top of page

Privacy

User Overview

Welcome to Waverley Labs, our penetration testing services offer a comprehensive set of capabilities to proactively detect and validate vulnerabilities, configuration weaknesses, control gaps, and staff awareness within organizations by safely performing the actions a malicious actor would.

​

All data and  documentation uploaded (if any) to Waverley Labs is anonymized, encrypted and stored Microsoft Azure cloud servers. 

​

Definitions of the Data Protection

​

Personal Data: Any information relating to an identified or identifiable natural person (‘data subject’).

​

Data Subject: An individual who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

​

Controller: The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

​

Waverley Labs does not share any user data unless explicitly requested or agreed upon in advance.

​

Full Data Protection Policy

​

Data Protection

Waverley Labs (referred to as “the Company”) as a penetration testing services business takes its responsibilities under the US data privacy laws and EU GDPR and other data protection laws seriously. This document outlines the policy framework introduced by Waverley Labs to effectively manage Data Protection for all parties involved.

 

This Policy applies to both Waverley Labs’s clients and individuals providing their personal data for processing (referred to as “Data Subjects”).

​

The Company acts as a Processor of personal data under Article 28 of the EU GDPR and may also serve as the Data Controller under Article 24 in certain cases. Personal data and biometrics submitted by Data Subjects remain securely stored on the user’s phone, with no external data processing or transfer.

​

Our corporate clients, whether within or outside the EU and EMEA, do not have access to personal data unless required by applicable laws. Waverley Labs never shares information or documents.

​

Scope of the Policy

While Waverley Labs does not typically handle personal data, this policy ensures that Waverley Labs’s staff comply with regional and English law, as well as the EU GDPR, in the event that personal data processing becomes necessary. It also provides information to Data Subjects on how their personal data is controlled and protected.

The Company adheres to data protection principles, ensuring that personal data is processed fairly, lawfully, transparently, and securely. Personal data is kept only for necessary purposes, is accurate, and not retained longer than required.

Responsibilities

​

  1. a) Waverley Labs’s Responsibilities

Depending on where you’re located, privacy laws and regulations may allow you to exercise certain rights regarding the processing of your personal data – such as those listed in the table below. If you are from the EU, you may also submit requests via our EU Representative as explain in the EU section.

​

1          Right to be Informed           This privacy notice provides the awareness you are entitled to.

2          Right of Access                      The right to confirm if we process your personal data, to view what personal information is processed, or request a copy.

3          Right to Rectification          The right to have your personal data corrected if it is inaccurate.

4          Right to Erasure                    The right to have your personal data deleted.

5          Right to Restrict or Limit Processing    The right to restrict or limit the way(s) we use your personal data, including sensitive personal data.

6          Right to Data Portability    The right to have your personal data transferred to you or to another data controller, in a machine-readable electronic format.

7          Right to Object                      The right to object to certain data processing such as that based on legitimate interests or the public interest, for direct marketing, or scientific/historical research and statistical purposes.

8          Right in Relation to Automated Decision Making     The right not to be subject to a decision based solely on automated processing, including profiling, which produces legal or other significant affects.

9          ‘Do Not Sell My Data’           The right to request that we do not sell your personal data (Waverley Labs does not sell personal data).

10       Right to Withdraw Consent In situations where you have consented to us processing your personal data, you have the right to withdraw that consent at any time.

​

EU Section.

Waverley Labs is responsible for establishing policies and procedures to comply with the EU GDPR and local laws. The Data Protection Officer is the key contact for these matters (contact info: info@WaverleyLabs.com)

  1. b) Data Protection Officer’s Responsibilities

  • The Data Protection Officer is responsible for:

  • Ensuring compliance with this policy.

  • Handling subject access requests.

  • Resolving data protection breaches.

  • Responding to data protection complaints.

​

  1. c) Waverley Labs Staff Responsibilities

All staff processing personal data must comply with this policy. Staff must ensure data security, confidentiality, and promptly report any data protection breaches.

  1. d) Third-Party Processors

Waverley Labs remains responsible for the security and appropriate use of data when third-party processors are used. Selection criteria, security measures, and data processing agreements are in place.

​

Specific Measures to Ensure Data Protection

The Company implements various measures to ensure data protection, including agreements compliant with the EU GDPR and other regional data protection laws, secure data transfer methods, encryption, anonymization/pseudonymization, background checks, training, audits, and more.

​

Physical Security

The Company prevents unauthorized physical access, damage, and interference to information and processing areas through measures such as removable media restrictions, CCTV monitoring, entry controls, secure areas, and hardware protection.

​

Software and Network Security

Regular vulnerability scans, penetration tests, code reviews, and staff training are conducted. Network connections are secured, and malicious behavior is monitored using machine learning.

​

Data Protection Breaches

Any data protection breach is reported immediately to the Data Protection Officer and/or CEO, including details of the incident and data classification involved.

​

Data Subjects’ Rights

Data Subjects have various rights, including the right to access, rectify, erase, restrict processing, data portability, object to processing, and avoid automated decision-making.

​

​

Purposes for Data Collection

Data is collected for identification and client diligence compliance, such as KYC and AML compliance. Data may be subject to automated verification against various databases.

​

Consent to Data Processing

Personal data is collected and processed based on Data Subjects’ informed and explicit consent.

This Policy is regularly reviewed and updated to ensure compliance with the EU GDPR and other applicable laws.

 

For requests or complaints, please contact us at info@Waverley Labs.com.

​

​

bottom of page