Our practices
This privacy policy applies to information collected during interaction with Cybera’s service. Cybera publishes this privacy policy to inform you of collection, use, sharing, and disclosure of personal information when you visit or otherwise use www.cybera.io and app.cybera.io or any other web pages or services (“Services”) that we operate, and which link to this privacy policy. This privacy policy also explains how to exercise your privacy rights in relation to your personal information. This privacy policy only applies to personal information that is processed by Cybera as a business or a data controller under applicable data protection laws. If you are an employee of a Cybera customer, you should request your employer’s privacy policies to understand their use of your personal information.
Collection of Information
Types of Personal Information we collect and process depend on your relationship with Cybera and requirements of law.
Information You Provide Us
We collect personal information you provide us when you use the Cybera service, including your account information such as name, phone number, and e-mail address during your contacts with our marketing, sales, or support teams, your contact information when you communicate with us, and any other information you may provide to us. When you communicate with Cybera we collect the contents of and data about those communications.
Cybera Services Privacy Data Sheet (GDPR). View Data Sheet
The above link contains the privacy policy details for the personal information processed by Cybera Services in compliance with all applicable privacy laws and regulations, including but not limited to GDPR.
Automatic Data Collection
We may collect certain information automatically through your use of the Cybera service, such as your IP address, cookie identifiers, and other device identifiers that are automatically assigned to your device, browser type and language, geolocation information, hardware type, operating system, Internet service provider, pages that you visit before and after using the Cybera Service, the date and time of your visit, the amount of time you spend on each page, information about the links you click and pages you view within the Cybera service, and other information about actions taken through use of the Cybera service.
Use of Information
We may use your personal information for the following purposes:
- To provide and maintain our Service, including to monitor the usage of our Service.
- For the performance of a contract: the development, compliance and undertaking of the purchase contract for the products, items or services you have purchased or of any other contract with us through the Service.
- To contact you: To contact you regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
- To provide you with news, special offers and general information about other services and we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
- To manage your requests: To attend to and manage your requests to us.
- For business transfers: We may use your information to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.
- To enforce our contracts, including our Terms of Service, to resolve disputes, to carry out our obligations and enforce our rights, and to protect our business interests and the interests and rights of third parties.
- To comply with contractual and legal obligations and requirements.
For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
Sharing of Information
We may share the information we collect about you in the following situations:
With Cybera Customers and Partners
We may disclose information we receive from you with the Cybera customer through whose account you use the Cybera service. Your personal information will also be subject to the Cybera customer’s privacy policy and contract amendments. We are not responsible or liable for the privacy and security practices of Cybera customers.
With Service Providers
We disclose information we receive with service providers who help us deliver or improve our Service or who perform services on our behalf. Our service providers are subject to reasonable confidentiality terms and we take commercially reasonable steps to ensure they adhere to the security and privacy standards we apply to your personal information. The service providers we share personal information with include the functions of:
- provisioning Cybera’s Service;
- hosting and IT-related services;
- accounting data services; and
- customer service activities.
- With law enforcement or to comply with other legal requirements. We may disclose information if doing so is needed to:
- comply with law enforcement;
- respond to subpoenas or government inquiries;
- protect the rights, property, or safety of Cybera and its persons;
- enforce our policies or contracts;
- collect payment owed to Cybera; or
- prevent physical harm or financial loss or in connection with an investigation or prosecution of suspected or actual illegal activity.
In certain cases, we may be required to share server log data containing IP addresses with law enforcement bodies to identify users in connection with their investigation of unauthorized or illegal activities.
International Data Transfers
Personal Information collected by Cybera will be transferred to and stored in Switzerland, except in the cases of customers whose contracts specify alternate jurisdictions. By using the Cybera service or otherwise providing information to us, you acknowledge your personal information may be transferred to countries, including the United States, which may have different data protection than your country. Your personal data may be processed at any other places where the parties involved in the processing, including our staff, our service providers, or our subsidiaries are located. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Policy and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place including the protection of your information in accordance with applicable data protection laws.
Information accuracy is important to us. You can request and correct your information, and we will respond in accordance with applicable law. We will comply with your state or country’s privacy law if it differs from this policy.
We process personal information for a variety of purposes, including:
- provide our service or fulfill requests
- administrative purposes
- market our services
- de-identified and aggregated information use
Policy updates and information requests
You can receive additional copies of our privacy policy on our website or you can write or e-mail us with the information on the ‘Contact Us’ page of our website.
Data Retention
Cybera retains the personal information for as long as you or your company uses the Cybera service, or as necessary to fulfill the purpose(s) for which it was collected, provide our service, resolve disputes, support audits, pursue ourlegitimate interests, enforce agreements, and comply with laws. When possible and contractually permitted, Cybera willemploy mechanisms that allow us to automatically remove data after it is no longer needed to offer our services.
Safeguarding Information
We maintain reasonable data protection safeguards, including administrative, technical and organizational measures, taking into account the nature of the personal information and the processing . Access to personal information is limited to people who require the information to perform their job. We regularly update security standards, processes, and technology to protect against unauthorized access.
Cybera transfers data with TLS 1.2 or better, and uses AES-256 or better encryption of data storage. We regularly have independent auditors assess the security of our data storage and systems.
Choices and Rights
We endeavor to provide the following data rights and protections to all of our users regardless of the jurisdiction in which they live.
- Right to Access: You can request access to the specific pieces of personal information that we have collected about You.
- Right to Correct: Information accuracy is important to us. You can request that we correct certain inaccuracies in your personal information we have collected about you.
- Right to Delete: You have the right to delete or request that we assist in deleting the personal information that we have collected about you. Please note, however, that We may need to retain certain information when we have a legal obligation or lawful basis to do so.
- Right to opt-out of direct marketing emails: If you receive unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails, and we will process your request within a reasonable time. We may also send you certain communications regarding status or changes to Cybera and our services and you will not be able to opt out of those communications.
- Right to opt-out of cookies and similar technologies: We, and third parties that provide other features of the Cybera service, may use cookies, pixel tags, local storage, and other technologies to automatically collect information through the Cybera service or our subprocessors. To opt out of information collection, you may do so by blocking, deleting, or disabling them as your browser or device permits.
In addition to the above rights, depending on where you are located in the United States or the European Economic Area (EEA), you may have additional privacy rights. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. For information on such additional rights, please refer to the additional California and GDPR specific terms below.
Supplemental Privacy Notice
For Users in the United States
Some states in the US have passed state specific consumer privacy laws. This section supplements our Privacy Policy by addressing additional requirements that apply if you are a resident in one of these states.
Notice at Collection
When you use our websites, cookies and similar technologies may collect personal information about you:
Personal information collected by Cybera may be used to:
- provide information about our service;
- respond to questions and requests;
- perform analytics;
- improve our services;
- report fraud cases to applicable law enforcement agencies and involved financial institutions
- prevent and protect against unlawful activity; and
- perform IT and administrative support.
For more information on the categories of third parties with whom we disclose personal information and the specific business or commercial purposes for such disclosures, please review the ‘Sharing of Information’ section of the Privacy Policy.
In addition to the privacy rights noted noted under ‘Choices and Rights’ section of the Privacy Policy, depending on where you are located in the United States, you may have additional privacy rights, as noted below:
- Right to Opt Out of Sale or Share: You have the right to instruct businesses that sell your personal information or share it for interest based or targeted advertisements to stop doing so. We do not sell or share your information for such purposes. As such, we don’t believe this right applies to our processing of your personal information.
- Limit Processing of Sensitive Personal Information: You have the right to limit the use or sharing of your sensitive personal information (for example race, religious preferences, health or criminal history). However, we do not collect or disclose your sensitive personal information in the context of our Services. As such, we don’t believe this right applies to our processing of your personal information.
- Right to Opt-out of Profiling: You can opt-out of the automated processing of your personal information to evaluate, analyze, or predict personal aspects related to your economic situation, health, personal preferences, interests, reliability, behavior, location, or movements. We do not engage in any such profiling activities that produce legal or similarly significant effects. As such, we don’t believe this right applies to our processing of your personal information.
- Right to Non-discrimination: You have the right to be free from discrimination or retaliation related to your exercise of any of your privacy rights.
- Right to Appeal: If We decline to take action on any request that you submit in connection with the rights described above, You may ask that we reconsider our response by submitting a written request to us using the information indicated under the ‘How You Can Reach Us’ section below. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied and you are not satisfied with the reasons for the decisions, you have the right to submit a complaint to the local government authority in your jurisdiction. Your local government authority will have an online portal with details regarding how to submit complaints.
For Users in the European Economic Area
This GDPR notice supplements Cybera’s privacy policy and only applies to our processing and collection of information that is subject to the GDPR.
This Privacy Policy applies to personal information collected and/or used by Cybera while acting in the capacity of a data controller, as that term is defined in the European Union’s (EU) General Data Protection Regulation 2016/679, the “EU GDPR” or, where applicable, the “United Kingdom (UK) GDPR”. This Privacy Policy does not apply to situations where we act as a “processor” or “service provider” in relation to the data our customers submit, manage, use, or process through or as part of our Services (“Customer Data”). For additional information about our data processing activities in our role as a processor or service provider, please see our Data Processing Agreement.
Legal Basis for Processing
Our legal basis for collecting and using personal information will depend on the personal information concerned and the specific context in which we collect it. We will normally process your information for the purposes described in this Privacy Policy, based on one or more of the following legal grounds:
- We process your data in order to provide a Service you’ve asked for under a contract or that you have been provided under a contract with a Cybera client or partner;
- We may process your data for our legitimate interests and those of third parties, where these are not overridden by your privacy and data protection interests or fundamental rights and freedoms;
- Where relevant, we may process your data when necessary to protect the vital interests of you or another person;
- We process your data when we have a legal obligation to do so; and/or
- In certain cases, we may ask for your consent to process your data for specific purposes and you have the right to withdraw your consent at any time.
Our legitimate interests in processing your data may include:
- preventing risk and crime
- responding to questions or support
- reporting and analytics
- testing
- other communication
We only process personal information for these legitimate interests after considering risks to your privacy.
As a controller, we collect personal data based on the legal basis of: consent; contractual obligations; legal obligations; vital interests of persons; and our (or third parties’) legitimate interest to process personal data.
Data Subject Rights
In addition to the privacy rights noted noted under ‘Choices and Rights’ section of the Privacy Policy, in accordance with the GDPR, you may have the following rights:
- Right to Portability: You have the right to request to receive a copy of your personal information in a portable and readily usable format, to the extent technically feasible.
- Right to Object to Processing: You may request that we block your information from further processing. We may treat this request as a deletion.
- Right to Withdraw Consent: If we process your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
If you interact with Cybera's services through your employer's contract for our services and wish to exercise these rights over your information, you need to directly contact your employer.
We serve only as a processor on their behalf. Of course we will help our customers to fulfill employee requests by answering their questions.
If you want to exercise any of the rights described above, please email us at: mail@cybera.io . Typically, you will not have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, except in relation to Consent Withdrawal, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive, or, we may refuse to comply with your request in these circumstances. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Compliance Activities
We regularly review all our applications processing data of EU individuals and measures that enable us to comply with regulations.
- Our privacy and security team reviews our personal data processing for privacy compliance
- We regularly review our policies and procedures on data breaches and notification.
- We have procedures to service requests we receive from data subjects.
- We regularly review and update our security policies and controls.
- Our staff is required to attend regular data protection training.
- We record and update our data processing activities.
Onward transfers outside EEA
In cases where the core functions of our service require that we send your personal information outside of Europe, we do so in accordance with the GDPR. Your information is protected by contractual commitments that are comparable to the GDPR's Standard Contractual Clauses.
How you can reach us
If you would like to ask, request, or complain about our processing of your personal information, please contact us via e-mail at dataprotection@cybera.io or mail us at:
Cybera Global, Inc.
122 Grand Street.
New York, NY 10013
