GDPR Compliance

1. Introduction

At cybershack.eu, we are committed to protecting the privacy and data rights of our users in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR). This page outlines how we handle personal data, your rights as a data subject, and our commitments under the regulation.

2. Data Controller

The data controller responsible for processing your personal data is:

3. Data We Collect

We collect the following categories of personal data:

• Account Information: Company name, email address, and password (encrypted)
• AI System Data: Information about AI systems you register for compliance assessment
• Usage Data: How you interact with our platform to improve our services
• Assessment Data: Risk assessment answers and compliance checklists you create

4. Legal Basis for Processing

We process your data based on:

• Contractual necessity (Art. 6(1)(b)): To provide our compliance services to you
• Legitimate interest (Art. 6(1)(f)): To improve our platform and ensure security
• Consent (Art. 6(1)(a)): For marketing communications and cookies

5. Your Rights

Under the GDPR, you have the following rights:

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including encryption, access controls, regular security assessments, and staff training. Our security practices are aligned with industry standards and best practices in cybersecurity.

7. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for the duration of your account. Assessment data is retained to maintain your compliance records. You may request deletion at any time.

8. Contact Us

To exercise any of your GDPR rights or for data protection inquiries, please contact us atinfo@cybershack.eu. We will respond to all requests within 30 days.

You also have the right to lodge a complaint with your local supervisory authority.