  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.

Legal basis:
  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Risk Assessment –> Processing: Security Basline Check
Purpose:
  • Contact us
  • Appointment
  • Implementation SBC

Categories of processed data:
  • Name
  • E-mail address

Categories of recipients:
  • Perseus’ processors:
    • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210, USA
    • TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen
    • Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland
    • Calendly, Inc., 115 E Main St, Ste A1B, Buford, GA 30518, USA

Third country data transfer:
  • USA (AWS, Calendly) based on the EU standard data protection clauses Controller-Processor

Storage period or its criteria:
  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.

Legal basis:
  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Risk Assessment –> Processing: Cyber Risk Dialog
Purpose:
  • Contract initiation, implementation, coordination for the CRD

Categories of processed data:
  • Name
  • E-mail address

Categories of recipients:
  • Contact persons customers/partners
  • Cooperation partner Intelliant GmbH
  • Perseus’ processors:
    • Amazon Web Services, Inc., 410 Terry Avenue North, Seattle, WA 98109-5210 USA

Third country data transfer:
  • USA (AWS) based on the EU standard data protection clauses Controller-Processor

Storage period or its criteria:
  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.

Legal basis:
  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Emergency assistance

–> Incident Response Management

Purpose:

There is no targeted access to this data, but access may occasionally take place as part of the provision of services.

  • The data will be processed for the following purposes:
  • Establishing, maintaining and improving cybersecurity and data protection compliance with customers and beneficiaries
  • Technical and organizational data protection (data security) and cybersecurity (information security) to maintain confidentiality, availability and integrity of information and personal data
  • Analysis and reconstruction of security incidents
  • Issuing recommendations for action
  • Restore systems, applications, information, and data
  • Documentation of security incidents
  • forensic preservation of evidence
  • continuous improvement (“PDCA cycle”)detection of malware in emails and related attacks and threats


Categories of processed data:

In the case of incident management, there is potential access to all (personal) data contained in the Client’s data records that must be accessed by the Contractor and its subcontractors as part of incident management. These can be:

  • all personal connection and content data (master and transaction data) that are processed in the compromised systems of the customer or authorized recipient exist potential access
  • All personal data that is transferred to PERSEUS systems for analysis or forensic preservation of evidence


Categories of recipients:

  • Perseus’ processors:
    • SEC Consult Deutschland Unternehmensberatung GmbH
    • Cyfidelity Security Services GmbH, Bechterdisser Str. 10, 33719 Bielefeld
    • ANYRUN FZCO, Dubai Silicon Oasis, Techno Hub 1 Unit 21, 60th Street, Dubai, United Arab Emirates
    • Microsoft Corporation (“Azure Dataexplorer”), One Microsoft Way, Redmond, Washington 98052, USA
    • Hetzner Online GmbH (Nextcloud Hosting), Industriestr. 25, 91710 Gunzenhausen
    • TeamViewer Germany GmbH, Bahnhofsplatz 2, 73033 Göppingen


Third country data transfer:

  • USA (Azure) and UAE (ANYRUN) based on the EU standard data protection clauses Controller-Processor


Storage period or its criteria:

  • The personal data will be stored until the purpose ceases to exist and after that it will be deleted, unless separate statutory retention obligations have to be fulfilled. If this is the case, the data is stored until the deadlines expire and then deleted.


Legal basis:

  • Fulfilment of legal obligations pursuant to Art. 6 para. 1 c) GDPR
  • Legitimate interests of the controllers pursuant to Art. 6 para. 1 f) GDPR
Payment processing for Perseus services

For the purpose of payment processing, we use the external payment services Stripe, Quaderno and FastBill.

–> Processing: Payment processing for Perseus services

Purpose:

  • Invoicing
  • Payment Processing
  • Accounting
  • Fraud prevention
  • Tax and Verification Obligations


Categories of processed data:

  • Contact and contract details
  • Account or payment card holder
  • Bank details incl. account or credit card number
  • Billing data


Categories of recipients:

Invoicing and payment processing

  • Stripe Payments Europe Ltd., Block 4, Harcourt Centre, Harcourt Road, Dublin 2, Ireland
  • Recrea Systems, SL (“Quaderno”), Fernando Guanarteme 111, 35010 Las Palmas, Spain
  • FastBill GmbH, Im Wildunger Str. 6, 60487 Frankfurt a. M.


Third country data transfer:

  • no


Storage period or its criteria:

  • after the statutory retention obligations of 6 or 10 years have ceased to apply


Legal basis:

  • Art. 6 para. 1 b), c) and f) GDPR (performance of a contract, fulfilment of a legal obligation and legitimate interest)
Newsletter subscription

If you are a newsletter subscriber, we process your personal data. We send newsletters to the e-mail addresses provided by subscribers through the use of the provider Brevo.

–> Processing: Newsletter subscription

Purpose:

  • Legally compliant sending of the newsletter


Categories of processed data:

  • E-mail address


Categories of recipients:

  • Newsletter Management – Brevo GmbH, Köpenicker Str. 126, 10179 Berlin


Third country data transfer:

  • no


Storage period or its criteria:

  • After unsubscribing from the newsletter (possible at any time)


Legal basis:

  • Art. 6 para. 1 a) and b) GDPR (performance of contract and consent)


We use a double opt-in process to ensure that you only receive our newsletter when you really want to. For this purpose, we will send you a notification e-mail in which you confirm that you actually want to receive our promotional e-mails or newsletter by clicking on a link contained in this e-mail.

Applicants
If you are a candidate, we process your personal data as follows. We use the recruitment system Personio as a technical platform. –> Processing: Applicant Management Purpose:
  • Participation in the application process for the vacant position
  • Handling the application process
  • Implementation of pre-contractual measures

Categories of processed data:
  • Name (first and last name)
  • E-mail address
  • Phone number
  • Salary request
  • Availability
  • Documents provided (e.g. cover letter, your CV and certificates)
  • Content of the uploaded data (e.g. date of birth, address, etc.)

Categories of recipients:
  • Application Management – Personio SE & Co. KG, Seidlstraße 3, 80335 Munich

Third country data transfer:
  • no

Storage period or its criteria:
  • Storage period 6 months after the end of the application process
  • Subsequently, if the applicants are rejected, the data will be deleted or anonymized or, if hired, the data will be transferred to the personnel file

Legal basis:
  • Art. 6 para. 1 b) GDPR (performance of contract).

Rights of the data subject

If your personal data is processed, you are a data subject within the meaning of the GDPR. You are therefore entitled to the following rights vis-à-vis the controller:

Right of access, Art. 15 GDPR

In accordance with Art. 15 GDPR, you have the right to request confirmation from us as to whether we are processing personal data concerning you. If this is the case, you can request the following information from us about the following information: Processing purposes; category of personal data that will be processed; Recipients or categories of recipients to whom your data has been or will be disclosed; planned storage period or, if concrete information is not possible, criteria for determining the storage period; existence of a right to rectification, erasure, restriction of processing or objection; existence of a right of appeal to a supervisory authority; Origin of your data, if it has not been collected by us; Existence of automated decision-making, including profiling and, where applicable, meaningful information on its details; transfer of personal data to a third country or to an international organisation; suitable safeguards in accordance with Art. 46 GDPR in connection with the transfer.

Right to rectification

In accordance with Art. 16 GDPR, you have the right to demand the correction or completion of your personal data stored by us without undue delay.

Right to restriction of processing

In accordance with Art. 18 GDPR, you have the right to demand the restriction of the processing of your personal data if the accuracy of the data is disputed by you, the processing is unlawful, but you reject its deletion and we no longer need the data, but you need it to assert, exercise or defend legal claims, or you have objected to the processing in accordance with Art. 21 GDPR.

Right to erasure

In accordance with Art. 17 GDPR, you have the right to request the deletion of your personal data stored by us, unless the processing is necessary for the exercise of the right to freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the assertion, exercise or defence of legal claims.

Right to information

If you have asserted the right to rectification, deletion or restriction of processing vis-à-vis Perseus as the responsible body, we are obliged in accordance with Art. 19 GDPR to inform all recipients to whom the personal data concerning you have been disclosed of this correction or deletion of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right vis-à-vis Perseus to be informed about these recipients.

Right to data portability

In accordance with Art. 20 GDPR, you have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request that it be transmitted to another controller.

Right to object

In accordance with Art. 21 GDPR, you have the right to revoke your consent at any time vis-à-vis us. We will then no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.

If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to “profiling”, insofar as it is related to such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes.

Right to revoke the declaration of consent under data protection law

In accordance with Art. 7 (3) GDPR, you have the right to revoke your declaration of consent under data protection law at any time. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent before the revocation.

Right to lodge a complaint with a supervisory authority

In accordance with Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, place of work or the place of the alleged infringement for this purpose.

Up-to-dateness and modification of this privacy policy

This privacy policy applies in its current version. The current data protection declaration can be accessed and printed out at any time on the website under https://www.perseus.de/en/privacy-policy/ .

As of: May 2026

Lösungen
Produkte:
Prävention
Risikobewertung
Notfallhilfe
Preise
Partner
Login
Kostenlose Beratung