Privacy Policy
Who is 3Cyber-Sec?
3Cyber-Sec provides cyber security services to a wide range of organisations. We are committed to protecting the personal data we hold.
Personal data
Under the EU’s General Data Protection Regulation (“GDPR”) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
From time to time, 3Cyber-Sec may update this privacy notice to reflect changes to the personal data we process or for other operational, legal or regulatory reasons.
The date at the bottom of this notice indicates when the notice was last updated.
Why does 3Cyber-Sec collect and process personal data?
We collect personal data to offer and administer our services and products.
The data you provide to us will be processed in accordance with the purposes specified in this notice, namely:
- To provide the products or perform the services requested by clients and individuals (where the processing is necessary for our legitimate business interests in conducting and managing our business)
- To provide the products or perform the services requested by clients and individuals using our website (where the processing is necessary for our legitimate business interests in conducting and managing our business)
- For complying with obligations provided by laws, current regulations and Bulgarian or European legislation (e.g. tax regulations) (where processing is based on a legal obligation)
- For legitimate business purposes to advise you through e-mail, phone call, or post, in the framework of our ordinary commercial relationship, about other products or services similar to the products or services we have provided to you and that we think will be of interest to you (where the processing is necessary for our legitimate business interests)
- For marketing purposes. For example, we may use your information to further discuss your interest in the Services and to send you information regarding 3Cyber-Sec such as information about promotions, events, products or services.
- If you are located in Bulgaria or EU, we will only send you marketing communications and updates about our products, services and events with your prior consent, or based on our and your legitimate interests. In either case, you can withdraw your consent or opt-out or receiving such communications at any time.
- If you are not located in Bulgaria or EU, you may opt-out of receiving marketing communications and updates at any time.
- You can manage your receipt of marketing and non-transactional communications by clicking on the «unsubscribe» link located on the bottom of 3Cyber-Sec’s marketing emails or you may send a request to office@3cyber-sec.com.
- For improving 3Cyber-Sec’s communications with you. Emails sent to you by 3Cyber-Sec may include standard tracking, including open and click activities. 3Cyber-Sec may collect information about your activity as you interact with our email messages and related content.
- For security purposes. For example, we may use your data to protect 3Cyber-Sec and its third parties against security breaches and to prevent fraud and violation of 3Cyber-Sec’s applicable agreements (where the processing is necessary for our legitimate business interests).
- To assist in the monitoring of the website, enrich your user experience, and display relevant digital advertising, this data also includes online identifiers including IP addresses and web cookies.
3Cyber-Sec is committed to ensuring that the information we collect and use is appropriate for these purposes and does not constitute an invasion of your privacy.
Whenever 3Cyber-Sec processes your personal data for its legitimate interests, we make sure to consider and balance any potential impact on you and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish.
What personal data do we process?
The personal data we may collect and process relating to you through your use of this website includes:
- Name and job title
- Company name
- Email address
- Telephone number
- Postal address
- IP address
- Browser ID
- Marketing communication preferences
Any additional personal data that you chose to share with us will also be processed.
Clients and other Third parties who provide personal information to 3Cyber-Sec must do so in compliance with applicable data privacy regulations.
How data is processed
Personal data is processed both manually and electronically in accordance with the above-mentioned purposes and in compliance with current regulations. We permit only authorized 3Cyber-Sec employees and Third-Party processors to have access to your information. Such employees and Third-Party processors are appropriately designated and trained to process data only according to the instructions we provide them.
Storage of Personal Data and Retention Period
3Cyber-Sec will process and store your personal data only as long as necessary to fulfil the purpose that the data was collected for, taking into account legitimate business needs to capture and retain such information. Information will also be retained for a period necessary to comply with state, local, federal regulations, or country specific regulations and requirements, and in accordance with 3Cyber-Sec’s Document Retention Schedule.
Cookies
Like most business websites, 3Cyber-Sec’s uses web cookies to improve user experience. Cookies are small files that are placed on your system and assist 3Cyber-Sec in understanding how visitors use and browse our website.
You can set or amend your web browser controls to accept or refuse cookies. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of it may be restricted. As the means by which you can refuse cookies through your web browser controls varies from browser to browser, you should visit your browser’s help menu for more information.
Click here for more information about the cookies we use.
Disclosure/Sharing of Personal Data with Third parties
To help process your personal data for the purposes described in this policy, 3Cyber-Sec may entrust third party processers (“Third Parties”) or share data among 3Cyber-Sec affiliates who act for 3Cyber-Sec for the purposes set out in this notice.
3Cyber-Sec has contractual agreements in place with all the contracted Third Parties it works with in order to ensure your personal data is used only for the provision of the contracted services and in a manner that is consistent with this policy. Examples of Third Parties include CRM and marketing automation providers.
In instances where personal data is processed by Third Parties or affiliates outside of the EEA, we ensure that appropriate safeguards are in place to protect your information to the same or an equivalent level as would be found in Bulgaria and EU data protection legislation. The safeguards we use include:
- Ensuring the country is the subject of an EU adequacy decision
- Ensuring transfers are governed by the requirements of the Standard Contractual Clauses adopted by the European Commission or by another adequate transfer mechanism.
Where we receive requests to disclose personal data from law enforcement or regulators, we carefully validate these requests, including reviewing the legality of any order and challenging the order if there are grounds under the law to do so, before any personal data is disclosed.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – you have the right to access the personal information that we hold about you.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
- Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
- Right to judicial review: in the event that 3Cyber-Sec refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain (as outlined in the Complaints section below).
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data.
Please contact office@3cyber-sec.com to request the exercise of your rights.
Subject to legal considerations or certain exemptions, we may not always be able to address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way.
Requests received via post may be delayed due to limited office access during the COVID-19 pandemic. Please contact us by email to ensure your request is received in a timely manner.
Automated Decision Making
Automated decisions are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
3Cyber-Sec does not make automated decisions using personal data. If automated decisions are to be made, affected persons will be given an opportunity to express their views on the automated decision in question and object to it.
Providing Information to 3Cyber-Sec
If you choose not to provide certain personal information, it may be an impediment to the exchange of information necessary for the execution of the contract or provision of services. We may not be able to provide you with some services and you may not be able to participate in some of the activities on our website(s).
Third Party Websites or Other Services
We are not responsible for the privacy practices of any non-3Cyber-Sec operated websites, mobile apps or other digital services, including those that may be linked through 3Cyber-Sec websites or services, and we encourage you to review the privacy policies or notices published thereon.
Contact Us
Please contact us at 3Cyber-Sec with questions, concerns, or complaints:
Requests received via post may be delayed due to limited office access during the Covid-19 pandemic. Please contact us by email to ensure your request is received in a timely manner.
3Cyber-SEC Limited
Yan Huniyadi 37
9000, Varna, Bulgaria
Mobile phone: +359 898 239 053
office@3cyber-sec.com
Policy updates
From time to time, 3Cyber-Sec may update this privacy notice to reflect changes to the personal data we process or for other operational, legal or regulatory reasons.
The date at the bottom of this notice indicates when the notice was last updated.
Complaints
In the event that you wish to make a complaint about how your personal data is processed by 3Cyber-Sec, email us at office@3cyber-sec.com
If you are unhappy about how a complaint has been handled by 3Cyber-Sec, you have a right to lodge a complaint directly with the competent authorities in Bulgaria.
Last updated: 6th June 2021