Privacy policy
Last modified: March 15, 2024
Information
Cyber57 collects different types of personal data depending on how you interact with our Services.
1.1 Information You Provide
- Account Data: Name, email address, phone number, company name, role, and login credentials.
- Compliance Information: Details needed for GDPR/NIS2 assessments, such as DPO contact info, system structure, and organizational responsibilities.
- Billing Data: Payment method, billing address, and tax/VAT details when purchasing services.
- Communications: Any messages, inquiries, or support requests you send via email, chat, or web forms.
- Uploaded Content: Files, documents, vulnerability scans, or security logs you provide during audits.
1.2 Information Collected Automatically
- Technical Information: IP addresses, browser types, operating systems, and device identifiers.
- Usage Data: Log files, access times, service features used, and interaction history.
- Security & Diagnostic Data: Error logs, security alerts, threat reports, and performance data.
- Location Data: Approximate geographic location inferred from IP address to route you to the nearest secure server.
1.3 Information from Third Parties
- Partners & Resellers: Information shared by web agencies and affiliates delivering Cyber57 services.
- Threat Intelligence Feeds: Data received from trusted cybersecurity partners to prevent malware, phishing, or ransomware attacks.
- Publicly Available Data: Business registration data, court records, or leaked credentials found during dark web scans.
- Regulatory Sources: Data from government or compliance authorities for NIS2/GDPR verification.
How We Use Your Information
Your personal data is a critical resource for us to operate, maintain, and improve our services. We use it under various lawful bases and for several purposes, including:
Provision and Management of Services
We use your data in order to deliver our services, process your requests, manage your account, and fulfill contractual obligations. For instance, to enable access to dashboards, software tools, or security monitoring, we must process your account and usage data.
Responding to Requests & Communication
When you contact us—via email, forms, or phone—we use your data to respond to inquiries, support issues, or feedback. This includes correspondence tracking, logging support tickets, and maintaining histories of communications.
Payment and Billing
Processing payments, billing, and related financial operations require invoicing information, payment method details, and tax or VAT identifiers. We may validate and verify such data to comply with applicable legal or fiscal requirements.
Security Alerts, Updates & Notifications
We may send you alerts, announcements, or updates regarding service changes, security advisories, feature releases, or policy modifications. Where necessary, this is based on legitimate interests or your prior consent.
Improvement, Analytics & Abuse Prevention
We analyze usage patterns and aggregated data to improve service reliability, performance, features, and customer experience. This helps us detect fraudulent behavior, misuse, or security threats, as well as refine our products. Aggregated data may also be used for internal research or benchmarking.
Legal Compliance & Obligations
We process data to meet legal or regulatory obligations (for example, tax reporting, audit requirement, or responding to lawful demands from government or law enforcement agencies). We also may retain or disclose data when mandated by court orders or other legal processes.
Other Uses with Consent
If you grant permission, we may use your data for additional activities—such as marketing offers, surveys, or promotional communications. You may withdraw your consent any time, and we will stop processing accordingly.
We ensure that any processing is limited to the minimum necessary, and that data is handled in accordance with principles of data minimization, purpose limitation, and accountability.
Sharing of Personal Data
We understand the sensitivity of personal data and do not sell your information. Nonetheless, we share data under certain controlled circumstances, always with safeguards in place:
Trusted Service Providers
We engage third-party vendors and service providers (e.g. payment processors, hosting providers, analytics services, email platforms) to support our operations. These partners may have limited access to your data, but only to the extent needed to perform their tasks. They are contractually bound to maintain confidentiality and to handle data securely and in compliance with applicable laws.
Affiliates and Internal Transfers
Within our corporate family (e.g. affiliated offices in the U.S., Germany, or Croatia), we may share information to coordinate services, support region-based operations, or maintain consistency across our offerings. Any internal transfer is governed by internal policies and data protection agreements to ensure no misuse of your data.
Legal and Regulatory Requirements
We may disclose your personal data when required by law, regulation, court order, or governmental authority. For example, to comply with subpoenas, legal investigations, or to protect rights, safety, or property.
Business Transactions
In the event of a merger, acquisition, joint venture, or sale of assets, we may transfer your data to a successor entity or to third parties as part of the transaction. If such a transfer occurs, we will place contractual limits on the new entity to treat the data in accordance with this privacy policy (or a policy at least as protective).
Aggregate or De-identified Data
In some cases, we may share aggregated, anonymized, or de-identified information that cannot be reasonably linked back to an individual. Such data may be used for analytics, benchmarking, or research, and may be disclosed more freely.
Every sharing arrangement requires that the recipient uphold data security, confidentiality, and only use the data for permitted purposes. We audit our partners and include contractual obligations to protect your rights and data integrity.
Cookies & Tracking Technologies
To enhance user experience, facilitate operations, and gather analytic insights, we—and our third-party partners—employ cookies and various tracking technologies. These tools help us understand usage, preferences, performance, and behavioral patterns.
Types of Tracking Tools
We may use standard cookies (session cookies, persistent cookies), browser local storage, web beacons, pixel tags, and similar web technologies. These can be set by us or by third parties integrated with our services (for analytics, advertising, or performance tools).
Purposes
Session & Authentication: Cookies help maintain login sessions, keep you logged in, and authenticate your access across pages securely.
Preference Storage: Remembering language selections, interface settings, or display preferences.
Analytics and Usage Monitoring: Recording page views, dwell time, interaction patterns, and error events to help us understand how our services are used, identify issues, and improve functionality.
Performance & Optimization: Tracking load times, responsiveness, errors, and backend metrics to optimize service reliability.
Security & Fraud Prevention: Detecting suspicious or abnormal behavior (e.g. multiple login attempts, session hijacking) to protect accounts and infrastructure.
Control Over Cookies
Most browsers allow you to refuse or delete cookies via settings or preferences. You may block third-party cookies or instruct your browser to prompt before accepting them. However, disabling certain cookies may limit functionality, cause degraded performance, or prevent you from accessing certain service features. We refer you to our separate Cookie Policyfor a more detailed overview, including cookie categories, lifespans, and opt-in/opt-out mechanisms.
Third-Party Tracking
Some of our partners (analytics, marketing, or advertising networks) may place their own tracking tools on our site. We do not have full control over these third-party cookies and their practices, but we strive to select trustworthy vendors and limit their data usage through contractual agreements and oversight.
Data Security
We retain personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by law. Our retention and deletion practices balance usability, legal obligations, and data minimization.
Active Account Period
If you maintain an active account or subscription with us, we keep the associated personal data for as long as that account remains active. This ensures that you can continue to use our services without losing access to your profile, history, and configurations.
Regulatory & Legal Obligations
We may retain certain data to comply with applicable regulatory, legal, tax, or audit obligations. For example, financial, billing, or transaction records may need to be stored for specified durations under local jurisdiction (e.g. tax audits). We ensure that such data is stored securely and accessed only when necessary.
Marketing & Inquiries
For leads, marketing interactions, or prospecting communications, we typically retain data for up to 12 months (or as permitted by law). After this period, we may anonymize or delete the data, unless you explicitly opt to remain on mailing lists or express interest in ongoing campaigns.
Backups, Logs & Audit Trails
We maintain backups, logs, and system records (e.g. access logs, error logs, audit trails) for purposes of system integrity, recovery, security analysis, or fraud prevention. These records may exist beyond typical retention windows, but access is strictly controlled and monitored.
Deletion, Anonymization & Purging
Once data is no longer needed, or upon your deletion request (subject to exceptions), we purge or anonymize it so it can no longer be associated with you. We follow secure disposal protocols: overwriting, anonymization, or cryptographic destruction, depending on the nature and storage medium of data.
Periodic Review
We periodically review our data retention schedules and purge or archive data that is no longer required. We also evaluate data requests or legal changes that might affect retention durations. Where local laws or contractual arrangements require longer retention, we comply, but we always limit access and exposure.
International Data Transfers
Because we operate globally, your personal data might be stored, processed, or accessed in different countries. We take steps to ensure that your data remains protected in cross-border transfers.
Locations & Jurisdictions
We may store and process your data in the United States, Germany, Croatia, or elsewhere, depending on server locations, infrastructure, or partner operations. These jurisdictions may have different data protection laws than your home country.
Safeguards & Mechanisms
To protect your information during transfers, we implement appropriate safeguards, which may include:
Standard Contractual Clauses (SCCs) approved by relevant authorities;
Data Processing Agreements (DPAs) with recipients;
Encryption in transit and at rest;
Access restrictions and role-based controls;
Audits and compliance monitoring of third parties.
Compliance with Legal Frameworks
We endeavor to comply with relevant laws, such as the GDPR if you are in the EU, or equivalent cross-border data transfer mechanisms where applicable. Where necessary, we may rely on adequacy decisions, binding corporate rules, or explicit consent.
User Choice & Control
If you are concerned about cross-border transfers, you may contact us to request that your data remain in a particular region (if feasible) or to understand how we ensure protections. In some cases, we may restrict processing or block certain transfers.
Consequences of Transfer Restrictions
If we are unable to transfer or process your data in certain regions due to your legal or contractual constraints, that may affect our ability to deliver services, maintain redundancy, or ensure reliability. We will inform you of any such limitations before finalizing contractual arrangements.
Governance & Oversight
We maintain documentation, assessments, and audits regarding international transfers. Any third parties receiving data across borders must comply with our standards and undergo periodic reviews. We update our safeguards in response to regulatory developments or new guidance.
Data Retention
Depending on your jurisdiction (e.g. EU, UK, U.S. states), you may have certain rights related to your personal data. We support these rights to the fullest extent permissible by law.
Right of Access / Data Portability
You can request a copy of the personal data we hold about you, in a structured, machine-readable format, or transfer it to another entity if technically feasible.
Right to Rectification / Correction
If any of your personal data is inaccurate, incomplete, or outdated, you may ask us to update, correct, or supplement it.
Right to Erasure (Right to Be Forgotten)
In certain cases, you may request that we delete your data, unless we have legal grounds to retain it (e.g. compliance, dispute resolution, or audit obligations).
Right to Restrict or Object to Processing
You may request that we limit processing of your data in certain circumstances (e.g. where accuracy is contested, processing is unlawful, or direct marketing is concerned). You may also object to certain processing based on legitimate interest, unless overriding grounds exist.
Right to Withdraw Consent
If we process your data based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing done prior to withdrawal.
Right to Lodge Complaints
If you believe we have violated your privacy rights, you may lodge a complaint with your local data protection authority or supervisory body (e.g. national DPA). We also welcome direct communication, and will seek to resolve matters cooperatively.
Exercise of Rights / Verification
To make a request, contact us via privacy@cyber57.com or via the appropriate local office listed in Section 11. We may require you to verify your identity before fulfilling your request (to prevent unauthorized disclosures). We aim to respond within mandated timeframes (e.g. 30 days under GDPR where applicable).
Limitations, Exceptions & Legal Obligations
Some rights may be limited or deferred if fulfilling them would impair legal compliance, security, or contractual obligations. Where we deny a request, we will explain the reasons and applicable rights of appeal.
Your Rights
Protecting your data is a core priority, and we implement a range of technical, organizational, and administrative safeguards to maintain confidentiality, integrity, and availability.
Encryption
We use end-to-end encryption for data in transit and, where applicable, encryption at rest for stored data. This ensures that unauthorized parties cannot easily read or intercept your sensitive information.
Secure Infrastructure & Network Protections
We operate on secure, hardened infrastructure with firewalls, intrusion detection systems, network segmentation, and continuous monitoring. Our systems and network architecture are designed to minimize exposure and isolate critical services and data.
Access Controls & Least Privilege
We enforce role-based access control (RBAC), ensuring employees and system components only have access to the data and functions necessary for their roles. Access credentials, multi-factor authentication, and periodic reviews further limit internal exposure.
Threat Monitoring, Vulnerability Management & Audits
We continuously monitor system logs, detect anomalies, run periodic vulnerability scans, penetration testing, and threat assessments. We also audit configurations and security controls regularly to ensure they remain effective and current.
Incident Response & Recovery
We maintain an incident response plan for data breaches or security events, with steps including containment, assessment, notification, remediation, and post-incident review. We also maintain regular backups and recovery mechanisms to resume services in case of disruptions.
Training & Awareness
All employees and contractors undergo security training and awareness programs, covering data handling, phishing, secure development, and incident reporting. We require adherence to strict security policies and internal audits.
Third-Party & Vendor Security Requirements
All external partners with access to data must meet our security requirements and sign binding agreements. We conduct due diligence, audits, and ongoing monitoring of vendor security posture.
Evaluations & Updates
As threats evolve, we reassess and update our security measures. We adopt industry best practices, frameworks (e.g. ISO, NIST), and regulatory guidance to maintain resilience.
Updates to This Policy
Because our business and regulatory environment evolve, we may revise this privacy policy periodically. We commit to transparency and timely communication of meaningful changes.
Revision Process & Notification
When we make updates, we will publish the revised version on this page, and update the “Last Updated” date at the top. For substantial changes (e.g. new processing activities, new sharing practices, or transfers), we may also provide additional notice via email or in-product notifications, where feasible.
Your Continued Use = Acceptance
If you continue to access or use our Services after a change becomes effective, that indicates your consent to and acceptance of the updated policy. If you do not agree with changes, you should stop using the Services and request data deletion, if applicable.
Material Changes & Consent
In cases where revisions materially affect your rights or how we process your data beyond the original scope, we may seek your express consent before implementing such changes.
Version History & Archival
We may keep prior versions archived (for reference or audit) and make them available to users upon request. This helps you track changes over time and compare previous terms.
Review Cycles
We periodically review this policy (e.g. annually or when laws/regulations change) to ensure it remains current and compliant. We consider feedback, legal developments, and industry standards in updates.
Contact Us
We welcome your questions, feedback, or requests regarding this Privacy Policy or your personal data. To exercise any rights or resolve concerns, please reach out using the contact information below:
U.S. Office (United States)
Address: 2915 Biscayne Blvd. Suite 300, Miami, FL, 33137
Phone: +1 (786) 628-0515
Email: privacy@cyber57.com
Germany Office
Address: Alvenslebenstraße 6, 50668 Köln, Germany
Phone: +49 1521 8923 689
Email: cologne@cyber57.com
Croatia Office
Address: Ul. grada Vukovara 269D, 10000 Zagreb, Croatia
Phone: +385 91 945 9788
Email: zagreb@cyber57.com
When you submit a request (e.g. access, deletion, correction), we may ask you to verify your identity to protect your privacy and prevent unauthorized requests. We aim to respond to requests within applicable legal deadlines (such as 30 days under GDPR, where relevant). If you believe we have not addressed your concern, you may escalate to your local data protection authority or supervisory body.
Cyber57
Website: www.Cyber57.com
Email: info@cyber57.com
