Cyberseguro Limited is registered in England and Wales (Registration Number: 12913638) atFlat 9 Sherard Apartments, 157 Bow Common Lane, London, England, E3 4GW
The Owner and Data Controller is: Cyberseguro Limited at the registered address as above.
All Information Security measures are compliant with ISO 27001 (Information Security Management) and all data collected, stored and processed is managed in compliance with national data protection regulations within the jurisdictions where Cyberseguro operates.
Among the types of personal data that this application collects, by itself or through third parties, there are: Cookies; Usage Data; email addresses, company demographic information, telephone numbers, individuals’ names and specific responses to questions relating to Data Privacy, Data Security and Cyber Security.
Unless specified otherwise, all Data requested by this Application is mandatory and failure to provide this Data may make it impossible for this Application to provide its services with the level of accuracy and efficacy required. Users are free not to communicate parts of the data requested under the understanding that it will significantly impact the quality of service they receive.
Users who are uncertain about which Data is mandatory are welcome to contact the Owner.
Users are responsible for any Data obtained, published or shared through this Application and confirm that they have any third party’s consent to provide the Data to the Owner (where applicable).
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data. The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons and/or external parties, involved with the operation of this Application and of the additional services the user seeks. The updated list of these parties may be requested from the Owner at any time.
Legal Basis for Processing
The owner processes all data for the following purposes:
- Where Users have given their consent for one or more specific purposes – calculating cyber risk and level of data security/protection maturity of the organisation, future contact with users, effective provision of cyber insurance and ancillary cyber security support services.
- Where the provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof.
- Where the processing is necessary for compliance with a legal obligation to which the Owner is subject.
- Processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner.
- Processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Additionally, and specifically for the jurisdiction of Brazil.
The Owner can process your personal information solely if the Owner has a legal basis for such processing. Legal bases are as follows:
- The User’s consent to the relevant processing activities.
- Compliance with a legal or regulatory obligation that lies with the Owner.
- The carrying out of public policies provided in laws or regulations or based on contracts, agreements and similar legal instruments.
- Studies conducted by research entities preferably carried out on anonymized personal information.
- The carrying out of a contract and its preliminary procedures, in cases where the User is a party to said contract.
- The exercising of the Owner’s rights in judicial, administrative or arbitration procedures.
- Protection or physical safety of the User or a third party.
- The protection of health – in procedures carried out by health entities or professionals.
- our legitimate interests provided that the fundamental rights and liberties of the User do not prevail over such interests; and
- Credit protection.
To find out more about the legal bases, the User can contact the Owner at any time using the contact details provided in this document.
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located. Automated processing carried out by the application is done utilising ‘Google Cloud Platform’ and this data for that purpose resides in the third-parties servers hosted in the United States of America and the United Kingdom.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own.
If any such transfer takes place, Users can find out more by enquiring with the Owner using the information provided in the contact section.
Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Data collected for the purposes of using the application shall be retained until the use of the application is complete, the user has received the results of the assessment and they have declared that they have no further requirements
- Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after the expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Analytics, Remarketing and behavioural targeting, Advertising, Advertising serving infrastructure, Displaying content from external platforms, Handling payments, Interaction with external social networks and platforms, SPAM protection, Interaction with live chat platforms, Content commenting, Contacting the User and Commercial affiliation.
Detailed information on the processing of Personal and Confidential Data
Advertising and Marketing – for purposes of targeted communication campaigns offering access to cyber security services and products
Analytics – for purposes of supporting the delivery of the assessment service and any further cyber security & data security support services requested by the user
Handling Payments – Unless otherwise specified, this Application processes any payments by credit card, bank transfer or other means via external payment service providers. In general, and unless where otherwise stated, Users are requested to provide their payment details and personal information directly to such payment service providers. This Application isn’t involved in the collection and processing of such information: instead, it will only receive a notification by the relevant payment service provider as to whether payment has been successfully completed.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Application or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Application and any third-party services may collect files that record interaction with this Application (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Brazilian Privacy Rights
Your Brazilian privacy rights
The User has the right to:
- Obtain confirmation of the existence of processing activities on the User’s personal information;
- Access the User’s personal information.
- Have incomplete, inaccurate or outdated personal information rectified.
- Obtain the anonymization, blocking or elimination of the User’s unnecessary or excessive personal information, or of information that is not being processed in compliance with the LGPD.
- Obtain information on the possibility to provide or deny your consent and the consequences thereof.
- Obtain information about the third parties with whom the Owner shares the User’s personal information.
- Obtain, upon the User’s express request, the portability of the User’s personal information (except for anonymized information) to another service or product provider, provided that our commercial and industrial secrets are safeguarded.
- Obtain the deletion of the User’s personal information being processed if the processing was based upon the User’s consent, unless one or more exceptions are provided for in art. 16 of the LGPD apply.
- Revoke the User’s consent at any time.
- Lodge a complaint related to the User’s personal information with the ANPD (the National Data Protection Authority) or with consumer protection bodies.
- Oppose a processing activity in cases where the processing is not carried out in compliance with the provisions of the law.
- Request clear and adequate information regarding the criteria and procedures used for an automated decision.
- Request the review of decisions made solely on the basis of the automated processing of User’s personal information, which affects the User’s interests. These include decisions to define your personal, professional, consumer and credit profile, or aspects of the User’s personality.
The User will never be discriminated against, or otherwise suffer any sort of detriment, if he/she exercise their rights.
How to file a request
The User can file an express request to exercise her/his rights free from any charge, at any time, by using the contact details provided in this document, or via a legal representative.
How and when the Owner will respond to the User’s request
The owner will strive to promptly respond to the User’s requests.
In any case, should it be impossible for the Owner to do so, the Owner will make sure to communicate to the User the factual or legal reasons that prevent him/her from immediately, or otherwise ever, complying with the User’s requests. In cases where the Owner is not processing the User’s personal information, the owner will indicate to the User the physical or legal person to whom he/she should addresstheir requests if the Owner is in the position to do so.
Ifthe User filesan access or personal information processing confirmation request, the User must specify whether he/she would like their personal information to be delivered in electronic or printed form.
The User will also need to advise the Owner on whether the response to the request would have to be answered immediately, in which case the Owner will answer in a simplified fashion. In case the User requires a complete disclosure, the Owner will respond within 15 days from the time of the request, providing the User with all the information on the origin of the personal information, confirmation on whether or not records exist, any criteria used for the processing and the purposes of the processing, while safeguarding our commercial and industrial secrets.
In the event that the User files a rectification, deletion, anonymization or personal information blocking request, the Owner will make sure to immediately communicate the User’s request to other parties with whom the Ownerhas shared the User’s personal information in order to enable such third parties to also comply with the request – except in cases where such communication is proven impossible or involves a disproportionate effort on the Owner’s side.
Transfer of personal information outside of Brazil permitted by the law
The Owner is allowed to transfer the User’s personal information outside of the Brazilian territory in the following cases:
- When the transfer is necessary for international legal cooperation between public intelligence, investigation and prosecution bodies, according to the legal means provided by the international law.
- When the transfer is necessary to protect your life or physical security or those of a third party.
- When the transfer is authorised by the ANPD.
- When the transfer results from a commitment undertaken in an international cooperation agreement.
- When the transfer is necessary for the execution of a public policy or legal attribution of public service.
- When the transfer is necessary for compliance with a legal or regulatory obligation, the carrying out of a contract or preliminary procedures related to a contract, or the regular exercise of rights in judicial, administrative or arbitration procedures.
I accept the terms and conditions outlined above.