Cyber Checks

Privacy Policy

Privacy Policy last updated on February 12, 2026

We take data protection very seriously. For this reason, our privacy policy is quite extensive—also to fully comply with all legal requirements. To help you navigate it more easily, we provide a summary of each section at the beginning so you can quickly find the information you are looking for.

  1. Preamble
  2. Cookies
  3. Log Files
  4. Tracking-Tools
  5. Social-Media-Plugins
  6. Datastorage
  7. Data Transfers to Third Parties
  8. Data Transfers to Third Countries
  9. Data security
  10. Your Data Protection Rights
  11. Data protection officer
  12. Application

1. Preamble

With the following Privacy Policy, we would like to inform you about the type, scope, and purposes of the collection, processing, and use of personal data when using the website offered by CyRiSo Cyber Risk Solutions GmbH (hereinafter referred to as “CyRiSo”) and the services provided through it.

Your trust and the protection of your personal data are extremely important to CyRiSo. Therefore, we want to transparently explain how and for what purposes your data is used. We process your data exclusively on the basis of the applicable legal provisions, in particular the EU General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2003).

We adhere to the following principles when processing your personal data:

  • You provide us only with the data that is necessary for the respective service.
  • We retain your data only for the period necessary to fulfil the purposes of the respective services.
  • Your data is used exclusively for the purposes that have been contractually or explicitly agreed with you.
  • Your data is shared only with third parties whose involvement is required for the proper operation and delivery of these services.
  • Your data is transferred and stored exclusively using encryption technologies.

This Privacy Policy applies to this website, its subdomains, and all future additional subdomains of CyRiSo. By storing, processing, and using personal data, we aim to provide you with a user‑friendly, seamless, customer‑oriented, and secure service.

We will not use or disclose your data except as described in this Privacy Policy. By using the service, you consent to the collection and use of information in accordance with this Policy. Unless otherwise defined in this Privacy Policy, the terms used herein have the same meanings as in our Terms and Conditions.

2. Cookies

CyRiSo uses so‑called cookies on this website. These are small text files that are stored on your device with the help of your internet browser. They do not cause any damage. Cookies help accelerate navigation on our website, tailor it to your needs and interests, and prevent misuse of the services. Once you return to our website, our server can recognize your device in this way, so that, for example, you do not have to log in again each time you visit our site.

CyRiSo uses so‑called session cookies, which are deleted as soon as you close your web browser, as they only contain information required for your single visit to CyRiSo. In addition to session cookies, we also use so‑called permanent cookies. These allow the service to retain and provide your personal settings or displays over a longer period of time (depending on the specific service). Permanent cookies are automatically deleted after a predefined period, which may vary depending on the cookie. You can delete cookies at any time via your browser’s security settings.

You can configure your browser settings according to your preferences and refuse the acceptance of cookies. However, please note that in this case you may not be able to use all functions of the website.

Our use of these cookies is based on our legitimate interest pursuant to Art. 6(1)(f) GDPR, namely our interest in improving our services and our overall website presence.

3. Log Data

We may also collect information that your browser sends whenever you visit our service or when you access the service via a mobile device (“log data”).

These log data may include information such as the type and version of your browser, the IP address of your device, the pages of our services that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

When you access the service from or through a mobile device, these log data may include information such as the type of mobile device you use, your mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser you use, and other statistics.

4. Use of Tracking and Marketing Technologies

In addition to the cookies and log data described in the preceding sections, we use tracking and marketing technologies on our website to analyze the usage of our site, optimize our services, and deliver personalized advertising.

The processing of personal data in this context is carried out solely on the basis of your consent pursuant to Art. 6(1)(a) GDPR. , which you can provide via our consent tool (cookie banner). Without your consent, no cookies requiring approval will be set and no corresponding tracking technologies will be activated.

You can withdraw or adjust your consent at any time with effect for the future via our consent tool.

Please note that when using certain services, the transfer of personal data to so‑called third countries, in particular the United States, cannot be ruled out. These countries may not provide a level of data protection comparable to that of the European Union. In particular, it cannot be excluded that government authorities may gain access to the data without you having effective legal remedies against such access.

Google Analytics

We use Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Google Analytics enables us to analyze the use of our website and evaluate user behavior in order to continuously improve our online services.

The service uses cookies and similar technologies that enable an analysis of your use of the website. The following data may be processed in particular:

  • truncated IP address (due to activated IP anonymization)
  • device and browser information
  • user behavior
  • pages visited
  • time spent on pages
  • visitor origin (referrer)

The information collected by Google may be transferred to and stored on Google servers, including servers located in the United States.

The use of Google Analytics is based solely on your consent pursuant to Art. 6(1)(a) GDPR. We have concluded a data processing agreement with Google.

For more information, please visit:
https://policies.google.com/privacy

You can withdraw your consent at any time via our consent tool.

Meta Pixel

We use the Meta Pixel on our website, a service provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

The Meta Pixel enables us to track the behavior of website visitors after they have been redirected to our website by clicking on an advertisement. This allows us to measure the effectiveness of our advertising campaigns and optimize our marketing activities.

In addition, the Meta Pixel allows us to group visitors to our website into target audiences (“Custom Audiences”) and display interest‑based advertising to them on Meta’s platforms.

The following data may be processed in particular:

  • IP address
  • device information
  • browser information
  • pages visited
  • time of access
  • interactions on the website
  • conversion data

If you are logged in to a Meta service, Meta may associate this information with your user account.

The use of the Meta Pixel is based solely on your consent pursuant to Art. 6(1)(a) GDPR.

For more information on how Meta processes data, please visit:
https://www.facebook.com/privacy/policy/

Here as well, you can withdraw your consent at any time via our consent tool.

5. Use of Linkedin-Plugins

On our website, we use plugins from the social network Linkedin, operated by Linkedin Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland

The integration of the Linkedin plugins is carried out solely on the basis of your consent pursuant to Art. 6(1)(a) GDPR. The plugins are only loaded after you have provided your consent via our consent tool (cookie banner). Without your consent, no data will be transmitted to Linkedin.

If you provide your consent and access a page containing a Linkedin plugin, a connection to Linkedin’s servers will be established. In this process, your IP address, browser information, and information about your visit to our website will be transmitted to Linkedin.

If you are logged in to Linkedin, Linkedin may associate your visit to our website with your user account. If you interact with the plugin (e.g., by clicking the ‘Share’ or ‘Follow’ button), the corresponding information will be transmitted directly to Linkedin and stored there.

Please note that the transfer of personal data to third countries, in particular the United States, cannot be ruled out. These countries may not provide a level of data protection comparable to that of the EU.

For more information on how Linkedin processes data, please visit
https://www.linkedin.com/legal/privacy-policy

You can withdraw your consent at any time via our consent tool.

6. Data Storage

We may retain your personal data for as long as necessary to fulfil the purpose for which it was collected, or as required or permitted by applicable law.

We will cease storing your personal data or remove the means by which the data can be associated with you once it can be reasonably assumed that such storage no longer serves the purpose for which the personal data was collected and is no longer required for legal or business purposes.

7. Data Transfers to Third Parties

To provide our services, we use carefully selected external service providers (processors). These providers process personal data exclusively on the basis of contractual agreements in accordance with Art. 28 GDPR and only in accordance with our instructions. Any use of the data for the providers’ own purposes is excluded. Appropriate technical and organizational measures are in place to ensure an adequate level of protection for your data.

8. Data Transfers to Third Countries

We do not actively transfer personal data to countries outside the European Union (EU) or the European Economic Area (EEA). However, it cannot be ruled out that employees of the service providers we use may access personal data from third countries (e.g., in the context of support or maintenance services). In such cases, we ensure compliance with the requirements of Art. 44 et seq. GDPR. This is done in particular through the use of appropriate safeguards, such as the Standard Contractual Clauses adopted by the European Commission, or—where necessary—through your explicit consent. These measures ensure that an adequate level of data protection comparable to the GDPR is maintained even in the event of potential access from a third country.

9. Data Security

Data protection and children

Our service is not directed at individuals under the age of 14 (“children”). We do not knowingly or intentionally collect personal data from children under the age of 14. If you are a parent or guardian and become aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under the age of 14 without the consent of their legal guardians, we will take steps to remove such information from our servers.

Technical and Organizational Measures for Data Security

The security of your personal information is very important to us. However, please be aware that no method of transmission over the internet or method of electronic storage is 100% secure. While we strive to protect your personal data using all commercially acceptable means, we cannot guarantee its absolute security.

We implement the following technical and organizational measures to ensure the security of your personal data:

  • Using different passwords for all software tool
  • Virus protection for all IT hardware in use
  • SSL encryption for secure data transmission
  • Firewall protection for our internal company network
  • Regular training on data security and data protection for all employees
  • Regular updates of all software components
  • Regular data backups to ensure availability
  • Regular risk analyses of the relevant IT systems

10. Your rights

You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will gladly provide you with access to this personal data as well as the information listed in Art. 15 GDPR. Furthermore, subject to the applicable legal requirements, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR), and the right to data portability (Art. 20 GDPR).

You have the right, under the legal requirements, to object to the processing of your personal data (Art. 21 GDPR).

Without prejudice to these rights and without affecting your ability to pursue any other administrative or judicial remedy, you also have the right to lodge a complaint with a supervisory authority at any time—particularly in the Member State of your residence, your place of work, or the place of the alleged infringement—if you believe that the processing of your personal data violates applicable data protection regulations (Art. 77 GDPR).

In Austria, this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Tel: +43 1 52 152-0, E-Mail: dsb@dsb.gv.at

11. Data Protection Officer

If you have any questions regarding data protection or wish to exercise your rights, our Data Protection Officer will be happy to assist you. Simply send us an email at datenschutz@cyrico.at or use the following contact link:

Data Protection Request

As we continue to develop our services and implement new technologies, CyRiSo Cyber Risk Solutions GmbH reserves the right to update this Privacy Policy on an ongoing basis. We therefore recommend that you revisit and read this Privacy Policy from time to time.

12. Applications

If you apply to CyRiSo Cyber Risk Solutions GmbH, we process your personal data as the data controller. Providing your personal data is necessary for the application process. You are entitled to the data subject rights set out in this document.

Lawfulness of Processing

We process your personal data in order to take steps at your request prior to entering into an employment relationship. Any further processing beyond this application process is based on a different legal basis, which will be explained separately.

Application process

Our application process is usually carried out via email and includes the following steps:

  1. cover letter
  2. CV
  3. description of your qualifications and education
  4. proof of your qualifications and education

The scope of the application documents you submit is determined by you. We only collect the data that is necessary for the further progress of the application process.

If we invite you to an interview, we collect additional personal data, which may include your personal interests as well as information regarding your career objectives and qualifications.

Transfer of Applicant Data

We share your application data within our organization with individuals involved in the recruitment process, including HR personnel, subject matter experts, and potential supervisors.

Storage and Retention

If you enter into an employment contract with us, we will retain your application data until the expiration of the retention periods associated with that contract.

If we do not enter into an employment contract with you, we will retain your application data for twelve months. If you would like to be informed about future job openings, you may provide us with your separate written consent for this purpose.

Data protection is important to us!

Best regards

CyRiSo Cyber Risk Solutions GmbH