The version applicable to the User is the one in force on the Site at the date of use of the Services.
Personal Data or Data: means any information relating to an identified or identifiable natural person (hereinafter referred to as “data subject”); an “identifiable natural person” is one who can be identified, directly or indirectly, in particular by reference to an identifier, such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity;
Processing: means any operation or set of operations, whether or not carried out by automatic means, applied to Data or sets of Personal Data, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, communication by transmission, dissemination or otherwise making available, alignment or combination, limitation, erasure or destruction;
Controller: means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the Processing;
Processor: means the natural or legal person, public authority, department or other body that processes Personal Data on behalf of the Controller.
2. Processing of Personal Data for which Cyberion is the Data Controller
Cyberion is the Controller of the Processing of the Data that the User communicates to it when using the Services.
Article 1. Personal data processed, purposes of processing and retention time
Personal Data is collected for specific, explicit and legitimate purposes.
Cyberion ensures that Personal Data are processed in an adequate, relevant and limited manner with regard to the purposes for which they are processed:
Article 2. Recipients of personal data
None of the Personal Data concerning the User is transmitted to third parties, with the exception of Cyberion’s staff members or partners and subcontractors, solely for the purpose of carrying out the above-mentioned purposes and within the limits of the information strictly necessary for this purpose.
The User’s Personal Data is stored either in Cyberion’s databases or in those of its service providers, which are located in Switzerland or within the European Union.
The User’s Personal Data is not transferred outside of Switzerland or of the European Union.
Article 3. Data protection officer
The Data Protection Officer appointed by Cyberion can be contacted at the following address: firstname.lastname@example.org
Article 4. Users’ rights
In accordance with the regulations concerning the Processing of Personal Data, the User has the following rights:
1. Right of access, rectification and deletion
The User may review, update, modify or request the deletion of his/her Personal Data. If he/she has one, the User has the right to request the deletion of his/her User Portal.
2. Right to Data Portability
The User has the right to request the portability of his/her Personal Data, held by Cyberion, to another operator.
3. Right to limit and oppose the processing of personal data
The User has the right to request the limitation of or to object to the Processing of his/her Personal Data by Cyberion, without Cyberion being able to refuse, unless it can demonstrate the existence of legitimate and compelling reasons that may override the interests and rights and freedoms of the User.
4. Exercise of rights
The User may, subject to the production of valid proof of identity, exercise his/her rights by contacting the Cyberion Data Protection Officer by email at email@example.com.
In order for Cyberion to comply with the request, the User is required to provide the following information: their first and last names as well as the e-mail address used on the Site.
Cyberion is required to respond to the User within 30 days.
If the User believes, after contacting Cyberion, that his/her rights have not been respected, he/she may submit a complaint to a supervisory authority.
3. Processing of personal data for which Cyberion is the processor
When performing the cyber risk assessment service, Cyberion acts as a Processor within the meaning of the regulations in force applicable to the Processing of Personal Data, and solely on the instructions of the Company acting via the User, which acts as the Data Controller.
Article 1. Description of the processing by Cyberion
Cyberion is authorized to process on behalf of the Company the Personal Data necessary to provide the following services: external vulnerability scan to identify all the vulnerabilities and cyber risk exposure of the Company and to propose an insurance contract.