- Version: v1.0
- Effective as of May 24, 2018
Note: This document is only available in English, as it’s the official language of commerce for our clients and in the regions we operate. Any translated copies are not valid.
You have rights!
If your personal data is processed, you are a data subject within the meaning of the EU General Data Protection Regulation (GDPR), and you have the following rights vis-à-vis CybrQ Ltd as the controller:
- the right to information
- the right to rectification and erasure
- the right to restriction of processing
- the right to object to processing
- the right to data portability
You have the right to complain to a data protection supervisory authority about the processing of your personal data by CybrQ Ltd.
1. Information We Collect
(a) Our Service
We may collect personal information about you, such as your full name, phone number and email address, when you register for an account. If you choose to purchase a product from us, we or our third-party payment processors will collect your payment information. When you use the CybrQ Service or if you visit our Site or mobile applications, we may receive certain information about you as described below.
(b) Cookies And Tracking Technologies
We use automatically collected information and other information collected on the Service through cookies and similar technologies to: (i) personalize our Service, such as remembering a User’s or Visitor’s information so that the User or Visitor will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized content, and information; (iii) monitor and analyze the effectiveness of Service; (iv) monitor aggregate site usage metrics, such as total number of visitors and pages viewed; and (v) track your entries, submissions, and status in any promotions or other activities on the Service. You can obtain more information about cookies by visiting https://cookiesandyou.com.
(c) Log File Information
Log file information is automatically reported each time you access our Sites or the CybrQ Service. Depending on the type of Service you use, we collect different data logs. In your CybrQ account, you have access to a personalized data dashboard providing you with all the details of the data we have collected from the various Services you are using. The log file information is collected to determine your personal cyber exposure score as well as to identify opportunities to improve your cyber posture.
(d) Information from Other Sources
We may obtain information, including personal data, from third parties and sources other than the Service. If we combine or associate information from other sources with personal information that we collect through the Sites or Service, we will treat the combined information as personal data in accordance with this Policy.
We take measures to protect the technical information collected by our use of Google Analytics. The data collected will only be used on a need-to-know basis to resolve technical issues, administer the Site and identify visitor preferences; but in this case, the data will be in non-identifiable form.
We will retain personal data we process for as long as needed to provide our Services. CybrQ will retain this personal data as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.
2. How We Use Your Information
We use the information that we collect to operate and maintain our Sites and the CybrQ Service, send you product information or respond to your questions and concerns. Below are the specific purposes for which we use the information we collect about you:
To provide the Services and personalize your experience: We use information about you to provide the Services to you, including to process transactions with you, authenticate you when you log in, provide customer support, and operate and maintain the Services. Our Services also include tailored features that personalize your experience.
For research and development: We are always looking for ways to make our Services smarter, faster, more secure, integrated and useful to you. We use collective learnings about how people use our Services and feedback provided directly to us to troubleshoot and to identify trends, usage, activity patterns and areas for integration and improvement of the Services. We also test and analyze certain new features with some users before rolling the feature out to all users.
To communicate with you about the Services: We use your contact information to send transactional communications and within the Services, including confirming your purchases, reminding you of subscription expirations, responding to your comments, questions and requests, providing customer support, and sending you technical notices, updates, security alerts, and administrative messages. We also provide tailored communications based on your activity and interactions with us. These communications are a part of the Service. Please be aware that if you do not opt in to them we will not be able to provide the Service as intended. An opt out is available and you will find that option within the communication itself or in your account settings.
To market, promote, and drive engagement with the Services: We use your contact information and information about how you use the Services to send communications that may be of specific interest to you, including by email and by displaying CybrQ ads on other companies’ websites and applications. These communications are aimed at driving engagement and maximizing what you get out of the Services, including information about new features, survey requests, newsletters, and events we think may be of interest to you. We also communicate with you about new product offers, promotions and contests. You can control whether you receive these communications as described below under “Opt in to and out of communications.”
Customer support: We use your information to resolve technical issues you encounter, to respond to your requests for assistance, to analyze crash information, and to repair and improve the Services.
For safety and security: We use information about you and your Service use to verify accounts and activity, to monitor suspicious or fraudulent activity and to identify violations of Service policies.
To protect our legitimate business interests and legal rights: Where required by law or where we believe it is necessary to protect our legal rights, interests and the interests of others, we use information about you in connection with legal claims, compliance, regulatory, and audit functions, and disclosures in connection with the acquisition, merger or sale of a business.
With your consent: We use information about you where you have given us consent to do so for a specific purpose not listed above. For example, we may publish testimonials or featured customer stories to promote the Services, with your permission.
Legal bases for processing: We collect and process information about you only where we have a legal basis for doing so under applicable laws. The legal basis depends on the Services you use and how you use them. This means we collect and use your information only where:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services;
- It satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests;
- You give us consent to do so for a specific purpose; or
- We need to process your data to comply with a legal obligation.
If you have consented to our use of information about you for a specific purpose, you have the right to change your mind at any time, but this will not affect any processing that has already taken place. Where we are using your information because we or a third party have a legitimate interest to do so, you have the right to object to that use though, in some cases, this may mean no longer using the Services.
3. How We Share Your Information
(a) Personal Data Information
CybrQ will not sell or rent your personal data information to others. We may store personal information in locations outside the direct control of CybrQ (for instance, on servers or databases co-located with hosting providers). Any personal data you elect to make publicly available on our Sites or the CybrQ Service, such as posting comments on our blog page, will be available to others. If you remove information that you have made public on our Sites or the CybrQ Service, copies may remain viewable in cached and archived pages of our Sites or the CybrQ Service, or if other users have copied or saved that information.
(b) Non-Personally Identifiable Information
We may share data that is not personal data (such as anonymous usage data, referring/exit pages and URLs, platform types, number of clicks, etc.) with interested third parties to help them understand the usage patterns for certain CybrQ Services. Such data may be stored indefinitely.
(c) Instances Where We Are Required To Share Your Information
CybrQ will disclose your information where required to do so by law, if subject to subpoena or other legal proceeding or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable requests of a law enforcement agency; (b) to enforce our Terms of Service or to protect the security or integrity of our Service; (c) to exercise or protect the rights, property, or personal safety of CybrQ, our users or others; (d) protect ourselves or others from fraudulent, abusive, or unlawful uses or activity; and/or (e) investigate and defend ourselves against any third-party claims or allegations.
(d) What Happens In The Event Of A Change Of Control
We may buy or sell/divest/transfer the company (including any shares in the company), or any combination of its products, services, assets and/or businesses. Your information, such as customer names and email addresses, and other User information related to the CybrQ Service may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or otherwise transfer such information in the course of corporate divestitures, mergers, acquisitions, bankruptcies, dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the company. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.
We display personal testimonials of satisfied customers on our Site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact us at firstname.lastname@example.org.
4. Storage and Processing
Your information collected through the CybrQ Service may be stored and processed in the United States, Europe, or any other country in which CybrQ or its subsidiaries, affiliates or service providers maintain facilities. CybrQ may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. We will not transfer information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction.
How long we keep information we collect about you depends on the type of information, as described in further detail below. After such time, we will either delete or anonymize your information or, if this is not possible (for example, because the information has been stored in backup archives), then we will securely store your information and isolate it from any further use until deletion is possible.
Account information: We retain your account information until you delete your account. We also retain some of your information as necessary to comply with our legal obligations, to resolve disputes, to enforce our agreements, to support business operations and to continue to develop and improve our Services. Where we retain information for Service improvement and development, we take steps to eliminate information that directly identifies you, and we only use the information to uncover collective insights about the use of our Services, not to specifically analyze personal characteristics about you.
Marketing information: If you have elected to receive marketing emails from us, we retain information about your marketing preferences unless you specifically ask us to delete such information. We retain information derived from cookies and other tracking technologies for a reasonable period of time from the date such information was created.
5. How We Protect Your Information
CybrQ is concerned with protecting your privacy and data, but we cannot ensure or warrant the security of any information you transmit to CybrQ or guarantee that your information on the CybrQ Service may not be accessed, disclosed, altered or destroyed by breach of any of our physical, technical or managerial safeguards. When you enter sensitive information (such as log-in credentials) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). Our safeguards are industry standard, however, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. If you have any questions about security on our Site, you can contact us at email@example.com. We use an outside help platform, and a credit card processing company to bill you if you purchase services. These companies do not retain, share, store or use personally identifiable information for any other purposes.
6. EU Data Protection Directive
CybrQ complies with the EU Data Protection Directive 95/46/EC framework as set forth by the European Union regarding the collection, use, and retention of personal data from European Union member countries and Switzerland. CybrQ has certified that it adheres to the requirements of notice, choice, onward transfer, security, data integrity, access and enforcement.
7. Compromise of Personal Information
In the event that personal information is compromised as a breach of security, CybrQ will promptly notify you in compliance with applicable law.
8. Your Choices About Your Information
You can review, correct, update, download or delete your account information that CybrQ keeps on file by logging into your CybrQ Cockpit, incl. consent management. We will retain your information either for as long as your account is active or as needed to provide you Services (including contractually required documentation of past services).
Machine generated data from using our Services can be viewed, downloaded or deleted in your personal CybrQ cockpit. However, this type of data cannot be amended, corrected or updated.
9. Children’s Privacy
Protecting the privacy of young children is especially important. For that reason, CybrQ does not knowingly collect or solicit personal information from anyone under the age of 13. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under 18, please contact us at firstname.lastname@example.org.
10. Notification Procedures
11. Links to Other Web Sites
The controller pursuant to Art. 4(7) of the EU General Data Protection Regulation (GDPR) is:
Company Registration Number: CHE-426.044.573
You can also contact our EU data protection representative at info [at] datenschutzpartner [dot] eu or via our postal address with the addition “Data Protection Representative”.
VGS Datenschutzpartner UG
Am Kaiserkai 69