What is the legal basis for Legentic crawling personal data from classified ads?

Personal data is collected from third-party websites under the legal basis of Legitimate Interest as stated in Article 6 (1) (f) in Regulation (EU) 2016/679 (GDPR)


Is Legentic a Data Processor or a Data Controller for the personal data you process?

Legentic takes on both these roles depending on where we are in the process.

We are the Data Controllers when we collect and collate personal data to develop, host, improve, monitor, and analyse the Service.

We are Data Processors when we collect and process personal data to provide authorised access to our Service to Our Customers in their roles as data controllers. Our Customers have acquired a legal basis for processing personal data before utilising the Service.


Does Legentic transfer personal data outside the EU/EEA?

No, Legentic does not transfer personal data from European classified ads outside the EU/EEA. Even when we use American service providers such as AWS, all data is stored in data centers physically located within the EU/EEA.


Has Legentic evaluated the breach of an individual's rights and freedom before storing personal data from classified ads and using Legitimate interest as a legal basis?

Yes, legitimate interest is documented by adopting a three-parts-test stating the Purpose, the Necessity, and the Balancing of personal data processing, taking into account the Data Subject's fundamental rights and freedoms that require personal data protection.


Does Legentic hold its own ISO 27001 and/or SOC 2 certification?

Currently, we do not, but any work on information security is done based on ISO 27001 and SOC 2.


Does Legentic have an ISMS?

Yes, Legentic has created an ISMS based on the requirements set out in ISO 27001 and SOC 2. All documentation is organised in a purpose-bought tool.


Does Legentic encrypt data in transit and at rest?

Yes, Legentic encrypts data both in transit and at rest.


Who are Legentics' service providers?

Legentic uses AWS, Digital Ocean, and TransIP as our service providers. AWS is considered the main service provider.


Is the service delivery outsourced to third-party service providers?

The service deliveries are hosted by third-party service providers within the EU/EEA for the European market and within the US for the American market.


Does Legentic provide security training for its staff?

Yes, our staff will undergo security training. Our security training program includes both information security and privacy. We do training as part of our onboarding process, through e-learning modules, and as regular parts of company-wide meetings.


Does Legentic have an incident management process taking care of security incidents?

Yes, through our incident management process, security incidents are handled and given the proper attention from discovery to the solution. The whole process is documented. 


Does Legentic offer Multi-Factor Authentication for logging into your SaaS?

Yes, our services come with Multi-Factor Authentication. A related article on how to set this up can be found here.


Does Legentic have an Information Security Policy?

Yes, we have an Information Security Policy governing Information Security work at Legentic.


What personal data do you process?

If you are a user of our service, we process your Name, E-mail address, and Username for you to log into our service.

If you have a classified ad we are holding on to, we process details concerning Your classified ad (your name, nickname, e-mail address, phone number, address, asset identification number e.g., but not limited to: VIN, or car registration number)