To conduct phishing simulations effectively and safely, certain personal data must be processed. All processing is carried out in close consultation with your employer and your company’s data protection officer to ensure compliance with data protection regulations
🧾 1. What Data Is Processed
We receive a list of employee e-mail data from your employer that includes:
Salutation (e.g., Mr./Ms.)
First name and surname
E-mail address
Preferred language
Optional user group (e.g., department or location)
This information is used exclusively to carry out the phishing simulations accurately and in a personalised manner
🧠 2. How the Data Is Used
The data is utilized solely for the purpose of:
Sending simulated attacks as part of the training program.
Ensuring simulations are relevant and adapted to each employee’s language and context.
Your employer receives only an aggregated and anonymous evaluation of how employees interacted with the simulated e-mails.
🛡️ 3. Data Protection and Security
All data is processed strictly within the framework of the existing contractual agreements (data processing agreement) between us and your employer
We apply extensive security measures to safeguard all personal information, including secure storage, restricted access, and compliance with applicable data protection laws
If you have any questions about how your personal data is processed, please contact your employer’s data protection officer for further details.