CyberGRX Privacy Notice

Last updated: May 25, 2018

Cyber Global Risk Exchange, Inc. (“CyberGRX,” “we,” or “us”) respects your privacy.  This Privacy Notice describes the types of information we may collect from you when you visit the following website: https://www.cybergrx.com, all CyberGRX-owned websites and domains (“Sites”), or use our other products and services that include an authorized link to this Privacy Notice (collectively, the “Services”), how we use the information we collect, with whom we share it, how we protect it, and the choices we offer you regarding our collection and use of such information.

For purposes of the General Data Protection Regulation (the “GDPR”), the data controller is Cyber Global Risk Exchange, Inc., 1637 Wazee Street, Denver, CO 80202.

Privacy Principles

We follow the following principles in order to protect your privacy:

  • We do not collect any more personal data about you than is necessary;
  • We only use your personal data for the purposes we specify in this Privacy Notice, unless you agree otherwise;
  • We do not keep your personal data if it is no longer needed; and
  • Other than as we specify in this Privacy Notice, we do not share your personal data with third parties.

INFORMATION WE COLLECT

  • Personal Data.  We may collect personal data from users in a variety of ways, including, but not limited to, when you visit or register on our Sites, purchase services from us, request a free trial or a demo, subscribe to our newsletters, respond to a survey, complete an assessment or questionnaire, fill out a form, and in connection with other activities, services, features, or resources we make available through our Services.  The personal information we may collect about you may include, without limitation: (a) name, name of your organization, job title, mailing address, email address, and phone number; (b) login information, such as username, password, and security questions and answers; (c) and payment and financial details, such as payment card or bank account number, expiration date, authentication code, and billing address. You can always refuse to supply the personal data that we request, except that it may prevent you from engaging in certain Site-related activities and receiving certain information.
  • Non-Personal Data. We may collect non-personal data about you when you interact with our Sites. Non-personal data may include your browser name, type of computer, the files viewed on the Sites, clickstream data, and technical information about your means of connection to the Sites, such as the operating system and the internet service providers utilized.  To the extent that we link this non-personal data with your personal data, this Privacy Notice shall govern our use of such information.

HOW WE USE PERSONALLY IDENTIFIABLE INFORMATION

We may collect and use personal data for the following purposes:

  • To process transactions.  Information you provide allows us to process transactions, perform assessments, and review scoping inquiries made on the Sites or otherwise as necessary for performance of our contractual obligations to you, including as applicable, order confirmation, billing, and delivering products or services.
  • To improve customer service.  Information you provide helps us respond to your customer service requests and support needs more efficiently.  We will do this on the basis of our legitimate business interests.
  • To personalize your experience.  We may use information in the aggregate to understand how our users as a group use the Services.  We will do this on the basis of our legitimate business interests.
  • To improve our Services.  We may use feedback you provide to improve our Services.  We will do this on the basis of our legitimate business interests.
  • To respond to your inquiries.  We will use your personal data to respond to your inquiries, questions and/or other requests for information.  We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests.   
  • As required by law.  To send you communications required by law or which are necessary to inform you about our changes to the services we provide you.  For example, updates to this Privacy Notice and other legally required notices or information. These service messages will not include any promotional content and do not require prior consent when sent by email or text message. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
  • To comply with our legal or contractual obligations to share data with law enforcement.
  • To fulfill any other purpose for which you provide personal data.  We may use your personal data for purposes that we make known to you at the time of collection of such information or otherwise upon your consent.

We may combine the information we collect with publicly available information and information we receive from our parent, affiliate, or subsidiary companies, business partners, and other third parties. We may use that combined information to enhance and personalize your experience with us, to communicate with you about products, services, and events that may be of interest to you, for promotional purposes, and for other purposes described in this Privacy Notice.

HOW WE PROTECT YOUR INFORMATION

The security of your personal data is important to us. We have adopted generally accepted industry standards in connection with our data collection, storage, and processing practices and security measures to protect against unauthorized access, alteration, disclosure, or destruction of your personal data, username, password, transaction information, and data stored on the Sites. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

DISCLOSURE OF YOUR PERSONAL DATA

We may disclose aggregated, or other non-personal data or information about our users without restriction. We may disclose personal data about you in the following ways and/or to the following third parties:

  • Affiliates. To our parents, affiliates, joint venturers, or partners, for their use in a manner consistent with the purpose described in this Privacy Notice.
  • Agents and Service Providers. To contractors, service providers, and other third parties we use to support our business, provide the Services, and who complete transactions or perform services on our behalf or for your benefit.
  • Marketing. With your consent, to third parties for their own direct marketing purposes, to provide you with information about products that may be of interest to you, and for other purposes as specifically set forth in this Privacy Notice.
  • Legal Process. As required by law, such as to comply with a subpoena or other legal process, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
  • Certain Business Transfers. As part of a corporate business transaction, such as a merger, acquisition, joint venture, or financing or sale of company assets. It may also be disclosed in the event of insolvency, bankruptcy, or receivership. We will use reasonable efforts to direct any such transferee to use your personal data in a manner that is consistent with our Privacy Notice.
  • Consent. In additional ways upon your consent.

Your Rights

  • Accessing your Personal Data.  You can review and change the personal information associated with your account by logging into your account and visiting your account profile page.
  • Request a Copy of your Personal Data.  You have the right to request a copy of any personal data that we hold about you. If you would like a copy of your personal data, please contact us using the contact information below. We may request proof of your identity before sharing such information. If you discover that the information we hold about you is incorrect or out of date, you may ask us to correct that information by contacting us using the contact information below.
  • Cease Processing or Delete Personal Data.  You may ask us to stop processing, or delete, the personally identifiable data we hold about you in certain circumstances. It may not be possible for us to processing or delete all of the information we hold about you where we are fulfilling a transaction or have a legal basis to retain the information, however please contact us to discuss how we can assist you with your request.
  • Withdraw Consent.  When we process your information on the basis that you have consented to such processing, you have the right to withdraw your consent, or ask us to stop or restrict processing the personal data we have about you, at any time by contacting us using the contact information below.
  • Portability. You may also ask us to transfer your personal data to a third party in certain circumstances. If you would like any further information about your rights or how to exercise them, please contact us using the contact information below.
  • Complaints. If you are in the European Union, you have the right to make a complaint at any time to the relevant data protection authority in your country.
  • Retention. We will retain your information for as long as needed to fulfill your requests, provide you services, comply with our legal obligations, resolve disputes, and enforce our agreements.
  • Unsubscribe. If you receive marketing emails from us, you can unsubscribe to our emails by clicking “unsubscribe” within each email. You may not opt-out of service-related communications, which are not promotional in nature.

THIRD-PARTY WEBSITES

You may find advertising or other content on the Sites that link to the websites and services of our partners, suppliers, advertisers, sponsors, licensors, and other third parties. We do not control the content or links that appear on these websites and are not responsible for the practices employed by websites linked to or from the Site. In addition, these websites or services, including their content and links, may be constantly changing. These websites and services may have their own privacy policies and customer service policies. Browsing on and interacting with any other website, including websites which have a link to the Site, are subject to that website’s own terms and policies.

COOKIES AND OTHER TRACKING TECHNOLOGIES

  • As is true of most websites, we gather certain information automatically and store it in log files. This information may include Internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Site (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data to analyze trends in the aggregate and administer the Site.
  • We use cookies or similar technologies to store session information, analyze trends, administer the Site, track users’ movements around the Site, and to gather demographic information about our user base as a whole. A cookie is a small amount of data, which often includes an anonymous unique identifier, which is sent to your browser from a website’s computers and stored on your computer’s hard drive.
  • The length of time a cookie stays on your device or computer depends on its type.  “Persistent” cookies stay on your device or computer until they expire or are deleted.  “Session” cookies will only stay on your device or computer for so long as you are on our Site.
  • We use first party cookies and third-party cookies on our Sites.  First party cookies belong to us.  Third party cookies are placed on your device or computer by a third party through our Services, such as an advertiser.
  • Please click here for a list of the cookies used on our site.  You can modify your cookie setting by following the instructions provided by your browser.  These instructions are usually found in the “Tools,” “Help” or “Edit” tabs.  If you set your browser to disable cookies you may not be able to fully access and use our Sites.  You can learn more about the choices provided by advertisers for individuals to decide how their information is collected and used by visiting the Digital Advertising Alliance (www.aboutads.info), the Network Advertising Initiative (www.networkadvertising.org/managing/opt_out.asp) or the European Digital Advertising Alliance (www.youronlinechoices.eu).
    • Our website uses Google Analytics.  Google Analytics is a service which transmits traffic data to Google Servers in the United States.  Google Analytics does not identify individual users or associate your IP address with any other data held by Google.  We use reports provided by Google Analytics to help us understand traffic and usage of our website.  You may opt out of the aggregation and analysis of data collected about you on our website by Google Analytics here: https://tools.google.com/dlpage/gaoptout?hl=en.

  • If you access our Services using a mobile device, you may adjust the settings on your mobile device to allow or prevent the sharing of location information. For example, you can disable “Location” (or “Location Services” on iOS-based devices) on your mobile device to prevent sharing your location information with us. Please refer to instructions provided by your mobile service provider or the manufacturer of your mobile device to learn how to adjust your mobile device settings. Please note that if you disable the sharing of location information, you may be unable to access some features of our Sites that are designed for mobile devices.

CHANGES TO THIS PRIVACY NOTICE

We have the discretion to update this Privacy Notice at any time. When we do, we will revise the updated date at the top of this page. If we make material changes to this Privacy Notice, we will notify you here, by email, or by means of a notice on the Site prior to the change becoming effective. We encourage you to frequently check this page for any changes to stay informed about how we are helping to protect the personal data we collect. You acknowledge and agree that it is your responsibility to review this Privacy Notice periodically and become aware of modifications.

CHILDREN UNDER THE AGE OF 16

The Sites are not directed to, and we do not knowingly collect or solicit personal data from, children under the age of 16. If we learn we have collected or received personal data from a child under the age of 16, we will delete that information. If you believe we might have any information from or about a child under the age of 16, please contact us using the contact information below.

WHERE WE STORE YOUR INFORMATION

CyberGRX is based in the State of Colorado in the United States. When we obtain information about you, we may transfer, process, and store such information outside of the country in which you reside, including in the United States.  By using the Sites, you consent to the transfer to and processing and storage of your information in countries outside of your country of residence, which may have different data protection laws than those in the country where you reside. If you are a resident of the European Economic Area, the personal data we collect from you may be transferred to, and processed and stored, outside the European Economic Area, including the United States of America.   

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section § 1798.83 permits California residents to request certain information regarding our disclosure of personal data to third parties for their direct marketing purposes. To make such a request, please contact us using the contact information below.

CONTACTING US

If you have any questions about this Privacy Notice, the practices of the Sites, or your dealings with us, please contact us at:

Privacy Office

Cyber Global Risk Exchange, Inc.

1637 Wazee Street, Suite 400

Denver, CO 80202