a) Personal data
Personal data is any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
b) Person concerned
Data subject means any identified or identifiable natural person whose personal data is processed by the controller.
Processing is any operation or set of operations, performed with or without the aid of automated means, concerning personal data, such as collection, recording, organization, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, deletion or destruction.
d) Restriction of processing
Restriction of processing is the marking of stored personal data with the aim of restricting the future processing.
Profiling is any automated processing of personal data consisting of the use of such personal data to evaluate certain personal aspects relating to a natural person, particularly for the purpose of analyzing or predicting aspects relating to the job performance, economic situation, health, personal preferences, interests, reliability, conduct, whereabouts or change of location of that natural person.
Anonymization is the processing of personal data in such a way that the personal data can no longer be assigned to a specific data subject without the use of additional information, provided that this additional information is kept separate and subjected to technical and organizational measures that ensure that the personal data is not assigned to an identified or identifiable natural person.
g) Controller or data controller
The controller or data controller is the natural or legal person, public authority, agency or other body which alone or together with others determines the purposes and means of the processing of personal data. If the purposes and means of such processing are determined by Union law or by the law of the Member States, the controller or the specific criteria for its designation may be provided for by Union law or by the law of the Member States.
h) Contract processors
The processor is a natural or legal person, public authority, agency or other body responsible for processing personal data on behalf of the controller.
The recipient is a natural or legal person, authority, institution or other body to whom personal data is disclosed, regardless of whether it is a third party. However, public authorities which may receive personal data during the course of a specific investigation mandate under Union or national law shall not be regarded as recipients.
j) Third party
A third party is a natural or legal person, public authority, agency or body other than the data subject, the controller, the processor and the persons who are authorized to process the personal data under the direct authority of the controller or the processor.
Consent is any freely given, informed and unequivocal expression of the data subject’s will in a specific case, in the form of a declaration or other unequivocal affirmative act by which the data subject signifies his or her consent to the processing of personal data relating to him or her.
The responsible processor in connection with this website is cyan Security Group GmbH. If you have any questions or wish to assert the rights of data subjects, please contact
cyan Security Group GmbH
ICON Tower 24, 16th floor
Wiedner Gürtel 13, 1100 Vienna
When you visit our website or use our products or services, data may be collected, which may include personal data. We may also collect personal information from trusted third party sources or engage third parties to collect personal information on our behalf.
During the course of your visit to our website we will automatically collect the following personal data about you:
Under certain circumstances, functions of our website can only be used by providing your personal data. Your personal data will be used for the following business purposes, for example:
The third parties we use may combine the information that we collect about you on our website and via our solutions with information from other sources. This is intended to improve and personalize our interaction with users.
We process your personal data based on:
Under certain circumstances, the processing of your personal data may also be necessary to fulfill legal obligations according to Art 6 Paragraph 1 lit c GDPR.
We may use your personal information to conduct our business and to ensure the security of our operations, to provide, improve and customize our website and solutions, to send notices, marketing and other communications, and for other lawful purposes, and only in accordance with the applicable law. We may therefore use your personal information in the following ways, among others:
If you have any support or questions about data protection or the handling of your personal data, please use the contact options here.
When using this contact form, the personal data (e.g. name, e-mail) transmitted by the person concerned is automatically stored. Such personal data transmitted on a voluntary basis from a data subject to the data controller are stored for the purposes of processing or contacting the data subject. This personal data is not passed on to third parties.
If we are the data controller, we will only process and store the personal data of the data subject for the period of time that is needed to achieve the purpose of storage or if or insofar as storage or processing is necessary for complying with legal requirements.
If the purpose of storage ceases to apply or if a prescribed storage period expires, the personal data is routinely blocked or deleted in accordance with legal requirements.
a) Right to confirmation
Any data subject may request confirmation from the controller of the data processed.
b) Right to information
At any time and free of charge, any person affected by the processing of personal data has the right to obtain information about the personal data stored about him/her and a copy of this information from the data controller. The data subject is also entitled to receive information about the following:
c) Right of rectification
Any person affected by the processing of personal data has the right to demand the immediate correction of incorrect personal data relating to them. Furthermore, the data subject shall have the right to request the completion of incomplete personal data, including by means of a supplementary declaration, regarding the purposes of the processing.
d) Right of cancellation (right to be forgotten)
According to the European Directives and Regulations, any person who is affected by the processing of personal data has the right to immediate deletion of personal data concerning him/her by the controller, if one of the following reasons applies and the processing is not necessary:
e) Right to limit processing
Any person concerned about the processing of personal data has the right to restriction of the processing by the controller if one of the following conditions is met:
f) Right to data transferability
Any person concerned about the processing of personal data has the right to obtain, in a structured, standard and machine-readable format, the personal data relating to him/her which has been supplied by the data subject to a controller. He/she also has the right to have this data communicated to another controller without hindrance by the controller to whom the personal data has been made available, provided that the processing is based on the consent pursuant to Art. 6 paragraph 1 letter a of the DPA or Art. 9 paragraph 2 letter a of the DPA or on a contract pursuant to Art. 6 paragraph 1 letter b of the DPA, and provided that the processing is carried out by means of automated procedures, unless the processing is necessary for performing a task that is being carried out in the public interest or exercising official authority vested in the controller.
In addition, when exercising their right to data transfer in accordance with Art. 20 Paragraph 1 of the DPA, the data subject has the right to obtain that personal data be transferred directly from one person responsible to another, insofar as this is technically feasible and provided that this does not affect the rights and freedoms of other persons.
g) Right of appeal
Every person concerned by the processing of personal data has the right to object at any time, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out pursuant to Article 6(1)(e) or (f) of the DPA. This also applies to profiling based on these provisions.
In the event of an objection, cyan Security Group GmbH will no longer process the personal data unless we can prove that there are compelling reasons for processing worthy of protection that outweigh the interests, rights and freedoms of the person concerned, or the processing serves to assert, exercise or defend legal claims.
If we process personal data for the purpose of direct marketing, the data subject has the right to object at any time to the processing of personal data for the purpose of such marketing. This also applies to profiling, insofar as it relates to such direct marketing. If the data subject objects to cyan Security Group GmbH processing for the purposes of direct advertising, cyan Security Group GmbH will no longer process the personal data for these purposes.
The data subject also has the right to object, for reasons arising from his or her particular situation, to the processing of personal data concerning him or her that is carried out at cyan Security Group GmbH for scientific or historical research purposes or for statistical purposes in accordance with Art. 89 Par. 1 GDPR, unless such processing is necessary for performing a task that is being carried out in the public interest.
The data subject shall also be free to exercise his/her right of objection by means of automated procedures involving technical specifications in connection with the use of information society services, notwithstanding directive 2002/58/EC.
h) Automated decisions in individual cases including profiling
Every data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her or significantly affects him or her in a similar way, except where such decision is (1) necessary for the conclusion or performance of a contract between the data subject and the controller, or (2) authorized by mandatory provisions of law, provided that such provisions contain adequate safeguards with regard to the rights and freedoms and legitimate interests of the data subject, or (3) with the explicit consent of the data subject.
If the decision is (1) necessary for the conclusion or performance of a contract between the data subject and the data controller or (2) is made with the explicit consent of the data subject, we will take reasonable measures to safeguard the rights and freedoms and legitimate interests of the data subject, including at least the right to obtain the intervention of a person from the data controller, to express his or her point of view and to challenge the decision.
If the data subject wishes to exercise rights relating to automated decisions, he or she may contact an employee of the controller at any time.
i) Right to revoke a data protection consent
Every person affected by the processing of personal data has the granted right to revoke his/her consent to the processing of personal data at any time.
During the application process, the personal data of applicants is processed for the purpose of dealing with the application procedure. The processing can also be done electronically. This is particularly the case if an applicant submits the relevant application documents to the data controller electronically, for example by e-mail or via a web form on the website. If the data controller concludes an employment contract with an applicant, the transmitted data is stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If the data controller does not conclude an employment contract with the applicant, the application documents shall be automatically deleted six months after notification of the rejection decision, unless deletion is contrary to any other legitimate interests of the data controller.
As part of our business relationship with you, we may share your personal information with third parties to conduct our business, to provide, improve, secure and customize our website and solutions, to send marketing materials and other business communications, to the extent permitted by law, and for other purposes permitted by applicable laws.
We pass on personal data in the following ways, but only if the legal framework allows for this:
To protect the personal information you entrust us with and to use it in accordance with applicable data protection laws, we implement physical, administrative and technical safeguards to protect your personal information from accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. We also obtain contractual assurances from our suppliers that any personal data is protected against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. However, absolute security on the Internet cannot be guaranteed, and we cannot guarantee that the personal data provided to us is 100% secure.
By using cookies, we can provide users of this website with more user-friendly services that would not be possible without the setting of cookies.
By means of a cookie, the information and offers on our website can be optimized in the interest of the user.
The person concerned can prevent the setting of cookies by our website at any time by making an appropriate setting in the Internet browser used and therefore permanently object to the setting of cookies. Each user can also configure the cookie settings personally when they visit the website for the first time. Furthermore, cookies that have already been set can be deleted at any time using an Internet browser or other software programs. This is possible in all common Internet browsers. If the person concerned deactivates the setting of cookies in the Internet browser used, not all functions of our website may be able to be used.
With the following information, we will inform you about the contents of our newsletter as well as the registration, dispatch and statistical evaluation procedure and your rights to objection. By subscribing to our newsletter, you agree to receive it and to the described procedures.
We send newsletters, e-mails and other electronic notifications containing promotional information (“newsletters”) only with the consent of the recipients or with legal permission. If, while registering for the newsletter, its contents are specifically described, they are decisive for the consent of the users.
The registration for our newsletter takes place in a so-called double opt-in procedure. This means that you will receive an e-mail after registration asking you to confirm your registration. This confirmation is needed so that no-one can register with foreign e-mail addresses.
We use the provider Sendinblue to send our newsletter. Sendinblue GmbH is a service of the company Sendinblue GmbH, Köpenicker Str. 126, 10179 Berlin.
Your data that is stored when you register for the newsletter (e-mail address, name, IP address, date and time of your registration) is transferred to a Sendinblue GmbH server in the EU.
Termination / Revocation: You can cancel or revoke your subscription to this newsletter and therefore your consent to the storage of your data at any time for the future. Details can be found in the confirmation email and in each individual newsletter.
You are free to contact the competent data protection authority directly for dispute resolution.
Protect your customers now.
Schedule a consultation.
© cyan Security Group 2022