Privacy Policy

Last updated: 01-07-2021

Cyver Privacy Policy 

Cyver is committed to respecting and protecting the privacy of our visitors, users, and customers. This Privacy Policy recognizes the obligations set forth under the Data Protection Act 1998 (DPA), the Privacy and Electronic Communication Regulations 2003 (PECR) (EC Directive), and the General Data Protection Regulation 2018 (GDPR).

This Privacy Policy (or “policy”) details how and what personal information (or “personal data”) we collect, store, share, and protect. The policy details how we use the personal data of the user (or “visitor”, “customer”, “client”, “subscriber”, henceforth referred to as “user”), how we collect that data, in what ways we may share it, and how we protect it. This privacy policy also highlights the rights and options you have in regards to personal data collected by Cyver. 

Cyver is registered with the Dutch Chamber of Commerce under KVK Number: 78074878

You can contact us during business hours at (phone number) or email us at any time at [email protected]

You can write to our Data Controller at: (address)

Importantly, this policy addresses the privacy practices and standards as used by Cyver and its contracted people. It does not include practices which might be used by any third-parties, including applications, partner applications, or third-parties utilizing our platform. Cyver is not responsible for the privacy practices of third-parties. However, we will disclose any instance in which we give third-party application access to our website, platform, or services. Any data collected, stored, or requested by Cyver will not be disclosed to third parties, except in cases of legal requirement. 

Contents: 

  • Cookies Policy 
  • What Data Do We Collect? 
  • How do We Use Data? 
  • How is Personal Data Processed and Disclosed? 
  • How is Personal Data Transferred? 
  • How do We Secure Your Personal Data? 
  • How Long Do We Store Personal Data? 
  • Privacy Policy Changes and Updates 
  • Your Rights Regarding Your Personal Data 
  • Third Parties 

Cookies Policy 

Cyver uses cookies to improve the user experience for visitors on our website and application. A cookie is a small piece of information downloaded to your computer’s harddrive when you visit a web property. This cookie offers a better and more secure user experience. Cyver uses cookies for authentication, to enable certain features on the site, and to monitor traffic on our application and site, which allows us to maintain better security, track the number of visitors to our web properties over time, and to enable general functionality. In some cases, we also utilize single-pixel gifs or web beacons, which are almost solely for tracking the effectiveness of customer communication and marketing. 

You can opt out of cookies at any time. You may also instruct your browser to stop accepting cookies. Doing so may limit certain features on Cyver

We utilize Cookies for the following reasons: 

  • Authentication – “Session ID” cookies are used to automate data entry, verify your account, and determine when you’re logged in. 
  • Security – We utilize cookies to review how people access our site, so that we can offer better security, maintain our terms of service, and protect users. 
  • Features/Services – Cookies enable functionality for user support, such as user authentication, log-in dates, and access dates 
  • Google Analytics – We utilize third-party cookies through Google Analytics for our advertising and marketing. Google Analytics collects data including number of visitors, how users came to the website, which website you came from, total number of times users visited the site, duration of stay, etc.  
  • Analytics – We utilize cookies to better understand how people use our website and application, with the intent of improving those services. 

What Data Do We Collect? 

Cyver collects personal and impersonal data through our own and third-party services. 

Personal Information 

Users are often required to offer personal information including but not limited to name, email address, phone number, payment information, physical address, and other contact information on registration and when ordering services. 

Requests for data are made when users create accounts, confirm accounts, onboard (individuals, teams, organizations), when requesting services, when making payments, and when otherwise requesting services from Cyver. You may be asked to submit information such as your name and organization when opting into mailing lists, when downloading resources, when requesting a demonstration, or when requesting a Pentest as a non-customer. 

Cyver reserves the right to request additional information for security and verification purposes (in which case, compliance may be mandatory for continued access to our services), optional requests, or legal requests. In most cases, you can choose to opt out of additional requests for information. 

  • Identity and Contact – Name, Address, Telephone Number, Job Title, Job Function, etc. 
  • Business Identity – Business information provided as part of your contractual relationship with Cyver
  • Payment Data – Bank account, debit/credit card, security code numbers, billing information, and any additional information we may need for fraud prevention. 
  • Profile/User Data – Passwords, usernames, marketing preferences, web preferences communication preferences, searches on our web properties, page response times, download errors, usage statistics, etc. See “Cookie Policy” above for more information.  
  • Technical Information – IP Address, login data, browser type, browser plug-ins, time-zone settings, device, browser type, operating system, etc. See “Cookie Policy” above for more information. 

 

Information regarding third parties: 

Should you provide information regarding third-parties other than yourself, you must do so with their explicit permission. You must ensure they understand how their information will be used by Cyver and that they have given you permission to disclose it.

Non-personal Information 

Cyver automatically collects non-personal information, including data not protected under European regulation. Non-personal information does not identify the individual. This information may include IP addresses, search terms entered, ads clicked, spots on website clicked, browser and operating system, web pages visited, features interacted with, user content preferences, etc. We collect this information for marketing, optimizing our web properties, and for improving our services. 

How Do We Use Personal Data? 

Cyver collects personal and non-personal data with the intent of improving the user experience. Some of the ways we utilize collected data include: 

  • To optimize and maintain Cyver.io. This includes aggregating user data, benchmarking best practices, and monitoring the functionality of our web properties. This includes developing the website based on user data and behavior, analyzing use patterns for UX purposes, and generating visitor and user statistics. 
  • To provide services requested by and agreed to by the user. E.g., registering you as a customer of Cyver, to administer or process payments for services rendered, to deliver services, etc. 
  • To contact users with the intent of discussing Cyver and its services. This may include sharing information related to Cyver, the user account and services, the requested services, updates regarding those services, etc. Users can opt out of most communication but will still receive critical notifications relating to the account, until the termination of said account. We reserve the right to outsource this communication to third parties. 
  • To bill users for requested services
  • To offer customer service and assistance for user accounts and services
  • To comply with legal processes and law enforcement requests 
  • To conduct or transact business you have contracted us for, as we, in our sole subjective discretion, deem reasonable. 

Cyver does not knowingly collect or utilize information from anyone under the age of 18. Under our Terms of Service, persons under the age of 18 may not use our website, services, or connected web properties. 

In some cases, local regulation may require that we collect Personal Data to process certain services. This means that refusal to provide Personal Data may result in refusal of service. For example, we are legally obliged to request Personal Information on requesting a payment. Should you fail to provide it, it may not be possible to finalize the payment. 

How is Personal Data Processed and Disclosed? 

Cyver is solely responsible for the personal information we collect. We ensure that your data is controlled by Cyver , its affiliates, or its partners under all applicable data protection laws and regulations. Should we choose to work with third-party applications requesting your data, we will do so with full compliance, with each such entity regarded as an independent data controller of your Personal Information and following this Privacy Policy. 

We will never use your Personal Information to take automated decisions affecting or creating profiles other than as described above.

We may share your personal information including with: 

  • Our affiliates and partners. We will provide information regarding partners and affiliates on request. Write [email protected] with your request 
  • Third parties in connection with services we provide 
  • On a confidential basis with third parties we may employ for communication purposes
  • Financial institutions, especially for fraud and crime prevention purposes 
  • Government and legal authorities such as law enforcement, attorneys, regulators, etc., where it is reasonably necessary for the establishment, exercise, or defense of a claim or dispute 
  • With service providers such as shared service centers, for any of the purposes listed above on our behalf and only in accordance with our instructions 

Cyver will never sell or disclose your information to third parties for any purpose not disclosed here in this Privacy Policy. Should we sell the business or business assets, we may disclose Personal Information to the prospective buyer, which we will disclose to you. 

How is Personal Data Transferred 

In the case that it becomes necessary to transfer your information to another country, we will use, share, and safeguard that information as described in this policy. 

  • Should we transfer your data outside of the EU, we will do so only when the country offers the same level of data protection as the EU, or only when it is necessary for the services you requested. 
  • We will exercise all due caution to protect your data during transfer, including utilizing encryption, rigorously reviewing the authenticity and security standards of any partner, and ensuring the security standards of the network used for the transfer. 
  • We utilize data protection standards that are, at minimum, as those required by the EU and the Netherlands. 
  • Cyver complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce. This applies to the collection, use, and retention of personal information from EU member countries and the U.K.

Please contact us for a complete list of data protection standards. 

How Do We Secure Your Personal Data? 

Cyver takes every reasonable precaution to protect and secure your personal data. These steps are important to us, especially because of the necessarily confidential nature of services rendered. Our security policy maintains standards for data protection, including but not limited to encrypted data transfer, HTTPS, and secure servers. 

We regularly maintain networks and web properties, monitor for threats and risks, utilize third-party testing to ensure our continued compliance and security, and have rigorous procedures in place to deal with suspected vulnerabilities. In the case of a breach, we will notify affected parties and any applicable regulators as quickly as possible, under the full extent of applicable law. 

How Long Do We Store Personal Data? 

Cyver will store personal data for as long as is necessary to fulfil the purposes of original collection, as well as to satisfy additional requirements regarding reporting, compliance, legal, accounting, etc.

Email us at [email protected] for specific data relating to your personal data on file, how long we store it, and possible deletion or control measures. 

We will securely destroy personal information in accordance with applicable laws and regulations when we no longer require it for the purpose of original collection, or a further service requested by you. 

Changes to our Privacy Policy

Cyver reserves the right to change, modify, add, or remove portions of this privacy policy at our discretion, to reflect changes in how we process information, or to meet legal requirements. Any changes to this policy will be updated on this web page (Cyver.io/privacy). Your continued usage of our web properties constitutes acceptance of such change, even if you have failed to review the changes. Users will be notified of changes by email should their settings and data sharing permit. 

Your Rights Regarding Your Personal Data

You hold the right to request changes, ensure the accuracy, and object to how we utilize data. 

Accuracy – It is your responsibility to ensure the accuracy of any information which you have provided to us. Cyver is not responsible for any losses or damages arising from inaccurate, inauthentic, or deficient personal information. Contact us at [email protected] for update your personal information via your user account. 

Access – You have the right to request your personal information, except in the instance where it might infringe on the privacy of a third-party person, or if we are legally prevented from doing so. Email us at [email protected] for more information. 

Objections – You may have the right to object to the processing of your personal information. In some cases, you may ask us to block, erase, and restrict your personal information. Depending on your contract, you may ask us to stop using and delete or erase your personal information at any time. You may request that we erase your personal information if it is no longer necessary for the purpose for which it was collected, or your personal information has been unlawfully processed. Email at us [email protected] to submit your request. 

Porting – You have the right to request that some of your personal information be provided to you or to a data controller. 

Withdrawing Consent – You may withdraw consent to our collection, usage, storage, and protection of your personal data at any time. Please follow opt-out links or write us at [email protected] for more information. Once we have received this notification, we will cease to utilize your information, after a processing period of no more than 30 days, unless there are compelling legitimate grounds for further processing, such as ongoing legal claims, ongoing financial transactions, etc. 

If you believe your data privacy rights have been breached in any way, you have the right to lodge a complaint with applicable supervisory authorities, or to seek court remediation. 

You may exercise any of the above rights at any time by contacting us at [email protected]. We will request proof of identity at this time. 

 Third Parties

We may hire, contract, or retain third-party services or suppliers to meet our business needs. It may be necessary to share your Personal Data with these suppliers. Any third-party has been selected under a rigorous evaluation process and will only process your data under our instructions, with the intent to fulfill a service requested by you. Should these suppliers be based in non-EU countries, data transfer will be carried out in compliance with GDP. 

Cyver will offer full disclosure before and when working with any third parties. In addition, we will offer individual opt-out for sharing sensitive data with third-parties other than our agents. Submit a request to [email protected] to request to limit the use of and disclosure of your personal information. 

In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Contact us at [email protected] for information regarding third parties. 

Google Analytics: Cyver uses Google Analytics. For more information about this third-party service and their privacy policy, visit http://www.google.com/analytics/learn/privacy.html.