Introduction

The privacy of your data is a big deal to us at CyberWyz. In this policy, we lay out: what data we collect and why; how your data is handled; and your rights with respect to your data. We promise we never sell your data: never have, never will.

This policy applies to all products and services built and maintained by CyberWyz, a productized-service offering from WIM Security GmbH.

Our Terms and Conditions govern all use of our Service and together with this Privacy Policy constitute your agreement with us.

Definitions

To help you better understand this policy, here are some key terms and their meanings:

• SERVICE means the cybersecurity services provided by CyberWyz.
• PERSONAL DATA means data about a living individual who can be identified from those data.
• SECURITY DATA means logs, security event information, network traffic data, and system configuration details collected to provide security services.
• USAGE DATA is data collected automatically from the use of the Service (e.g., client portal usage statistics).
• DATA CONTROLLER means the natural or legal person who determines the purposes and means of processing personal data. For this Privacy Policy, we (CyberWyz/WIM Security GmbH) are the Data Controller of your data.
• DATA PROCESSOR means any natural or legal person who processes data on behalf of the Data Controller.
• DATA SUBJECT is any living individual who is the subject of Personal Data.

1. What We Collect and Why

Our guiding principle is to collect only what we need. We don't run ads. We don't use any kind of tracking cookies. First-party, third-party, temporary or persistent. None. We don't track you across the web. We won't retarget you.

Identity & Access

When you sign up for CyberWyz services, we collect identifying information such as your name, email address, and company name. That's so you can personalize your account, and we can send you service updates and other essential information.

Security Data

As a cybersecurity service provider, we necessarily collect and process security-related data from your systems, including:

• Security logs and event information
• Network traffic data (for security analysis only)
• System configuration details
• Security vulnerabilities and findings

This data is essential for providing our security services, detecting threats, and protecting your infrastructure.

Client Portal Interactions

When you use our client portal and Kanban board system, we collect usage data to provide and improve the service. This includes data about tasks submitted, progress tracking, and other interactions.

Billing Information

If you sign up for a paid service, we collect billing information. Credit card information is submitted directly to our payment processor and doesn't hit CyberWyz servers. We store a record of the payment transaction, including the last 4 digits of the credit card number, for purposes of account history, invoicing, and billing support.

Website Interactions

We collect minimal information about your browsing activity for analytics and statistical purposes, including your browser type, operating system, IP address, and pages visited.

Voluntary Correspondence

When you contact us with questions or for help, we keep that correspondence, including your email address, to maintain a history of our communications.

2. How We Secure Your Data

Security is our business, and we apply enterprise-grade security practices to all customer data.

• All data is encrypted via SSL/TLS when transmitted from our servers to your browser
• All data is encrypted at rest using industry-standard encryption technologies
• We implement multiple layers of security, including:
  • Access controls with strict need-to-know principles
  • Regular security audits and penetration testing
  • Continuous monitoring for unauthorized access
  • Regular security training for all staff

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or method of electronic storage is 100% secure. Our security practices are continuously updated to address emerging threats.

3. Retention of Data

We keep your personal information and security data only for as long as necessary to provide you with our services and for legitimate business purposes, such as:

• Maintaining the performance of our services
• Complying with legal obligations
• Resolving disputes
• Preventing fraud and abuse

Specifically:

• Account information is retained while your account is active
• Security logs and event data are typically retained for 12 months
• Vulnerability and security assessment reports are retained for 3 years
• Payment information records are kept for the period required by tax and accounting laws

When we no longer need personal information, we securely delete or anonymize it.

4. When We Access or Share Your Information

To Provide Services

To provide our cybersecurity services effectively, our team members will need to access your security data, account information, and other data relevant to the services you've requested. We have strict internal policies governing staff access to customer data.

Third-Party Processors

We use some third-party services to help run our business, including:

• Zoho Campaigns, for sending email updates and newsletters
• Secure cloud hosting providers for our infrastructure
• Payment processors for handling subscription payments

All our subprocessors are GDPR compliant and meet our high security standards.

Disclosure for Law Enforcement

Under certain circumstances, we may be required to disclose your data if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency).

Business Transfers

If CyberWyz or WIM Security GmbH is acquired by or merges with another company, we'll notify you well before any of your personal information is transferred or becomes subject to a different privacy policy.

5. Your Rights With Respect to Your Information

At CyberWyz, we apply the same data rights to all customers, regardless of their location. These rights include:

Under GDPR (European Union)

• Right to Access - You can request a copy of your personal data.
• Right to Rectification - You can request correction of inaccurate data.
• Right to Erasure - You can request deletion of your data, subject to certain limitations.
• Right to Restriction of Processing - You can request we limit how we use your data.
• Right to Data Portability - You can request a copy of your data in a machine-readable format.
• Right to Object - You can object to certain types of processing.
• Right not to be subject to automated decision-making - You have the right to not be subject to decisions based solely on automated processing.

Under CCPA (California)

If you are a California resident, you have the right to:

• Know what personal information we collect about you
• Request deletion of your personal information
• Opt-out of the sale of personal information (though we never sell your data)
• Non-discrimination for exercising your rights

To exercise your data protection rights, please contact us at [email protected] or at WIM Security GmbH, Pappelallee 78/79, 10437, Berlin. If an authorized agent is corresponding on your behalf, we will need written consent with a signature from the account holder before proceeding.

6. Location of Data and International Transfers

Our website and services are operated in Germany. Our services are delivered from secure infrastructure in the European Union. If you are located outside of the European Union, please be aware that any information you provide to us will be transferred to and stored in the European Union.

The European Data Protection Board (EDPB) has issued guidance that personal data transferred out of the EU must be treated with the same level of protection that is granted under EU privacy law. We don't transfer any personal data out of the EU unless absolutely necessary, and only with appropriate safeguards in place.