GDPR Statement

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), adopted on April 27, 2016, is a regulation intended to strengthen and unify data protection for individuals within the European Union (EU). It also addresses the transfer of personal data outside of the EU. The primary objectives of the GDPR are to enhance EU residents’ control of their personal data and to simplify the regulatory environment for international business by imposing uniform data protection requirements on all EU members. The GDPR replaces the data protection directive (officially Directive 95/46/EC) from 1995 and is effective from May 25, 2018.

Cybercentry Limited is committed to compliance with the GDPR. Just like existing privacy laws, including the preceding data protection directive, compliance with the GDPR requires a partnership between Cybercentry Limited and our customers in their use of our services and products. Cybercentry Limited has reviewed the requirements of the GDPR, and is working to make enhancements to our services, products, documentation, and contracts to support our own compliance with the GDPR.

CYBERCENTRY LIMITED’S COMPLIANCE WITH THE GDPR

As a cyber security provider, data privacy and security is at the core of Cybercentry Limited’s business and something Cybercentry Limited takes very seriously. Cybercentry Limited remains committed to protecting personal data in compliance with the highest standards of privacy and security. Below is a high-level summary of Cybercentry Limited’s compliance with many of the key areas of the GDPR.

DATA PROTECTION

•           As the data processor, Cybercentry Limited will only process personal data on behalf of the data controller and on written authorisation from the data controller (i.e. through a contract or order).

•           Cybercentry Limited expects that its customers, as the data controllers, will notify their employees and users (i.e. the data subjects) of the processing carried out by Cybercentry Limited and will obtain their consent for Cybercentry Limited to do so.

•           Cybercentry Limited ensures the confidentiality and availability of the personal data that it processes, and that appropriate technical and organisational measures are taken to protect such personal data.

•           For the majority of Cybercentry Limited’s services and products, personal data is never stored by or accessible by Cybercentry Limited.

•           Logs are never stored in clear text.

•           Cybercentry Limited only allows access to personal data by personnel who are authorised administrators with appropriate privileges.

•           Cybercentry Limited does not process or store any personal data that is not needed to perform the contracted services on behalf of the data controller.

•           The personal data that Cybercentry Limited processes on behalf of the data controller will be accurate, complete, and kept up-to-date as much as technically possible.

•           Personal data will not be disclosed, made available, or otherwise used for purposes other than to perform the contracted services on behalf of the data controller, except as required by law.

•           All transfers of personal data outside of the European Economic Area (EEA) will only be done for the purposes of providing the contracted services to the data controller and will be subject to EU-US and Swiss-US Privacy Shield principles.

•           Cybercentry Limited retains Logs in its provided applications for rolling periods of at least six months, after which the Logs are securely purged.

•           At contract termination or expiration, the Logs will be purged pursuant to the six-month retention cycle, or as earlier requested in writing by the data controller.

•           Cybercentry Limited will make available to the data controller all information reasonably necessary for the data controller to demonstrate its compliance with the GDPR.

•           Cybercentry Limited will be accountable and responsible to ensure its own compliance under the GDPR.

SECURITY SAFEGUARDS

•            Cybercentry Limited protects personal data through reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification, or disclosure.

•           Cybercentry Limited performs robust security measures on its systems such as antivirus, firewalls, scheduled vulnerability scanning, penetration testing and security code peer reviews.

•           All Cybercentry Limited personnel who are authorised to process personal data have committed themselves (through employment and confidentiality agreements) to the confidentiality and security of personal data.

•           Cybercentry Limited is able to ensure ongoing confidentiality, integrity, availability and resilience of its processing systems and services, in addition to restoring real-time availability and access to personal data in a timely manner in the event of a physical or technical incident.

•           Cybercentry Limited has an internal process for regularly testing, assessing, and evaluating the effectiveness of the technical and organisational measures for ensuring the security of the processing of personal data.

•           Cybercentry Limited will notify the data controller without undue delay after becoming aware of a personal data breach and will assist the data controller in reporting to supervisory authorities and affected data subjects any personal data breaches.