Privacy Policy

ZartCyber Privacy Policy


ZartCyber is part of the Zart Social Impact Group of Companies (Zarttech), focusing on protecting your systems through specialist penetration and vulnerability exploitation methodology by the top 1% of African Cybersecurity Specialists. Through offering cybersecurity solutions, ZartCyber aims to bridge the gap between Africa and the West, ultimately contributing to solving poverty and inequality in our source countries while solving the shortage of senior cybersecurity expertise in the West. At ZartCyber we understand the value of your personal data and the commitment that is required to keep it safe, which is why we have several measures, in compliance with national and international legislation, to ensure our collection and processing is as safe as possible. These measures are described below in our Privacy Policy.  


What is personal data?

According to the General Data Protection Regulation (GDPR), personal data refers to information about an identifiable natural person, meaning any information that can identify you as a person, or be traced back to you. Some examples of personal data include your name, address, identification number or telephone number. 


What personal data do we collect?

The collection of personal data includes but is not limited to your name, e-mail address, phone number, location, or company information. The type and amount of personal data we collect depend on what you provide us in the “Quick Scan”, “Extended Scan”, “ZartCyber Certification”, and “Contact Form” sections.


How do we collect personal data?

Automatic collection of data

ZartCyber, like many other websites, collects some of your personal data through automatic collection methods when you visit us online to help us give you the best customer experience possible. These methods are still reliant on your consent, with the possibility to opt out of any collection mechanisms.


Cookies are small, often encrypted text files, located in browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. First party cookies are directly collected by us, sharing personal information for communication and information purposes. Third party cookies are collected by our suppliers, who we engage with for their services, to provide insight on further information such as the platform that directed you to us.

Below is a summary of the categories of cookies that may be used on our website:

Essential cookies: enable the website to fully load, fundamental for the functionality of the platform and thus not requiring your consent. 

Analytics cookies: help us collect information about your interactions with our website. They provide information about your interests based on the way in which you scroll or click on our website.

Advertising cookies: used to deliver content relevant to your interests and limit the number of times you see certain marketing materials, amongst other marketing related purposes. These are used through our third party cookies and therefore not under the control of ZartCyber directly.

We will only use cookies based on your consent which you will be able to provide and manage through the cookie banner automatically opened when first accessing the ZartCyber website. Upon giving your consent you agree to the collection and processing of your personal data for communication and information purposes. There is also the possibility of updating your browser’s settings to accept certain cookies, reliant on your preferences. Some performance cookies, however, as configured in a privacy friendly manner may not require prior consent to be placed on websites. If you would like to revoke consent previously given, this can be done by clearing browser cookies or updating your preferences in our cookies banner. 

IP Address

Your IP address is the number identifying your computer when you access the internet. This is typically recorded, largely for IT security purposes as well as for analysis purposes. 

Web Beacons

Web beacons collect information regarding your access to our website and within our platform. These monitor your activity such as the time in which you have accessed a part of our website, and are used by ZartCyber for the purpose of web analytics. These can largely be disabled through disabling cookies related to the beacon’s purpose. 

Google Analytics

ZartCyber uses Google Analytics, which tracks and reports traffic through our website for analytical purposes, as third party cookies. As with our other collection methods, it is possible to opt out from Google Analytics through their add on browser extension, although the information collected by ZartCyber will still be available for our own personal access.


Voluntary provision of data

Another collection method is that provided by you, our user, when expressing interest in our services through a request form, or subscribing to our blog/newsletter. As for the request form for our services, you provide us with your name, email address, phone number, company name, company email address, company size, scan type and the option to include a message. This information is then used for contacting purposes as well as business purposes as it will determine how we should best tailor our services to your specific needs and characteristics. This form can be found on our website on the “Contact” page, or on the “Quick Scan” and “Extended Scan” pages. As for the subscription to our blog/newsletter, we ask for your email address to fulfill your requirement and send you the latest updates on our blog via email.

By voluntarily submitting the required information, you  agree to the collection and processing of your personal data for communication,  information and business purposes. 


How do we process your personal data?

ZartCyber follows strict security standards as set out by Dutch Law and the GDPR as a data controller, given that it is operated by ZartTech BV, a company incorporated in the Netherlands. These standards include the limiting of access to your personal data to those with a need to know, such as our analytics team, in turn requiring confidentiality of your information and for the purposes described within this privacy statement.


Why do we process your personal data?

Legitimate interests 

Your personal information is collected for specific, explicit and legitimate purposes in a manner that is adequate, relevant and limited to what is necessary in relation to these purposes. We need your personal data in order to carry out our tasks, which include the provision of information and services. Before we are able to provide our scans or assessments, we need basic information to contact you and request additional information, and for the purpose of tailoring the service to your needs. We also use your personal data for analytical purposes and to identify any changes that should be made to our website.  


We ask for your consent in the use of our automated data collection through our websites in the form of cookies, for example. In addition, the personal data provided through our website is given directly by you through the completion of contact forms used for getting in contact with us or requesting one of our services.  


How long do we keep personal data?

ZartCyber aims to retain personal data only for the time required to comply with your request or with legal or business requirements. The period for which data is retained will depend on the nature of the information as well as the circumstances under which the information was collected. Personal data may be stored for longer periods insofar as the information will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to the implementation of the appropriate measures to ensure safeguarding of the rights and freedoms of individuals.

ZartCyber will otherwise keep your data until you request it to be deleted. In case of a request to delete your personal data, and in compliance with regional and national regulations, we will process this within 1 month after its submission, with the possibility of extension of another 2 months, if absolutely necessary and reliant on the complexity and number of cases. After which, a decision will be made and communicated clearly including the reasons for the decision.


Third parties 

 ZartCyber will only share your personal data to relevant and appropriate third parties, largely in your interests as a consumer for the purpose of conducting the service you have requested. Some instances of third party sharing include: business transactions such as transfer in a merger or acquisition, or for further business purposes such as disclosure to third parties used to support our business in the provision of a service, or for our own analytical purposes.

In addition, ZartCyber will be under the obligation of disclosure upon valid requests by public authorities and law enforcement. Likewise, a matter of overriding public interest, health and safety or other right protection would obligate ZartCyber to comply with third party sharing. 

In any other case, ZartCyber would ask for your consent before sharing with third parties, reliant on your consent. 


Accessing third party/external links

If you click on a third party link from our website you will be directed to that external site. Upon which we have no control and thus assume no responsibility for the content on that third party site, its privacy policy or data processing practices, or practices of any third party sites or services.


Your rights

As a data subject, you enjoy a number of rights concerning your personal data. These include:

The right to information, both in the automatic and voluntary collection of data.

The right of access, concerning purpose of processing, recipients of data, and other factors.

The right to rectification of any inaccurate data held by ZartCyber, including the completion of incomplete data.

The right to erasure of data, applicable in certain circumstances such as lack of necessity.

The right to restriction of processing in certain circumstances.

The right to data portability, meaning the data subject receives their information in a structured and readable manner.

The right to object to the processing of their personal data in line with limited circumstances.

The right to not be subject to an automated decision as a result of their personal data.


More information on the rights of a data subject can be found within the General Data Protection Regulation (GDPR) and within Dutch regulations, as complied with by ZartCyber and reflected in this privacy statement. Likewise, further information on your rights can be provided by the Dutch Data Protection Authority, with whom it is also possible to make a complaint regarding our processing or use of your personal data if need be.


ZartCyber likewise complied with the relevant UK Data Protection legislation, including the UK GDPR and the Data Protection Act, as its data subjects would be in the United Kingdom and based on other territorial scope considerations under Article 3 of the UK GDPR. ZartCyber therefore processes your personal data in a lawful, fair and transparent manner, and ensures the accuracy of your personal data. 


Further rights arising from other national legislation of data subjects’ home state cannot be applicable, and in any case, the rights and obligations specified in this privacy policy will prevail. 


Children’s Privacy

Our services are not intended for use by children under the age of 18. We do not knowingly collect personally identifiable information from children under the age of 18. If we become or are made aware that we have collected personal data from children under the age of 18 without parental consent, we will take necessary steps to remove that information from our servers.


Changes to the privacy statement

This privacy statement is subject to change, subject to any changes to ZartCyber’s privacy practices, or legislative changes affecting our obligations. In case of changes the statement will be adjusted accordingly and changes will be communicated to the pertinent people involved as affected by our privacy practices.  


Security of your personal information

The security of your data is a priority of ZartCyber, as evidenced by the number of measures in place ensuring maximum security as set out in this privacy statement. The processing of your data is done so in a manner that ensures its appropriate security, governed by integrity and confidentiality in line with UK requirements. However, no method of online transmission or electronic storage is 100% secure, regardless of our attempts to use the best possible means to protect your data. Therefore, we cannot guarantee the absolute security of your personal information on this basis. 


Questions or complaints?

If you have any questions or complaints about the information set out in this statement, in regards to your personal data, or concerns regarding our privacy practices, please contact and we will happily answer any questions.

Additionally, if you would like to make a request based on your rights as above mentioned, please contact Further contact information can be found on our website.

I confirm my identity as identified by the personal details entered in this form. I further confirm that official authorization has been granted by the entity for which I has provided details within this form, and that I, in turn, am acting as a representative of such entity. I confirm that this authorization can be verified in a manner demonstrable with proof. In case where authorization has not been granted I confirm my understanding that liability can be placed on myself by the entity in question or ZartCyber, and that this would justify ZartCyber's termination of the application process for this and further services at their discretion.
Policy for legitimate business and communication purposes. Through this authorization I accept that ZartCyber will make use of this personal information for the time period necessary to achieve its legitimate purposes. I hereby accept that for these purposes I will not hold ZartCyber liable for the collection, processing and use of the data provided and absolve them of any liability hereinafter in this regard.