Privacy and Legal

Cyber Risk GmbH appreciates your visit to our web sites and your interest in our services and products. Your privacy is important to us and we want you to feel comfortable visiting our web sites. We take care to protect your personal information.

Our websites include:

- https://www.cyber-risk-gmbh.com

- https://www.disinformation.ch

- https://www.hotel-cybersecurity.ch

- https://www.airline-cybersecurity.ch

- https://www.cyber-espionage.ch

The objective of these web sites: The rule of the people, by the people, and for the people, requires citizens that can make decisions in areas they do not always understand. We support the Federal Council's national strategy for the protection of Switzerland against cyber risks and its implementation plan, by embedding cyber risk awareness in organizational culture. We promote increased public awareness of disinformation activities by external actors, to improve Switzerland's capacity to anticipate and respond to such activities.

We fully comply with the Swiss Federal Act on Data Protection (FADP), the EU General Data Protection Regulation (GDPR), and all other applicable laws and regulations.

In this document:

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

‘Consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

‘Profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements;

We collect only personal information that visitors and clients explicitly give us, and we process these information only for the reasons they are collected.

Personal data are:

(a) processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; (‘purpose limitation’);

(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

(d) accurate and, where necessary, kept up to date; (‘accuracy’);

We do not profile visitors of our web sites. We do not use tracking methods in order to identify visitors. We do not collect personal information of the visitors of our web sites.

When you visit the Cyber Risk GmbH websites, our web hosting company (Hostpoint in Switzerland) may record your visit. We do not receive from Hostpoint any information to identify or profile visitors of our web sites.

We may disclose the information we have received from visitors and clients to governmental agencies or entities, regulatory authorities, or other persons in line with applicable laws, regulations and court orders.

Cyber Risk GmbH has implemented reasonable technical and organisational security measures to protect your personal data against unauthorized access, misuse, loss or destruction.

All electronic messages sent to and from Cyber Risk GmbH are automatically stored. They are protected by reasonable technical and organisational measures. All emails are disposed of after the applicable retention period has expired.

We process and store all data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zurich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.

What should you consider when sending data over the Internet?

The Internet is generally not regarded as a secure environment, and information sent via the Internet (such as to or from the Cyber Risk GmbH websites or via electronic messages) may be accessed by unauthorized third parties, potentially leading to disclosures, changes in content or technical failures. Even if both sender and receiver are located in the same country, information sent via the Internet may be transmitted across international borders and be forwarded to a country with a lower data protection level than exists in your country of residence.

Please note that we accept no responsibility or liability for the security of your information whilst in transit over the Internet. If you want more secure communication, please let us know.

How do we deal with information from individuals under the age of 18?

The Cyber Risk GmbH websites do not collect personal data from individuals under the age of 18. Individuals under the age of 18 should receive permission from their parent or legal guardian before providing any personal data to Cyber Risk GmbH on the Cyber Risk GmbH websites.

How can you access or review your personal data?

You may, where permitted by applicable law or regulation:

  1. - check whether we hold your personal data,
  2. - ask us to provide you with a copy of your personal data, or
  3. - require us to correct any of your personal data that is inaccurate.

Should you have a request regarding the processing of your personal data, please send us an email, or a letter to the following address:
Cyber Risk GmbH
Rebackerstrasse 7
8810 Horgen
Switzerland

Last update: July 15, 2018

Data Protection Note Name and address of the responsible entity

Cyber Risk GmbH
Rebackerstrasse 7
8810 Horgen
Switzerland
Tel: +41 43 810 43 61
Email: george.lekatis@cyber-risk-gmbh.com
Web: www.cyber-risk-gmbh.com

Information requests

If, under Article 8 of the Federal Act on Data Protection ("FADP"), you wish to request information as to whether Cyber Risk GmbH processes your personal data, please send a written request to the following address:
Cyber Risk GmbH
Rebackerstrasse 7
8810 Horgen
Switzerland
Last update: July 15, 2018