Introduction
CyberRank ("we," "our," "us") provides automated online services to issue IISRI® external ratings. We are committed to safeguarding your privacy and protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in compliance with the New Zealand Privacy Act 2020, the General Data Protection Regulation (GDPR), and other applicable international privacy laws. By using our website, rating reports, and services, you agree to the practices outlined in this Privacy Policy.
Information We Collect
We collect personal data during your interactions with CyberRank, as detailed below:
2.1 Website
Cookies: We use cookies to enhance your experience, analyze website performance, and ensure compliance with our Terms and Conditions. Cookies store anonymized information and are retained on your device based on your browser settings. You can manage cookie preferences through your browser settings.
Usage Data: We may collect non-personal information about your use of our website, such as browsing history, IP address, and device information. This data is used for website analytics and to improve user experience.
2.2 CyberRank WebApp
Personal Information: To register and request rating reports, you must provide your first and last name, email address, and your organization's name. Upon signing up to CyberRank, the domain associated with your email is considered the organization you are a member of.
Use of Collected Information
We use your personal data to:
Disclosure of Information & Data Sharing
We do not disclose your personal information to third parties without your explicit consent, except in the following limited circumstances:
Legal Requirements: We may disclose your information when required by law, such as to comply with a court order, subpoena, or other legal process. We may also disclose information to protect our legal rights or interests.
Payment Processors: We may share your data with trusted third-party service providers (Stripe and PayPal) who process data on our behalf. These service providers are contractually obligated to maintain the confidentiality and security of your data.
We only share your data with these third parties for the purposes of providing and improving our services.
Data Retention
We retain your personal data for the period necessary to fulfill the purposes outlined in this policy or as required by applicable laws, including the New Zealand Privacy Act 2020 and the GDPR. We have data retention policies in place to ensure that data is deleted securely when it is no longer required (12 months). The retention period for different types of data may vary depending on the specific purpose and legal requirements.
Data Security
We employ a range of technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures may include:
Encryption
TLS 1.3, AES256, SHA512 to protect data during transmission.
Access Controls
Strong passwords and multi-factor authentication.
Security Audits
Regular audits and penetration testing.
Important Note: While we strive to ensure the security of your data, no method of transmission or electronic storage is completely immune from security risks.
Your Rights
We are committed to protecting your privacy and comply with the GDPR and the New Zealand Privacy Act 2020, which grant you certain rights regarding your personal data:
Access
You can access your personal information in the CyberRank dashboard or request copies of your personal data that we hold.
Rectification
You can correct any inaccurate or incomplete data about you in CyberRank or ask us to do it for you.
Erasure (Right to be Forgotten)
You can delete your personal data by closing the CyberRank account or request us to help.
Restriction of Processing
You have the right to request that we temporarily or permanently stop processing all or some of your personal data. This applies while we verify the accuracy of your data or the legitimacy of our data processing.
Objection
You can object to our processing of your personal data if we are relying on a legitimate interest (or those of a third party) and there is something about your situation that makes you want to object to processing on this ground. You can also object where we are processing your personal data for direct marketing purposes.
Data Portability
You have the right to request the transfer of your personal data to you or to a third party in a structured, commonly used, machine-readable format.
Profiling
You have the right to object to any automated decision-making, including profiling, which produces legal effects concerning you or significantly affects you.
Complaint
You can lodge a complaint with a supervisory authority if you believe our processing of your personal data infringes on data protection laws.
Withdrawal of Consent
If our processing of your personal data is based on your consent, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.
To exercise any of these rights, please contact us via our designated contact form or email address provided: DPO@iisri.com.
Policy Modifications
CyberRank may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make changes, we will let you know 30 days in advance by email. We will update the Effective Date at the top of this page. Please review this Privacy Policy periodically to stay informed about how we are protecting your personal data.
International Data Transfers
Your data may be transferred to countries outside of New Zealand or the European Union. We will take appropriate safeguards to protect your data in accordance with the relevant data protection laws.
Contact Us
For any questions, concerns, or requests regarding this Privacy Policy, please contact us through our contact form or email us at DPO@iisri.com.
Postal Address
17B Farnham St, 1052 Auckland, New Zealand