Last Updated: November 2022
- Responsible controllers
- Changes to this Privacy Information
- Data we collect and how we use it
- Additional information for the processing of applicant data
- Subscribe and unsubscribe to newsletters
- Retention and deletion of data
- Disclosure of data to third parties
- International transfer of personal data
- Data processing on third party websites
- Social networks
- Children´s data
- Security of data processing
- CCPA Disclosure
- For persons in California
- For persons in the EU or EEA and the United Kingdom
- Contact us
Cyren Ltd. and its subsidiaries (hereinafter collectively “Cyren”, “we” and “us”) are committed to protecting your personal data (hereinafter “data”). An overview of all Cyren entities and their contact details can be found at the end of this Privacy Information under point 17.
This Privacy Information is intended to help you better understand how we collect and process your data when you use our websites (hereinafter “Websites”) and our products and services (hereinafter together “Services”), and what rights you have regarding our collection and processing of your data.
If you or your organization subscribe to Cyren’s Services or have another agreement with Cyren, the terms of that agreement may contain additional privacy-related notices or rules.
2. Responsible controllers
If you or your organization contact us, conclude or wish to conclude a contract with us or apply for a job position with us, the Cyren entity that you contact or that is party to the contract concluded or intended to be concluded or the Cyren entity to which you apply will be responsible for the collection and processing of your data. You can find an overview of all Cyren entities and their contact details at the end of this Privacy Information under point 17.
Cyren Limited, 10 Ha-Menofim St, 5th Floor, Herzliya, Israel 4672561 is responsible for the collection and processing of data on our Websites.
If we receive data from end users in connection with the provision of our Services, the respective client on whose behalf we are acting, and not Cyren, will be responsible for the collection and processing of the data. Additional information on this subject matter can be found under point 4.c.
3. Changes to this Privacy Information
We will update this Privacy Information in order to address changes in our privacy practices and/or recent legal updates. We encourage you to periodically visit this page. The date of the latest update of this information is noted at the top of this Privacy Information.
4. Data we collect and how we use it
a) Data provided by you
When you use our Websites, when you or your organization use our Services, or when you otherwise contact us, we may ask you to provide us with certain information to contact you, such as your name, the company you work for, your position in that company, the company’s address, your work phone number and email address, etc.
Although you may generally use our Websites without providing us with any of your data, there are certain applications and features available on our Websites that require you to share your data with us. Such applications and features may include, but are not limited to:
(i) Subscribing to receive marketing materials, white papers and newsletters;
(ii) Registering and participating in online web seminars or other sponsored events;
(iii) Using the customer area, interactive features or online tools;
(iv) Registering and participating in trials for use of our Services; and/or
(v) Submitting enquiries to us.
We use your data to create and administer your account, to send you requested marketing materials and/or regular marketing communications (please see point 6), to provide you with requested Services and/or to respond to your enquiries.
b) Data we collect through automatic tracking technology
When you use our Websites, we may automatically collect certain data from your computers or devices. The data we collect automatically may include your IP address, device type, operating system details, unique device identification numbers, browser type, browser language and other technical data. We may also collect data about how your device interacts with our Websites, including data about the pages you visit and the links you click.
Like many websites, Cyren uses automatic data collection tools, such as cookies, embedded web links, and web beacons. “Cookies” are small text files that are written to and stored on your hard drive when you visit a website; cookies do not read files on your hard drive.
We use data and information received from your cookies to improve and customize the user´s experience of our Websites (for example, we may provide features or advertisements that match your interests and preferences). We also use data for marketing research purposes, to improve website content and structure, to potentially revise or restructure our sites for easier and more intuitive movement throughout. We may also use the data to evaluate our Websites´ technical capacity in order to improve it.
Most web browsers automatically accept cookies. However, you can change your browser settings to disable cookies by visiting the help section in your browser’s toolbar. Our Websites allow the user to be notified upon the proposed installation of cookies and the user can then disable the cookies. If you disable cookies, you may continue to use our Websites, however, some features may not be available (such as offers regarding Services).
We and our service providers may employ software technology called clear gifs (aka web beacons/web bugs/pixel tags) that enables better content management on our Websites by informing us and our service providers what content is effective. Clear gifs are small graphics with a unique identifier, with similar function to cookies, and are used to track the online movements of web users. Unlike cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on web pages and are about the size of the period at the end of this sentence. We and our service providers may potentially link the information gathered by clear gifs to our customers’ data.
When corresponding with you via HTML capable e-mail (for example, by sending marketing emails to you), we may use “format sensing” technology which allows us to know via pixel tags whether you have received and opened our e-mail. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out and unsubscribe to these emails, please see point 6. “Subscribe and unsubscribe to newsletters “.
c) Data collection in connection with the provision of our Services
We use your data to provide you and your organization with access to the Services and to operate and maintain the Services, to monitor the performance and effectiveness of the Services and compliance with our Terms of Service, and to enable compatibility with third party operating systems/products/Services. We may also use such data to further improve and expand our Services, determine product/Service/feature lifecycles, conduct spam and threat research, address troubleshooting issues, and generate statistics and trend analysis.
Processing on behalf of a controller.
d) Further processing of your data
As set out above, we generally only process your data to provide, operate, maintain, improve and promote our Websites and Services and to enable you or your organisation to use them.
In addition, we reserve the right to process your data for the following purposes:
- Marketing: To occasionally contact you either by ourselves or through a third party acting on our behalf;
- Contract fulfilment: To complete or process transactions with you or your organization and to send you related information, including purchase information and invoices;
– To contact you if you or someone in your organization requests a product demonstration or product information, or to respond to your comments, questions or requests;
– To contact you when we believe it is necessary for technical, customer service, administrative or security reasons;
- Analysis: To analyze statistical information and provide it to third parties without reference to individuals;
- Security: To investigate and prevent fraudulent transactions, unauthorized access to our Services and Websites, and other illegal activities;
5. Additional information for the processing of applicant data
The Cyren entity to which you apply for a job position is responsible for the processing of your data. You will find an overview of all Cyren entities and their contact details at the end of this Privacy Information under point 17.
If you have applied for a job with us, the purpose of processing your data submitted to us is to properly select our new employees.
Data we receive from job applicants (such as CVs and references) are processed to evaluate the respective application and to ensure the proper selection of our new employees. We handle this data in accordance with our internal company policies, which are consistent with this Privacy Information and the applicable law.
The provision of all data is voluntary, but if you choose not to provide us with certain data, we may not be able to assess your application and as a result, you may be excluded from the application process.
The scope of the data we process depends on the data you provide in your application. Our processing may also include information we collect via third parties, such as a recruitment agency, or where we are required by law to carry out background checks to verify your personal suitability for a particular position.
If you apply for a job position with a Cyren entity located in the European Economic Area (EEA) or the United Kingdom, we will process your data until the application process is complete, usually no longer than six months from the date of your application. If we employ you, we will process your data for the duration of the employment relationship (and beyond, if applicable, in accordance with applicable law). These periods may be reasonably extended in the event of any claims made or legal proceedings for the duration of such proceedings and their resolution. The same applies if, in certain cases, we are legally obliged to process certain data for a longer period.
6. Subscribe and unsubscribe to newsletters
Once you have consented to the receipt of marketing information from Cyren, you may choose to withdraw your consent and no longer receive such information at any time by sending an email to [email protected] or by visiting the following website: https://pages.cyren.com/unsubscribe.html. All marketing-related emails sent by Cyren include the option to unsubscribe.
7. Retention and deletion of data
We will retain your data for as long as your account is active or as needed to provide the Services and/or features you have subscribed to or requested. We will also retain and use your data, if necessary, to comply with our legal, tax or accounting obligations, resolve disputes or enforce our agreements. We may retain certain data to fulfil our obligations even after you have stopped using our Services.
8. Disclosure of data to third parties
We work with service providers in the areas of IT, marketing, human resources, sales and CRM management who process your data on our behalf. Where required by law, we have concluded data processing agreements with these service providers. Through careful selection and regular monitoring, we ensure that our service providers take all technical and organizational measures necessary to protect your data. We also give our service providers necessary instructions for handling your data in accordance with applicable data protection laws.
Cyren will not sell any of your data to third parties. Your data will only be transferred to third parties in the following cases:
- if required by law or in good faith belief that such disclosure is necessary in order to (i) conform to applicable law, (ii) comply with a subpoena, court order or legal process served upon us, (iii) establish or exercise our legal rights or defend against legal claims, (iv) comply with lawful requests by applicable law enforcement agencies or regulatory agencies, or (v) protect the property, interests or personal safety of our agents, employees, customers or the public. Under such circumstances, we may be prohibited by law, court order or other legal process to give notice of disclosure and we reserve the right to not provide such notice in our sole discretion.
- if Cyren organizes the operation of the Services within a different framework or through another legal structure or entity, or if Cyren is acquired by or merged with another entity, provided that this entity agrees to be bound by the terms of this Privacy Information.
Cyren may share data and information related to your use of the Websites with companies or organizations connected to or affiliated with Cyren, such as subsidiaries, sister-companies, parent companies and service providers (e.g., email service providers), in order to send you emails on our behalf with the express provision that their use of such data must comply with applicable privacy requirements.
Cyren may also transfer anonymous information to companies or organizations affiliated with Cyren, as well as to suppliers, business partners, advertisers and third parties.
9. International transfer of personal data
We are a global company with offices and operations in numerous countries. We may store data about you in the European Economic Area (the “EEA”) and other countries and territories. To facilitate our global operations, we transfer and access such data from locations around the world, including from other countries in which Cyren has operations. Please note that data transfer methods may vary depending on customer location and the Services used.
We have put in place appropriate safeguards to ensure that your data remains protected in accordance with this Privacy Information. For example, we have implemented the European Commission’s standard contractual clauses for transfers of personal data, which ensure the protection of data from the European Economic Area in accordance with European Union data protection laws. Our standard contractual clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners.
10. Data processing on third party websites
Through our Websites, you may connect to third party websites via hyperlinks whereas the connections may or may not be obvious. We are not responsible for the collection, use, maintenance, sharing or disclosure of data and information by such third parties. We encourage you to be aware of the various privacy policies of websites that you visit.
11. Social networks
We maintain publicly accessible profiles on social networks in order to provide information about us and to communicate with users registered there. We maintain our profiles in order to present the company and to ensure the most comprehensive presence of our company on the Internet.
If you visit one of our profiles on (a) LinkedIn, (b) Twitter or (c) YouTube while you are logged into your respective account, your visit can be linked to your user account. Your data is usually processed by the social networks for market research and advertising purposes and may be processed outside the European Union. This may result in risks for you because, for example, it may be more difficult to enforce your rights. Your data may also be processed if you are not logged in or if you do not have an account with the respective social network. The processing of your data takes place, for example, with the help of cookies that are stored on your device or by storing your IP address. For a detailed description of the individual processing activities and your options to object please refer to the privacy statements and information provided by the operators of the respective networks (please see below).
Operator of the network: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland
Options to object: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Operator of the network: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland
Operator of the network: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland
Options to object (via opt-out plug-in): https://tools.google.com/dlpage/gaoptout?hl= en
Settings regarding advertising: https://adssettings.google.com/authenticated (with Log In)
12. Children´s data
Cyren does not knowingly collect any data from minors who are under the age of 16 through the Websites and/or Services. If you become aware that your child has provided us with their data without your consent, you should contact Cyren as described below (please see point 16). If we become aware that a child under the age of 16 has provided us with their data, we will delete the data immediately.
In addition, the Children’s Online Privacy Protection Act (“COPPA”) requires parental consent for use of online services by persons under the age of 13. For general tips on protecting children’s online privacy, please visit the U.S. Federal Trade Commission’s (“FTC”) website at http://www.ftc.gov/privacy/privacyinitiatives/childrens.html .
13. Security of data processing
The security of your data is important to us. When you enter sensitive information on our Websites, we encrypt the transmission of that information using SSL technology.
To prevent unauthorized access, maintain data accuracy, and ensure the correct use of data, we have applied reasonable and appropriate physical, electronic, and managerial procedures to safeguard and secure the data we collect online and process. We also restrict access to data and other confidential information on our systems to only those employees with a specific need to access this data.
However, due to technical limitations and the risk of unlawful interception and accessing of transmissions and/or data, we cannot completely ensure that all of your data and any other information communicated electronically will be absolutely confidential. Therefore, please remember that you play an important role in security as well. Your password to access our Websites, which you choose when registering, should never be shared with anyone. After you have finished using our Websites, you should log out and close your browser so that no unauthorized person can use our Websites with your name and account information.
14. CCPA Disclosure
This section is only applicable to California residents for purposes of compliance with the California Consumer Privacy Act of 2018 (“CCPA”). Defined terms used in this section, including but not limited to “Business Purpose”, “Consumers,” “Personal Information” and “Sale” (or “Sell”) are used as such terms are defined by and interpreted pursuant to the CCPA.
The categories of Personal Information we have collected about Consumers, for of which we have disclosed for a business purpose, in the preceding 12 months are (please refer to the table at the top of these Privacy Information for more detail):
(1) Identifiers, such as name and Social Security number;
(2) Personal information, as defined in the California safeguards law, such as contact information and financial information;
(3) Characteristics of protected classifications under California or federal law, such as sex and marital status;
(4) Commercial information, such as transaction and account information;
(5) Internet or network activity information, such as browsing history and interactions with the Websites;
(6) Geolocation data, such as device location;
(7) Audio, electronic, visual, thermal, olfactory, and similar information, such as video, photography and call and video recordings;
(8) Professional or employment-related information, such as work history and prior employer.
(9) Education information, such as school and date of graduation;
(10) Inferences drawn from any of the Personal Information listed above to create a profile about, for example, an individual’s preferences and characteristics; and
(11) The sources we have collected this Personal Information from are: directly from California residents or their representatives.
In the past 12 months, however, we have not “sold” Personal Information relating to California residents within the meaning of the CCPA. For purposes of these Privacy Information, “sold” means the disclosure of Personal Information for monetary or other valuable consideration.
If you are a California resident, you may request that we disclose to you the following information covering the 12 months preceding your request:
(a) the categories of Personal Information that we collected about you and the categories of sources from which we collected such Information;
(b) the business or commercial purpose for collecting Personal Information about you;
(c) the categories of Personal Information about you that we disclosed to third parties for a business purpose and the categories of third parties to whom we disclosed such Personal Information (if applicable); and
(d) the specific pieces of Personal Information we collected about you.
If you are a California resident, you may also request that we delete Personal Information that we collected from you.
Before Cyren is able to accommodate any respond to any request, we may ask to verify your identity by providing us with certain information or identification. In some instances, we may decline to honor your request. For example, we may decline to honor your request if we cannot verify your identity or confirm that the Personal Information that we maintain relates to you, or if we cannot verify that you have the authority to make a request on behalf of another individual. In other instances, we may decline to honor your request where an exception applies, such as where the disclosure of Personal Information would adversely affect the rights and freedoms of another consumer or where the Personal Information that we maintain about you is not subject to the CCPA’s access or deletion rights, such as information relating to our employees and contractors that is used for our employment and vendor management purposes. Nonetheless, you have the right to be free from unlawful discrimination for exercising your rights under the CCPA.
15. For persons in California
California Civil Code Section 1798.83 authorizes users of the Websites who are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.
16. For persons in the EU or EEA and the United Kingdom
The following applies if you have your habitual residence in the EU, the EEA or the United Kingdom or if Cyren GmbH, Cyren UK Ltd. or Cyren Iceland hf is the controller of your data:
a) Legal basis for processing
The legal basis for the collecting and processing of your data depends on the data and the specific context in which it is collect by us.
Where it is necessary to obtain your prior consent to the processing of your data by us (e.g. for sending newsletters to you), we will obtain your consent and use it as base for our processing of your data in accordance with Art. 6 para. 1 (a) of the General Data Protection Regulation (GDPR).
Otherwise, we process your data only if the processing is necessary for:
- the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into such contract (Art. 6 para. 1 (b) GDPR) including the conclusion or performance of an employment contract;
- complying with a legal obligation to which we are subject (Art. 6 para. 1 (c) GDPR);
- safeguarding legitimate interests (Art. 6 para. 1 (f) GDPR) pursued by us or another person, provided that this is only done in circumstances where these legitimate interests are not overridden by your interests or fundamental rights and freedoms requiring the protection of personal data.
b) Purposes of data processing
To the extent that Cyren acts as a processor for their clients (i.e., the respective controller), Cyren processes end user data in accordance with the data processing agreement entered into with the client and in accordance with the instructions given by their clients. The data processing in these cases is not governed by our Privacy Information (please see above under point 4.c).
We process data about the use of our Websites for the purpose of properly managing our Websites, improving their performance, ensuring their security and adapting their content to your preferences. In addition, we collect this data for internal purposes, including conducting data analysis, testing, research, statistics and for marketing and survey purposes. The legal basis of our activities is your consent, except in cases where the use of this data is essential for the functioning of our Websites (electronic provision of a service to you in this context), in which case the legal basis is our legitimate interest.
If you wish to conclude or have concluded a contract with us, the purpose of processing your data is the provision of pre-contractual steps or the performance of the contract.
c) Duration of processing
As a rule, your data is processed as follows:
- on the basis of your consent: until the consent is revoked or until the purpose for which it was given is fulfilled;
- with regard to the conclusion or performance of a contract: for the duration of the contract and its performance;
- on the basis of our legitimate interest: until you object to the processing or until the purpose for which the data was processed is fulfilled;
unless the law requires us to process the data for a longer period of time or, in case of potential claims, for the statutory limitation period of such claim, whichever is longer.
d) Your rights in relation to the processing of your data
You have the following rights:
i. Information about your data
You can ask us for information about your data at any time:
- whether we process your data;
- if so, for what purposes we process your data;
- what categories of data we process;
- if applicable, who the recipients of your data are;
- the expected duration of the processing or the criteria for determining that duration;
- if the data is not collected from you, any available information about the source of the data.
You are also entitled to a copy of the data.
If information about you is or has become inaccurate or incomplete, you have the right to request that it be corrected or completed.
iii. Withdrawal of consent
You may withdraw your consent to the processing of your data at any time without affecting the lawfulness of the processing that was made on basis of the consent prior to its withdrawal.
iv. Right to erasure
In certain situations, GDPR gives you the “right to be forgotten”. You can invoke this right if:
your data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
you have withdrawn your consent to the processing of your data and there is no other legal ground for further processing;
you object to the processing of your data and there are no overriding legitimate grounds for further processing;
you object to the processing of your data for marketing purposes;
your data is processed unlawfully;
your data has to be erased in order to comply with a legal obligation.
v. Restriction of processing
You may request that we restrict our processing to solely storing your data if:
- you contest the accuracy of the data we process (for a period of time that allows us to verify the accuracy of the data);
- the processing of your data infringes applicable law, but you would prefer the processing to be restricted instead of the data being erased;
- Cyren no longer needs your data for the purposes of processing, but you need it for the establishment, exercise or defence of legal claims;
- you have objected to the processing of your data (please see below point 7.), but only until such time as it is determined that our legitimate grounds override yours.
vi. Data portability
You have the right to receive your data in a structured, commonly used and machine-readable format and also to transmit your data to another controller or to have us transmit your data if the processing is based on your consent or on a contract and is carried out by automated means.
You have the right to object to some processing that we carry out with your data for reasons related to your particular situation.
This applies in particular in the following cases:
- if our processing is based on our legitimate interest;
- if we process your data for scientific or historical research purposes or for statistical purposes.
- If, despite your objection, we determine that there are compelling legitimate grounds for the processing which override your interests, rights and freedoms or the basis for the establishment, exercise or defence of legal claims, we will continue to process the data affected by the objection to the extent necessary. If you do not agree with our assessment of the situation, you may exercise your right to lodge a complaint with a supervisory authority (please see next section).
If your data is processed for direct marketing purposes, you have the right to object to this processing at any time. After your objection, your data will no longer be processed for such purposes.
viii. Complaint with a supervisory authority
In connection with our actions as data controller, you have the right to lodge a complaint with a supervisory authority. A list of competent data protection authorities in the EU and their contact details can be found at https://edpb.europa.eu/about-edpb/board/members_en . The competent authority in the UK is the Information Commissioner’s Office https://ico.org.uk/global/contact-us/ . Of course, we encourage you to contact us first. You can find our contact details in the section below.
17. Contact us
You may contact Cyren using the ‘Contact Us’ feature that can be found at https://www.cyren.com/company/contact. We will make every effort to provide you with a prompt response to your question. In addition, Cyren´s General Counsel is responsible for overseeing compliance with this Privacy Information. You can reach our General Counsel by phone +1-703-760-3320 [GT1] or by email [email protected]
You can reach the Data Protection Officer of Cyren GmbH and the Privacy Team by email at [email protected]
Further contact details for the individual Cyren entities can be found below:
10 Ha-Menofim St, 5th Floor
Telephone: +972-9-8636 888
Fax no.: +972-9-8948 214
Email: [email protected]
1430 Spring Hill Road
McLean, Virginia 22102
Fax no.: +1-703-760-3321
Email: [email protected]
Cyren Iceland hf
Email: [email protected]