Cyren's Privacy Policy

Last Updated: April 2018

Cyren Ltd. and our subsidiaries (“Cyren”, “we”, and “us”) are committed to protecting your personal data. This Privacy Policy is intended to help you better understand how we collect, process and disclose your information which we collect when you access or use our websites (the “Websites”) and products and services  (together, the “Services”) and also explains the rights available to you in respect of your personal data. If you or your organization subscribe to any one of Cyren’s Services pursuant to a subscription or other agreement with Cyren, the terms of that agreement may contain different or additional privacy-related terms. This Privacy Policy incorporates by reference the most current versions of our Website Terms of Use (available at: https://www.cyren.com/terms-of-use).

Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes to our information practices. The date this Policy was last revised is noted at the top of this Privacy Policy. If we make any material changes we will notify you by email (sent to the e-mail address specified in your account) or by means of a notice on the Websites prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Privacy Shield

Cyren complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, retention of personal data transferred from European Union member countries to the United States. Cyren has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about Privacy Shield, and to view Cyren’s certification, please visit http://www.privacyshield.gov/US-Business.

It is important to note, however, that Cyren’s Websites and Services may be operated via servers situated in the United States and elsewhere. If you are located outside of the United States, please be aware that any information which you supply to Cyren (including, without limitation, personal information (e.g., your name, phone number, email address, etc.) may be transferred to, processed, and used in the United States and elsewhere. By accessing and/or using any of the Websites and/or Services provisioned by Cyren, you irrevocably and unconditionally consent to the transfer, processing, and use of such information in accordance with this Privacy Policy. Cyren accepts full accountability and responsibility for the protection of your personal information, according to the applicable privacy legislation, the EU-U.S. Privacy Shield and this Privacy Policy, during the course of any onward transfers.

Information We Collect and How We Use It

Legal basis for processing personal data

Our legal basis for collecting and using personal data will depend on the personal data in question and the specific context in which we collect it.

We will generally collect personal data from you only in order to perform a contract with you. We may collect and process your personal data if it is in our legitimate interests to do so, except where such interests are overridden by your interests or fundamental rights and freedoms which require protection of personal data. If we process your personal data in connection with our (or third parties’) legitimate interests other than as described in this Privacy Policy, we will disclose to you such legitimate reasons.

Where the processing of personal data is necessary and there is no legal basis for such processing, we will generally obtain your consent. In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of third parties.

Information You Provide to Us

When you use our Websites or Services, or you otherwise communicate with us, we may ask you to provide certain personal data voluntarily, including but not limited to your name or company name, company position, postal address, phone numbers, email address, etc.

Although you may generally use our Websites without providing us with any personal information, there are certain applications and features available on our Websites which you may desire to use and gain access to and which will require you to voluntarily share with us your personal information. Such applications and features may include (but are not limited to): (i) registering to receive marketing materials, white papers and newsletters; (ii) registering to participate in online web seminars or other sponsored events; (iii) using interactive features or online tools; (iv) entering into trials for use of our Services, and/or (v) submitting enquiries to us. We use this personal information to create and administer your account, send you the requested marketing materials and/or regular marketing communications (subject to applicable consent requirements), provide you with the products and services you request and/or to respond to your enquiries.

The information you submit to Cyren’s Websites is stored in one or more databases which enable you to return without re-registering as well as for sales and marketing purposes. Your “logged-in” status may be saved in your browser via a cookie (please see below for further explanations). Either way, the personal information that you submit will be saved by Cyren in order to enable your use of such features.

We also receive certain human resources information from our employees worldwide for the purpose of managing the employment relationship. We handle this information in accordance with our internal corporate policies which are consistent with this Privacy Policy. Information we receive from potential candidates (such as CVs) will be used to assess such candidate’s application and may be kept by us (unless requested otherwise by a candidate).

Information We Collect through Automatic Tracking Technologies

When you use our Websites or Services, we may collect certain data automatically from your computers or devices. The information we collect automatically may include your IP address, device type, operating system details, unique device identification numbers, browser type, browser language and other technical information. We may also collect data about how your device has interacted with our Websites or Services including data about the pages you view and the links you click.

Like many websites, Cyren uses automatic data collection tools, such as cookies, embedded web links, and web beacons. “Cookies” are small data files that are written to and stored on your hard drive when you visit a website; they do not read files on your hard drive.

We use data and information received from our cookies to improve and customize a user’s experience of our Websites and Services (for example, we may provide features or advertisements that match your interests and preferences). We also use such data for marketing research purposes, to improve the Website’s content and structure, to potentially revise or restructure our sites for easier and more intuitive movement throughout. We may also use the information to evaluate our Website’s technical capacity in order to improve it.

Most web browsers automatically accept cookies, but you can modify your browser setting to decline cookies by visiting the Help portion of your browser's toolbar. Our Websites allow the user to be notified upon the proposed installation of cookies and the user can then disable the cookies. If you disable cookies, you may continue to use our Website, however, some features may not be available (such as offers regarding Services).

Currently, the data and information we collect with cookies is reviewed in an aggregated form, which is not personally identifiable. We may also correlate the data and information received from cookies with personally identifiable information, to identify specific users and track their website usage. In such a case, we would treat the combined information in accordance with this Privacy Policy.

We and our service providers may employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs/Pixel Tags), that help better manage content on our site by informing us and our service providers what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We and our service providers tie the information gathered by clear gifs to our customers’ personally identifiable information.

When corresponding with you via HTML capable e-mail (for example by sending you marketing emails), we may use "format sensing" technology, which allows pixel tags to let us know whether you received and opened our e-mail. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out and unsubscribe to these emails, please see “Choice and Opt-out”.

Information collected through our Services

We use information that we collect from our Services mainly to provide you with access to the Services and to operate and maintain the Services for your personal usage. We use the information in order to monitor the performance and effectiveness of the Services, monitor compliance with our terms and conditions and enable compatibility with third party operating systems/products/services. We may also use such information in order to further improve and expand our Services, determine product/service/feature lifecycles, conduct spam and threat research, address troubleshooting issues, generate statistics and trend analysis.

Cyren also come into contact with end user personal data when such data is collected and received by Cyren’s enterprise clients and then made available to us through our products and services. In some cases Cyren may simply be processing this data on behalf of its customers, and in other cases we may need to interact with such data in order to provide management and support in connection with such products and services. When Cyren receives end user data in this capacity (i.e., as a data processor), Cyren will carry out the instructions of its clients (i.e., the data controllers) in regards to its usage and processing of such data, and will not use such data outside the scope of its processing activities unless required by applicable law.

Information from Other Sources

We may obtain information about you from other sources, including service providers and third party services. We may allow our service providers to place cookies on our Websites to permit advertising to be directed to you on other websites, applications or services, to monitor website performance and to provide capabilities to retain requested investor relations documents.

We may combine the information we receive from our service providers with information we have collected about you. To the extent we combine such third party sourced information with personal information we have collected about you on the Services, we will treat the combined information as personal information under this Privacy Policy. We are not responsible for the accuracy of any information provided by third parties or third party policies or practices.

Other Ways We Use Your Information

As noted above, we generally use the information collected through the Websites and the Services to provide, operate, maintain, improve and promote our Services and to enable you to access and use them. In addition to the foregoing, we reserve the right to use the information you submit for the following purposes:

  • To contact you occasionally, either by Cyren or by a third party acting on our behalf, regarding our Services and products;
  • to process and complete transactions, and send you related information, including purchase confirmations and invoices;
  • To contact you if you or someone in your organization requests a product demonstration or product information or to respond to your comments, questions and requests;
  • To contact you when we believe it to be necessary for technical, support, administrative or security reasons;
  • To analyze and provide statistical information to third parties. This information will not identify you personally;
  • to investigate and prevent fraudulent transactions, unauthorized access to our Services and Websites, and other illegal activities;
  • For any other purpose specified in this Privacy Policy and/or in our Terms of Use.

Choice and Opt-Out

Even if you have agreed to receive marketing and operational communications from Cyren, you may always decide to stop receiving such materials by sending an email to unsubscribe@cyren.com or by visiting the following webpage: https://pages.cyren.com/unsubscribe.html. All marketing-related emails sent by Cyren include the option to unsubscribe.

Your Right to Review, Modify or Delete Data

If your personal information changes, or if you no longer desire to use and access our Websites and/or Services, you may correct, update, delete/deactivate your information by emailing Cyren at privacy@cyren.com. In addition, you can object to the processing of your personal information, ask us to restrict processing of your personal information, or request portability of your personal information. We will undertake to respond to your request within 30 days of Cyren’s receipt thereof. Although Cyren will make reasonable efforts to accommodate your requests, in some circumstances we may not agree. If that should happen, Cyren expressly reserves the right to refuse your request to change the personal information in Cyren’s records, and will instead append an alternative text to the record in question. Before Cyren is able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and to provide other details to help us to respond to your request. Please note that you may not be able to benefit from all features of the Websites if you request the deletion of your personal information or object to or withdraw your consent to such processing. In addition, where Cyren processes data in connection with the Services, an individual who seeks access, or who seeks to correct, amend, or delete inaccurate data should direct their query to the applicable Cyren customer (the data controller) who purchased the Services.

You have the right to complain to a data protection authority about our collection and use of your personal information. For more information, please contact your local data protection authority.

Retention of Information

We will retain your information for as long as your account is active or as needed to provide you Services and/or other features to which you have subscribed or requested. We will also retain and use your information as necessary to comply with our legal, tax or accounting obligations, resolve disputes, and to enforce our agreements. Even if you cease your use of the Services, we may retain certain information in order to meet our obligations.

Disclosure of Information to Third Parties

Cyren will not sell, rent or loan personal information to independent third parties. In addition, Cyren will not transfer your personal details or any personal information collected pertaining to your activities on the Websites to any third party, except in the following cases or as otherwise outlined in this Privacy Policy:

  • If Cyren reasonably believes that you have breached the Terms of Use, or abused your rights to use any of the Websites or the Services, or performed any act or omission that Cyren reasonably believes to be violating any applicable law, rules, or regulations. Cyren may share your information in these cases, with law enforcement and other competent authorities and with any third party, as may be required to handle any result of your wrongdoing;

  • If required by law or under the good-faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a subpoena, court order, or legal process served on us, (iii) establish or exercise our legal rights or defend against legal claims, (iv) comply with lawful requests made by applicable law enforcement agencies or regulatory agencies, or (v) protect the property, interests, or personal safety of our agents, employees, customers or the public. Under such circumstances, we may be prohibited by law, court order or other legal process from providing notice of the disclosure, and we reserve the right to not provide such notice in our sole discretion;

  • If Cyren organizes the operation of the Services within a different framework, or through another legal structure or entity, or if Cyren is acquired by, or merged with another entity, provided however, that those entities agree to be bound by the provisions of this Privacy Policy;

  • Cyren may share personal information and information related to your use of the Websites, with companies or organizations connected to or affiliated with Cyren, such as subsidiaries, sister-companies, parent companies and service providers such as an email service provider to send you emails on our behalf, with the express provision that their use of such information must comply with applicable privacy requirements; or

  • Cyren is also entitled to transfer or share anonymous, statistic or aggregative information with companies or organizations connected to Cyren, and with suppliers, business partners, advertisers, and every third party, according to Cyren’s absolute discretion; however, Cyren will not disclose your identity to them, knowingly or deliberately, without receiving your consent.

International Transfer of Information Collected

We are a global company, with offices and operations in numerous countries. We may store personal information about you in the European Economic Area (the “EEA”) and in in other countries and territories. To facilitate our global operations, we may transfer and access such personal information from around the world, including from other countries in which Cyren has operations. Please note that these data transfer practices may vary based on customer location and the applicable Service being used.

We have taken appropriate safeguards to ensure that your personal data will remain protected in accordance with this Privacy Policy. For instance, we have implemented the European Commission’s Standard Contractual Clauses for transfers of personal data, which requires the protection of personal data processed from the European Economic Area in accordance with European Union data protection laws. Our Standard Contractual Clauses can be provided on request. We have implemented similar appropriate safeguards with our third party service providers and partners.

Links to Third-Party Web Sites

Through our Websites, you may connect to third party websites via hyperlinks, and the connections may or may not be obvious. We are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. We encourage you to be aware of the varied privacy policies of Web sites that you visit.

Social Media Widgets

Our Website includes social media features, such as the Facebook Like button (and widgets, such as the Share this button or interactive mini-programs that run on our site). These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Site. Your interactions with these features are governed by the privacy policy of the company providing it.

Children’s Online Privacy Information

Cyren does not knowingly collect personal information from minors who are under the age of 16 through the Websites and/or the Services. If a parent or guardian becomes aware that his or her child has provided us with personally identifiable information without his/her consent, then he or she should contact Cyren at described below. If we become aware that a child under the age of 16 has provided us with personally identifiable information, we will delete such information from our files. Further, the Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for collection of data from children younger than the age of 13 years old. For tips on protecting children's privacy online, generally, please view the U.S. Federal Trade Commission (“FTC”) website at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html.

Our Commitment to Data Security

To prevent unauthorized access, maintain data accuracy and ensure the correct use of information, we have applied reasonable and appropriate physical, electronic and managerial procedures to safeguard and secure the information we collect online. We also limit access to personal data and confidential information on our systems to only those employees with a specific need to access this information. However, due to technological limitations and the risk of unlawful interceptions and accessing of transmissions and/or data, we cannot completely assure you, and you should not expect, that your personal information, and any other electronically communicated information, will be absolutely confidential.

The security of your personal information is important to us. When you enter sensitive information on our site, we encrypt the transmission of that information using secure socket layer technology (SSL).

Please remember that you play a valuable part in security as well. Your password to access our site, which you select at registration, should never be shared with anyone and should be changed frequently. After you have finished using our site, you should log off and exit your browser so no unauthorized persons can use our site with your name and account information.

Your California Privacy Rights

California Civil Code Section § 1798.83 permits users of the Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

Inquiries or Concerns?

You may contact Cyren by using the 'contact us' feature that can be found at https://www.cyren.com/company/contact, and we will do our best to provide a prompt response to your question. In addition, Cyren’s General Counsel is responsible for overseeing compliance with this Privacy Policy. You can reach this officer by calling him at 703-760-3320, or by sending an email to legal@cyren.com. Cyren’s data protection officer can be reached by sending an email to privacy@cyren.com.

In order to comply with the Privacy Shield Framework, Cyren commits to the resolution of complaints about your privacy and our collection or use of your Information. We have also committed to resolve any complaints pursuant to the Privacy Shield Privacy Principles by European Union citizens, relating to this Privacy Policy and which cannot be resolved directly with Cyren, through the JAMS EU-US Privacy Shield Dispute Resolution Framework as our Independent Recourse Mechanism ("IRM"). You may contact JAMS by visiting https://www.jamsadr.com/file-an-eu-us-privacy-shield-or-safe-harbor-claim for more information or to file a complaint. The services of JAMS are provided to you at no cost.

If you have any questions or complaints regarding this Privacy Policy, please contact us as described above. We will investigate your question, respond to your inquiry, and attempt to resolve any concerns regarding your privacy question. If you do not receive acknowledgement of your complaint or, if your complaint is not satisfactorily addressed by Cyren, then please contact JAMS, as described above.

As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. We have registered with the United States Council for International Business to cover the operating costs of the EU DPAs’ dispute resolution panel. Cyren is subject to the investigatory and enforcement powers of the FTC.