Select Page

Privacy notice

Here is some information regarding data protection and privacy for visitors to this website and users of our service. It will explain how we collect and process your personal data. It will give you more detail on our data protection practices. 

We are CybSafe. Our address is  5 New St Square, London EC4A 3TW, United Kingdom. We have a designated Data Protection Officer (DPO) who may be contacted directly at dpo@cybsafe.com regarding any data protection and privacy matters.

You will be referred in this Privacy Notice to as a Data Subject and the information about you is known as Personal Data. For the purposes of privacy laws, we are the Controller of personal data unless expressly specified otherwise. We believe everybody deserves to live in a safe and secure digital world. So we’re here to radically transform the human aspect of cyber security. This is our mission. We take data protection seriously and follow industry best practices to keep your personal data secure. As a data subject you have certain rights in relation to data privacy. 

Specifically, you have the right to:

  • request information about the personal data that is processed by us, 
  • rectification of inaccurate personal data records,
  • demand deletion or restriction of processing, and the right to object to processing based on legitimate interest under certain circumstances,
  • revoke any consent to processing that has been given by the user to us, 
  • data portability, which means a right to get the personal data and transfer these to another controller as long as this does not negatively affect the rights and freedoms of others; and
  • lodge a complaint to the supervisory authority regarding the processing of personal data relating to him or her, if a  user considers that the processing of personal data infringes the legal framework of privacy law. A full list of EU regulators is available here, and the contact details of the UK regulator, the ICO, is here.

Sometimes we use third parties to help us provide our service. In order to facilitate our contractual obligations we use third party applications such as 

  • administration & support service (cloud)  providers such as Amazon Web Services (a subsidiary of Amazon Inc) and
  • analytical service companies such as Google LLC

We will only transfer personal data to third parties that we have confidence in. We carefully choose them to ensure that the personal data is processed in accordance with current privacy legislation. The personal data collected is stored and processed inside the EU/EEA, or such third country that is considered by the European Commission to have an adequate level of protection, or processed by such suppliers that have entered into such binding agreements that fully complies with the lawfulness of third country transfers or to other supplies where adequate safeguards are in place to protect the rights of the data subjects whose data is transferred. To obtain documentation regarding such adequate safeguards, please email dpo@cybsafe.com (for info, our EU representative is info@priviness.eu)

We will not sell personal data to third parties.

Data that is processed with the purpose of aggregated analysis or market research is always made unidentifiable. Such personal data cannot be used to identify an individual. Therefore, such data is not considered personal data.

We prioritise  personal data integrity and privacy and therefore work actively so that the personal data is processed with utmost care. We are proud to take measures which aim to make sure that the personal data is  processed safely and in accordance with this Privacy Notice and privacy laws (notably the GDPR) .

To view more information regarding our processing of personal data concerning you, please choose from below the category which most closely describes your relationship with CybSafe.

If you still have questions, please contact us! dpo@cybsafe.com

Please select the data subject category that fits you:

As a user of the CybSafe platform we hold the following information about you:

  • Name
  • Email address of user
  • Name and email address of family or friend member to which user sends awareness module links
  • Password
  • Employer
  • Tenure of employment and other self-reported user characteristics
  • Employee role type
  • Location (country and time zone)
  • SSO Profile Picture
  • Language
  • Phone number
  • Responses to sentiment and culture surveys
  • Goals and recorded progress against goals
  • Responses to phishing exercises and learning module tests
  • Risk score derived from interactions with platform
  • IP Address
  • MAC Address
  • Employee number (SCIM only)
  • Employee type (SCIM only)
  • IMEI number
  • Any personal data accessed by the Services by means of third party data source integrations activated by CybSafe’s customer.
  • User identifiers on third party accounts integrated with CybSafe

 This data may come directly from you or from your employer (directly or indirectly via one of their service providers).  We hold and process this data for the legitimate interest of fulfilling a business-to-business contract with your employer. We also process your data to improve our product for our legitimate business interest, this includes fixing bugs, making the product easier to use and improving our offerings to you. 

We will retain this data only for the duration of our contract with your employer and in any event we will delete this information within 90 days of the termination of that contract.

In addition to the third parties mentioned above, and in furtherance of our contractual obligations with your employer we use third party applications such as 

  • customer support and management systems such as Intercom Inc and HubSpot Ltd,
  • email service and performance measurement systems such as SendGrid (part of Twilio Inc),
  • platform error reporting systems such as Sentry (a trading name of Functional Software Inc),
  • advanced platform intelligence systems such as Amplitude Inc,
  • IP and network analytics services such as IPData LLC; and
  • automation between preexisting systems such as Zapier Inc.

Transfers of information over the internet and mobile networks can never occur without any risk, so all transfers are made on the own risk of the person transferring the data. It is important that users also take responsibility to ensure that their data is protected. It is the responsibility of the user that their login information is kept secret.

As Partner/Reseller of CybSafe we hold the following information about you:

  • Name
  • Contact details
  • Job title

We hold and process this data for the legitimate interest of fulfilling a business-to-business contract with your organisation.   

We will retain this data for up to 7 years from termination of the contract in case there are any queries, unless you request that we delete the data beforehand. At this point data will be irreversibly deleted. 

In addition to the third parties mentioned above, we also use  third party applications such as  Channeltivity LLC and  HubSpot Ltd. For more information on the third parties we use when hosting webinars, please see the Webinar and Conference Attendees and Registration tab. 

List of approved partners for resale to direct customers :

  1. Crossword Cybersecurity PLC
  2. QA LTD
  3. Viadex Global Ltd
  4. Iris Networks Limited
  5. NCC Group Security Services Limited
  6. Nowcomm LTD
  7. ITC Global Ltd Security Limited
  8. NormCyber Limited
  9. Acensi SAS
  10. Cybovate AG
  11. ICA Consultancy LTD
  12. Waterstons Ltd
  13. ITPS
  14. YorCyberSec Limited

As a supplier to CybSafe we hold the following information about you:

  • Name
  • Contact details
  • Bank Details 

We hold and process this data for the legitimate interest of fulfilling a business-to-business contract with your organisation or to satisfy and manage a contract with you.

If we are unable to process this data, we would not be able to continue with our contract with you.

We will retain this data for up to 7 years from termination of the contract in case there are any queries, unless you request that we delete the data beforehand. Any data relating to  financial transactions will be kept for 7 years to conform to our legal obligations. At this point data will be irreversibly deleted. 

As potential employee of CybSafe we hold the following information about you:

  • Contact details
  • Name
  • CV
  • Date of Birth
  • Qualifications
  • References
  • Social Media Profile
  • Salary Expectations
  • Right to work
  • Titles
  • Work Experience
  • Pictures and videos
  • Any free text personal data that you may provide in your application.

This data may come directly from you or from a third party such as a referrer, LinkedIn or a recruitment agency. We hold and process this data for the legitimate purpose of managing recruiting.The lawfulness of the processing of personal data is our legitimate interest to simplify and facilitate recruitment.

In order to facilitate our recruitment process we may share, store and process your personal data with third party software platforms, such as LinkedIn, TeamTailor and BambooHR, who act as joint controllers with Cybsafe. Please click on the link to the BambooHR privacy notice and this link for the TeamTailor privacy notice.

If we are unable to process this data, we would not be able to process your application.

In the case that we collect sensitive information such as race, ethnicity, religious or  political beliefs and disability ro genetic information – it is with your consent and for the purposes of managing our diversity objectives. 

Should you be unsuccessful in your application we will retain this data for up to 2 years so that we may contact you regarding any future opportunities, unless you request that we delete the data beforehand. At this point the data is irreversibly deleted. 

As an email contact or prospective customer to CybSafe we hold the following information about you:

  • Name
  • Contact details
  • Job Title or Job description
  • Company
  • Location

This data may come directly from yourself or from Data as a Service providers.  We hold and process this data for the legitimate interest of communicating with you, either for standard business communications or for marketing. 

We will retain this data for up to 3 years from our last contact with you, unless you request that we delete the data beforehand. At this point the data will be irreversibly deleted.

At various places on our website (and it’s subdomains) such as Contact Us , Behave Hub, Request a Demo or Get in Touch pages you may also choose to provide personal data that will allow us to manage our response to your request for further details of our products and services in our legitimate interests – we will retain these marketing details for up to three years. At this point the data is irreversibly deleted. 

Similarly, if you contact our Data Protection Officer, you may choose to provide personal data that will allow us to manage our response to your enquiry relating to data protection and privacy matters – we will retain a log of your enquiry for up to six years in case of future related enquiries. At this point the data is irreversibly deleted. 

As an attendee, participant or guest speaker at one of our business conferences or Webinars we process the following  personal information about you:

  • Name
  • Contact details
  • Job Title or job description
  • Company
  • Qualifications

We hold and process this data for the legitimate interest of fulfilling a business-to-business contract with your organisation, or the processing is necessary for the performance of a contract or the process of negotiating a contract. 

In order to facilitate our communications with you we may use third party applications such as,  HubSpot, Intercom, administration & support service providers, Amazon Web Services, online conference facilitators, such as Zoom, Airmeet, and analytics platforms such as Google.

When we host a conference or webinar jointly with other companies (joint controllers) we may share the registrations and attendees with those companies in our legitimate interest, or for the purposes of negotiating a contract with your business. These joint controllers are responsible for the lawful processing of your personal data. Their privacy notices may be accessed by clicking on the company logo or request the relevant information notices directly from them.

Normally, this means we will retain your personal information for three years, unless you request that we delete it beforehand. At this point the data is irreversibly deleted.