CYMPIRE LTD. – WEBSITE AND PLATFORM PRIVACY POLICY
*All capitalized terms shall have the definitions ascribed to them in the full Privacy Policy.
This Website and our Platform are operated by Cympire Ltd. (“Cympire”). Cympire provides its Customers with an interactive Platform for cybersecurity training.
This Privacy Policy explains our privacy practices for processing Personal Data when you visit and browse our Website, or use our Platform.
We are committed to protecting your privacy and processing your Personal Data fairly and lawfully in compliance with applicable data protections laws. You can access our full Privacy Policy below to help you understand better how we collect and use your Personal Data. In it, we explain in more detail the types of Personal Data we collect, how we collect it, what is the legal basis of collection, what we may use it for, who we may share it with, what our retention periods are and what your rights are in relation to the Personal Data we collect.
You are under no legal obligation to provide us your Personal Data and any Personal Data you choose to provide to us is given at your discretion. However, if you do not provide us with some categories of Personal Data we may not be able to contact you or provide you our services.
Read this policy and make sure you fully understand our practices in relation to your Personal Data, before you access or use the Website or Platform. By browsing this Website or using the Platform, you consent to the processing of your Personal Data as detailed in this Privacy Policy. If you have read this Privacy Policy, and remain opposed to our practices, you must avoid or discontinue all use of the Website or Platform. If you have further questions or concerns regarding this policy please contact us at: privacy@cympire.com.
FULL PRIVACY POLICY
Cympire Ltd. (“Cympire”, “we”, “our” or “us”) provides this Privacy Policy, as will be updated from time to time (our “Policy” or “Privacy Policy”) to inform the visitors of our Website and Users of our Platform of our policies and procedures regarding the collection, use and disclosure of Personal Data.
- Definitions:
“Applicable Laws” shall mean the GDPR; European Union Member State laws, rules and guidelines implementing or supplementing the GDPR, as amended from time to time and to the extent applicable to Cympire; the Israeli Data Protection Legislation and any other applicable privacy or other law to the extent applicable to Cympire.
The terms “Controller”, “Processor”, “Processing”, “Data Subject” and “Personal Data Breach” shall have the meanings ascribed to them in the GDPR or to any similar terms in Applicable Laws.
“Business Contact” means an individual who is authorized by an organization which is our Customer to communicate with us in relation to the Services.
“Customer” means a legal entity or an individual with whom Cympire has a commercial contract for the provision of the Services.
“EEA” shall mean the European Economic Area.“GDPR” shall mean the General Data Protection Regulation (EU) 2016/679 as amended, replaced or superseded from time to time.
“Israeli Data Protection Legislation” shall mean the Israeli Privacy Protection Law (“PPL”), the regulations promulgated pursuant thereto and the applicable guidelines issued by the Privacy Protection Authority, and as amended, replaced or superseded from time to time.
“Manager” means a User who is responsible for managing the activity of other Users and has access to all of the data including the Personal Data (as defined below).
“Non Personal Data” means information that does not personally identify you and does not reveal your specific identity as an individual, such as anonymized information.
“Personal Data” shall have the meaning ascribed to it in the GDPR or any similar terms in Applicable Laws and shall include the terms “Information” and “Sensitive Information” in the PPL. To put it simply, Personal Data means information that identifies an individual or may with reasonable efforts cause the identification of an individual.
“Platform” means our software application upon which individuals or teams can train on cybersecurity matters.
“Subprocessor” shall mean any entity appointed by us or by one of our Processors/Subprocessors, to Process Personal Data on our behalf or on behalf of that Processor/Subprocessor; excluding any employee of Cympire or of a Cympire Processor/Subprocessor or of any such appointed person but including any contractor or affiliate of the foregoing.
“Team” means a group of Users which are training together.
“Visitor” or “you” means visitors of our Website.
“Website” means our public website available at providing information regarding the services we provide to clients.
“Services” means, in general, the provision of a license to use Cympire’s Platform for cybersecurity training to Customers and any ancillary maintenance and support services. In particular, for each Customer, the term Services shall have the meaning specified in the commercial contract that Customer has concluded with us.
“User” means an individual who is authorized to access to the Platform by a Customer.
This Policy was originally written in English. If you are reading a translation and it conflicts with the English version, please note that the English version prevails.
- When Does This Privacy Policy Apply
This Privacy Policy applies to Personal Data about you that we collect, use or otherwise process within our relationship with Visitors of our Website, Business Contacts and Users of our Platform.
- The Types Of Personal Data That We Collect
- Personal Data That You Provide To Us
- Information provided through the “Contact Us” form: If you are a Visitor to our Website, you may provide us Personal Data if you wish us to contact you and provide more information regarding our Services, including: full name, email, position in workplace and name of workplace, company phone number, company location (country) (“Contact Details”). You may choose to provide us additional Personal Data through the “Message” section in our contact form. Please do not provide further Personal Data than is required for us to contact you.
- Information provided on the Platform: Users are provided access to the Platform at the discretion of the Customer which is their employer or with whom they are otherwise engaged. When a User registers to the Platform, the User is allocated a personal page (a “Profile Page”) and is required to choose a nickname, and may use his/her real name as the username and may upload a photo to the Profile Page. The Profile Page shall not be public and only the User (and the Master) will be able to view his/her Profile. Your Employer (our Customer) and the Master appointed by your Customer will have access to your Profile Page.
- Information provided on the Team Chat when using the Platform: Users who are members of a Team, may use a chat function which enables them to communicate with each other and with the Manager (the “Team Chat”). Users hereby acknowledge that the information provided by each User when using the Team Chat shall be visible to all other Users who are members of the same Team including the Manager and may also be made available to the Customer. Users are required to use the Team Chat solely for the purpose of using the Platform, as authorized by the Customer who is their employer, and as detailed in the End User License Agreement (EULA) available at: https://cympire.com/wp-content/uploads/2024/09/Cympire-EULA.pdf. In particular, Users are required: i) not to disclose the Personal Data of any other User on the Platform unless that other User has consented to such disclosure; and not to disclose the Personal Data shared by other Users while using the Platform any third party; ii) not to use the Chat for any personal or private conversations and iii) not to share on the Platform any Personal Data of their own or of another User which is not required for them to use the Platform for training and operate as a Team.
- Personal Data provided by Customers’ about Users
- If you have been provided access to the Platform through your workplace, this means that your employer has provided us with your name and email address.
- The Personal Data That We Collect Or Generate
- If you browse our Website and/or Platform, we may collect your Personal Data. This includes (by way of a non-exhaustive list): your computer’s Internet Protocol (IP) address and your Geo location through the use of “cookies”.
- For more information on our cookies and other means of tracking, please see our cympire.com/cookies-policy.
- When using the Platform, the User’s usage of the Platform and his/her performance on the cybersecurity training sessions on the Platform will be recorded. In particular, the system will automatically generate the User’s scores. The User and the Master will have access to this information.
- The Types Of Non Personal Data That We Collect Or Generate
- In addition to the categories of Personal Data described above, we will also process further anonymized information and data that is not processed by reference to a specific individual. We may collect this Non-Personal Data through the Website and Platform in the following ways:
- Information that your browser sends (“Log Data”). This Log Data may include, but is not limited to, non-identifying information regarding your device, operating system, internet browser type, screen resolution, language and keyboard settings, internet service provider, the web page you were visiting and information you search, etc.
- We may use automated devices and applications to evaluate usage of our Website. We use these tools to help us improve our Website, performance and user experience. We may also engage third parties to track and analyze data or provide other services on our behalf. Such third parties may combine the information that we provide about you with other information that they have collected from other sources. This Policy does not cover such third parties’ use of the data and such use is governed by such third parties’ privacy policies. For more information, please see Section 8 “Sharing Information With Others” below.
- Who can access and view a User’s Profile
- The Master appointed by a Customer will have access to the activity of the Users and to their details on the Platform including usernames, Nicknames, training activity and details of usage of the Platform and scores.
- A User can see the Nicknames and profile photos or avatars of other Users who are participating in a training session with the User, the Team scores and the scores of other Teams. All other User information is not available to other Users (except for Masters).
- How We Use Personal Data (Purposes Of Processing)
- Personal Data is used for the following primary purposes (as may be updated from time to time):
- to provide and operate the Website and Platform;
- to provide on-going customer assistance, technical support and maintain the Website and Platform;
- to provide service announcements and notices, promotional messages and market our services (in accordance with applicable laws);
- to enforce our End User License Agreement, policies and other contractual arrangements and prevent misuse of the Website and Platform; and to comply with court orders and warrants and to take any action in any legal dispute and proceeding;
- to study and analyze the use of the Website and Platform, to better understand your needs, both on an aggregated and individualized basis, in order to further develop, customize and improve our Website and Platform based on Visitors’ and User’s preferences, experiences and difficulties;
- to communicate with you and contact you to obtain feedback from you regarding the Website and Platform;
- to disclose to third party vendors, service providers, contractors or agents who perform functions on our behalf with respect to the Website and Platform;
- as otherwise authorized by you.
- We may use your email address to contact you including in order to send you reminders, promotional materials, offers and notices about the Website and Platform. At any time, you may choose (opt out) whether your Personal Data is to be used for sending such marketing materials. You may exercise your choice by contacting us at privacy@cympire.com.
- How We Use Non Personal Data (Purposes Of Processing)
- We use anonymous, statistical or aggregated information, which may be based on extracts of your Personal Data, for legitimate business purposes including for testing, development, improvement, control and operation of the Website and Platform.
- We may share such information with our third party providers such as vendors, service providers, contractors or agents who perform tasks on our behalf in connection with the Website and Platform. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you. We will share your Personal Data only subject to the terms of this Policy, or subject to your prior informed consent.
- We may use analytics tools provided by third parties, in order to help us understand Visitors’ and User’s behaviour on our Website, including by tracking page content, and click/touch, movements, scrolls and keystroke activities. The privacy practices of these tools are subject to their own policies and they may use their own cookies to provide their services. Further information about your option to opt-out of these analytics tools is available at our Cookie Policy available at cympire.com/cookies-policy.
- Sharing Information With Others
- We do not sell, rent or lease your Personal Data. We may share your Personal Data globally with our affiliates in the BSW group of companies, and with service providers and other third parties, if necessary to fulfil the purposes for collecting and Processing the information, such as cloud vendors, subcontractors providing us Processing services, etc. provided that any such third party will commit to protect your privacy as required under the Applicable Laws, in accordance with that third party’s obligations as Controller, Processor of Subprocessor of the information we share with it. If sharing your information involved transferring your Personal Data outside your jurisdiction, we shall do so in according to the terms of Section 10 “International Data Transfers” below.
- Additionally, a merger, acquisition or any other structural change may require us to transfer your Personal Data to another entity.
- We may need to disclose Personal Data in response to lawful requests by public authorities or law enforcement officials, including meeting national security or law enforcement requirements. We cooperate with government and law enforcement officials to enforce and comply with the law.
- Your Rights
- If you are a Visitor of this Website or a Business Contact, and if you are a User which is an individual Customer, Cympire is the Controller of your Personal Data processed by it. If you are a User who has been provided access to the Platform through your workplace by your employer who is our Customer, we are a Processor of your Personal Data. In all of the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. At any time, you may contact us at: privacy@cympire.com and request to know what Personal Data we keep about you. We will make good-faith efforts to locate the data that you request to access.
When you ask us to exercise any of your rights under this Policy and the applicable law, we may need to ask you to provide us certain credentials to make sure that you are who you claim you are, to avoid unauthorized disclosure to you of Personal Data related to others and to ask you questions to better understand the nature and scope of data that you request to access.
- If you are a User of the Platform, we shall forward your request to the Customer which is your employer or which you are otherwise engaged with. The Customer is the Controller of your Personal Data and therefore the entity which is authorized to decide if your request will be complied with. We will provide you with the information you request, if in our possession, subject to the written instructions of the Customer.
- We may redact, or may be requested by a Customer to redact, from the data which we will make available to you, any Personal Data related to others. In addition, we may delete information with or without prior notice to you if required by Applicable Laws.
- International Data Transfers
- We may store, process or maintain information in various sites worldwide, including through cloud based service providers worldwide. If we need to transfer your Personal Data outside your jurisdiction, we shall do so in accordance with Applicable Laws. If you are located in a jurisdiction where transfer of your Personal Data to another jurisdiction requires your consent, then you provide us your express and unambiguous consent to such transfer or the storage, processing or maintenance of the information in other jurisdictions by using the Website and/or Platform.
- Data Security
- We take the safeguarding of the Personal and Non Personal Data very seriously, and use a variety of industry standard systems, applications and procedures to protect the information from loss, theft, damage or unauthorized use or access. However, although we make efforts to protect your privacy, we cannot guarantee that the Website and Platform will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.
- We also regularly monitor our systems for possible vulnerabilities and attacks, and regularly seek new ways for further enhancing the security of our Website and Platform and protection of our Visitors’ and Users’ privacy.
- You should take steps to protect against unauthorized access to your device(s) and passwords by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password private. In addition, you should take steps to protect against unauthorized access to Personal Data stored on your premises as well as defining limited access rights to such information on a need to know basis.
- If you receive an e-mail asking you to update your information with respect to the Website or Platform, do not reply and please contact us at privacy@cympire.com.
- Data Retention
- We retain different types of information for different periods, depending on the purposes for processing the data. We may retain Personal Data for as long as necessary in order to support our legitimate business purposes, for example, for storing data, for documentation, for cyber-security management purposes, legal proceedings and tax issues.
- We may store aggregated Non Personal Data without time limit. In any case, as long as you use the Website and/or Platform, we will keep information about you, unless we are legally required to delete it, or if you exercise your rights to delete the information.
- Our Policy Toward Children
Our Website and Platform are not meant to be used by or for persons under 18, as such, we do not knowingly collect Personal Data from minors younger than 18. Insofar as Personal Data may be collected based on your consent, the data subject must be above the age of 16 (or above the age of 13 if this is the legal requirement in your country). If these age requirements are not met, you are required to obtain the consent of the parent or guardian to provide and process information in accordance with this Policy; lacking such consent, please do not use the Website or Platform.
INFORMATION FOR EU RESIDENTS:
- The Legal Basis For Use Of Personal Data
- We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we collected and need to use your Personal Data. In almost all cases the legal basis will be:
- To provide the content of the Website or Platform to Visitors.
- To fulfill a legitimate interest that we have as a business.
- Because you consented to us using the Personal Data for a particular purpose.
- More information on the basis of processing:
- Processing the Personal Data is required for taking steps at your request before entering into an agreement, for example: if you provide your details under “Contact Us” form, in order to inquire about our services, we will contact you and provide you the requested information.
- Processing the Personal Data is required for fulfilling our or a third party’s legitimate interests, for example: (1) we collect information about use of our Website and/or Platform in order to identify and prevent its abuse; (2) we use Personal Data to maintain and improve our Website and/or Platform by identifying Visitor and User usage trends and technical issues.
- You consent to the processing of Personal Data for one or more specific purposes, for example, to the extent that you consent, we will send you information about our services.
- We will only process your Personal Data where we have a legal basis to do so. The legal basis will depend on the purposes for which we collected and need to use your Personal Data. In almost all cases the legal basis will be:
- It is hereby clarified that the legal bases detailed above are the legal bases for actions to process Personal Data, carried out by us in accordance with the GDPR. If processing of Personal Data is subject to other Applicable Laws, then the legal basis for processing Personal Data may differ accordingly.
- Transfer Of Personal Data Outside the EEA
- If you are a Data Subject in the EU, and we envisage transferring your Personal Data to a third country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements, including in one of the following ways:
- the country that we send the data to might be approved by the European Commission as offering an adequate level of protection for Personal Data;
- the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obligating them to protect your Personal Data;
- where the recipient is located in the US, it might be a certified member of the EU-US Privacy Shield scheme; or
- in other circumstances the law may permit us to otherwise transfer your Personal Data outside the EEA.
- If you are a Data Subject in the EU, and we envisage transferring your Personal Data to a third country outside the EEA, we will ensure that it is protected and transferred in a manner consistent with legal requirements, including in one of the following ways:
- You can obtain more details of the protection given to your Personal Data when it is transferred outside the EEA (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as at privacy@cympire.com.
- Your Data Subject Access Rights
Note to our Data Subjects in the EU: We hereby inform Visitors from the EU (in this section “You”, “Your”), of the following rights (by virtue of the GDPR) with respect to the Processing of your Personal Data: · Right to rectification: if the Personal Data Processed by us is incorrect, incomplete or not Processed in compliance with Applicable Law or this Privacy and Cookie Policy, You may have the right to have your Personal Data rectified. · Right to erasure: under certain conditions, You may be entitled to require that we will delete or “block” your Personal Data (e.g. if the continued Processing of a specific data is not justified or if the lawful basis for Processing is consent). · Right to Portability: under certain conditions, You may have the right to transfer the Personal Data that you have provided to us between data Controllers (i.e. to ask us to transfer your Personal Data to another entity). · Right to object: where that lawful basis for Processing Your Personal Data is either “public interest” or “legitimate interests”, those lawful bases are not absolute, and You may have a right to object to such Processing. · Right to withdraw consent: If the Processing of your Personal Data is based on Your consent, You have the right to withdraw Your consent to such processing at any time. You may contact us at privacy@cympire.com. · The right to restrict Processing – under certain circumstances, You may have the right to object to the Processing of your Personal Data due to your particular situation. · Right to lodge a complaint: You have the right to lodge a complaint before the relevant data protection authority or Supervisory Authority of Your jurisdiction. If you are a Data Subject in another jurisdiction – other rights may apply and not all of the rights mentioned above may be applicable to you. To exercise these rights, where applicable, please contact us as detailed in Section 18 “Contact Us” of this Policy. |
- Changes To This Privacy Policy
- We may change the terms of this Privacy Policy from time to time by posting notice on our Website and/or Platform, with a seven (7) day advance notice. However, substantial changes will be effective thirty (30) days after the notice was initially posted. We will make an effort to inform you of substantial changes through the channels of communication generally used in such circumstances.
- If we need to adapt the Policy to legal requirements, the amended Policy will become effective immediately or as required.
- Your continued use of the Website and/or Platform following such notice shall constitute your consent to any changes made and a waiver of any claim or demand in relation to such changes. If you do not agree to the new or different terms, you should not use and are free to discontinue using the Website and/or Platform.
- Applicable Law And Dispute Resolution
- This Privacy Policy shall be governed by and construed in accordance with the laws of the State of Israel, without regard to its conflict of law provisions.
- The courts of the Tel Aviv-Jaffa shall have exclusive jurisdiction in all disputes and proceedings arising from this Privacy Policy.
- Contact Us
For further information about this Policy, please contact us at privacy@cympire.com.
If you have any concerns relating to this Policy, please contact us and we will make good-faith efforts to address your concerns. We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.
Copyright © 2024, Cympire All rights reserved.
Last Updated: September, 2024