CyberMaxx is committed to protecting your online privacy. We feel, it is important for you to know how we handle the information we receive from you via the Internet. This policy also applies to the processing of personal data that CyberMaxx obtains from its customers in the European Union. In order to meet the requirements of the General Data Protection Regulation (“GDPR”), we would like to inform you in detail about the handling of your data and your associated rights.
Regarding the processing of your personal data, CyberMaxx serves as “controller” in the sense of Art. 4 No. 7 GDPR. Our contact details are:
90 Broad St
New York, NY 10004
United States of America
Our website may contain links to website operated by third parties. Please be aware that we have no control over the privacy policies and practices of such third party sites and are not controller of those websites in the sense of Art. 4 No. 7 GDPR.
- Compliance with EU-US Privacy Shield Principles
CyberMaxx complies with the EU-U.S. Privacy Shield
- Confirm that customers are made aware of the process for addressing complaints and any independent dispute resolution process (CyberMaxx may do so through its publicly posted website, customer contract, or both).
- Review its processes and procedures for training its stuff about CyberMaxx’s participation in the EU-US Privacy Shield program and the appropriate handling of individual’s personal data.
CyberMaxx prepares an internal verification statement on self-assessment that is singed by authorized corporate officer on an annual basis. CyberMaxx has designated its corporate security officer to oversee its information security program, including its compliance with the EU-US Privacy Shield Principles. Any material changes to this program will be reviewed and approved as necessary. CyberMaxx will maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Data that it collects. From time to time we may employ other companies and/or third parties (“agents”) to perform tasks on our behalf and with whom we may need to share, and may need to internationally transfer, the personal data to provide our services; for example, ServiceNow, Inc., Amazon Web Services, Inc. and others. CyberMaxx is liable under the EU-US and SW-US Privacy Shield Principles for its agents to process transferred Personal Information in a manner consistent with the Principles. In compliance with the EU-US Privacy Shield Principles, CyberMaxx commits to resolve complaints about your privacy and our collection or use of your personal information. EU individuals with questions or concerns about the use of their Personal Data should contact us at privacy@CyberMaxx.com If a Customer’s present or former employee question or concern cannot be satisfied through this process in timely manner CyberMaxx has further committed to refer unresolved privacy complaints under EU-US Privacy Shield to an independent dispute resolution mechanism, such as EU Data Protection Authorities. CyberMaxx commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Under certain conditions, more fully described on the Privacy Shield website https://www.privacyshield.gov/, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
- Type and extent of data processing
A. Website access
Generally, you can visit www.CyberMaxx.com (our “Website”) without revealing any personal information. We use information referring to general traffic, site usage and length-of-stay in reports to advertisers and firms with which we have a business relationship. This sort of information is shared only in aggregated form and does not personally identify individuals. Additionally, we collect and log the IP address of all visitors of our Website. We collect this data, so we can properly administer our system and gather aggregate information about how our site is being used. This aggregate information may be shared with advertisers, sponsors and other businesses. To maintain your anonymity, we do not associate IP addresses with records containing personal information. The IP address, however, can be regarded as personal data itself, because under some circumstances, it allows for identifying the owner of the Internet connection. We will additionally use IP address information, to personally identify you in order to enforce our legal rights or when required to do so by law enforcement authorities. In any of these cases, we have a legitimate interest in the sense of Art. 6 (1) lit. f GDPR which derives from our need
- to constantly improve our Website
- to defend our Internet infrastructure against any attacks, to determine the origin of such attack, to be able to prosecute the responsible person under criminal and civil law and to effectively prevent further attacks and operate the Website without disruption.
We will delete your IP address within 6 months.
On our Website we offer the opportunity to subscribe to a newsletter regarding products distributed and services provided by us or one of our subsidiaries sent by e-mail. To do so, we require you to provide a valid e-mail address. The provision of any other data, such as your name, is optional. If you decide to provide your name, we will use this data to personalize the newsletters sent to you. We may share this e-mail address and – if applicable – your name with our third party e-mail management vendor acting as a processor on our behalf solely for purposes of technically delivering our newsletter to you. However, we do not share your e-mail address or name with third parties for any marketing purposes. The legal basis for this use of your personal data is your informed consent in the sense of Art. 6 (1) lit. a GDPR. You can revoke your consent for the future by unsubscribing from the newsletter at any time. In this case we will delete the data provided by you for this purpose as long as the deletion does not conflict with statutory retention requirements or we are authorized otherwise to store your data.
C. Contact form and e-mail contact
You can voluntarily contact us through a contact form available on our website. If you do so, the data entered into that form will be transmitted and stored. In order for your inquiry to be answered, at least your e-mail address is required. Additional information, such as your name or your phone number may be given on a voluntary basis. Additionally, you can contact us by e-mail. In this case, the personal data you submit with the e-mail will be processed. In both cases, data processing is solely for the purpose of correspondence with you and in the limits you specify. The communication may be shared with a customer service representative, employee or agent that is most able to address your inquiry. We make every effort to respond in a timely fashion once communications are received. Once we have responded to your communication, it is discarded or archived, depending on the nature of the inquiry. The legal basis for data processing in connection with contacting us through our online contact form or by e-mail is your consent in the sense of Art. 6 (1) lit. a GDPR. In this case you have the right to withdraw your consent at any time. If you do so, all personal data processed in the course of the respective contact will be deleted. This can mean that the conversation with you might not be continued. Insofar as processing is necessary for the performance of a contract to which you are party, Art. 6 (1) lit. b GDPR serves as legal basis. The e-mail functionality on our site does not provide a completely secure and confidential means of communication. It’s possible that your e-mail communication may be accessed or viewed by another Internet user while in transit to us. If you wish to keep your communication private, do not use our e-mail.
D. Live chat
You have also the option to contact us through a form that enables you to chat live with us. If you do so, the data entered into that form will be transmitted and stored during the live chat and for a period necessary to process your request. All the personal data you provide during live chat is given on the basis of your consent, Art. 6 (1) lit. a GDPR. If you are already a customer of CyberMaxx and use the live chat for enquiries in connection with your contract with us, we process the respective personal data on the basis of performing this contract, Art. 6 (1) lit. b GDPR.
E. Online application
We offer you the possibility to apply to CyberMaxx online. If you do so, we collect the following data from you:
- Phone number
- any other application-related document provided by you
This data will only be used for the decision of whether or not entering into an employment relationship with you. It will internally only be forwarded to the appropriate contact person to decide on the occupation of the job you are applying for. This kind of data processing is in accordance with Art 6 (1) lit. b, Art. 88 GDPR in connection with the respective stipulations in the data protection laws applicable in the relevant EU member state. We will delete your data after completing the application process and after the expiration of the retention period required by the applicable law.
|Cookie Name||Primary Purpose||Type / Duration|
|visitor_id309431-hash /||VisitorTrack is a cookie used by a third party provider that helps us monitor site traffic and use. This process includes the collection of IP addresses and search-related data in order to evaluate visits to, and monitor use of, the site.||Up to 24 months|
|FB_cookie fr||These cookies are used to deliver advertisement more relevant to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign.||Up to 30 days|
|pardot lpv309431 visitor_id viditor_id_hash||Pardot tracks visitor and prospect activities on your website and landing pages by setting cookies on their browsers. Cookies are set to remember preferences (like form field values) when a visitor returns to your site. Pardot also sets a cookie for logged-in users to maintain the session and remember table filters.||Deleted after 24 months of inactivity|
|PHPSESSID||PHPSESSID cookies contain a reference to a session stored on the web server. No information is stored in the user’s browser and this cookie can only be used by the current web site.||Session|
|_ga||Used to distinguish users and collect Google Analytics data||Up to 24 months|
|_gid||Used to distinguish users and journeys.||Up to 1 day|
|BizoID||LinkedIn Ad analytics. Comes from: LinkedIn insights and ads tags. The BizoID cookie stores a unique LinkedIn user ID. Note: The LinkedIn user ID does not contain personally identifiable information. This cookie is used to determine if there is Bizographic data attached to this visitor.||Up to 6 months|
|UserMatchHistory||Used for LinkedIn Ad analytics.||Up to 6 months|
|lang||Remembers the user’s selected language version of a website.||Session|
|bscookie bcookie lidc||Secure browser ID cookies. Used by LinkedIn for tracking the use of embedded services, including the Linkedin follow, sharering content, and apply within Linkedin features. These cookies include access to social networks in order to connect with and to share certain contents from the portal so that the user does not have to register whenever a connection is made. The information is only stored in the social networks. This is used for Sign-in with Linkedin.||Up to 2 years or until user clears browser’s cache|
G. Use of Google Analytics
H. Ads by Google
- Data integrity and security
CyberMaxx uses reasonable efforts to maintain the accuracy and integrity of personal data and to update it as appropriate. CyberMaxx has implemented physical and technical security measures to protect personal data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. CyberMaxx also implements access restrictions, limiting the scope of employees who have access to personal data. Furthermore, CyberMaxx uses secure encryption technology to protect certain categories of personal data.
- Your rights
In connection with the different types of processing, you have a number of rights described hereinafter. These rights can be exercised free of charge. However, where requests from a data subject are evidently unfounded or excessive, in particular because of their repetitive character, we may either
- charge a reasonable fee taking into account the administrative costs of providing the information or communication or taking the action requested; or
- refuse to act on the request.
A. Withdrawal of consent
You have the right to withdraw your consent to processing your personal data for the future at any time. The withdrawal will not affect the lawfulness of processing based on consent before your withdrawal (Art. 7 (3) GDPR).
B. Right of confirmation and right of access
You have the right to obtain from us the confirmation as to whether or not personal data concerning you is being processed, and, where this is the case, access to the personal data and additional information under the conditions of Art. 15 GDPR.
C. Rectification and erasure
You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning you and the right to have incomplete personal data completed (Art. 16 GDPR). Further you have the right to obtain from the controller the erasure of personal data concerning you under the conditions of Art. 17 GDPR.
D. Right to restriction of processing
You have the right to obtain from the controller restriction of processing under the conditions of Art. 18 GDPR.
E. Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on point (e) or (f) of Art. 6 (1) GDPR, including profiling based on those provisions. In this case, we will no longer process your personal data unless we demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims.
F. Right to data portability
You have the right, to receive your personal data which you have provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from us under the conditions of Art. 20 GDPR. This right, however, shall not adversely affect the rights and freedoms of others.
- Obligation to provide data
- Lodge of a complaint
If you believe that we are failing to properly comply with privacy obligations, you may lodge a complaint with a Supervisory Authority.
- Changes to this policy
This policy may be amended from time to time, consistent with EU-US Privacy Shield Principles and applicable data protection and privacy laws and principles. We, therefore, recommend that you review these data protection notices regularly. The current version of this policy is indicated at the bottom of this page.
Version: May 2018