Web-IQ Privacy Statement

Web-IQ (Web-IQ B.V) takes data privacy seriously. This document sets out who we are, what we do and when and how we use your personal information.

In addition to this privacy statement, we make formal agreements with our customers and partners about the exchange of information. If this information includes personal data, we make sure that a proper Data Protection Agreement is in place.

We have appointed a data protection officer who is responsible for overseeing questions in relation to this privacy statement. If you have any questions about this privacy statement, including any requests to exercise your legal rights, please contact our data protection officer (Ronald Hoek) by email at dpo@web-iq.org.

This privacy statement was last updated on 28th August 2018.

What we do

Web-IQ offers services that enable our customers to search public data from the internet and use this for their own objectives. We work primarily for customers who are active in the field of security, justice, risk assessment and fraud prevention and who use our services to make the world a better and safer place.

To make this possible, Web-IQ collects public data on behalf of its customers. This may include your personal data.

Web-IQ collects public data from various online sources, such as social media, news sites, market places, blogs, forums and the dark web. Web-IQ does not collect any protected information and guarantees to keep the collection process limited to data that contributes to the information needs of our customers. We collect data on behalf of our customers. This means that in terms of the GDPR, Web-IQ acts as the data processor.

In addition, Web-IQ enables customers to install and operate Web-IQ software themselves on their own servers. As part of this, customers may capture public data from the internet or dark web onto their own systems, potentially including your personal data. We help our customers to comply to the privacy and data protection regulations for their situation by providing software that allows them to control and limit what data is being collected, how long the data is stored and who and how the data can be accessed.

In our agreements with our customers we state that our customers may only use our services, data and products in a lawful manner that respects all applicable privacy aspects. Web-IQ will not do business with organizations that are related to countries, individuals or groups on the European Union Sanctions List.

We also use personal information from our customers, business contacts, web site visitors and people who signed up for our newsletters.

How we use your data

When you partner with us or purchase our services or products

If you become our customer or partner, we may collect personal information about you or your employees, like names, email addresses, telephone numbers. We use this information only to contact you and fulfill our contractual obligations.

We will not share this information with other customers nor third-parties without your consent and we will make sure that this information is protected properly.

When you use our Voyager Cloud services

Customers that sign up for our Voyager Cloud services (such as DarkCloud or SafeCity) need to provide a valid email address to create an account. We will use this email address only to send you monitoring alerts and other automated system notifications (opt in) and system maintenance updates. Your email address will never be disclosed to third-parties, nor will it be used for promotional or commercial purposes by Web-IQ without your prior consent.

Web-IQ does not actively collect nor monitor your navigational actions (like queries and clicking on items of interest). However, this information, including personal information like your IP address can appear in the log files of our underlying services. Log files are kept for a limited period (7 days) and only for support and maintenance purposes.

If you need more information about how we protect your case data in our Voyager Cloud services, the user agreement and the terms and conditions that apply, please contact us at info@web-iq.com.

When our software captures your online information

In a similar way to how search engines work, Web-IQ searches and stores public data from the internet and the dark web on behalf of its customers. As part of this, we may capture your personal information which is publicly available.

We only collect public data. This is data that is actively shared online at places such as social media, news sites, darknet market places, blogs and forums and can be found with a standard internet search engine or by visiting the relevant site on the internet or dark web.

We have designed our services with privacy in mind:

  • We do not collect data that is protected or shared in private.
  • We aim not to collect nor store data when there is no specific reason to do so. We only search and collect data that is required to answer the questions from our customers.
  • We do not store data longer than needed. Some use cases, such as discovering trends over time and reconstructing events from the past, require us to store the collected public data for a longer period. Other use cases, like most of our risk and fraud detection services keep the collected data in memory for only a few seconds but never store any data on disk or in a database at all. We will delete data when the contract with our customer ends.
  • We aim to anonymize the data as much as possible, although this might not always be possible given the use cases of our customers.
  • We will always be open about our intended use of the data and we will inform our customers about how we have collected the data, so our customers can make sure that the way they use the data on their side is lawful and respects privacy.
  • We will make sure that all data that is collected is linked to the original source, so the information can always be placed in its original context.
  • When requested by an individual we will disclose all public information held on that individual.

When you visit our web site

Our public web site (www.web-iq.com) does not use cookies, nor does it use third-party services to track you.
However, your IP address is logged temporary in the access log of our web server for debugging purposes. These log files are deleted after 10 days.

When you subscribe to one of our newsletters

When you subscribe to one of our newsletters, such as the Darknet Update, we keep your email address and name, so we can send you the information you signed up for. We will not use this email address to spam you with other information or for any other purpose.

We use a newsletter service that allows us to keep track of how many subscribers open and interact with our newsletter emails. We use this information solely to learn how we can improve the content of our newsletter.

Each newsletter contains a link that allows you to unsubscribe. We permanently remove the personal data from inactive subscribers on a monthly basis.

Your rights

You have the right to object to us handling your personal information (as described in the “How do we use your data” section above). If you ask us to stop handling your personal information in this way, we will stop unless we can show you that we have compelling grounds as to why our use of your personal information should continue. For other questions regarding your rights under the data protection laws, please contact us at dpo@web-iq.org

Data Security

To protect your personal information, we have implemented several measures:

  • The Web-IQ software is hosted on secure servers in The Netherlands.
  • To operate our services, we work together with known partners within the European Economic Area that have the appropriate certifications and clearances for providing services to government organizations and law enforcement agencies.
  • Within our organization, data is only made available on a need-to-know basis. All employees of Web-IQ can present a certificate of conduct and additional screening is required for some functions.
  • Information security is on top of our agenda. We have appointed an Information Security Officer and are taking major steps to become ISO 27001 certified next year.
  • Periodically, independent parties perform penetration tests and scan for potential vulnerabilities in our systems.
  • We apply best-practices and guidelines ensuring privacy and information security in our organization, such as separation of environments, encryption of documents and communication, access control, incident report procedures, monitoring and audits.

Changes to this privacy statement

We may update this privacy statement from time to time. The latest version of this privacy statement can be found on our web site: https://web-iq.com/privacy-statement/

If you have any questions about this privacy statement, please contact us.

Data Protection Officer
Mr. Ronald Hoek
dpo@web-iq.org

Web-IQ B.V.
Helperpark 284
9723 ZA Groningen
The Netherlands
31 (0)50 21 11 622
info@web-iq.com