Infodiz
Privacy Policy
Effective Date: May 13, 2026 · Last Updated: May 13, 2026
1. Introduction
Netdiz Ltd. ("Netdiz," "we," "us," or "our") operates the website infodiz.com and related services, including the NIS2 Assessment at infodiz.com/assessment (collectively, the "Services").
We are committed to protecting your personal data and your privacy. This Privacy Policy explains what data we collect, why we collect it, how we use it, and what rights you have under the General Data Protection Regulation (GDPR) and applicable UK data protection law.
Questions? Contact us at privacy@infodiz.com
Company: Netdiz Ltd., United Kingdom
2. Data We Collect
2.1 Data You Provide Directly
| Category | Examples |
|---|---|
| Account data | Name, email address, company name |
| Assessment data | Answers to NIS2 assessment questions, score, risk profile |
| Communications | Messages you send us, support requests |
| Token Service data | Usernames, API keys, usage logs, generated tokens |
2.2 Data Collected Automatically
| Category | Examples |
|---|---|
| Technical data | IP address, browser type, device type, OS |
| Usage data | Pages visited, time spent, click paths |
| Logs | Server logs, error logs, access logs |
3. Why We Collect Your Data
| Purpose | Legal Basis |
|---|---|
| Provide NIS2 Assessment and report generation | Contract performance (Art. 6(1)(b) GDPR) |
| Account creation and management | Contract performance (Art. 6(1)(b) GDPR) |
| Customer support | Legitimate interests (Art. 6(1)(f) GDPR) |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f) GDPR) |
| Service improvements | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing (where consented) | Consent (Art. 6(1)(a) GDPR) |
| Legal compliance | Legal obligation (Art. 6(1)(c) GDPR) |
4. NIS2 Assessment — Specific Provisions
The NIS2 Assessment collects answers to 15 compliance questions. This data is used solely to:
- Calculate your NIS2 compliance score and risk level
- Generate a personalised gap analysis report
- Provide recommendations for compliance improvement
Data Retention: Assessment data is retained for 90 days after completion, after which it is permanently deleted unless you create an account.
Security: All assessment data is transmitted via TLS 1.2+ and stored with encryption at rest. We do not share your assessment answers with third parties.
5. Cookies and Tracking
| Type | Purpose | Duration |
|---|---|---|
| Essential cookies | Authentication, security, session management | Session / 7 days |
| Analytics cookies | Understand how visitors use our Site (Matomo, self-hosted) | Up to 2 years |
| Marketing cookies | Only where you have provided explicit consent | Up to 1 year |
We use Matomo (self-hosted, privacy-respecting analytics). No personal data is sold or shared with advertising networks.
6. Who We Share Your Data With
We do not sell your personal data. We share data only with:
| Recipient | Purpose |
|---|---|
| Hosting providers (EU-based) | Operating our Services |
| Payment processors | Processing payments (we do not store card numbers) |
| Email delivery service | Sending transactional emails |
| Matomo (self-hosted analytics) | Site analytics — anonymized |
| Legal authorities | When required by law or court order |
All third-party processors are bound by Data Processing Agreements (DPAs).
7. International Data Transfers
If we transfer data outside the EEA, we ensure protection through Standard Contractual Clauses (SCCs) approved by the European Commission. Our primary infrastructure is hosted within the EU (Germany/Finland).
8. Data Security
- ✅ Encryption in transit (TLS 1.2+) and at rest (AES-256)
- ✅ Access controls — least privilege, role-based access
- ✅ Regular security reviews and vulnerability scanning
- ✅ Staff training on data protection
- ✅ Incident response procedures
In case of a data breach affecting your rights, we will notify the Information Commissioner's Office (ICO) within 72 hours and inform affected users without undue delay.
9. Your Rights Under GDPR
| Right | Description |
|---|---|
| Right of access | Request a copy of all personal data we hold about you |
| Right to rectification | Request correction of inaccurate data |
| Right to erasure | Request deletion ("right to be forgotten"), subject to legal requirements |
| Right to restriction | Request we limit processing in specific circumstances |
| Right to data portability | Receive your data in a structured, machine-readable format |
| Right to object | Object to processing based on legitimate interests or marketing |
| Right to withdraw consent | Withdraw consent at any time |
| Right to lodge a complaint | File a complaint with the ICO (UK) |
To exercise any right, contact us at privacy@infodiz.com. We respond within 30 days.
10. Children's Data
Our Services are not directed at individuals under 16. We do not knowingly collect data from children. If you believe a child has provided us data, contact us immediately at privacy@infodiz.com.
11. Data Retention
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 90 days after deletion |
| NIS2 Assessment data | 90 days after completion (or duration of account) |
| Billing/invoice data | 10 years (UK tax law requirement) |
| Support communications | 3 years after resolution |
| Marketing consent | Until withdrawal of consent |
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted here with an updated "Last Updated" date. For significant changes, we will provide prominent notice (email or banner). You will be given 30 days' notice before changes affecting your rights take effect.
13. Supervisory Authority
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with:
🇬🇧 Information Commissioner's Office (ICO) (UK)
This Privacy Policy is provided in English. Where a translated version exists, the English version shall prevail in case of conflict.