GDPR Statement Last modified: Sep 10, 2023
1. Introduction
At Cybraid.com (CyberAid SL), Company Number B56221732, we are committed to ensuring the privacy and protection of personal data for our customers and users of the Cybraid.com service. We recognize the importance of complying with the General Data Protection Regulation (GDPR) and take appropriate measures to ensure the security and confidentiality of the data we collect, process, store, and transmit.
2. Data Collection and Processing
Cybraid.com (CyberAid SL) obtains information and data to provide services to its clients either directly from the client or from users of the Cybraid.com service. Data is collected on a daily basis to ensure the smooth functioning of our services.
3. Data Processing Procedures
We perform various processes against the data, including collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
4. Data Retention and Deletion:
The data retention period extends no longer than until the withdrawal of consent or the expiry of the limitation period for claims arising from contractual agreements. We have procedures in place to ensure the secure deletion of information in accordance with GDPR requirements.
5. Data Storage and Security
The specific location of data storage is not provided in this statement. Enterprise clients can choose a geographic location of a dedicated server as part of the services provided by Cybraid.com. We implement appropriate network perimeter IT security protection measures, such as firewalls, intrusion prevention systems (IPS), email/web filtering, DMZ, VLANs, and electronic backups, to safeguard against unauthorized access or use of our applications hosted on our cloud servers provided by DigitalOcean (read more: https://www.digitalocean.com/security). We maintain internal IT systems security protection measures, including antivirus software and restricted access to personal data for authorized personnel only.
6. Vendor Compliance and Policies
Our vendor’s business procedures relating to the services offered are compliant with GDPR. The vendor has not performed a Data Privacy compliance assessment or audit, but they adhere to GDPR regulations. The vendor maintains a written and formal organization-wide Data Privacy Policy. The vendor also has a written and formal organization-wide Information Security Policy. We conclude data processing agreements on conditions compliant with the requirements of GDPR regulations with our vendors.
7. Data Subject Rights and Data Breach Management
We have established procedures for handling data subject rights requests in accordance with GDPR provisions. Our procedures include notifying the Data Controller in case requests involve data subject information that is part of the proposed services. We have specific written procedures to handle data breaches or information security incidents, ensuring identification, investigation, mitigation, and reporting to the Data Controller within a 24-hour timeframe. There were no incidents reported in the last 12 months.
8. Data Transfer and Privacy Measures
Data transfer with customers, service providers, and third parties occurs via email or via a dedicated API connection. We regulate the aspects of transfer of personal data through electronic transfer, data transport, and control mechanisms.
9. Data Protection Management and Compliance
We implement a data protection management process that includes regular testing, assessment, and evaluation of data security measures. Responsibilities for data protection and information security are defined within the organization, and the management level is regularly informed about the status of data protection and possible risks. We ensure data protection by design and default by implementing privacy-friendly pre-settings and processing only necessary personal data. We have order or contract control measures in place to ensure that sub-processors (sub-contractors) process data in accordance with the controller’s instructions.
Cybraid.com (CyberAid SL)’s commitment to GDPR compliance and protecting personal data is of utmost importance. We regularly review and update our practices to align with changes in legislation, industry best practices, and our commitment to data protection and privacy.