PRIVACY POLICY (PLATFORM)

  1. Scope

    1. This 'Cyferd – Privacy Policy (Platform)' (this "Policy") applies to Customers ("you", "your") and describes how Cyferd Ltd ("Cyferd") processes personal data in connection with the Cyferd Product (each as defined below). This Policy is made in connection with the provision by Cyferd of Access to and use of the Cyferd Product and the Services (each as defined below) to its customers (including those whose Access to and use of the Cyferd Product and the Services is/ was procured through a Cyferd Partner (as defined below)) who have an ongoing Professional Agreement or an ongoing Enterprise Agreement (each as defined below) for Access to and use of the Cyferd Product and the Services (in this Policy each a "Customer" and, in respect of each Customer, "each Customer", "the Customer", "the Customer in question" and "that Customer" shall be construed accordingly).
    2. This Policy is supplemental to the MSA (as defined below) and, for each Customer, forms part of the Agreement (as defined below) with that Customer in respect of that Customers Access to and use of the Cyferd Product and the Services.
    3. This Policy is a Cyferd Policy (as defined below).
    4. The Customers acceptance of this Policy is as provided in the MSA (where 'acceptance' is as defined in the definition of 'Cyferd Policies' in the MSA).
    5. In this Policy "MSA" means, in respect of the Customer in question, the master services agreement forming part of the Agreement with that Customer in respect of that Customers Access to and use of the Cyferd Product and the Services (each version of the MSA (https://cyferd.com/cyferdcomm/)).
    6. Terms defined in the MSA (including without limitation "Access", "Agreement", "App", "Apps", "Authorised User", "Commencement Date", "Customer Data", "Cyferd Partner", "Cyferd Policy", "Cyferd Product", "Database Services", "Data Protection Policy", "Enterprise Agreement", "Feature", "Hosting Policy", "Hosting Services", "Order Acceptance", "Professional Agreement", "Protected Data", "Services", "Standard Support Services", "Storage of and Access to Customer Data Policy", "Tenancies", "Tenancy", "Tenancy(ies)", "Update", "Update Notification", "Updates") shall have the same meaning in this Policy unless the context otherwise requires or such term is defined separately in this Policy.
    7. In addition, in this Policy the following words and expressions shall have the following meaning unless the context otherwise requires:
      "Cyferd Perimeter" the boundaries of the Cyferd Product (namely the 'Cyferd platform') within which Cyferd takes responsibility (on the terms and subject to the conditions of the Agreement with each Customer) to provide service to Customers (namely Access to and use of the Cyferd Product and the Services via Tenancy(ies))
      "Data Protection Laws" means as applicable and binding on either party or the Customer in questions Access to and use of the Cyferd Product and the Services: (i) the GDPR; (ii) the Data Protection Act 2018 (being legislation in England and Wales); (iii) any laws which implement or supplement any such laws; and (iv) any laws that replace, extend, re-enact, consolidate or amend any of the foregoing
      "GDPR" means the General Data Protection Regulation, Regulation (EU) 2016/679, as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or of a part of the United Kingdom from time to time)
      "List of Sub-Processors" means the latest version of the list of Sub-Processors used by Cyferd, as amended from time to time by Cyferd, which as at Order Acceptance is available at https://cyferd.com/cyferdcomm/. For each Customer such document is an 'other document issued by Cyferd' for the purpose of the definition of the Agreement in the MSA and forms part of the Agreement for each Customer
      "personal data" as defined in paragraph 5.1
      "processing" has the meaning given to that term in Data Protection Laws (and related terms such as "process", "processes" and "processed" have corresponding meanings)

      "you", "your" (in respect of the applicable Customer) means you as an Authorised User but also includes deemed references to "you and that Customer", "you and/or that Customer" and/or "that Customer on your behalf"
    8. The following terms defined in the Data Protection Policy (https://cyferd.com/cyferdcomm/) (being a Cyferd Policy and as amended by Cyferd from time to time) shall have the same meaning in this Policy: "Controller", "Processor", "Protected Data", "Site Reliability Engineering", "SRE Personnel", "Sub-Processor".
    9. In this Policy:
      1. references to paragraphs are to paragraphs of this Policy;
      2. a reference to this Policy or to any other agreement or document referred to in this Policy is a reference to this Policy or such other agreement or document as amended in accordance with its terms and/or the MSA from time to time;
      3. a reference to an "amendment" includes a novation, re-enactment, restatement, supplement, extension, variation or an amendment (and "amend" and "amended" shall be construed accordingly);
      4. a reference to a "person" includes a natural person, corporate or unincorporated body (in each case whether or not having separate legal personality) and that persons personal representatives, successors and permitted assigns;
      5. unless otherwise provided, a reference to a statute or statutory provision is a reference to it as amended, extended or re-enacted from time to time provided that, as between the parties, no such amendment, extension or re-enactment made after the Commencement Date shall apply for the purposes of this Policy to the extent that it would impose any new or extended obligation, liability or restriction on, or otherwise adversely affect the rights of, any party;
      6. a reference to a statute or statutory provision shall include all subordinate legislation made from time to time under that statute or statutory provision;
      7. any words that follow "include", "includes", "including", "in particular", "for example" or any similar words and expressions shall be construed as illustrative only and shall not limit the sense of any word, phrase, term, definition or description preceding those words;
      8. a reference to "writing" or "written" includes any method of reproducing words in a legible and non-transitory form including email but excluding fax;
      9. where the context permits, "other" and "otherwise" are illustrative and shall not limit the sense of the words preceding them; and
      10. any obligation on a Customer not to do something includes an obligation not to allow that thing to be done; and
      11. references to any English legal or accounting term for any action, remedy, method of judicial proceeding, insolvency proceeding, event of incapacity, legal or accounting document, legal or accounting status, court governmental or administrative authority or agency, accounting body, official or any legal or accounting concept practice or principle or thing shall in respect of any jurisdiction other than England be deemed to include what most approximates in that jurisdiction to the English legal or accounting term concerned.
    10. For you as an Authorised User, notwithstanding paragraph 1.6 above (which still applies) so as to help interpret some of those defined terms as an Authorised User:
      1. you are a prospective Authorised User/ an Authorised User for the person (who is a Customer of Cyferd) who proposes to give/ has given you such Authorised User status. Such Authorised User status relates to your access to and use of the Cyferd Product (via that Customers Tenancy(ies));
      2. that Customer has contracted with Cyferd for Access to and use of its cloud-native 'Platform as a Service' known as 'Cyferd' providing agile 'Digital Transformation' solutions (namely Cyferd Product) and the related hosting services, data base services and standard support services (namely the Services). Such contract being the Agreement relating to that Customer and which includes inter alia, the applicable Order Form(s), the MSA and the Cyferd Policies (including this Policy);
      3. that Customer has one or more tenancy(ies) (as the case may be) enabling that Customer to Access and use the Cyferd Product and the Services (including any application built on and using the Cyferd Product (namely an App) and any particular/ specific feature of the Cyferd Product that is not an App but which is embedded into the Cyferd Product (namely a Feature)) and any other applicable Purchased Items from Cyferd, in accordance with and subject to the terms of the Agreement relating to that Customer (namely the Tenancy(ies)); and
      4. Customer Data (which could include personal data/ your personal data) means any electronic data and information (in any form including data, content, code, video, or other materials) that the Customer or any of its Authorised Users (including you) or the Administrator (being an Authorised User with special permissions and which could be you) submit, upload, transmit or otherwise make available to or through the Cyferd Product (including via any Tenancy, App, Feature or Service).

  2. Last Updated:

    This Policy was last updated on 1 March 2023. For previous versions of this Policy see https://cyferd.com/cyferdcomm/.

  3. Changes to this Policy

    1. For any person who is not a Customer at the time of such posting - Cyferd shall, at its absolute discretion, be entitled to amend this Policy or any part of it by posting an updated version of this Policy at https://cyferd.com/cyferdcomm/ and such updates will be effective upon such posting or, if later, the Last Updated date specified in such updated version of this Policy.
    2. For any person who is a Customer at the time such Update Notification is made - Cyferd may at its absolute discretion make, and notify the Customer of, updated versions of this Policy by notifying the Customer of any such Update(s) by way of Update Notification. Such Update(s) will be effective in respect of the Customer in question in accordance with the applicable provisions of the MSA which relate to Updates. The provisions of the MSA which relate to Updates shall apply in respect of any such Update(s).
    3. If Cyferd makes any amendments to this Policy, it will change the Last Updated date in paragraph 2 above in such updated version of this Policy.
    4. An Update Notification could be sent/ made by Cyferd in respect of this Policy by e-mail (together with a copy of the Update(s) or a link to a copy of the Update(s)) in accordance with the notices provision in the MSA or by adding a statement to Cyferds main website page referencing such Update(s) (together with a copy of the Update(s) or a link to a copy of the Update(s)) or by any other reasonable means which Cyferd elects.

  4. What is the purpose of this Policy?

    1. This Policy provides information on how Cyferd collects and uses your personal data through your use and/or the Customer in questions use of the Cyferd Product and other related interactions (e.g. customer service enquiries, user conferences, etc.) you/ and/or the Customer may have with Cyferd from time to time.
    2. If you do not agree with the terms of this Policy, you are not entitled to benefit from the Customer in questions Access nor are you entitled to use the Cyferd Product.
    3. For the avoidance of doubt, this Policy is to be read in conjunction with the following other Cyferd Policies from time to time:
      1. "Hosting Policy" (https://cyferd.com/cyferdcomm/) (being a Cyferd Policy and as amended by Cyferd from to time) – this applies to the hosting/ delivery of the Cyferd Product (including a Customers Tenancy(ies)) and the provision of the Hosting Services (being one of the Services) by or on behalf of Cyferd.
      2. "Data Protection Policy" - applies to the basis on how Cyferd (as Processor) will process Protected Data for a Customer (as Controller) in connection with Cyferd providing Access to and use of the Cyferd Product and the Services to that Customer pursuant to the Agreement relating to that Customer.
      3. "Storage of and Access to Customer Data Policy" (https://cyferd.com/cyferdcomm/) (being a Cyferd Policy and as amended by Cyferd from to time) - applies to the storage of and access to Customer Data within the Cyferd Perimeter and the provision of the Database Services (being one of the Services) by or on behalf of Cyferd.

      Such Cyferd Policies are referred to below in this Policy.

    4. For the avoidance of doubt, if there are any inconsistencies between this Policy and the Cyferd Policies referenced in paragraphs 4.3.1 to 4.3.3 (inclusive), then the Cyferd Policies in paragraphs 4.3.1 to 4.3.3 (inclusive) shall prevail.
    5. For the avoidance of doubt, this Policy is to be read in conjunction with Cyferds List of Sub-Processors. Cyferds List of Sub-Processors is referred to below in this Policy.
    6. For the avoidance of doubt, if there are any inconsistencies between this Policy and the List of Sub-Processors, then the List of Sub-Processors shall prevail.
    7. The Cyferd Product is a business tool. Each Customer (and you) as Accessing and using the Cyferd Product for the purposes of that Customers business. Access to and use of the Cyferd Product is not intended for any unauthorised purpose.
    8. Access to and use of the Cyferd Product is not intended for any persons who are unauthorised persons. In respect of a Customer, all persons who Access and use the Cyferd Product for and on behalf of that Customer must be Authorised Users of that Customer. We do not knowingly collect and retain data relating to any such unauthorised persons.
    9. Access to and use of the Cyferd Product is not intended for any person(s) under the age of 16 (sixteen)/ children. We do not knowingly collect and retain data relating to any such person(s) under the age of 16 (sixteen)/ children.
    10. Cyferd has an appointed Data Protection Officer ("DPO") who is responsible for overseeing questions in relation to this Policy. Should you have any questions or queries regarding this Policy, including any requests to exercise your legal rights set below, please use the contact details set out at the end of this Policy.

  5. The types of personal data Cyferd may collect about you

    1. In this Policy, "personal data" means any information about an individual from which that person can be identified.
    2. Cyferd may collect, use, store and/or transfer different types of personal data/ data about you which Cyferd has grouped as follows:
      1. "Identity Data" includes, but is not limited to, first name(s), last name(s), entity name(s), any previous name(s), username(s) or similar identifier, marital status (where applicable), title, date of birth and gender;
      2. "Contact Data" includes, but is not limited to, billing address, delivery address, address, email address, and telephone numbers;
      3. "Financial Data" includes, but is not limited to, bank account and payment card details;
      4. "Transaction Data" includes, but is not limited to, details about payments to and from you and other details of products and services you have purchased from Cyferd;
      5. Technical Data includes, but is not limited to, internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, device ID and other technology on the devices you use to access the Cyferd Product;
      6. "Profile Data" includes, but is not limited to, your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses;
      7. "Usage Data" includes, but is not limited to, information about how you interact with and use the Cyferd Product; and
      8. "Marketing and Communications Data " includes, but is not limited to, your preferences in receiving marketing from Cyferd and its third-parties and your communication preferences.
    3. Personal data could be Customer Data. Likewise, Customer Data could be personal data. Not all Customer Data will be personal data. For the avoidance of doubt, some of the data classes referred to in paragraph 5.2 may be Customer Data which is not personal data where it relates solely to the Customer and where that Customer is an entity.
    4. Cyferd also collects, uses and shares aggregated data such as statistical or demographic data which is not personal data as it does not directly (or indirectly) reveal your identity. For example, we may aggregate individuals Usage Data to calculate the percentage of Authorised Users accessing a specific feature of the Cyferd Product in order to analyse general trends in how Authorised Users are interacting with the Cyferd Product to help improve the Cyferd product and the Services.
    5. Subject to paragraph 5.6, Cyferd will not collect any Special Categories of Personal Data about you (meaning and including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data and, criminal convictions and offences).
    6. Cyferd as a Processor - The Customer (for whom you are an Authorised User) may collect personal data and/or Special Categories of Personal Data about you as Customer Data (for example in its HR App). Cyferd as the provider of the Cyferd Product would be a Processor in this regard. All details in the Data Protection Policy in respect of Cyferd acting as a Processor and its Sub-Processors apply in this Policy as if it was set out in this Policy and applied to you and your personal data.

  6. How is your personal data collected?

    7. Cyferd uses different methods to collect data from and about you including through:

    1. Your interactions with Cyferd. You may give Cyferd your personal data by filling in online forms or by corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you give us feedback or contact us.
    2. You using the Cyferd Product (including any Tenancy(ies), App(s) and/or Feature(s)) and the Services. Where such personal data amounts to Customer Data then it should be noted that Cyferd is not (and its staff are not) permitted to access such Customer Data unless authorised by the Customer in question as an Authorised User. Please refer to the "Storage of and Access to Customer Data Policy" for more details in this regard. In this regard Cyferd is a Processor.
    3. The Customer (for whom you are an Authorised User) or on its behalf (from another Authorised User/ Administrator) interacting with Cyferd. That Customer may give Cyferd your personal data by in connection with it becoming a Customer and/or being a Customer.
    4. Automated technologies or interactions. As you interact with the Cyferd Product, we will automatically collect Technical Data about or relating to you. This could include that about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies.
    5. Third-parties or publicly available sources. We could receive personal data about you from various third-parties and public sources. This could include Cyferd Partners.

  7. How will Cyferd use the information it collects about you?

    1. The law requires Cyferd to have a legal basis for collecting and using your personal data. Cyferd relies on one or more of the following legal bases:
      1. "Performance of a contract with you/ the Customer (for whom you are an Authorised User) Contract Performance):" meaning where Cyferd needs to perform the contract it is about to enter into or has entered into with you/ the Customer (for whom you are an Authorised User).
      2. " Legitimate Interests:" meaning Cyferd may use your personal data where it is necessary to conduct its business and pursue its legitimate interests, for example to prevent fraud and enable Cyferd to give you the best and most secure customer/ user experience. Cyferd makes sure it considers and balances any potential impact on you and your rights (both positive and negative) before it processes your personal data for its legitimate interests. Cyferd does not use your personal data for activities where its interests are overridden by the impact on you (unless Cyferd has your consent or is otherwise required or permitted to by law).
      3. "Legal Obligation:" meaning Cyferd may use your personal data where it is necessary for compliance with a legal obligation that Cyferd is subject to. Cyferd will identify the relevant legal obligation when it relies on this legal basis.
      4. "Consent: ">meaning Cyferd relies on consent only where it has obtained your active agreement to use your personal data for a specified purpose, for example if you subscribe to an email newsletter.
    2. Cyferd will use your personal information for a number of purposes including, but not limited to, the following:
      1. To provide the Customer in question (and its Authorised Users (including you)) with Access to and use of the Cyferd Product and to maintain that Access and use (re Contract Performance). This includes the provision by Cyferd of the Hosting Services, the Database Services and the Standard Support Services. This also includes the activities of the Site Reliability Engineering.
      2. To manage our relationship with you which will include:
        1. notifying you about changes to the Agreement (including the MSA, any Cyferd Policy (including this Policy); and/or
        2. to deal with your requests and enquiries (including any complaints),

        3. (re Contract Performance, Legitimate Interests and, where applicable, Legal Obligation).

      3. To administer and protect Cyferds business and the Cyferd Product (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data) (re Contract Performance, Legitimate Interests and, where applicable, Legal Obligation)
      4. To use data analytics to improve our the Cyferd Product and any other of Cyferds products/services, customer relationships and experiences and to measure the effectiveness of our communications and marketing (re Legitimate Interests)
      5. To carry out market research through your voluntary participation in surveys (re Legitimate Interests).
      6. To provide Additional Services to you (re Contract Performance).
      7. To introduce you to a Cyferd Partner for the provision of Additional Services (re Contract Performance and Legitimate Interests).
      8. To use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine whether you are accessing the services from the UK or not, if not, you may be re-directed (re Contract Performance, Legitimate Interests and, where applicable, Legal Obligation).
    3. Where Cyferd proposes using your personal information for any other uses it will ensure that it notifies you first. You will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above.

  8. Disclosures of your personal data

    1. We may share your personal data where necessary with the parties set out below for the purposes set out in paragraph 7: Those parties are/ include:
      1. the Customer (for whom you are an Authorised User)/ other Authorised Users of that Customer;
      2. Cyferds management, employees, workers, contractors and other personnel involved in providing Access to and use of the Cyferd Product and the Services;
      3. Cyferd Partners;
      4. Cyferds Sub-Processors;
      5. the SRE Personnel;
      6. those persons operating Cyferds Standard Support Services from time to time;
      7. other members of Cyferds group of companies;
      8. Cyferds professional advisors (including accounting, legal, tax, regulatory);
      9. Cyferds funders/ investors for reporting purposes (although this is unlikely be at an Authorised User level);
      10. Cyferds shareholders for reporting purposes (although this is unlikely be at an Authorised User level);
      11. providers of third-party products used by Cyferd and/or by the Customer in question in connection with the Cyferd Product (including in connection with any Feature);
      12. persons to whom Cyferd is required by law to disclose the same;
      13. other persons where you have provided consent to Cyferd for such disclosure; and/or
      14. third-parties to whom Cyferd may choose to sell, transfer or merge parts of its business or its assets. Alternatively, Cyferd may seek to acquire other businesses or merge with them. If a change happens to Cyferds business, then the new owners may use your personal data in the same way as set out in this Policy.
    2. Cyferd require all third-parties to respect the security of your personal data and to treat it in accordance with the law. Cyferd does not allow our third-party service providers to use your personal data for their own purposes and only permits them to process your personal data for specified purposes and in accordance with our instructions. Please refer to the Data Protection Policy for further details in this regard.
    3. If Cyferd needs your consent, it will:
      1. explain why it needs to share your personal information;
      2. explain the purpose for which it will be sharing it;
      3. provide you with details of the third-party; and
      4. obtain your explicit consent for such disclosure.
    4. Cyferd require all third-parties to respect the security of your personal data and to treat it in accordance with the law. Cyferd does not allow our third-party service providers to use your personal data for their own purposes and only permits them to process your personal data for specified purposes and in accordance with our instructions. Please refer to the Data Protection Policy for further details in this regard.

  9. International Transfers

    1. All details in the Data Protection Policy in respect of international transfers of personal data apply in this Policy as if it was set out in this Policy and applied to you and your personal data.
    2. In addition, Cyferd shares your personal data within its group of companies. This will involve transferring your data outside the UK to Cyferds overseas offices.
    3. Whenever Cyferd transfers your personal data out of the UK to countries which have laws that do not provide the same level of data protection as the UK law, Cyferd always ensures that a similar degree of protection is afforded to it by ensuring that appropriate safeguards are implemented. Details of the appropriate safeguards are set out in the Data Protection Policy.

  10. Data security

    1. Cyferd has put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, Cyferd limits access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know. They will only process your personal data on Cyferds instructions and they are subject to a duty of confidentiality.
    2. Cyferd has put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where Cyferd is legally required to do so.
    3. Such technical and security measures of Cyferd are reviewed routinely.
    4. Cyferds approach to data security is validated by its internal security audit.
    5. Please also refer to the Hosting Policy and the Security of and Access to Customer Data Policy for further details about Cyferds data security.

  11. Data retention

    1. Cyferd will only retain your personal data for as long as reasonably necessary to fulfil the purposes Cyferd collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. Cyferd may retain your personal data for a longer period in the event of a complaint or if it reasonably believes there is a prospect of litigation in respect to its relationship with you/ the Customer in question.
    2. To determine the appropriate retention period for personal data, Cyferd considers the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which Cyferd processes your personal data and whether Cyferd can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
    3. By law, Cyferd has to keep basic information about its Customers (including Contact, Identity, Financial and Transaction Data) for 6 (six) years after they cease being Customers for tax purposes.
    4. In some circumstances you can ask us to delete your data: see paragraph 12.2.3 for further information.
    5. In some circumstances Cyferd will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case Cyferd may use this information indefinitely without further notice to you.
    6. Cyferd, as brokers of contemporary thought, also has an obligation to record snapshots of history which may include some user generated content. Therefore, some content submitted to, or shared with Cyferd, may be retained for prolonged periods of time or potentially indefinitely in Cyferds archives, which is true of news contributions which are published. There may also be rare instances where Cyferd will share the same with third-parties in the interests of maintaining such archives. Where possible, Cyferd will endeavour to inform you as soon as possible, or let you know at a later date where we are likely to keep such content indefinitely.

  12. Your legal rights

    1. You have a number of rights under Data Protection Laws in relation to your personal data.
    2. You have the right to:
      1. Request access to your personal data (commonly known as a subject access request). This enables you to receive a copy of the personal data Cyferd holds about you and to check that Cyferd is lawfully processing it.
      2. Request correction of the personal data that Cyferd holds about you. This enables you to have any incomplete or inaccurate data Cyferd holds about you corrected, though Cyferd may need to verify the accuracy of the new data you provide to Cyferd.
      3. Request erasure of your personal data in certain circumstances. This enables you to ask Cyferd to delete or remove personal data where there is no good reason for Cyferd continuing to process it. You also have the right to ask Cyferd to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where Cyferd may have processed your information unlawfully or where Cyferd is required to erase your personal data to comply with local law. Note, however, that Cyferd may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
      4. Object to processing of your personal data where Cyferd is relying on a Legitimate Interest (or those of a third-party) as the legal basis for that particular use of your data (including carrying out profiling based on Cyferds Legitimate Interests). In some cases, Cyferd may demonstrate that it has compelling legitimate grounds to process your information which override your right to object.
      5. You also have the absolute right to object any time to the processing of your personal data for direct marketing purposes.
      6. Request the transfer of your personal data to you or to a third-party. Cyferd will provide to you, or a third-party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for Cyferd to use or where Cyferd used the information to perform a contract with you.
      7. Withdraw consent at any time where Cyferd is relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, Cyferd may not be able to provide certain products or services to you. Cyferd will advise you if this is the case at the time you withdraw your consent.
      8. Request restriction of processing of your personal data. This enables you to ask Cyferd to suspend the processing of your personal data in one of the following scenarios:
        1. if you want Cyferd to establish the datas accuracy;
        2. where Cyferds use of the data is unlawful but you do not want Cyferd to erase it;
        3. where you need Cyferd to hold the data even if it no longer requires it as you need it to establish, exercise or defend legal claims; or
        4. you have objected to Cyferds use of your data but Cyferd needs to verify whether it has overriding legitimate grounds to use it.
    3. If you wish to exercise any of the rights set out above, please contact Cyferd (see Contact details at paragraph 16).
    4. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, Cyferd may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, Cyferd could refuse to comply with your request in these circumstances.
    5. Cyferd may need to request specific information from you to help Cyferd confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. Cyferd may also contact you to ask you for further information in relation to your request to speed up its response.

  13. Third-party links

    14. The Cyferd Product may have third-party applications or software that integrate with the Cyferd Product and/or may include links to third-party websites and/or, plug-ins, products, software, services, business and/or applications. Clicking on such links or enabling any such connections may allow third-parties to collect, store, access or share your data. Cyferd does not control these third-party websites, applications or software and are not responsible for their privacy statements or practices.

  14. Changes to your personal data

    15. It is important that the personal data Cyferd holds about you is accurate and current. Please keep Cyferd informed if your personal data changes during your relationship with Cyferd, for example a new address or email address.

  15. Complaints

    16. You have the right to make a complaint at any time to the Information Commissioner's Office ("ICO"), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance and we will try our best to resolve your complaint.

  16. Contact Details

    If you have any questions about this Policy or our privacy practices, please contact our DPO in the following ways: Full name of legal entity:

    1. Full name of legal entity: Cyferd Ltd.
    2. Email address: info@cyferd.com.
    3. Postal address: Part Ground Floor, Regent House, 80 Regent Road, Leicester LE1 7NH.

  17. Failure to comply with/ breach of this Policy by the Customer

    18. If a Customer fails to comply with or otherwise breaches the terms of this Policy then such failure to comply/ breach will be considered to be a material breach by the Customer of the MSA and that Customers Agreement.

  18. Law

    19. The provisions of this Policy shall be governed by the laws of England and Wales.

    [End of Policy]