Privacy Statement

A: PRIVACY STATEMENT

A.1. ACKNOWLEDGEMENT

Please read this Privacy notice carefully

By using our site & its features, services and engaging in Communications, you are agreeing to be bound by the terms and conditions of this Privacy Policy. This acknowledgment is essential to ensure that you have read, understood, and accepted the practices and policies outlined herein

A.2. INTRODUCTION

Cyara – Who are we?

Cyara is the business name for Cyara, Inc.

Our head office is located:
14205 N Mo Pac Expy., Suite 500
Austin, TX 78728-6523
USA

We have also offices around the world in Australia, Austria, Ireland and India.

Cyara, Inc. respects your privacy and we are committed to protecting it.

This Privacy Policy explains how we collect, use and retain personal information, including information collected through websites, platforms, blogs, apps (including but not limited to messaging services), and our correspondence with you (for example, by email) and when providing you with our products and services

This policy has been drafted according to Cyara’s. obligations under the American Data Privacy Protection Act (“ADPPA”), the Privacy Act 1988 and the EU General Data Protection Regulation (GDPR).

This Policy is a public document and has been prepared in light of National Privacy Principle 5, Openness.

A.2.1 Applicability

This privacy statement applies when you:

(a) Access and interact with the Cyara website and its features, including our other affiliated webpages as listed here

(b) Communicate with us in any manner, through webforms, email, telephone or if you get in contact through our social media accounts

(c) If we or our website interacts with our approved third party providers, such as distributors, contractors, internet service providers, advertisers, analytics providers, online and offline data providers and other related service-providers

A.2.2 Scope

The term “Company” or “Cyara” means Cyara Inc, its subsidiaries, and any associated companies.

This policy applies to all employees, contractors, vendors, and any other individuals, their family or entities engaged in activities on behalf of Cyara.

It covers all relevant processes, systems, or activities conducted within the organization or specified departments.

The policy extends to any specific scenarios or situations relevant and/or outlined to/in the policy, ensuring a comprehensive framework for compliance and adherence.

A.3. DISCLOSURES

We will only disclose your personal information to a third party if such disclosure is in accordance with this Privacy Policy and provided that it is lawful to do so.

List of the categories of personal data information and the disclosure of:

a) the business or commercial purpose of collecting or sharing information

b) the categories of sources from which the information was collected

c) the categories of third parties with whom we share the information

Legal basis
1. Consent	You may agree or explicitly consent to the collection and use of your data as set out in this privacy statement, when you tick the “Yes, I’m in” or the “I opt-in” options on the Cyara website or any of our affiliated websites. If you no longer wish to receive marketing emails or correspondence from us, please send an email to Cyara through privacy@cyara.com with “UNSUBSCRIBE” in the subject line, or click the ‘Unsubscribe’ button in the footer of any marketing email you receive from us.
2: Contract	We may use your personal data to fulfill contractual obligations or in circumstances where you have asked us to do something before the contract, such as providing a quote or demo.
3: Legal Obligation	We may use your data in circumstances where it is necessary because we have to comply with a legal obligation
4: Legitimate Interests	We may use your data for our legitimate interests. This can include business purposes, like (a) where the processing enables us to enhance, modify, personalize or otherwise improve our services/communications for the benefit of our customers (b) to identify and prevent fraud (c) to enhance the security of our network and information systems (d) to better understand how people interact with our websites (e) to determine the effectiveness of promotional campaigns and advertising.
5: Vital Interests	We may use your data in circumstances where, for example, it could save a person’s life and the processing is necessary.
6: Public Interests	We may process your personal data if it is in the exercise of official authority, or in the public interest.

A.3.2 Categories of Identifiers

Personal data may be collected when you:	Which data we may collect?
1. Browsing our website	– Browser information – IP and Device information – Clickstream data – Location – Information from cookies and similar technologies
2. Fill out contact forms on our website	– Name – email address – phone number – Your Job title – Location – Online Identifiers as listed under “1. Browsing our website”
3. Register for a Cyara content download	– Name – email address – Your Job title – Online Identifiers as listed under “1. Browsing our website”
4. Subscribe to receive emails and newsletters	– Name – email address – Online Identifiers as listed under “1. Browsing our website”
5 Provide your contact details to us through industry events or social media	– Your name – Your job title – Your company name – Your address(es) – Your email address(es) – Your contact phone number(s) – Employment details which you have provided
6. Become a user of one of our services	– Your name – Your job title – Your company name – Your company address(es) – Your company email address(es) – Your contact phone number(s) – Username – Passwords (encrypted) – Password reminders – Employment details which you have provided – Online Identifiers as listed under “1. Browsing our website” – Records of Service offering subscriptions – Payments history
7. Apply or process your job application	– Your name – Your Date of birth – Your current job title – Your address(es) – Your email address(es) – Your contact phone number(s) – Employment details which you have provided – Username – Passwords (encrypted) – Password reminders – Online Identifiers as listed under “1. Browsing our website”

A.3.3 Definitions of Disclosures

Disclosure	Description
1. Categories of sources from which the information is collected	From your device From you directly (ie: through webforms) Third parties (ie: Social networks)
2. Is the information sold?	No
3. Is Personal information shared	Some. Cyara may share IP addresses or other identifiers to our partners. In some instances this may constitute a “sharing” of your personal information under the Data Protection Law.
4. Is this “sensitive” personal information	Yes, to the extent the information may include, especially for Job application processes: Date of birth, gender, ethnicity, religious beliefs, PHI/ePHI and other data which may constitute sensitive personal information under the Data Protection Law
5. Business or commercial purpose for collecting and/or sharing the information	(a) testing, automated testing, automated decision making and profiling (b) We collect the information to identify, better understand and communicate with you. (c) To provide, improve, market and personalize our products and individual service offerings. (d) We collect the information for the reason of cybersecurity, incident response, risk mitigation purposes, to provide customer care, for legal, record keeping and compliance purposes (e) For other purposes communicated to you at the time of collection
6. Categories of Third parties we may share your information with	(a) Our affiliates. (b) Third party service providers and partners who help maintain and operate the Sites or who help us to provide our services to you or whose products or services may be integrated with our products and services. These include third parties processing information in relation to our CRM system, the hosting of the Sites, the provision of our IT systems, electronic communications service providers, and payment processors. -> For purposes of the California Consumer Privacy Act, Cyara has disclosed the above categories of information within the past 12 months. (c) Any third party necessary to help us enforce our legal rights of those or others; (d) Any third party to whom you instruct us to disclose your personal information; (e) Regulators and law enforcement agencies or any third party who has satisfied us that we are required by law to disclose the personal information to them.

A.3.4 Storage of your personal information

Cyara strives to secure and protect information through controlled facilities and secure databases.

Staff and contractors receive annual Data Security training and are bound by confidentiality obligations.

Third parties assist in storing personal data, and Cyara is not liable for events resulting from unauthorized access to personal information.

A.3.5 International Transfer of data

Your information may be processed outside of the country where you live.

Data protection laws vary among countries, with some providing more protection than others. Regardless of where your information is processed, we and our Permitted Third Party Providers (Subprocessors) comply with certain legal frameworks relating to the transfer of data, such as the frameworks described below.

A.3.5.1 Adequacy decisions

The European Commission has determined that certain countries outside of the European Economic Area (EEA) adequately protect personal information, which means that data can be transferred from the European Union (EU) and Norway, Liechtenstein, and Iceland to those countries.
The UK and Switzerland have adopted similar adequacy mechanisms.
We rely on the following adequacy mechanisms:

European Commission adequacy decisions

UK adequacy regulations

Swiss adequacy decisions

A.3.5.2 Standard contractual clauses

Standard contractual clauses (SCCs) are written commitments between parties that can be used as a ground for data transfers from the EEA to third countries by providing appropriate data protection safeguards.

Such clauses have also been approved for transfers of data to countries outside the UK and Switzerland. We rely on SCCs for our data transfers where required and in instances where they are not covered by an adequacy decision.

SCCs have been approved by the European Commission and can not be modified by the parties using them (you can see the SCCs adopted by the European Commission here).

A.3.6 How long do we keep the information:

Cyara keeps data only as long as reasonably necessary and to the original purpose for which we collected the information.

We base our criteria in determining appropriate retention periods on regulatory, legal and contractual requirements as well as business needs and the expectation of our customers.

Right to be informed / Right to Know	Our policies providing you with Information relating to the processing of personal data are easily accessible and easy to understand, and that clear and plain language is used.
Right to access	You have the right to ask us for copies of your personal information.
Right to rectify / Right to Correct Personal Information	You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Right to erasure / Right to Deletion	You have the right to ask us to erase your personal information in certain circumstances.
Right to Restrict processing	You have the right to ask us to restrict the processing of your personal information in certain circumstances
Right to Data portability	You have the right to ask that we transfer the personal information you gave us to another organization, or to you, in certain circumstances.
Right to Object	You have the right to object to the processing of your personal information in certain circumstances.
Right in relation to automated decision making and profiling	You have the right to not be subject to a decision based solely on automated processing. Processing is “automated” where it is carried out without human intervention and where it produces legal effects or significantly affects you. Automated processing includes profiling.
CPRA specific: Right to Opt-Out	Consumers can opt-out of the sale of their personal information. Please note: Cyara does not sell personal information
CPRA specific: Right to Non-Discrimination	Consumers have the right not to be discriminated against for exercising their privacy rights under the CPRA

A.4.1 Exercising your rights

Cyara. takes issues concerning privacy seriously and will endeavor to address these concerns immediately.

You may exercise your rights by contacting us at privacy@cyara.com specifying the nature of your request.
Or alternatively by mail
Data Protection Specialist,
Cyara, Inc
Skibbereen,
County Cork,
P81 H102
Republic of Ireland

You are not required to pay any charge for exercising your rights. If you make a request, we have 30 days to respond to you.

To process your request, we must be able to verify your identity in order to do so.

As part of the verification process we may ask for contact information and an additional identifier depending on your relationship with us.

We will then compare the information with the data points we have on file for you to verify your identity.

A.4.1.1 Californian Consumers

California residents accessing the site have specific rights concerning their personal information.

Cyara will not discriminate against you for exercising your privacy rights..

You have the right to appoint a registered agent to exercise your privacy rights on your behalf.

Evidence of authorization and identity verification may be required to process your request efficiently.

A.4.2 In the case of a complaint

If you are dissatisfied with how your data request is dealt with by Cyara, please contact our Data Protection Specialist so we rectify it.

You may wish to make a complaint to the Office of the Data Protection Commissioner via any of the following means:

A.4.2.1 European citizen complaints:

Telephone: +353 (0) 761 104 800 or LoCall 1890 252 231
Email : info@dataprotection.ie
Postal Address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, County Laois

A.4.2.2 Australian citizen complaints:

For more information about privacy issues in Australia and protecting your privacy please visit the Australian Federal Privacy Commissioner’s website here

A.4.2.3 Californian consumer complaints:

Through the OAG website here

A.4.3 Does Cyara sell any information?

We do not sell, trade, or rent users’ or customers’ personal identification information to others.

We may share non-personal aggregated demographic information with business partners, trusted affiliates, and advertisers for the stated purposes.

A.4.4 Using Sensitive Personal Information

We do not process sensitive personal information to derive characteristics about you; we use such information only for permissible purposes under the GDPR and CPRA.

A.4.5 Marketing

Email marketing: we may send you emails about our website, products update, news, blogs, or other updates. We may also use your email to inform you about changes in the website, platform, survey you about your usage, or collect your opinion.

A.4.6 Underage children’s data

Cyara does not provide services to or collect data from underage children, emphasizing a commitment to safeguarding the privacy and security of all users. The company explicitly states that it does not intentionally gather personal data from individuals known to be underage.

If you are a parent or guardian and believe that we may have inadvertently collected information about your child, please contact us at: privacy@cyara.com so that we can promptly address your concerns and delete any such information.

A.4.7. AI tool usage

Artificial Intelligence (AI) refers to computer systems designed to perform tasks that typically require human intelligence, such as learning from data, making decisions, and solving problems.

We’re committed to safeguarding company and customer data while using AI tools. This policy ensures employees adhere to our security best practices when utilizing these tools

All employees must follow these security best practices when using AI tools:

a) Evaluate Tool Security: Choose AI tools that meet our security and data protection standards..

b) Use only reputable and Compliance approved AI Tools

c) Protect Confidential Data: Obtain Compliance approval before sharing confidential, proprietary, or regulated data.

d) Access Control: Don’t share access to AI tools outside the company without approval. This includes login credentials.

e) Compliance: Apply standard security practices, including strong passwords, software updates, and adherence to data policies.

f) Data Privacy: Exercise discretion in sharing information publicly. Consider if the information is suitable for public exposure and obtain approval for sharing sensitive data.

A.5 ENFORCEMENT

All Employees are responsible for monitoring their compliance with the principles and procedures detailed in these policies; departmental managers and supervisors should also monitor compliance on a regular basis.

Violations may result in disciplinary action, in accordance with the Company’s Disciplinary Policy, potentially leading to termination of employment.

A.6 POLICY REVIEW AND UPDATES

This Policy will be continually monitored and will be subject to annual review.

————————————————————————————–

B.1. ACKNOWLEDGEMENT

Please read this Cookie Policy carefully

By using our site & its features, engaging in in Communications, Your represent that you have Read, Understood and Accept this Policy

B.2. INTRODUCTION

Cyara may collect and share your information through the use of cookies and related technologies (including flash cookies, pixels, tags, software development kits, application program interfaces and web beacons, for the purpose of identifying and authorizing users, preventing fraud, enhancing our sites and features and to tailor content to you

B.2.1 What are cookies

Cookies are small files used by web servers to save browsing information, allowing websites to remember your device, browser preferences, and associated online activity

Like most websites, we use cookies and similar technologies to remember things about you so that we can provide you with a better experience.

Cookies are small data files stored on your browser or device. They may be served by the entity that operates the website you are visiting (“first-party cookies”) or by other companies (“third-party cookies”). For example, we partner with third-party analytics providers, like Google, which set cookies when you visit our websites. This helps us understand how you are using our Services so that we can improve them.
Pixels are small images on a web page or in an email. Pixels collect information about your browser or device and can set cookies.
Local storage allows data to be stored locally on your browser or device and includes HTML5 local storage and browser cache.
SDKs are blocks of code provided by our partners that may be installed in our mobile applications. SDKs help us understand how you interact with our mobile applications and collect certain information about the device and network you use to access the application.

B.2.2. Types of Computer Cookies

There are three types of computer cookies: session, persistent, and third-party.
These virtually invisible text files are all very different.

B.2.3 Categories of cookies

Categories of Cookies	What do they mean and what are they for?
Session cookies	Session cookies only retain information about a user’s activities for as long as they are on the website. Once the web browser is closed, the cookies are deleted. This allows us to process your requests and verify your identity after you have logged in, as you move through our Sites and Features
Permanent cookies	Permanent cookies, also known as ‘persistent cookies’, remain in operation even after the web browser has closed. For example, they can remember login details and passwords so web users don’t need to re-enter them every time they use a site. The law states that permanent cookies must be deleted after 12 months.
Essential cookies	Our sites and features would not work properly without essential cookies. As example, we and our third party providers may use essential cookies to identify and authenticate users of our sites and features. We also use essential cookies to enforce our Terms and Conditions and maintain the security of our Sites and Features
Performance cookies	Collect information about how visitors use our Sites and Features, for example, which pages users visit most often and error messages received by users from our web pages. Performance cookies don’t collect information that identify visitors and the information these cookies collect is aggregated and anonymized
Third-party cookies	Third-party cookies are installed by third parties with the aim of collecting certain information from web users to carry out research into, for example, behavior and demographics. They are commonly used by advertisers who want to ensure that products and services are marketed towards the right target audience.
Advertising cookies	These cookies may be placed by an advertising network with our permission to deliver advertisements relevant to visitors based on the visitors interest. Those cookies remember that you have visited our website and this information may be shared with other organizations, such as advertisers

B.2.4 Categories of other tracking technologies

Other tracking technologies	What do they mean and what are they for?
Embedded Scripts / Web beacons	Is a small graphic image or programming code that may be included in our webpage and is only active while you are connected to the Sites and Features. We may use this to collect information about how you interact with our Sites and features.
Third Party Ad Servers	may deliver ads, offer data collection, reporting, ad response measurement, and analytics services. These entities may set their own cookies, view, or edit them, collecting data on your online activity across various websites. The information gathered includes visited sites, downloaded applications, and other details to facilitate targeted advertising analysis and delivery..
Third party analytics	We might employ third-party analytics service providers to assess and furnish insights into our sites and features. These providers may utilize their tracking technologies on your device, accessing or collecting information about you. The data may be stored and shared by these vendors to facilitate transactions, grant access to sites and features, and for internal review and analysis purposes. * Google Analytics to analyze site traffic. You can find out more information about Google analytics cookies, including information about how to opt-out of Google Analytics relating to your use of our digital services by visiting the relevant Google support page here

B.3. Your Choices

We provide you with the ability to exercise controls and choices regarding your information

Please read below more about those rights under the GDPR

In many instances you can turn off cookies through your web browser (please read your browser manual or help pages for instructions).

Please consider that if you turn-off your cookies, not all features of our website might be available to you

B.3.2 Control your browser

You may be able to disable and manage some cookies through your browser settings. If you use multiple browsers on the same device, you may have to manage your settings for each browser individually.

B.3.3 Analytics Provider Opt-outs

You can use your browser controls as explained above or, for some of our providers (eg: Google), you can use their individual opt-out mechanisms

B.3.4 Third Party Services

Our authorized third-party providers will gather, utilize, and disclose your information solely for the purpose of performing the services they offer to us.

While our site may feature links to our partners, suppliers, advertisers, sponsors, licensors, and other third-party sites, each of these services operates under its own privacy policies. It is advisable to review these privacy policies to comprehend how these providers manage your personal information.

Our third-party advertisers use cookies to track your prior visits to our websites and elsewhere on the Internet in order to serve you targeted ads. For more information about targeted or behavioral advertising, please visit https://www.networkadvertising.org/understanding-online-advertising.

B.3.5 Interest-Based Advertising

You have a number of options to control or limit how our partners and we use cookies and similar technologies, including for advertising.

Click on the ‘Cookie Settings’ link at the bottom of the page to access the Cyara Preference Center.
Although most browsers and devices accept cookies by default, their settings usually allow you to clear or decline cookies. However, disabling cookies may impact the proper functioning of some features within our services.
To prevent your data from being used by Google Analytics, you can install Google’s opt-out browser add-on.
For information on how our advertising partners allow you to opt out of receiving ads based on your web browsing history, please visit http://optout.aboutads.info/.
European users may opt out of receiving targeted advertising through the European Interactive Digital Advertising Alliance.
To opt-out of ads on Facebook, LinkedIn, Twitter, or Google that are targeted to your interests, use your Facebook settings, LinkedIn settings, Twitter settings, and Google Ads settings.
You can also opt-out of tracking by many companies using cookies via the Network Advertising Initiative Consumer Opt-Out.
In case you have any questions about the third-party partners and their cookies policy, you may contact them directly.
Check your mobile device for settings that control ads based on your interactions with the applications on your device.
For example, on your iOS device, enable the “Limit Ad Tracking” setting, and on your Android device, enable the “Opt-out of Ads Personalization” setting.

B.3.6 Cross device tracking

Please use the links mentioned above to get more information about cross-device tracking and how to opt-out.

B.3.7 Email opt-out

If, at any time, you wish to opt-out or “Unsubscribe” from receiving commercial emails related to our sites and services, you may
(a) Use the “Unsubscribe” link at the bottom of our commercial email you have received OR
(b) Email us
Please remember that
(a) even if you opt-out from receiving commercial emails (such as newsletters), Cyara reserves the right to send transactional or relationship communications to you
– If we need to contact you regarding your account status
– Technical support
– Product information
– Changes in Terms and Conditions
– and any other matter that may affect our service to you
(b) certain services can only be provided to you, if information is provided/shared. If you elect not to provide such information or opt-out of having your information shared, you may not be able to receive certain content or/and information.

B.4. Changes to this policy

Cyara reserves the right to make changes to this Privacy Policy from time to time.
Notice may be provided by posting notice of such changes on our website or by other means (ie: Newsletter), consistent with applicable law.

The effective date will be stated at the top and last updated date on the bottom of this Privacy notice.

You should regularly check this page for any changes to the Privacy notice.

B.5. Contact us

Cyara does not require the appointment of a Data Protection Officer (DPO) as stipulated by the General Data Protection Regulation (GDPR) and any relevant data protection laws

While a Data Protection Officer is not mandatory, Cyara is committed to protecting your data and have appointed the following representative as your point of contact :
If you wish to exercise your rights or have any questions about our use of cookies, please contact us at
Email: privacy@cyara.com

Or alternatively by mail
Data Protection Specialist,
Skibbereen,County Cork,
P81 H102

B.6 ENFORCEMENT