CyberVade Privacy Statement
(also referred herein as ‘Privacy Policy’)
Effective Date: December 28,
2024
1. Introduction
At CyberVade (“we”, “us”, “our”), protecting your privacy is
our top priority. This Privacy Policy explains how we collect, use, share, and
safeguard your personal data in compliance with global privacy regulations,
including the General Data Protection Regulation (GDPR), the California
Consumer Privacy Act (CCPA), the Children’s Online Privacy Protection Act
(COPPA), and other laws applicable in the jurisdictions where we offer our
services.
We tailor this policy to comply with regional requirements.
Specific rights or practices outlined here may differ based on local laws, such
as the GDPR for EU residents or the CCPA for California residents.
We strive to make this policy accessible to everyone,
including users with disabilities. To request alternative formats, such as
audio or large print, please contact our Data Protection Officer (DPO).
Requests will be acknowledged within five business days and processed promptly.
We value your feedback on this policy and use it to improve
our privacy practices. Contact our DPO for suggestions, questions, or concerns.
This policy is reviewed annually or as needed to reflect
changes in regulations, technologies, or business practices. We also monitor
advancements in privacy-enhancing technologies, such as federated learning,
homomorphic encryption, and advanced anonymization, to ensure compliance with
global best practices.
For a summary of key points, refer to the Plain Language
Privacy Summary below.
Plain Language Privacy Summary
This summary provides an overview of our privacy practices:
–
What We Collect: Personal, technical, and sensitive data necessary for
providing services, maintaining security, and complying with legal obligations.
We do not re-sell any data.
–
Your Rights: Access, correction, deletion, restriction of processing,
portability, and withdrawal of consent, supported by tools like our Privacy
Dashboard that is available to website account holders.
–
AI Use: AI supports fraud detection and personalization, with
decisions that impact your rights always involving human oversight.
–
How We Protect Data: Advanced safeguards like encryption, access controls,
role-based access controls (RBAC), and regular audits ensure your data remains
secure.
–
International Transfers: Data is transferred securely using
legally approved safeguards, with additional protection where required.
For more details, continue reading below. Please note, to ensure accessibility, we will
provide a simplified summary of this policy through a Plain Language Privacy
Guide that highlights key points, such as your rights, how we use your data,
and how to contact us. This guide is available on request for easier
comprehension.
2. Scope of This Policy
This policy applies to personal data collected through our
websites, applications, services, offline interactions, and trusted third-party
sources.
We comply with regional age thresholds for children’s
privacy. For example, in the EU, the age of consent is 16, while under COPPA in
the U.S., it is 13. If we inadvertently collect data from minors, we delete it
promptly and notify parents or guardians when feasible.
If we were to provide an application that could have age sensitivity, we may use
industry-standard age verification methods, such as parental consent
verification for minors, to ensure compliance with applicable laws. If we
detect any inaccuracies in the provided age data, we delete the information and
notify the user promptly.
3. Information We Collect
We collect and process the following types of data to provide
services, maintain security, and comply with legal obligations:
–
Personal Information: Data such as your name, email, phone
number, payment details, and any information provided during interactions with
us.
–
Technical Information: Data such as IP addresses, browser
types, device information, and usage patterns collected via cookies and similar
technologies.
–
Sensitive Information: When collecting sensitive data, such
as biometric or health-related information, we provide a clear consent form
outlining its purpose and allow you to revoke this consent at any time through
your Privacy Dashboard or by contacting our DPO.
When collecting data from third parties, such as analytics
providers or credit bureaus, we validate their compliance with privacy
regulations and notify you about the purpose of the data collection.
We obtain your explicit consent before collecting personal or
sensitive information. This includes providing clear, unambiguous options such
as checkboxes or opt-in mechanisms for marketing, cookies, and data-sharing
preferences. Implied consent, such as continued use of our website, is only
applied for essential cookies or functionalities, and we provide full
transparency through our Cookie Management Tool. You can withdraw your consent
at any time through the Privacy Dashboard.
All consents provided by users are documented and timestamped for compliance
purposes. Users that are account holders can easily review and retract their
consents via the Privacy Dashboard, which provides a clear interface for
managing consent preferences.
4. How We Use Your
Information
We use your data for the following purposes:
–
Delivering, personalizing, and improving our services.
–
Ensuring compliance with legal and regulatory
requirements.
–
Preventing fraudulent activity and improving security.
–
Communicating updates, promotions, or relevant
content.
Legitimate Interests:
We rely on legitimate interests for activities such as improving security,
analyzing website usage, or detecting fraud. These interests are carefully
assessed to ensure they do not override your rights.
5. Legal Basis for
Processing
We process personal data under one or more of the following
legal bases:
–
Your Consent: For optional activities such as marketing communications.
–
Contractual Necessity: To fulfill a contract, such as
providing requested services.
–
Legal Obligations: To comply with tax, fraud prevention, or other
regulatory requirements.
–
Legitimate Interests: To improve services or enhance
security, provided your rights are not overridden.
You can withdraw your consent at any time through your
account settings, our Privacy Dashboard, or by contacting our DPO.
6. Sharing Your Information
We share your data only when necessary and under strict
safeguards:
–
Service Providers: For payment processing, IT support, analytics, and
other essential services.
o Payment
Processors (e.g., Stripe, PayPal): For handling payment transactions securely.
Data shared may include billing information, transaction details, and contact
information.
o Cloud Storage
Providers (e.g., AWS): To securely store and manage your data. Shared data may
include account information, uploaded files, and activity logs.
o Analytics
Platforms (e.g., Google Analytics): To monitor and improve our services. Data
shared may include anonymized usage data, device information, and interaction
data.
o Marketing
Platforms (e.g., Beehiiv, Odoo): For sending newsletters, promotional offers,
or service updates. Shared data may include email addresses and engagement
metrics.
–
Legal Authorities: To comply with legal obligations or regulatory
requirements.
o Responding to
subpoenas or court orders.
o Report fraud,
unauthorized access, or any activity that violates our terms.
o Ensure the
safety and rights of our users, employees, or the public.
–
Business Transfers: In the event of mergers, acquisitions, or sales, your
data may be transferred as part of the transaction under strict confidentiality
agreements. For instance, if our company is acquired, your user account and
associated data may be transferred to the new owner.
You may request additional information about the third
parties involved in data processing.
We share your data only with trusted third-party service providers, such as
payment processors, cloud storage providers, and marketing platforms, all of
which are contractually obligated to comply with privacy regulations. A
comprehensive list of third-party processors, their roles, and purposes for
data access is published in our Third-Party Data Sharing Overview. This list is
updated annually, and notifications are sent to users when significant changes
occur. You may opt out of specific data-sharing practices via the Privacy
Dashboard.
7. International Data
Transfers
We transfer data internationally only with appropriate
safeguards:
–
Standard Contractual Clauses (SCCs): Agreements approved by international
authorities to ensure your data stays protected. Learn more about SCCs from the
European
Commission.
–
Technical Protections: Data is encrypted and pseudonymized
during transfers.
–
Consent Where Required: In jurisdictions requiring explicit
consent for transfers, we notify you and seek your approval.
To ensure
compliance with local privacy laws, we implement additional safeguards where
required, such as localized encryption, data minimization, and region-specific
data processing agreements. Where necessary, we notify users of international
transfers and obtain their explicit consent.
Before transferring data internationally, we ensure that the receiving
jurisdictions maintain equivalent or adequate privacy protections. For regions
with weaker privacy safeguards, we implement enhanced technical and contractual
measures to ensure compliance with local and international regulations.
Personal data may be transferred to jurisdictions including, but not limited
to, the United States and the European Union. These transfers are governed by
frameworks such as Standard Contractual Clauses (SCCs), Privacy Shield (where
applicable), and other legal mechanisms that ensure compliance with local
privacy laws. A detailed list of jurisdictions and transfer safeguards is
available in our International Data Transfer Overview which is available on
request to those who have legitimate interest.
8. Your Rights
You have the right to:
–
Access your data and request a copy.
–
Correct inaccurate or incomplete information.
–
Delete your data unless retention is legally required.
–
Restrict or object to data processing.
–
Request your data in a machine-readable format for
portability.
–
Withdraw consent for optional data processing.
You can access your Privacy Dashboard through your account
settings. Requests are typically processed within 30 days, as required by law. To
simplify the process of exercising your rights, we offer step-by-step guidance
in the Privacy Dashboard. Our support team is available to assist you directly
through live chat or phone support if you encounter any difficulties.
You can exercise your rights directly through the Privacy Dashboard, accessible
in your account settings. Alternatively, submit a request to our DPO who will
assist you within 30 days, or as required by law if earlier. We are committed
to removing barriers to ensure seamless access to your rights.
9. Security Measures
Your data is protected through:
–
Encryption: AES-256 encryption for stored data and TLS for data in
transit.
–
Access Controls: Role-based access controls (RBAC) to ensure only
authorized personnel can access data.
–
Multi-factor Authentication: multi-factor authentication (MFA)
–
Audits/Reviews: Regular security audits and/or revies are conducted, quarterly
internal and external penetration testing, and annual incident response drills
managed by our team of privacy and security experts, to prepare for potential
threats.
Our security audits and penetration tests follow industry standards such as ISO
27001. Summaries of audit results are available upon request by those who have
legitimate interest, to ensure transparency and user trust.
In the unlikely event of a data breach, we follow a robust incident response
plan that includes user notification within 72 hours of detection (as, for
example, required by GDPR) and steps to mitigate any potential harm. Users that
are accountholders can obtain our detailed breach protocol in our Incident
Response Plan Overview. Accountholders can also request a summary of these
measures by contacting our DPO
10. Cookies and Tracking
Technologies
We use cookies to improve your experience. They are
categorized as:
–
Essential Cookies: Necessary for core functionality (expire when you
close your browser).
–
Analytics Cookies: Help us analyze usage patterns (persist up to 90
days).
–
Advertising Cookies: Deliver personalized advertisements (may persist for
up to 12 months).
Our Cookie Management Tool allows you to customize your cookie preferences at
any time, including opting out of non-essential cookies. For a detailed
breakdown of cookie categories, their purposes, and duration, please visit our
Cookie Policy. We also provide instructions on disabling cookies through your
browser settings.
11. Retention of Data
We retain personal data based on the retention periods below:
|
Data Type
|
Retention Period
|
Purpose
|
|
Transaction Data
|
2 years
|
Unless otherwise required for Tax or legal compliance
|
|
Marketing Data
|
2 years (unless withdrawn)
|
Personalized communications
|
|
Customer Support Logs
|
3 years
|
Service improvement
|
|
Legal Compliance Records
|
As required by law
|
Regulatory adherence
|
At the end of retention periods, all personal data is securely deleted or
anonymized using advanced techniques such as data shredding or irreversible
tokenization. Users may request verification of deletion through the Privacy
Dashboard or by contacting our DPO. We also conduct annual audits to ensure
data retention practices remain compliant with applicable regulations.
12. Accountability Measures
We maintain detailed records of all data processing
activities and conduct regular audits to ensure compliance. Internal privacy
champions oversee adherence, and all employees undergo regular training on
privacy practices. We also aim to maintain certifications such as ISO 27001 for
information security management.
13. Data Protection Impact
Assessments (DPIAs)
We conduct DPIAs for high-risk processing activities, such as
handling sensitive personal data, deploying large-scale behavioral tracking
systems, introducing third-party AI models, or expanding operations to
high-risk jurisdictions.
14. Automated
Decision-Making and AI Ethics
We may put AI systems and automated decision making in
use. When we do, the following will apply.
AI systems, when used, assist in fraud detection, recommending content, and optimizing
service delivery. Decisions that significantly affect your rights are always
reviewed by qualified personnel. Our AI systems are tested regularly for
fairness, accuracy, and cultural sensitivity. External experts may audit these
systems to ensure compliance with our ethical standards. For example, we may
implement adjustments to prevent geographic biases in content recommendations
and partnered with external auditors to assess language-model accuracy for
non-English-speaking regions.
Whenever automated decision making is used, we actively monitor and mitigate
biases in automated decision-making systems by conducting regular audits using
fairness and accuracy benchmarks. Users impacted by automated decisions can
request a human review by contacting our DPO or through the Privacy Dashboard.
We provide detailed explanations of how these decisions are made and their
implications for users.
Users are made aware by pop-ups when they are subjected to
automated decision making. Detailed explanations of how automated decisions,
whenever these are used, impact users are available in the Privacy Dashboard.
Users are notified when automated processes are applied to their data and
provided with options to contest decisions or request human intervention.
15.
Resources for learning about your Data Protection Rights
We
encourage you to learn about your data protection rights and how to safeguard
your personal information. The following resources provide clear, reliable
guidance:
For EU Residents:
For US Residents:
CCPA
Consumer Privacy Resources: Information on privacy rights under the
California Consumer Privacy Act.
FTC Consumer
Advice: Tips on managing your online privacy and securing personal data.
General Privacy and Security Guidance:
Stay
Safe Online: Offers tips and
resources for improving digital safety.
Electronic
Frontier Foundation (EFF): Guides
on digital privacy rights and best practices for protecting your information.
16. Updates to This Policy
This policy is reviewed annually or when legal or operational
changes require updates. Significant changes or policy updates will be
communicated at least 30 days before implementation through email, in-app
notifications, or website banners at least 30 days before implementation. Archived
versions of previous policies are available upon request for transparency.
17. Contact Information
For questions, concerns, or feedback, contact our Data
Protection Officer, who will respond within 30 days:
Email: dpo@cybervade.io
Phone: +1 305 744 6757
Mailing Addresses and phone numbers:
The Netherlands
Weena 290
3012 NJ Rotterdam
+31 6 2530 0685
United States
260 Peachtree Street Northwest
Suite 2200
Atlanta GA 30303
+1 305 744 6757
Caribbean
Dokweg 19
Willemstad, Curaçao
+5999 512 5166
In addition to email, you can contact our DPO through our online support form
or by scheduling a call via our dedicated DPO hotline. We guarantee an initial
response within five business days and resolution within 30 days.
To ensure accessibility, our contact details are displayed prominently on all
user account pages, the Privacy Dashboard, and at the footer of every email
communication. Users can also schedule a callback via our online contact form.
We are committed to addressing your inquiries promptly and transparently.
Last Updated: December 28, 2024
