GDPR, Privacy & Cookies policy
sapna security respects your privacy and this policy will inform you of our privacy practices, and how we collect and use personal data.
What personal information we have, why, and where do we store it?
sapnasecurity maintains an online CRM (Customer Relationship Management) system used for communicating with clients for project management, business and marketing purpose. As data controllers we store basic contact information which includes first name, last name, company, office address, email, telephone, mobile number, fax, MSN contact, Skype contact and VAT number about our clients, agencies, business partners, sub-processors and employees and communications with them. Additionally, your contact details will also reside on personal contact list like but not limiting to Google contact list or address book, and/or on social and networking tools like Whatsapp/Skype/Facebook/Google+ etc. We may also share this information with third parties when we need to use their service or when we feel they might be beneficial to you. This information is not restricted to EEA.
sapnasecurity is also a data processor for multiple data controllers. This is mainly due to the nature of our service where as a part of the service we provide, we will also have to handle sensitive information like the details of your application and access details for resources so that we can test them. The application itself may reveal information which is sensitive to us, although we always insist that the client should prepare a separate test environment and ensure no live personal or sensitive data is used. Tools like google analytics may also be used to gather statistical data.
How do we use your information?
We may use the information we collect from you to communicate with you for any services you need. We may reach out to you to inform you of a potential threat if we feel the need to do so. If you have not opted to receive newsletters you will not receive them. Some of the information you provide us will be used to understand the application or the infrastructure, and also help us conduct our tests and audits.
What lawful basis do we have to process this information?
The lawful basis for this information is contract with the individual or company and/or legitimate interests: As we are a private-sector organisation and can process personal data without consent if we have a genuine and legitimate reason (including commercial benefit)
How long we retain this information for?
We may store this information for continuing our business relationship, and even keep this information beyond any active business relationship for any future perspective business.
How do we protect your information?
We implement various security measures including hardening of our servers to ensure your information is safe with us. Brute force protection, DoS protection, firewall etc are some of the various methods used to ensure your data is safe. We have good management policies for account, password, risk, backups, exceptions, asset, key etc to ensure we follow the best practices. We use industry standard encryption tools and protocols like SSH, SSL, FTPeS etc to ensure your data is safe. We also use encryption tools like axcrypt, or password protected zip files to secure some information.
Cookies being used:
1. Wix related cookies.
We use Wix for our website and Wix uses specific mandatory cookies as listed in https://support.wix.com/en/article/cookies-and-your-wix-site
2. __utma, __utmb, __utmc, __utmz
Third party Google Analytics cookies used for statistical purpose. More information.
To know how to manage your cookies (enable/disable etc) please refer to how to control cookies on www.aboutcookies.org.
Our main sub processors are
sapnagroup deutschland, Claus Hübner e.K. who handle German project management and administrative work for us
Sapna Technologies an IT company in India which we use for our services which include software development and server hosting/maintenance.
Hetzner (www.hetzner.de) which we use for hosting requirements. Hetzner does not have software access to our servers as it does not have any OS accounts.
Strato (https://www.strato-hosting.co.uk/) used for remote backup solutions
AWS (https://aws.amazon.com/) used for hosting services like files etc.
G Suite, Gmail, Google Drive, Google Calendar, Dropbox, iCloud, Slack and similar services
In rare cases we may use a different provider as data processors and such cases are noted with the data controller.
What are your rights for your personal information?
You can contact us at for any of the following requests for the personal information we hold of you
to get details of the information we hold of you i.e. subject access requests
to correct/update this information
to delete this information
to restrict processing of this information
to not be subjected to automated decision making including profiling.
to provide this information in portable format
Whom to contact if you have queries or complain?
If you have any queries or complains you can write to us at
Do we use google analytics?