The Platform

Enable your security and operations teams to proactively identify, prioritize, and remediate exposures to stay ahead of attackers.

Watch a Demo
Products Overview Attack Surface Management Automated Security Testing Exploit Intelligence
Features How It Works Discovery Contextualization Active Security Testing Prioritization Remediation Acceleration
GigaOm Radar for Attack Surface Management 2024

The expansion of an organization's attack surface continues to present a critical business challenge. Download the GigaOm Radar for Attack Surface Management to get an overview of the available ASM solutions, identify leading offerings, and evaluate the best solution for you.  More...

Use Cases

The CyCognito platform helps you identify all of the attacker-exposed assets in your IT ecosystem for a complete view of your attack surface.

Real World Solutions Assess Your Security Effectiveness Evaluate Merger & Acquisition Risk Manage Your Attack Surface
  Monitor Subsidiary Risk Prioritize & Eliminate Attack Vectors Scale Your Pen Testing Simplify Compliance Initiatives
State of External Exposure Management

Download CyCognito’s State of External Exposure Management Report to learn key recommendations that your Security teams can implement to improve their exposure management strategy and minimize risk. More...

Our Customers

External attack surface management is advancing cybersecurity into a new era. Learn how security experts across all industries benefit from using CyCognito’s platform.

Meet Our Customers Customer Overview Customer Stories Asklepios Ströer Human API Scientific Games
Current Customers Customer Testimonials Customer Videos Customer Support Customer Login Knowledge Base
The Total Economic Impact™ of The CyCognito Platform

Read The Total Economic Impact™ of The CyCognito Platform — a Forrester study. Cost Savings And Business Benefits Enabled By The CyCognito Platform. More...

About CyCognito

We believe all organizations should be able to protect themselves from even the most sophisticated attackers.

Contact us
Company About Us Leadership Team Careers Privacy and Trust
News Latest News Press Releases Media Coverage Events Awards
Partners Partner Program Resellers, MSPs & Systems Integrators Technology Alliance Partners
  Partner Training Sales Training Technical Bootcamps Become a Partner Partner Login
Resources

The knowledge you need to manage and protect your attack surface.

What's New Blog
Resources Research Reports White Papers + eBooks Solution Briefs Datasheets Webinars Videos
Learning Center Application Security Attack Surface Exposure Management Vulnerability Assessment Vulnerability Management
EASM 101 External Attack Surface Management Attack Surface Management Attack Surface Discovery
  Attack Surface Protection Attack Surface Reduction Security & Compliance Glossary

Privacy and Cookie Policy

Last Updated: November 1, 2019

(* All capitalized terms shall have the meaning as defined below in this Full Privacy Policy)


CYCOGNITO LTD’s Privacy and Cookie Policy (the "Privacy Policy" or "Policy") explains our practices for processing Personal Data on our Website and in the provision of our Services. We process Personal Data as described in this Policy.

We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can access our Full Privacy Policy below to help you understand better how we collect and use Personal Data pertaining to each of our Users. In it, we explain in more detail the types of Personal Data we collect, how we collect it, what is the legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what your rights in relation to the Personal Data we collect are.

Within the Privacy Policy you will find some specific examples of why and how we use your Personal Data.

Read this Policy and make sure you fully understand our practices in relation to privacy and protection of Personal Data, before you access or use the Website, and/or our Services. If you have further questions or concerns regarding this Policy please contact us at: [email protected].

FULL PRIVACY AND COOKIE POLICY

(* All capitalized terms shall have the meaning as defined below)

CyCognito Ltd. ("CyCognito", "we", "our" or "us") provides this Privacy and Cookie Policy, as will be updated from time to time (our "Policy" or "Privacy Policy") to inform the Visitors of our Website and our Clients of our policies and procedures regarding the collection, use and disclosure of Personal Data in accordance with Applicable Laws that we are subject to.

  1. Definitions:

    "Applicable Laws" shall mean EU Privacy Laws and Israeli Data Protection Legislation, to the extent applicable to CyCognito, and any other applicable privacy or other law to which CyCognito is subject.

    "EEA" shall mean the European Economic Area.

    "EU Privacy Laws" shall mean the GDPR and/or European Union Member State laws, rules and guidelines implementing or supplementing the GDPR.

    "GDPR" shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and as amended, replaced or superseded from time to time.

    "Israeli Data Protection Legislation" shall mean the Israeli Privacy Protection Law 5741 - 1981 ("PPL"), the regulations promulgated pursuant thereto and the applicable guidelines issued by the Israeli Privacy Protection Authority, and as amended, replaced or superseded from time to time.

    "Personal Data" shall have the meaning ascribed to it in the GDPR and shall also include the terms “Information” and “Sensitive Information” as defined under the PPL. To put it simply, this information may identify an individual or is of a private and/or sensitive nature, such as an individual’s name, address or bank account information.

    "Non Personal Data" shall mean information that does not personally identify a natural person and does not reveal a natural person’s specific identity, such as anonymized information.

    The Terms "Client", "Client IT Systems", "Services" and "Website" shall have the same meaning as ascribed to them CyCognito's Terms of Service which can be accessed at this link: Terms of Service.

    "Visitor" shall mean a visitor of our Website whose Personal Data CyCognito processes in the capacity of a Controller.

    "User" shall mean an individual who is registered to the Services, has access to and makes use of the Services (whether during a trial period for testing the Services or under a contract with CyCognito); and whose Personal Data CyCognito processes in the capacity of a Controller.

    "Client's User" means an individual who has access to and makes use of a Client’s IT Systems; and whose Personal Data CyCognito processes in the capacity of a Processor.

    "Data Subject" shall have the meaning ascribed to it in the GDPR and the PPL and shall include all types of individuals defined in this Policy such as a Visitor and a User.

    "Controller" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Owner” under the PPL.

    "Processor" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Holder” under the PPL.

    "Subprocessor" shall mean any entity appointed by us or by one of our Processors/Subprocessors, to Process Personal Data on our behalf or on behalf of that Processor/Subprocessor; excluding any employee of CyCognito or of CyCognito’s Processor/Subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.

    "Database Owner", "Database Holder", "Database", "Database Manager", and "Information Security Event" shall have the meanings ascribed to them in the Israeli Data Protection Legislation.

    The terms "Processing", "Supervisory Authority" and "European Commission" shall have the meaning ascribed to them in the GDPR.

    "Personal Data Breach" shall mean a breach of security or other incident leading to the accidental or unlawful destruction, loss, alteration, the unauthorized disclosure or use of, or access to, or harm to the integrity of, Personal Data transmitted, stored or otherwise Processed, as defined in the GDPR and shall also include all types of Information Security Events detailed in Israeli Data Protection Legislation.
    "Business Contact" means an employee, contractor or any other individual affiliated with and authorized by a potential Client or a Client to inquire for information regarding our Services and/or to engage us for the provision of our Services.

    This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.

  2. DATA AND SERVICES TO WHICH THIS PRIVACY POLICY APPLIES
    1. This Privacy Policy applies to Personal Data of Data Subjects that we receive, collect, use or otherwise Process in the operation of our Website and in the provision of our Services.
    2. This Privacy Policy does not apply to services that may have separate privacy policies that do not incorporate this Policy.
  3. THE TYPES OF PERSONAL DATA THAT WE COLLECT
    1. PERSONAL DATA THAT DATA SUBJECTS PROVIDE TO US
      1. If you are a Visitor to Our Website and/or a Business Contact inquiring for more information about our Services, you may provide us with Personal Data through our contact form or our company e-mail address in order for us to contact you. This Personal Data may include: your contact details such as: full name, e-mail, company phone number and/or personal phone number, position in workplace and name of workplace, company and/or personal address including city, state/region and postal code. Please do not provide further Personal Data than is required for us to contact you.
      2. If you are a Visitor to Our Website and/or a Business Contact and you are interested in acquiring our Services, or if you are a User of our Services who is interested in registering to the Services, you may provide us with Personal Data including: the same categories as mentioned in Section 3.1(a) with respect to yourself and/or the individual/s who will be the signatory/ies to an agreement between the Client and CyCognito and/or who will manage the relationship with us.
    2. PERSONAL DATA THAT WE COLLECT OR GENERATE
      1. Personal Data collected on the Website:

        If you are a Visitor browsing our Website, we may collect your Personal Data. This includes (by way of a non-exhaustive list): your computer’s Internet Protocol address and your Geo location through the use of “cookies”. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies to enable certain features of the Website, to better understand how you interact with the Website and to monitor web traffic routing and aggregate usage of the Website. (For more information on our cookies and other means of tracking, please see Section 13 "COOKIES" below).

      2. Personal Data collected within the provision of the Services:

        If you are a User of our Services, we may collect your Personal Data related to your activity on the Services. This includes (by way of a non-exhaustive list): last login, e-mail of the individual who sent you the invitation to use the Services, the date the invitation was sent, your activity on the platform upon which the Services are provided such as referring/exit pages, date/time stamps, the web page you were visiting and information you search.

      When providing our Services, as part of our screening of the Client’s IT Systems in order to detect vulnerabilities to cyber attacks, we may incidentally view or collect Personal Data about Client’s Users or other Data Subjects associated with the Client’s IT Systems, such as e-mail addresses, IP addresses, etc.; for the sole purpose of delivering our Services. Where we process Personal Data of Visitors and Users, we do so as Controllers. Where we process Personal Data of Client’s Users, or other Data Subjects who’s Personal Data we may view on Clients’ IT Systems, we do so as Processors.

  4. NON-PERSONAL DATA

    In addition to the categories of Personal Data described above, we will also Process further anonymized information and data that is not Processed by reference to a specific individual. We may collect this Non-Personal Data through the Website in the following ways:

    1. Information that your browser sends ("Log Data"). This Log Data may include, but is not limited to, non-identifying information regarding the User’s device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, referring/exit pages, date/time stamps, the web page you were visiting, information you search, etc.
    2. We may use automated devices and applications to evaluate usage of our Service. We use these tools to help us improve our Website, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the Non-Personal Data that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies.
    3. Other websites and applications may also place or read cookies on your computer’s browser. Please see the Section 8 "SHARING INFORMATION WITH OTHERS" below.
  5. HOW WE USE PERSONAL DATA
    1. Personal Data is used for the following primary purposes (as may be updated from time to time):
      1. To provide and operate the Website and Services;
      2. To monitor and analyze use of the Website and Services and study and analyze the functionality of the Website and Services;
      3. To provide on-going assistance and technical support to Clients and to maintain the Website and Services;
      4. To provide service announcements and notices as needed for the provision of the Services; and to provide promotional messages and market our Services (it being clarified that at any time Data Subjects may choose (opt out) whether their Personal Data is to be used for sending such promotional messages and marketing materials which are not an essential part of the Website or Services);
      5. To enforce our Terms of Service, policies and other contractual arrangements, to comply with court orders and warrants, and prevent misuse of the Website and Services, and to take any action in any legal dispute and proceeding;
      6. To better understand Visitors’ and Users’ needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Website and Services based on the preferences, experiences and difficulties of Visitors and Users;
      7. To communicate with and to contact Visitors and Users in order to obtain feedback regarding the Website and Services;
      8. To disclose to third party vendors, service providers, contractors or agents as necessary for them to perform functions on our behalf with respect to the Website and Services;
      9. To create aggregated statistical data and other aggregated and/or inferred Non-Personal Data, which we or our business partners may use to provide and improve our Website and Services; and as otherwise authorized by Data Subjects.
    2. We may use e-mail addresses provided to us to contact Data Subjects when necessary, including in order to send reminders or offers and to provide information and notices about the Website and Services. At any time, Data Subjects may choose (opt out) whether their Personal Data is to be used for sending such marketing materials which are not an essential part of the Website or Services. Data Subjects may exercise their choice by contacting us at: [email protected].
  6. HOW WE USE NON-PERSONAL DATA
    1. We may use information that is Non-Personal Data for the same purposes we use Personal Data (where applicable) and in addition in order to:
      1. Compile anonymous or aggregate information;
      2. Disclose to third party vendors, service providers, contractors or agents as necessary for them to perform tasks on our behalf in connection with the Website and Services;
      3. Monitor and analyze use of the Website and Services and for the technical administration and troubleshooting of the use of the Website and Services, and
      4. Provide us with statistical data.
    2. We may use analytics tools. These tools help us understand Visitors’ behaviour on our Website and Users’ behaviour on our Services, including by tracking page content, click/touch, movements, scrolls and keystroke activities. The privacy practices of these tools are subject to their own policies and they may use their own cookies to provide their services. For further information about cookies, please see Section 13 of this Policy. Further information about the option to opt-out of these analytics services is available at: [email protected].
    3. From time to time, we may use additional or alternative analytics services. We will provide a notice of these changes on our Website and Services.
    4. We use anonymous, statistical or aggregated information, which may be based on extracts of Personal Data, for legitimate business purposes including for testing, development, improvement, control and operation of the Website and Services. We may share such information with our third party providers as necessary for them to perform functions with respect to the Website and Services who may use such information for the purposes of testing, evaluating and/or improving their products or services. It has no effect on Data Subject’s privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with a Data Subject. We will share Personal Data only subject to the terms of this Policy, or subject to Data Subject’s prior informed consent.
  7. THE LEGAL BASIS FOR USE OF PERSONAL DATA
    1. We will only process Personal Data of Data Subjects where we have a legal basis to do so. The legal basis will depend on the purposes for which we received and/or collected and need to use the Personal Data. In almost all cases the legal basis will be:
      1. To provide our Services under an agreement with a Client.
      2. To fulfill a legitimate interest that we have as a business.
      3. Because a Data Subject consented to us using its Personal Data for a particular purpose.
    2. More information on each legal basis is provided below.
      1. Processing the Personal Data is required for fulfilling our or a third party’s legitimate interests, for example:
        1. We collect information about use of our Website and Services in order to identify and prevent its abuse;
        2. We use Personal Data to maintain and improve our Website and/or Services by identifying Visitor and/or User trends and technical issues.
      2. A Visitor/User has consented to the processing of its Personal Data for one or more specific purposes, for example: if a Visitor provided its details under the “Contact Us” tab in our Website we will contact that Visitor in order to provide for further information.
      3. A User has consented to the processing of its Personal Data for one or more specific purposes, for example: if a User provides its details in order to register to our Services and provides consent for the usage of cookies (where such consent is required), we will track that User’s activity on our Services.
    3. It is hereby clarified that the legal bases detailed above are the legal bases for actions to process Personal Data, carried out by us in accordance with the GDPR. If processing of Personal Data is subject to other Applicable Laws, then the legal basis for processing Personal Data may differ accordingly. For more information, see Section 11 "YOUR RIGHTS" below.
  8. SHARING INFORMATION WITH OTHERS
    1. We do not sell, rent or lease Personal Data. We may share Personal Data with service providers and other third parties, if necessary to fulfil the purposes for collecting the information, such as cloud vendors, subcontractors providing us processing services, etc., provided that any such third party will commit to protect privacy of Data Subjects as required under the Applicable Laws and this Policy.
    2. Additionally, a merger, acquisition or any other structural change may require us to transfer Personal Data to another entity, provided that the receiving entity will comply with Applicable Laws and this Policy.
  9. SHARING INFORMATION WITH AUTHORITIES

    We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including for meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.
  10. TRANSFER OF DATA OUTSIDE YOUR TERRITORY
    1. We may store, process or maintain information in various sites worldwide, including through cloud-based service providers worldwide. Where the GDPR applies and we transfer Personal Data to another country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements. In relation to Personal Data being transferred outside of the EEA, for example, this may be done in one of the following ways:
      1. The country that we send the Personal Data to might be approved by the European Commission as offering an adequate level of protection for Personal Data (Israel is an approved country);
      2. The recipient might have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect Personal Data;
      3. Where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
      4. Through use of other mechanisms permitted by Applicable Laws to otherwise transfer your Personal Data outside the EEA.
    2. Data Subjects can obtain more details of the protection given to their Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of the Personal Data) by contacting us as described the Section 19 "CONTACT US" below.
    3. If a Data Subject is located in a jurisdiction where transfer of its Personal Data to another jurisdiction requires its consent, then the Data Subject provides us its express and unambiguous consent to such transfer or the storage, processing or maintenance of the Personal Data in other jurisdictions by using the Website and/or Services.
  11. YOUR RIGHTS
    1. In all of the above cases in which we collect, use or store Personal Data, the Data Subject may have the following rights and, in most cases, the Data Subject can exercise them free of charge. At any time, Data Subjects may contact us at: [email protected] and request to know what Personal Data we keep about them. We will make good-faith efforts to locate the data that Data Subjects request to access.
    2. We may retain certain information as deemed required by us in accordance with Applicable Laws, or for legitimate business reasons, for the duration as required under the Applicable Laws. In addition, we may delete any Personal Data pursuant to our policies, as in effect from time to time.
  12. Note to our Data Subjects in the EU:

    We hereby inform Visitors, Business Contacts and Users from the EU and any other EU Data Subjects whose Personal Data we may Process (in this section "You", "Your"), of the following rights (by virtue of EU Privacy Laws) with respect to the Processing of your Personal Data:

    Right to access: You may have the right to request a review of your Personal Data held by CyCognito.

    Right to rectification: if the Personal Data Processed by CyCognito is incorrect, incomplete or not Processed in compliance with Applicable Law or this Privacy and Cookie Policy, You may have the right to have your Personal Data rectified.

    Right to erasure: under certain conditions, You may be entitled to require that CyCognito would delete or "block" your Personal Data (e.g. if the continued Processing of a specific data is not justified or if the lawful basis for Processing is consent).

    Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data Controllers (i.e. to transfer your Personal Data to another entity).

    Right to object: where that lawful basis for Processing Your Personal Data is either "public interest" or "legitimate interests", those lawful bases are not absolute, and You may have a right to object to such Processing.

    Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, a Business Contact or a User, You may contact Us through the following link: Contact Us.

    The right to restrict Processing: under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation.

    Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of Your jurisdiction.

    Note to our Data Subjects in Israel:

    We hereby inform you of the following rights (by virtue of Israeli Data Protection Legislation) with respect to the Processing of your Personal Data:

    Right to access: unless a specific exemption applies under Israeli Data Protection Legislation, You may have the right to request a review of your Personal Data held by CyCognito and obtain a copy thereof.

    Right to rectification or deletion: if the Personal Data Processed by CyCognito is incorrect, incomplete, unclear or outdated, You may have the right to have your Personal Data rectified or deleted.

    Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such Processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, Business Contact or a User, You may contact Us through the following e-mail: [email protected].

    If you are a Client’s User, we Process your Personal Data as a Processor and therefore you must refer to the Client with which you are employed or otherwise affiliated in order to exercise your rights. If you cannot get in touch with the relevant Client, you may contact us and we will make commercially reasonable efforts to assist you.

    If you are a Data Subject in another jurisdiction - other rights may apply.

    To exercise these rights, where applicable, please contact Our Client or, if applicable, use the appropriate functionality available on the Website or within the website dedicated to the Services or in Section 19 "CONTACT US" of this Policy.

  13. RESPONSE TO REQUESTS
    1. When a Data Subject asks us to exercise any of its rights under this Policy and the Applicable Laws, we may need to i) ask the Data Subject to provide us certain credentials to identify the Data Subject and to verify that the Data Subject is in fact who he/she claims to be, in order to avoid unlawful disclosure to that Data Subject of Personal Data related to others; and ii) ask the Data Subject questions to better understand the nature and scope of data that it requests to access.
    2. We may redact from the data which we will make available to the Data Subject, any Personal Data related to others.
  14. COOKIES
    1. In this section, "You" shall mean a Visitor and/or User.
    2. A cookie is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies to enable certain features of the Website and/or Services, to better understand how you interact with the Website and/or Services to monitor web traffic routing and aggregate usage of the Website and/or Services. When You access or use our Website and/or Services, CyCognito uses industry-standard technologies such as “cookies”, other tracking technologies and other local files, which store certain information on the browser or hard drive of your computer and/or your mobile telephone device ("Local Storage") and which will allow us to distinguish You from other users, enable automatic activation of certain features and improve Your User experience and other capabilities. We use the following types of “cookies” to collect data: analytics cookies, session cookies, functionality cookies, authentication cookies, 'strictly necessary’ cookies and targeting or advertising cookies.
    3. Some cookies used by the Website and/or Services are created per session, do not include any information about You, other than Your session key and are removed as Your session ends (usually after 24 hours). Other cookies remain saved to Your device’s hard drive and/or your mobile telephone device and enable us to recognize Your device in the event of a later visit to our Website and/or Services (persistent cookies). Persistent cookies allow us to make our Website and/or Services more user-friendly, effective and safe.
    4. You can instruct your browser, by changing its options, to stop accepting cookies, to prohibit the Local Storage and/or to prompt you before accepting a cookie from the website you visit. Most devices and browsers will allow You to erase cookies from Your device’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored.
    5. Please note that unless You block the acceptance of cookies, the Website and/or Services will utilize cookies upon Your use of the Website and/or Services (all unless it is required by Applicable Law to provide a separate consent to use such cookies, and in which case We will use such cookies only after we receive Your separate consent to such use and subject to Your right to withdraw such consent at any time).
    6. Cookies and other Local Storage help us personalize the Website and/or Services and to:
      1. Track clicks and online activity to estimate usage pattern and perform other analytics;
      2. Gather information about Your approximate geo-location to provide localized content;
      3. Store information about Your preferences and the device or browser You are using, and thereby customize and personalize the Website and/or Services;
      4. Improve the Website and/or Services; and prevent fraud and/or abuse of Our services.
      5. In particular, we use Google Analytics. For more information about what Personal Data we collect through Google Analytics Cookies, please see this link.
  15. DATA SECURITY
    1. We take the safeguarding of the Personal and Non-Personal Data very seriously, and use a variety of systems, applications and procedures to protect the Data from loss, theft, damage or unauthorized use or access when it is in our possession or control, including reasonable physical, technical and organizational measures which restrict access to the Data. These measures provide sound industry standard security. However, although we make efforts to protect privacy, we cannot guarantee that the Website will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
    2. We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways for further enhancing the security of our Website and protection of our Visitors’ and Users’ privacy.
    3. Data Subjects should take steps to protect against unauthorized access to their password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping log-in and password credentials private. In addition, Data Subjects should take steps to protect against unauthorized access to Personal Data stored on their premises as well as defining limited access rights to such Personal Data on a need to know basis.
    4. If a Data Subject receives an e-mail asking it to update its information with respect to the Website and/or Services, it should not reply and should contact us at: [email protected].
    5. CyCognito will comply with Applicable Laws in the event of any Personal Data Breach, and will inform Data Subjects of such Breach in accordance with Applicable Laws.
  16. DATA RETENTION

    1. We retain different types of information for different periods, depending on the purposes for Processing the data, our legitimate business purposes as well as pursuant to legal requirements under the Applicable Law. We may retain Personal Data for as long as necessary to support the collection and the use purposes under this Policy and for other legitimate business purposes, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax matters.
    2. We may store aggregated Non-Personal Data without time limit. In any case, as long as a Data Subject uses the Website, we will keep information about that Data Subject, unless we are legally required to delete it, or if that Data Subject exercises its rights to delete the Personal Data.
  17. OUR POLICY TOWARD CHILDREN

    Our Website is not meant to be used by or for persons under 18; as such, we do not knowingly collect Personal Data from minors younger than 18. Insofar as Personal Data may be collected based on a Data Subject’s consent, the Data Subject must be above the age of 16 (or above the age of 13 if this is the legal requirement in your country). If these age requirements are not met, the Data Subject is required to obtain the consent of the parent or guardian to provide and process Personal Data in accordance with this Policy; lacking such consent, the Data Subject should not use the Website and/or Services.
  18. CHANGES TO THIS PRIVACY POLICY

    1. We may change the terms of this Privacy Policy from time to time by posting notice on our Website, with a seven (7) day advance notice. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform Data Subjects of substantial changes through the channels of communication generally used in such circumstances, and subject to the requirements of Applicable Laws - to obtain their consent.
    2. If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.
    3. A Data Subject’s continued use of the Website and/or Services following such notice shall constitute the consent of the Data Subject to any changes made and a waiver of any claim or demand in relation to such changes. If a Data Subject does not agree to the new or different terms, it should not use and is free to discontinue using the Website and/or Services (discontinuation of use of the Services is subject to any contractual obligations the Data Subject and/or Client may have towards CyCognito).
  19. APPLICABLE LAW AND DISPUTE RESOLUTION

    1. This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law provisions.
    2. The courts of the Tel Aviv – Jaffa district shall have exclusive jurisdiction in all disputes and proceedings arising from this Privacy Policy.
  20. CONTACT US

    1. For further information about this Policy, please contact our Data Privacy Officer at: [email protected].
    2. We work hard to manage Personal Data responsibly. If you are unhappy about the way we do this, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact details for that regulator.