Free Book - External Exposure & Attack Surface Management for Dummies
Read this Policy and make sure you fully understand our practices in relation to privacy and protection of Personal Data, before you access or use the Website, and/or our Services. If you have further questions or concerns regarding this Policy please contact us at: email@example.com.
(* All capitalized terms shall have the meaning as defined below)
"Applicable Laws" shall mean EU Privacy Laws and Israeli Data Protection Legislation, to the extent applicable to CyCognito, and any other applicable privacy or other law to which CyCognito is subject.
"EEA" shall mean the European Economic Area.
"EU Privacy Laws" shall mean the GDPR and/or European Union Member State laws, rules and guidelines implementing or supplementing the GDPR.
"GDPR" shall mean Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation), and as amended, replaced or superseded from time to time.
"Israeli Data Protection Legislation" shall mean the Israeli Privacy Protection Law 5741 - 1981 ("PPL"), the regulations promulgated pursuant thereto and the applicable guidelines issued by the Israeli Privacy Protection Authority, and as amended, replaced or superseded from time to time.
"Personal Data" shall have the meaning ascribed to it in the GDPR and shall also include the terms “Information” and “Sensitive Information” as defined under the PPL. To put it simply, this information may identify an individual or is of a private and/or sensitive nature, such as an individual’s name, address or bank account information.
"Non Personal Data" shall mean information that does not personally identify a natural person and does not reveal a natural person’s specific identity, such as anonymized information.
The Terms "Client", "Client IT Systems", "Services" and "Website" shall have the same meaning as ascribed to them CyCognito's Terms of Service which can be accessed at this link: Terms of Service.
"Visitor" shall mean a visitor of our Website whose Personal Data CyCognito processes in the capacity of a Controller.
"User" shall mean an individual who is registered to the Services, has access to and makes use of the Services (whether during a trial period for testing the Services or under a contract with CyCognito); and whose Personal Data CyCognito processes in the capacity of a Controller.
"Client's User" means an individual who has access to and makes use of a Client’s IT Systems; and whose Personal Data CyCognito processes in the capacity of a Processor.
"Data Subject" shall have the meaning ascribed to it in the GDPR and the PPL and shall include all types of individuals defined in this Policy such as a Visitor and a User.
"Controller" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Owner” under the PPL.
"Processor" shall have the meaning ascribed to it in the GDPR and shall include the term “Database Holder” under the PPL.
"Subprocessor" shall mean any entity appointed by us or by one of our Processors/Subprocessors, to Process Personal Data on our behalf or on behalf of that Processor/Subprocessor; excluding any employee of CyCognito or of CyCognito’s Processor/Subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.
"Database Owner", "Database Holder", "Database", "Database Manager", and "Information Security Event" shall have the meanings ascribed to them in the Israeli Data Protection Legislation.
The terms "Processing", "Supervisory Authority" and "European Commission" shall have the meaning ascribed to them in the GDPR.
"Personal Data Breach" shall mean a breach of security or other incident leading to the accidental or unlawful destruction, loss, alteration, the unauthorized disclosure or use of, or access to, or harm to the integrity of, Personal Data transmitted, stored or otherwise Processed, as defined in the GDPR and shall also include all types of Information Security Events detailed in Israeli Data Protection Legislation.
"Business Contact" means an employee, contractor or any other individual affiliated with and authorized by a potential Client or a Client to inquire for information regarding our Services and/or to engage us for the provision of our Services.
This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.
If you are a User of our Services, we may collect your Personal Data related to your activity on the Services. This includes (by way of a non-exhaustive list): last login, e-mail of the individual who sent you the invitation to use the Services, the date the invitation was sent, your activity on the platform upon which the Services are provided such as referring/exit pages, date/time stamps, the web page you were visiting and information you search.
When providing our Services, as part of our screening of the Client’s IT Systems in order to detect vulnerabilities to cyber attacks, we may incidentally view or collect Personal Data about Client’s Users or other Data Subjects associated with the Client’s IT Systems, such as e-mail addresses, IP addresses, etc.; for the sole purpose of delivering our Services. Where we process Personal Data of Visitors and Users, we do so as Controllers. Where we process Personal Data of Client’s Users, or other Data Subjects who’s Personal Data we may view on Clients’ IT Systems, we do so as Processors.
In addition to the categories of Personal Data described above, we will also Process further anonymized information and data that is not Processed by reference to a specific individual. We may collect this Non-Personal Data through the Website in the following ways:
We hereby inform Visitors, Business Contacts and Users from the EU and any other EU Data Subjects whose Personal Data we may Process (in this section "You", "Your"), of the following rights (by virtue of EU Privacy Laws) with respect to the Processing of your Personal Data:
Right to access: You may have the right to request a review of your Personal Data held by CyCognito.
Right to erasure: under certain conditions, You may be entitled to require that CyCognito would delete or "block" your Personal Data (e.g. if the continued Processing of a specific data is not justified or if the lawful basis for Processing is consent).
Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data Controllers (i.e. to transfer your Personal Data to another entity).
Right to object: where that lawful basis for Processing Your Personal Data is either "public interest" or "legitimate interests", those lawful bases are not absolute, and You may have a right to object to such Processing.
Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, a Business Contact or a User, You may contact Us through the following link: Contact Us.
The right to restrict Processing: under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation.
Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or supervisory authority of Your jurisdiction.Note to our Data Subjects in Israel:
We hereby inform you of the following rights (by virtue of Israeli Data Protection Legislation) with respect to the Processing of your Personal Data:
Right to access: unless a specific exemption applies under Israeli Data Protection Legislation, You may have the right to request a review of your Personal Data held by CyCognito and obtain a copy thereof.
Right to rectification or deletion: if the Personal Data Processed by CyCognito is incorrect, incomplete, unclear or outdated, You may have the right to have your Personal Data rectified or deleted.
Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such Processing at any time. If you are a Client’s User, please refer to our Client to withdraw Your consent. If you are a Visitor, Business Contact or a User, You may contact Us through the following e-mail: firstname.lastname@example.org.
If you are a Client’s User, we Process your Personal Data as a Processor and therefore you must refer to the Client with which you are employed or otherwise affiliated in order to exercise your rights. If you cannot get in touch with the relevant Client, you may contact us and we will make commercially reasonable efforts to assist you.
If you are a Data Subject in another jurisdiction - other rights may apply.To exercise these rights, where applicable, please contact Our Client or, if applicable, use the appropriate functionality available on the Website or within the website dedicated to the Services or in Section 19 "CONTACT US" of this Policy.