Privacy Policy
Last updated: 26.07.2024
We take data protection very seriously. Therefore, our privacy policy is extensive, also to fully comply with legal requirements. To help you navigate quickly and find the information you’re looking for, here’s a summary of the chapters:
- Preamble – Our stance on data protection and the websites it applies to
- Cookies – What cookies are and where we use them
- Log Data – Websites collect information about your web access
- Tracking Tools – Re-marketing/re-targeting with Google Analytics
- Social Media Plugins – What happens when you click on these buttons
- Data Storage – What data is stored, how, where, and for how long
- Data Security – What we do to protect your data
- Your Rights – We take your rights seriously, more on this in this chapter
1. Preamble
In this privacy policy, we want to inform you about the type, scope, and purpose of the collection, processing, and use of personal data when using the website and services offered by CyRiSo Cyber Risk Solutions GmbH (hereafter referred to as “CyRiSo”).
Your trust and the protection of your personal data are important to CyRiSo. That’s why we aim to show you transparently how and for what purpose your data is used. We process your data exclusively based on the current legal provisions according to the EU General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2003).
Our principles for handling your data are:
- You only provide us with the data necessary for the service.
- Your data is only stored as long as needed for the service.
- We use your data only for the purposes we agreed upon.
- We share your data only with third parties necessary for providing the service.
- Your data is always transmitted and stored encrypted.
This privacy policy applies to this website, its sub-domains, and any future sub-domains of CyRiSo. By storing, processing, and using personal data, we aim to offer you a user-friendly, seamless, customer-oriented, and secure service.
We do not use or share your data beyond what is described in this privacy policy. By using the service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this privacy policy, terms used in this policy have the same meanings as in our general terms and conditions.
2. Cookies
CyRiSo uses cookies on this website. Cookies are small text files placed on your device through your web browser. They don’t cause any harm. Cookies allow for faster navigation on our site, customization based on your needs and preferences, and preventing misuse of the services. When you reconnect to our website, our server can identify your device, so you don’t have to log in each time you visit.
We use session cookies, which are deleted when you close your browser, as well as permanent cookies, which allow for personalized settings over a longer period. Permanent cookies are deleted automatically after a set period, which varies depending on the cookie. You can configure your browser settings to reject cookies, but this may result in limited functionality of our website.
Our legitimate interest in improving our website and offering under GDPR Article 6(1)(f) is the basis for using these cookies.
3. Log Data
We may collect information that your browser sends when you visit our service, or when you access it via a mobile device. This “log data” may include information such as your browser type, browser version, IP address, pages you visit, time and date of your visit, time spent on those pages, and other statistics.
If you access the service from a mobile device, this log data may include the type of device, its unique ID, IP address, operating system, mobile browser type, and other statistics.
4. Re-Marketing with Tracking Tools
We use tracking tools on our website to measure user behavior, better understand it, and improve our services accordingly. This also allows us to use targeted ads online. This is done based on our legitimate interest under GDPR Article 6(1)(f).
We use a cookie banner where you can provide consent for this (GDPR Article 6(1)(a)). You can change this consent at any time by clicking on the Borlabs icon in the lower left corner of the browser.
By consenting to these services, you agree to the processing of your data in the USA, as per GDPR Article 49(1)(a). The European Court of Justice has deemed the USA a country with insufficient data protection. For example, U.S. authorities may process personal data in surveillance programs, without providing a legal remedy for Europeans.
Google Analytics
We use Google Analytics, a web analytics service provided by Google Inc. (“Google”). Google Analytics uses cookies to analyze your use of our websites. The information generated by the cookie is transmitted to a Google server in the USA and stored there. With IP anonymization enabled, Google will shorten your IP address within the EU or other countries of the European Economic Area. Only in exceptional cases is the full IP address sent to a server in the USA and shortened there.
Google processes this data to evaluate your use of the website, compile reports on website activity, and provide other services related to website and internet usage. The IP address sent by your browser via Google Analytics will not be combined with other Google data.
You can prevent the collection of data generated by the cookie (including your IP address) and its processing by Google by downloading and installing the browser add-on available at:
https://tools.google.com/dlpage/gaoptout?hl=de
You can read how Google uses your data here: https://policies.google.com/technologies/partner-sites
5. Social Media Plugins (LinkedIn)
Our website uses social media plugins (“plugins”) from the LinkedIn network. Our legitimate interest in using these plugins under GDPR is to improve our website, expand our community, and for advertising purposes.
LinkedIn is operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. You can find an overview of LinkedIn buttons and their appearance here:
https://developer.linkedin.com/plugins
When you visit a page on our site with a plugin, your browser connects directly to LinkedIn’s servers. The content of the plugin is transmitted by LinkedIn directly to your browser and integrated into the page. This informs LinkedIn that your browser has accessed the corresponding page on our site, even if you don’t have a LinkedIn profile or are not logged in. This information (including your IP address) is transmitted directly to LinkedIn and stored on their servers.
If you’re logged into LinkedIn, LinkedIn can associate your visit to our website with your LinkedIn profile. If you interact with the plugins (e.g., by clicking the “Like” button), this information is transmitted to LinkedIn and stored there. LinkedIn may also display this interaction on your profile for your contacts.
For more information on how LinkedIn processes your data, visit LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy?_l=de_DE
If you don’t want LinkedIn to associate data from your visit to our site with your LinkedIn profile, log out of LinkedIn before visiting our site. You can also block plugins using browser add-ons like “NoScript”: (https://noscript.net/).
6. Data Storage
We use third-party companies to provide our services, perform related service tasks, or assist us in analyzing how our services are used. These third parties only have access to your data for the tasks they perform for us and are required not to disclose or use your data for any other purpose.
We’ve signed data processing agreements with all third-party providers to ensure their full compliance with applicable data protection laws (GDPR).
7. Data Security
UOur services are not directed to individuals under the age of 14. We do not knowingly collect personal data from children under 14. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us. If we discover that we have collected personal data from a child under 14 without verification of parental consent, we take steps to remove that information from our servers.
To protect your personal data, we use the following technical and organizational measures:
- Unique passwords for all software tools
- Antivirus protection for all IT hardware
- SSL encryption for secure data transmission
- Firewall for our internal network
- Regular data security and protection training for all employees
- Regular software updates
- Regular data backups
- Risk analyses of IT systems
8. Your Rights
You can contact us at any time regarding our privacy practices or to have your profile and stored data deleted or corrected. You have the right to free access to your stored data, as well as to data restriction, transfer, and the right to withdraw or object to processing. If someone else registers with your email address, please inform us, and we will delete the profile if requested.
If you believe your data has been processed unlawfully or your data protection rights have been violated, you can file a complaint with the Austrian Data Protection Authority at:
Address: Barichgasse 40-42, A-1030 Vienna
Phone: +43 1 52 152-0
E-Mail: dsb@dsb.gv.at
As our services evolve and new technologies are implemented, Risk Consult reserves the right to update this privacy policy on an ongoing basis. We therefore recommend that you revisit and read this Privacy Policy from time to time. If you have any questions about data protection, simply send us an e-mail to: office@cyriso.at or write to us at the postal address given in the legal notice.
Data protection is important to us!
With best regards
CyRiSo Cyber Risk Solutions GmbH