Privacy Policy
Last Updated: 20 August 2024
Welcome to Cyber Compliance. We provide a range of services, including:
Consulting services to assist businesses and financial institutions in complying with critical EU frameworks, such as DORA and NIS 2, and global standards like ISO 27001 and ISO 42001;
The sale of compliance policy and procedure template packs (each a “Pack”) for various regulatory and industry standards;
Online training sessions, consultations, and other related services through www.cybercompliance.io (the “Website”), (altogether, the “Services”).
This Privacy Policy explains how we collect, use, disclose, and protect Personal Data in connection with these Services and how you can exercise your privacy rights.
We adopt the National Privacy Principles (NPPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Data. A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/privacy/australian-privacy-principles.
This Privacy Policy, together with our Terms & Conditions, form a legally binding agreement between you and us. Capitalised terms not defined in this Privacy Policy have the meaning given to them in the Terms & Conditions.
Please carefully read this Privacy Policy because it affects your rights under the law. By using the Services, you confirm that you understand and agree with this Privacy Policy. If you do not agree, you may not use the Services.
1. Personal Data
1.1. The Privacy Act defines “Personal Data” as information or an opinion about an identified individual or an individual who is reasonably identifiable. Personal Data collected in connection with our Services may include, but is not limited to, your name, phone number, job role, country of residence, IP address, email address, and any other data you provide during the use of our Services.
1.2. Our policy is to minimise the amount of Personal Data that we collect. We only collect Personal Data that is adequate, relevant, and limited to what is reasonably necessary for the purposes for which it is processed.
2. Collection of Personal Data
2.1. We collect Personal Data that you provide to us directly when you use our Services, including data necessary to create an account, purchase compliance template packs, or engage with our consulting services. The types of Personal Data collected may include your name, phone number, job role, country of residence, IP address, email address, and other relevant information. (“Account Data”).
2.2. We use Account Data to set up and verify your Accounts and whenever required for your use of the Services.
2.3. If you opt not to provide any Account Data or not register for an Account, you may only browse limited pages of our Services.
2.4. We do not collect sensitive personal information.
2.5. We do not collect or store information of third-parties. If you enter, upload, and/or otherwise provide us with the Personal Data of any person other than you, please notify us so that we can ensure that we can provide them with the information required by the Privacy Act.
3. Non-Personal Data
3.1. Non-Personal Data is information that does not personally identify a person but may include tracking information about your use of the Services, such as device type, location, demographics, and analytics data. This information helps us improve our Services and enhance your experience.
4. Use and Process of Data
4.1. We use information only for the reasons they are collected. We process information only for the purposes specifically stated in this Privacy Policy. We process the information we collect about you for the purposes set out below:
4.1.1. Provide the Services. We use the Personal Data you provide to operate and maintain our Services, including consulting engagements and the delivery of compliance template packs.
4.1.2. Data analytics. We use information about your interactions with our Services to help us improve the user experience and refine our offerings, including aggregate metrics that allow us to observe engagement and optimize our communications.
4.1.3. Communicating with you. We use your contact information to communicate with you about critical elements of the Services, including technical issues, security alerts, administrative matters, and updates related to your consulting engagements or template purchases.
4.1.4. Security measures. We use Non-Personal Data to monitor activity that we think is suspicious or potentially fraudulent, and to identify violations of this Privacy Policy.
4.1.5. Matters that you specifically consent to. Matters that you specifically consent to. From time to time, we may seek your consent to use your information for particular purposes related to our Services, such as case studies, testimonials, or feedback.
4.2. We will not process Personal Data that was collected in a manner incompatible with these purposes. We never sell Personal Data.
5. Sharing of Data
5.1. Our Affiliates. We share Personal Data with our affiliates that are involved in providing or supporting our Services. These affiliates are either subject to this Privacy Policy or adhere to practices that are at least as protective as those described herein.
5.2. Third-Party Service Providers. We employ third-party service providers to perform functions on our behalf, including payment processing, data analysis, customer support, and the facilitation of our Services. These providers have access to Personal Data as needed to perform their functions, but they are not permitted to use it for other purposes. We use Calendly to facilitate meeting bookings through our website. Calendly may collect Personal Data, such as your name, email address, and other contact details, as part of the scheduling process. The collection and processing of such data are governed by Calendly’s Privacy Policy. For more information on how Calendly handles your data, please review their Privacy Policy here https://calendly.com/privacy.
5.3. Payment Supplier. Your payment information is stored and processed by Stripe, PayPal or other third-party payment service providers that we use on the Services (each, a “Payment Supplier”). For more information about their privacy practices, please see https://stripe.com/privacy and https://www.paypal.com/myaccount/privacy/privacyhub. We do not have and will never have access or control to your payment information. The Payment Supplier will only be provided with access to your information as reasonably necessary for the purpose for which we have engaged the Payment Supplier.
5.4. Merger, Acquisition or Reorganization. We may share or transfer your Personal Data to third-parties in connection with any merger, acquisition, reorganization, financing, sale of assets, bankruptcy, or insolvency event involving us or any portion of our assets, services, or businesses. If your Personal Data will be shared, transferred, or handled differently than under the privacy practices in this Privacy Policy, we will notify you through email and/or the Services.
5.5. Authorities. We will use or disclose your information when we reasonably believe that it is necessary (a) to comply with the law and the reasonable requests of law enforcement, (b) to enforce our Terms & Conditions, and/or (c) to exercise or protect our rights, property, or personal safety, of our users, or of other persons.
5.6. We do not use or share aggregate or anonymized Personal Data unless it is necessary for the improvement of our Services or to comply with legal requirements.
6. Security of Personal Data
6.1. We implement appropriate technical and organizational measures to protect Personal Data processed in connection with our Services against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include encryption, access controls, and regular security audits.
6.2. We have prepared a response plan for addressing data breaches that may occur and have allocated responsibility for managing breaches to a relevant individual or team. We will notify you of any data breach that may affect you where we are required to do so under our legal obligations.
6.3. However, no system is 100% secure. We cannot ensure or warrant the security of any information you transmit through the Services or guarantee that information on the Services may not be accessed, disclosed, altered, or destroyed.
7. Storing, Retention, and De-Identification of Personal Data
7.1. We retain Personal Data only for as long as necessary to fulfill the purposes for which it was collected or as required by applicable law. This includes data retention related to consulting services and the purchase of compliance template packs.
7.2. If any applicable data protection law requires us to retain the Personal Data for longer than necessary, we will notify you of that requirement and use only such retained Personal Data for the purposes of complying with those applicable laws.
7.3. Where applicable law permits, we will take reasonable steps to de-identify and store Personal Data in a manner that prevents re-identification, particularly in relation to data from consulting engagements.
8. Transfer of Personal Data
8.1. Provided that we comply with the provisions of the Australian Privacy Principle 8 (Cross-border disclosure of Personal Data), your information collected through the Services may be stored and processed in Australia, the EU, the United States, and any other countries where we or our subsidiaries, affiliates, or service providers involved in supporting our Services maintain facilities or employ staff or contractors. As a result, we may transfer information, including Personal Data, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction. Nevertheless, we always take steps to ensure that your information remains protected wherever it is stored and processed in accordance with applicable laws.
8.2. Where required under applicable laws, by using the Services, you consent to the transfer of information to Australia and any other country in which we or our subsidiaries, affiliates, or service providers maintain facilities. Further, by using the Services, you consent to the use and disclosure of information about you as described in this Privacy Policy.
9. Your Rights
9.1. Subject to applicable data protection laws, including but not limited to the Privacy Act 1988 (Cth) and EU’s General Data Protection Regulation (GDPR), you have the following rights with respect to your Personal Data processed in connection with our Services:
9.1.1. to access, correct, or erase;
9.1.2. to restrict the processing;
9.1.3. to object to the processing;
9.1.4. to data portability;
9.1.5. to withdraw consent;
9.1.6. to lodge a complaint with the appropriate supervisory authority;
9.1.7. to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or it similarly significantly affects you.
9.2. If you want to exercise any of your rights, please contact us at support@cybercompliance.io. We will handle all such requests per our legal obligations.
9.3. In some circumstances, we will not be able to comply with your request regarding your Personal Data. If we are unable to remove any of your information, we will explain why. For example, we may not be able to provide a copy of your information where it infringes on the rights of another user. In that case, we will not be able to delete the information, and you will need to contact that third-party directly.
9.4. If, as a result of the exercise of the above rights, it would not be possible or practical for us to continue providing you the Services, we may terminate your Account.
10. Complaints
10.1. If you believe there has been a breach of your privacy or would like to make a complaint regarding our Services, please contact us directly via our website's Contact Us page or at the following email: support@cybercompliance.io
10.2. If you are not satisfied with the outcome of a complaint, or if you are concerned about a potential violation, you also have the option to report the issue or make a complaint to the data protection authority in your jurisdiction. You may refer the complaint to the Office of the Australian Information Commissioner (OAIC), which can be contacted at Address: GPO Box 5218, Sydney NSW 2001, Phone: 1300 363 992, Email: enquiries@oaic.gov.au.
11. No Spam Emails
11.1. We do not send “junk” or unsolicited emails in contravention of the Spam Act 2003 (Cth). We will, however, use email in some cases to respond to inquiries or contact our users. These transaction-based emails are automatically generated. If you want to opt out of any communications from our Services, please notify us using our Contact Us page.
12. Marketing and Opt-Out
12.1. We may send you information about our Services, including consulting offerings and compliance template packs, that we believe may be of interest to you. You have the right to opt-out of receiving these communications at any time.
13. Links to Third-Party Websites and Services
13.1. If you share Personal Data with third-parties linked on the Services, the use of your Personal Data will be governed by their privacy policies.
13.2. We are not responsible for the information, content, or practices of sites or services linked to or from the Services. When you use a link to go from the Services to another site, our Privacy Policy does not apply to their third-party sites or services, and your browsing and interaction would be subject to the third-party’s own rules and policies. You acknowledge that we are not responsible for, and we do not exercise control over any third-parties that you authorize to access your Personal Data.
14. Cookie Policy
14.1. Cookies are small data files containing an identifier (a string of letters and/or numbers) that is passed from the web server to the user’s web browser when visiting a site. A cookie remains valid until its expiration date, unless the user deletes (“clears”) the cookies from the browser. The Services uses different types of cookies and tracking technologies.
14.2. Technical Cookies. The Services uses cookies for the technical requirements and functionalities, such as for operating it, authenticating your logins, and granting you access to your Account.
14.3. Functional Cookies. The Services use cookies to tailor your interactions within the Services so we can provide you with a better user experience. For example, we use cookies to remember your previous selections or choices.
14.4. Tracking Cookies. The Services uses cookies and various tracking technologies to automatically collect analytics data and information about the device that you use to access the Services, IP address, browser type, date, and time associated with each open and click and other information regarding your computer system, activity, and connection when you use the Services. We also collect information regarding the performance of the Services, including metrics related to communication deliverability, such as emails and other electronic communications you send through the Services. This data is usually viewed in aggregated form to provide general behaviours of the users.
14.5. Web Beacons or Clear GIFs. Web beacons are tiny graphic files that contain unique identifiers typically used by third-parties to monitor the activity of users at a website. We use web beacons to recognise whether the emails sent from the Services have been delivered, opened, clicked on, bounced, or spammed. This critical function allows us to measure the performance of the emails sent from the Services, track the online usage patterns of our users, provide analytics information, gather more accurate reporting, and enhance the effectiveness of the Services.
15. Cookies on the Platform
15.1. First-Party Cookies. First-party cookies are the ones we directly serve to your computer or device. The cookies that we use do not typically contain any Personal Data that can identify you. Still, the Personal Data that we store about you on our Services may be linked back to your cookie information.
15.2. Third-Party Cookies. Third-party cookies are cookies set by other parties. Third-party cookies enable additional features or functionalities to be provided by third-parties on or through the Services (such as added functionality, usability improvements, analytics, and recognising your computer or device). We host the Website on Squarespace. For more information about the privacy and cookie policies of Squarespace, please check https://www.squarespace.com/privacy.
16. Managing Cookies
16.1. You have the right to decide whether to accept or reject cookies. Most browsers allow you to refuse to accept cookies and delete or “clear” cookies. While the methods for doing so vary based on browser and version, you can review current information from your browser’s help menu for more information.
16.2. Depending on your type of device, it may not be possible to delete or disable tracking mechanisms on your mobile device. Blocking all cookies will negatively impact, or in some cases, disable features of many websites, including our Services.
16.3. If you have disabled one or more cookies, we will stop using the disabled cookie to collect any further information. Still, we will use the information that we have previously collected.
17. Do Not Track
17.1. Some browsers include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Services do not currently respond to “DNT” signals. We will continue to monitor developments around DNT browser technology and the implementation of standard signals. To learn more about “DNT”, please visit All About Do Not Track (https://allaboutdnt.com/).
18. No Personal Data from Children
18.1. The Services are not directed at children. We do not knowingly collect or solicit Personal Data from children. If we learn that we have collected Personal Data from a child, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child, please contact us at support@cybercompliance.io.
19. Changes to this Policy
19.1. We may periodically update this Privacy Policy to reflect changes in our Services or to ensure compliance with applicable laws. The most recent version will always be available on our website, and we recommend that you review it regularly.
20. Contact Us
20.1. If you have any questions about these Terms or the Services, please visit our Contact Us page on the Website or reach out to us via email at support@cybercompliance.io