Privacy policy

Privacy Policy

Introduction

At CyberNest, we respect your privacy and are committed to protecting the personal information you provide to us. This privacy notice explains how we collect, use, store, and share your personal data when you interact with our website and services. Our practices are in full compliance with the EU General Data Protection Regulation (GDPR)and Cyprus Processing of Personal Data Law 125(I)/2018.

1. Information We Collect

Directly from the Website:
We collect personal information such as your name and email address when you voluntarily provide it via our contact forms or newsletter sign-up.
During Recruitment:
If you apply for a job through our recruitment services, we collect additional data such as your CV, including your address, work history, and educational background, either through our website or during interviews.
For Phishing Simulation Services:
To perform phishing simulations, we may collect IP addresses and any other necessary technical data required for the delivery of the service.

2. How We Use Your Information

We process personal data for the following purposes:

Cybersecurity Recruitment:
To assess your application for roles and match your qualifications with job openings.
Phishing Simulations:
To execute phishing simulation campaigns aimed at improving cybersecurity awareness within organizations. Personal data, such as IP addresses, is used strictly for the functioning of these campaigns.
Cybersecurity Awareness and Education:
To provide awareness services that help businesses and individuals better understand and protect against cybersecurity threats.

3. Legal Basis for Processing

We rely on the following legal grounds for processing your data:

Consent: When you voluntarily provide personal information (e.g., by signing up for our services).
Legitimate Interest: For our business operations, including recruitment, cybersecurity services, and internal administrative purposes.
Compliance with Legal Obligations: In cases where we are required by law to process or retain certain data (e.g., for tax or accounting purposes).

4. Data Retention Policy

We retain personal data for as long as is necessary to fulfill the purposes described in this policy, or as required by law. Generally, this means:

For website inquiries and services: We retain personal data no longer than 2 years after the completion of a service or inquiry unless a longer retention period is mandated by law.
For recruitment: We will retain CVs and related personal information for up to 2 years, unless we are legally required to retain the data for a longer period.
For phishing simulations: Technical data such as IP addresses is kept only for the duration of the campaign and deleted upon its completion unless legal obligations require longer retention.
When your personal data is no longer required, we will either securely delete or anonymize it. If deletion is not immediately possible (e.g., because it is stored in backup archives), we will ensure that it is isolated and protected until eventual deletion.

5. Sharing Your Information

We may share your personal information with trusted third-party service providers, but only under the following circumstances:

Cloud Storage Providers: We use cloud services to securely store your data.
Third-party Vendors: For operational and administrative purposes, such as managing databases, conducting recruitment processes, or carrying out phishing simulations.

We require all third-party providers to comply with the GDPR and Cyprus Law 125(I)/2018, ensuring that they implement adequate safeguards to protect your personal information.

6. Data Security

We implement a variety of technical and organizational security measures to protect your personal information from unauthorized access, misuse, alteration, or disclosure. These measures include:

Encryption of data in transit and at rest.
Regular security audits and access controls.
Limiting access to your personal information to employees and contractors who need the data to perform their duties.

7. International Data Transfers

If your personal data is transferred outside of the European Economic Area (EEA), we will ensure that the recipient provides adequate protection, such as compliance with the EU-U.S. Privacy Shield, standard contractual clauses, or binding corporate rules in accordance with GDPR.

8. Your Rights Under GDPR

As a data subject, you have the following rights under GDPR and Cyprus Law:

Right of Access: You can request access to the personal data we hold about you.
Right to Rectification: You can ask us to correct inaccurate or incomplete data.
Right to Erasure ("Right to be Forgotten"): You can request the deletion of your data when it is no longer needed, or when the processing is unlawful.
Right to Restrict Processing: You can ask us to limit the processing of your data in certain circumstances.
Right to Data Portability: You can request a copy of your personal data in a machine-readable format for transfer to another service provider.
Right to Object: You have the right to object to processing based on legitimate interest or direct marketing.

To exercise any of these rights, please contact us at [email protected]

9. Updates to this Privacy Policy

We may update this privacy policy from time to time in response to legal, technical, or operational developments. When we update our privacy policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. The "Last Updated" date at the top of this privacy policy will indicate when it was last revised.

10. Contact Us

If you have any questions about this privacy policy or our data practices, you can contact us at:

[email protected]
+357 97808746