Privacy Policy
At CyberSSS, we respect your privacy and are committed to ensuring that your personal data is protected. This privacy policy sets out how CyberSSS Inc. (“CyberSSS”, “we” or “us”) uses and protects the information that you provide to us when you use our Cyber Intelligence System or City of Hats Platform services (the “Services”), as further described in our Terms of Use, and when you visit our website. This privacy policy governs your access to the Services (available through our website, APIs or third parties) regardless which part of the Services you are using.
CyberSSS is the data controller of any processing of your personal data, unless otherwise stated in this privacy policy. For the general terms and conditions applicable to our Service, please see our Terms of use.
THE TYPE OF DATA WE COLLECT
We collect your personal data when you (i) register a user account, (ii) use our Service, (iii) sign up as a Freelancer, (iv) interact with us e.g. in technical support matters, via marketing activities or events, and/or (v) visit our website. Such personal data will include your name, company name, e-mail address, telephone number, payment details, IP address, and other information that you voluntarily provide us. For more specific information on what type of personal data we collect in each processing activity, see below.
Your use of the Services will generate reports, dashboards or files containing information regarding your web application, website, API Endpoint, mobile application, source code, etc (i.e. the target that you choose to scan with our Services). All such information generated as part of the Service will be stored by CyberSSS for the purpose of making the data available to you. The information may be deleted by you at any time. Such data may include personal data, if the Service gets access to such data during security testing. On such occasions, CyberSSS acts as a data processor, acting on your behalf (and thus not as a data controller).
Below you can read more on the purpose and legal basis for our processing of the personal data we collect.
OUR PURPOSES, LEGAL BASES AND STORAGE PERIODS
User account
Purpose of processing: When you register a user account, we will process your personal data to provide and administrate that user account. If you have a shared account, please note that the administrator of the account may be able to e.g. access, disclose and change information connected to the account.
Categories of personal data: Name, Company Name, Website Domain, E-mail Address and Company Address.
Legal basis for processing: The processing is necessary for the performance of our contractual obligations towards you regarding the user account (since we have agreed to provide you with that).
Storage period: We store and process the personal data for as long as your user account is active, unless applicable laws or regulations obliges us to continue the processing for a longer period, e.g. accounting legislation.
Use of the Service
Purpose of processing: When you use the Service, we will process your personal data. This personal data will to some extent be automatically collected based on your use of the Service, in order for us to provide the Service to you in accordance with our agreement (including administering and personalizing your use of the Service).
Categories of personal data: IP-address, the website visited before you came to CyberSSS’s websites, information on your search for the CyberSSS related websites, identification numbers associated with your devices, your mobile carrier, browser type local preferences, date and time stamps associated with your transactions, system configuration information, metadata concerning your files and other interactions with the Service.
Legal basis for processing: The processing of your personal data for this purpose is that it is necessary in order for us to deliver the agreed functionality of the Service to you. If you have registered an account on behalf of your employer, the legal basis for the processing is that it is necessary for our legitimate interest to conduct business with your employer.
Storage period: We store and process the personal data for the period necessary for us to be able to fulfill our contractual obligations, unless applicable laws or regulations obliges us to continue the processing. The storage period may thus vary depending on the term of the contract.
Sign up as a Freelancer
Purpose of processing: When you apply to become a freelancer member and gain access to the web-based or mobile platform, CyberSSS will process your personal data in order to administer your membership and provide you access to the platform.
Categories of personal data: The personal data processed for this purpose include your contact details, your application, and other type of information you provide us with. If you participate in interviews, the information collected in relation to such interviews may also be stored and processed by us (e.g. recordings).
Legal basis for processing: The data processing is necessary for the fulfillment of our contractual obligations regarding your membership, and the management of the freelancing platform. The data processed during and in connection to any interview is based on our legitimate interest of improving our platform.
Storage period: The personal data processed is stored for as long as the original purpose for collecting the personal data remains valid.
Communication and support matters
Purpose of processing: When you interact with us via our website, social media or via our marketing activities, we process the personal data you provide us with in order to communicate with you and, if requested, provide support relating to our Services or websites.
Categories of personal data: We will process the personal data you provide us with within the scope of the interaction, which typically includes your name, contact details, skills, knowledges and, if relevant, data related to the support matter.
Legal basis for processing: To the extent the support request is related to your use of the Service, the processing is necessary for the fulfillment of our contractual obligations regarding the provision of the Service. Processing of personal data in other types of interactions is based on our legitimate interest to communicate with you and/or provide you with support.
Storage period: We store and process your personal data for the period necessary for us to interact with you and provide the requested support. We may continue to store and use your data if we have any outstanding commitments to you, or if we are prevented from deleting them for other reasons (e.g. legal requirements or to safeguard our legal interests).
Marketing activities
Purpose of processing: We will process your personal data in order to send out direct marketing, new features and other types of commercial communications. In some cases, our direct marketing may be customized based on profiling, which means that we will customize the advertisement you receive based on information you provide to us, such as role, skills and expertise.
Categories of personal data: The personal data include your name and contact details as well as interests and expertise, website usage and on rare occasions meal preferences.
Legal basis for processing: The processing is necessary for our legitimate interests to maintain good customer relations and inform you about our business and services. If you are using our Service as a private individual (i.e. not acting on behalf of a company, as an employee or otherwise), any direct marketing activities will be subject to your consent.
Storage period: You may opt-out or unsubscribe from our commercial communications at any time. In such case we will no longer process your personal data for this purpose. Unless there is another legal basis for keeping your data (such as an active user account), we will also erase your personal data.
Analysis and improvements
Purpose of processing: We may use personal data to develop and improve our Services and/or our websites by monitoring and analyzing your use, and when we request your feedback. For more information on our use of cookies on our websites, see Cookie Policy.
Categories of personal data: During your use of our Services, we collect usage-based activity data (e.g. frequency of usage, activated functionality) to create an aggregated analysis of our customers’ usage pattern. When you visit our websites, we will process e.g. IP-number and other pseudonymised data when possible. When we request and receive your feedback, we process your name, contact details, customer ID, user behavior and support data.
Legal basis for processing: For data collected via cookies in our Service or on our website, the legal basis for the processing is your consent provided to us in our cookie banner. As for data processing within the scope of feedback, the legal basis is our legitimate interest to develop and improve our Service.
Storage period: We process your personal data for the period necessary for us to fulfill the purpose. We will anonymize all personal data where this is technically possible. When your personal data has been anonymized, it will no longer be considered personal data under applicable data protection laws.
SHARING OF YOUR PERSONAL DATA AND INTERNATIONAL TRANSFERS
To fulfill the purposes described above, CyberSSS may need to share personal data with our suppliers when they perform services on our behalf. Such suppliers mainly provide us with IT systems and communication, support, maintenance, and/or storage services. These suppliers act as our data processors when they get access to your personal data and we have entered into data processing agreements with each supplier with the purpose of ensuring that your data is well protected.
We also share your personal data with certain trusted third-party companies which will act as controllers of your personal data. Such controllers mainly provide us with payment and/or billing services. When your personal data is shared with other controllers, they will be responsible for your personal data and we refer to them for more information on how they process your personal data. We may need to disclose personal data based on requirements in applicable laws or by government authorities or law enforcement.
Personal data may be disclosed and otherwise transferred to an (whether actual or prospective) acquirer, successor or assignee as part of any merger, acquisition, debt financing, sale of assets, or similar transaction, as well as in the event of an insolvency, bankruptcy, or receivership in which information is transferred to one or more third parties as one of our business assets and only if the recipient commits to a privacy policy that has terms substantially consistent with this privacy policy. Although we would make any reasonable effort to limit the disclosure, such disclosure could potentially include all of the above mentioned categories of personal data, and would be based on the legitimate interest of the buyer and seller to conduct business. We will make sure to inform you if any such asset transfer entails that CyberSSS is replaced as controller of your personal data.
The data processors and/or the third parties that we share the data with may process your data in countries outside of Canada (more specifically in the USA). Any transfer of personal data outside of Canada is made in accordance with applicable data protection laws. Our international transfers of personal data (including transfers to our group companies and suppliers outside of Canad are based on the Office of the Privacy Commissioner of Canada’s standard contractual clauses and, if necessary, any supplementary measures to ensure the protection of your data. You may find the Office of the Privacy Commissioner of Canada’s standard contractual clauses here (link: https://www.priv.gc.ca/en/for-businesses/).
YOUR RIGHTS
You are entitled to the following rights under applicable data protections laws:
The right to access: You are entitled to receive certain information on our processing of your personal data. Such information is provided in this information document. Further, you have the right to receive a copy of the personal data we process relating to you. Upon request, we will provide a copy of your personal data in a commonly used electronic form.
The right to rectification: You are entitled to obtain rectification of inaccurate personal data and to have incomplete personal data completed.
The right to erasure (“right to be forgotten”): You may under certain circumstances request us to delete your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.
The right to restriction of processing: You may under certain circumstances request us to restrict the processing of your personal data. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.
The right to data portability: You are entitled to receive your personal data (or have your personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format.
The right to object: You are entitled to object to certain processing activities conducted by us in relation to your personal data, such as our processing of your personal data based on our legitimate interest. The right to object also applies to processing of your personal data for direct marketing purposes. Please note that this right is not unconditional. Therefore, an attempt to invoke the right might not necessarily lead to an action from us.
Please be aware that you may review, update, correct or delete the personal data provided in your registration or account profile by changing your “Settings”.
You also have the right to lodge a complaint with the applicable supervisory authority. In Canada, The Office of the Privacy Commissioner of Canada (OPC) is the Canadian Authority for Privacy Protection (https://www.priv.gc.ca/).
CHANGES TO THIS PRIVACY POLICY
If we change how we handle your personal data, we will update this privacy policy and publish it on this website.
COMPANY INFORMATION
If you have questions concerning our processing of your personal data, or want to invoke your rights, you may contact us at:
CyberSSS Inc.
365 Rue Sainte-Catherine Est, Suite 197
Montreal, QC H2X 3X2
Email: admin@cybersss.com