PRIVACY & POLICY - IM CyberSec

Privacy Policy

We appreciate your interest in our company. Data protection is a top priority for the management of Imagine CyberSec GmbH and Imagine CyberSec SAS. The websites at https://im-cybersec.com/ can generally be used without providing any personal data. If a data subject wishes to use special services via our website, processing of personal data may become necessary. If such processing is required and there is no legal basis for it, we will generally obtain the data subject’s consent.

Scope for two controllers: This privacy policy applies equally to Imagine CyberSec GmbH and Imagine CyberSec SAS. Where the text refers only to “IM CyberSec” or “the controller”, this includes both companies unless expressly stated otherwise. Depending on the processing activity, both companies act as controllers within the meaning of the GDPR. A single point of contact for data subject rights is named below.

The processing of personal data, such as the name, address, email address, or telephone number of a data subject, is always carried out in accordance with the General Data Protection Regulation and the national data protection provisions applicable to Imagine CyberSec GmbH and Imagine CyberSec SAS. With this privacy policy we inform the public about the type, scope, and purpose of the personal data we collect, use, and process. We also explain the rights of data subjects.

As controllers, Imagine CyberSec GmbH and Imagine CyberSec SAS have implemented numerous technical and organizational measures to ensure the most complete protection possible of personal data processed via this website. Nevertheless, internet based data transmissions can have security gaps, so absolute protection cannot be guaranteed. For this reason, any data subject is free to transmit personal data to us by alternative means, for example by telephone.

1. Definitions

The definitions correspond to the General Data Protection Regulation. Our privacy policy should be easy to read and understand for the public as well as for our customers and business partners. To ensure this, we explain the terms used in advance:

a) personal data
b) data subject
c) processing
d) restriction of processing
e) profiling
f) pseudonymization
g) controller
h) processor
i) recipient
j) third party
k) consent

2. Names and addresses of the controllers

Joint controllers within the meaning of Art. 4(7) and Art. 26 GDPR
The following companies are responsible for the processing described in this privacy policy. The two companies have concluded a joint controller arrangement. The central contact point for data subject rights is the email address listed below.

Imagine CyberSec GmbH
Köttinger Weg 122
57537 Wissen
Germany

Imagine CyberSec SAS
60 rue François 1er
75008 Paris
France

Contact:
Tel.: +49 274 26929981
Email: datenschutz@im-cybersec.com
Website: https://im-cybersec.com/

Upon request, we will provide the essential contents of the arrangement pursuant to Article 26 GDPR.

3. Cookies

The websites at https://im-cybersec.com/ use cookies. Cookies are text files that are stored on a computer system via an internet browser. Many cookies contain a cookie ID that uniquely identifies the browser. This makes it possible to recognize browsers and to provide more user friendly services.

You can prevent the setting of cookies at any time by means of a corresponding setting of the internet browser you use, and you can delete cookies that have already been set. If you deactivate the setting of cookies, not all functions of our website may be fully usable.

4. Collection of general data and information

Each time our website is accessed, a series of general data and information is stored in server log files. In particular, the following can be recorded: browser types and versions, the operating system used, the site previously visited, the subpages accessed, the date and time of access, the IP address, the internet service provider, and similar data that serve to avert danger in the event of attacks on our IT systems.

There is no assignment to a specific person. The evaluation is carried out to correctly deliver the content of our website, to optimize our website and advertising, to ensure the long term functionality of our systems, and to provide information to law enforcement authorities in the event of a cyber attack. The anonymous data of the server log files are stored separately from any personal data provided.

5. Registration on our website

Data subjects can register on our website by providing personal data. Which data is collected can be seen from the respective input form. The data is used exclusively for internal purposes and may be transmitted to processors, who also use it only internally.

During registration, the IP address, date, and time are stored. This serves to prevent misuse and, where applicable, to clarify criminal offenses. Registered persons can change or delete their data at any time. We provide information about stored data upon request.

6. Subscription to our newsletter

You can subscribe to a newsletter at https://im-cybersec.com/. A valid email address and registration are required. For legal reasons we use a double opt in confirmation email. We store the IP address, date, and time of registration. The data is used solely for sending our newsletter and is not passed on to third parties. Consent can be revoked at any time, for example via the unsubscribe link in each newsletter.

7. Newsletter tracking

Our newsletters contain tracking pixels. This allows us to statistically evaluate whether and when an email was opened and which links were clicked. This data helps us to optimize future newsletters. The data is not passed on to third parties. Consent can be revoked at any time. Unsubscribing from the newsletter will be considered a revocation.

8. Contact via the website

The website contains information that enables quick electronic contact with us, in particular a general email address. If a data subject contacts us by email or via a contact form, the data transmitted will be stored automatically and used solely to process the inquiry. The data is not passed on to third parties.

Contact:
General inquiries: info@im-cybersec.com
Data protection inquiries: datenschutz@im-cybersec.com

9. Routine erasure and blocking of personal data

Personal data is processed and stored only for the period necessary to achieve the storage purpose or as provided for by law. If the storage purpose no longer applies or a statutory period expires, the data will be routinely blocked or erased.

10. Rights of the data subject

Data subjects have the right to
a) confirmation,
b) access,
c) rectification,
d) erasure,
e) restriction of processing,
f) data portability,
g) object,
h) not be subject to a decision based solely on automated processing including profiling,
i) withdraw consent granted.

To exercise these rights, it is sufficient to send an informal message to datenschutz@im-cybersec.com.

11. Data protection for applications and in the application process

We process the personal data of applicants for the purpose of handling the application process, including electronically. If an employment contract is concluded, the data will be stored for the purpose of handling the employment relationship. If no contract is concluded, we delete the data two months after notification of the rejection decision, provided that no legitimate interests oppose deletion, for example an obligation to provide evidence under the German General Equal Treatment Act.

12. Legal basis of processing

Article 6(1)(a) GDPR serves as the legal basis for processing operations for which we obtain consent. For the performance of a contract or pre contractual measures, Article 6(1)(b) GDPR applies. Legal obligations are based on Article 6(1)(c) GDPR. Vital interests on Article 6(1)(d) GDPR. Processing operations for the purposes of legitimate interests are based on Article 6(1)(f) GDPR. A legitimate interest may exist in particular where the data subject is a customer of the controller.

13. Legitimate interests in processing

If processing is based on Article 6(1)(f) GDPR, our legitimate interest is the conduct of our business for the benefit of the well being of our employees and shareholders.

14. Duration of storage

Statutory retention periods are decisive. After these periods expire, the data will be deleted, provided it is no longer required for the performance or initiation of a contract.

15. Statutory or contractual requirements to provide data

The provision of personal data may be required by law or by contract. In some cases, it may be necessary for a data subject to provide us with personal data in order to conclude a contract. Failure to provide the data would mean that a contract cannot be concluded. Before providing personal data, the data subject can contact us. We will clarify in the individual case whether there is an obligation to provide the data and what the consequences of failure to provide it would be.

16. Existence of automated decision making

As responsible companies, we do not use automated decision making or profiling within the meaning of Article 22 GDPR.