XM Cyber Ltd., Privacy Policy

Last Revised: July 05, 2022

If you are a California resident, please refer to our Privacy Notice for California Residents.

XM Cyber Ltd., its affiliates and its existing subsidiaries (if any) (“XM  Cyber”, “Company”, ”we” or” us”) respects the privacy of the users of its website at the address www.xmcyber.com (the “User” or “you” and the “Site” respectively) and is committed to protect the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use our Site

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms of Use at www.xmcyber.com/terms-of-use, which this Privacy Policy is incorporated thereto by reference.

In general, we will only collect Personal Information (as defined below) directly from you. The statutory basis for such collection is, in particular, is Regulation 2016/679 – General Data Protection Regulation (“GDPR”).

1. Which information we may collect on our Users?

We may collect two types of data and information from our Users:

  • The first type of information is “Non-personal Information” which is non-identifying and non-identifiable information, without particular reference to the identity of the User from which such information was collected. Non-Personal Information is any unconcealed information that is available to us while Users are using the Site. Non-personal Information, which is being gathered consists of behavioral information, and may contain, among other things, the activity of the User on the Site, the User’s click-stream on the Site, etc.
  • Another type of information is “Personal Information” which is individually identifiable information that identifies an individual, or may with reasonable effort identify an individual, either alone or in combination with other information, or maybe of private or sensitive nature. Personal Information which is being gathered consists of any personal details provided consciously and voluntarily by the User. The Personal Information required from the User while filling in the Contact Forms includes the User’s full name, e-mail address, country, company, job title, and other information a User may opt to provide us voluntarily as detailed below in section 2(b) of this Privacy Policy which may be deemed Personal Information as part of a dedicated message to us; in addition, a subscription to the blog and/or newsletter of XM Cyber requires the User’s email address.
  • For the avoidance of doubt, any Non-Personal Information connected or linked to any Personal Information shall be deemed as Personal Information as long as such connection or linkage exists. Under this Privacy Policy, the term “Information” shall mean both Personal and Non-personal Information.

We do not collect any Personal Information from you or related to you without your approval (OTHER THAN AS OTHERWISE DESCRIBED IN THIS PRIVACY POLICY), which is obtained, inter alia, through your active acceptance of the Terms and the Privacy Policy.

2. How Do We Collect Information on Our Users?

There are two main methods we use:

  • We collect information through your use of the Site. In other words, when you are a User of the Site we are aware of it and may gather, collect and record the information relating to your usage, either independently or through the help of third-party services as detailed below.
  • We collect information which you provide us voluntarily. For example, we collect Personal information which you voluntarily provide when you fill in one of the call-to-action forms (including without limitation, our contact forms), or register for the newsletter or other marketing communications in order to receive updates about XM Cyber’s developments, when you request to book and receive a demo, when you request to receive reports or webinars or other additional documentation related to XM Cyber’s services, when you contact us.. We store the Personal Information either independently or through the help of our authorized third-party service providers as detailed below.

3. What are the LEGAL BASIS AND Purposes of the Collection and Use of Information?

We collect, process, and use your Information for a range of different business purposes according to different legal bases of processing, we may use or process your Personal Information for the following purposes. Please note that a single purpose or multiple purposes may apply concurrently.   

Providing you with the requested services

  • We collect Personal Information to provide you with information via our Site regarding services you contracted to receive or wish to receive. Such collection of information is facilitated to enable us to contact Users for the purpose of providing them with technical assistance, support, handle requests and complaints (and to be able to reply to User online queries) and collect feedback in connection with performance of the Site.
  • We collect Personal Information to allow you to apply for a job at XM Cyber, we will collect the information detailed under section 11 below, to be able to consider your application. 

When you contact us and provide us with Personal Information as part of initiating a contract or within an existing contractual relationship, then Art. 6(1)(b) GDPR constitutes the legal basis for the data processing.

Improvement and development of the Site

  • We collect Personal Information to develop, improve and customize the Site, the experience of other users and the offering available through the Site (including by way of using statistical information and creating aggregated anonymous data).
  • We collect Personal Information for ongoing improvement and review of the information provided via the Site to ensure user satisfaction of our Site. 

We process your Personal Information where Art. 6(1)(f) GDPR constitutes the legal basis for the data processing which arises from the objective of ensuring your level of satisfaction when you use the Site. 

Safeguarding and securing our Site

We may use your information to limit and prevent abusive or fraudulent incidents as well as security incidents, in the following ways:

  • Verification and authentication of your identity to prevent unauthorized or illegal activities;
  • Enhancement of the safety and security of our Site (including by way of conducting risk assessment and security investigation);
  • Preventing or taking action against activities which are, or may be, in breach of our Terms and applicable laws.

We process your Personal Information where Art. 6(1)(f) GDPR constitutes the legal basis for the data processing which arises from the objective of protecting our systems and preventing misuse and fraudulent behavior for each access of our Site.

Adherence to applicable laws

  •  We may use your Personal Data to ensure our compliance with any governmental agencies’ legal requests or court orders, and/or with any applicable law, rule or regulation. 

We process your Personal Information where Art. 6(1)(c) GDPR constitutes the legal basis for the data processes which arises from the objective of compliance with the legal obligations to which we are subject.

 

Advertising, marketing, and personalizing the content available through the Site.

We may use your Personal Data to personalize the content available to you via the Site, and advertise and promote our products and services as follows:

  • To display or send to you marketing and advertising material when you are using the Site, including in accordance with the section titled ‘Direct Marketing’ herein
  • To the extent you have already used the Site in the past, we have a legitimate business interest in matching the data we collect about you with data we have collected in the past.
  • This enables us to better understand your needs and interests, optimize the content sent to you and make it more relevant to your needs.
  • The above also allows us to improve your experience on the Site by providing your with recommendations, features, and personalized content. 

We process your Personal Information where Art. 6(1)(a) GDPR constitutes the legal basis for the data processes which arise from the objective of promoting, marketing and advertising our products and services to you.

We may, also process your Personal Information where Art. 6(1)(f) GDPR constitutes the legal basis for the data processes that arise from the objective of personalizing your experience and customizing our content.

4. Sharing Information with Third Parties

XM Cyber will not share any Personal Information it collects with any third party. Notwithstanding, XM Cyber may disclose Personal Information in the following cases: (a) to satisfy any applicable law, regulation, legal process, subpoena or governmental request; (b) to enforce this Privacy Policy and/or the Terms of Use, including investigation of potential violations thereof; (c) to detect, prevent, or otherwise address fraud, security or technical issues; (d) to respond to User’s support requests; (e) respond to claims that any content available on the Site violates the rights of third-parties; (f) to respond to claims that contact information (e.g. name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment; (g) to protect the rights, property, or personal safety of XM Cyber, its Users, or the general public; (h) when XM Cyber is undergoing any change in control, including by means of merger, acquisition or purchase of all or substantially all of its assets; or (i) to collect, hold and/or manage your Personal Information through XM Cyber’s authorized Third Party Service Providers (as defined below), as reasonable for its business purposes, which may be located in a country that does not have the same data protection laws as your jurisdiction; (j) pursuant to your explicit approval prior to the disclosure; or (k) cooperate with third parties for the purpose of enhancing the User’s experience.

For the avoidance of doubt, XM Cyber may transfer and disclose Non-personal Information to third parties at its own discretion.

5. DATA RETENTION

We retain the Personal Information we collect only for as long as needed in order to provide you with our services and to comply with applicable laws and regulations. We then either delete from our systems or anonymize it without further notice to you.

If you withdraw your consent to us processing your Personal Information, we will delete your Personal Information from our systems (except to the extent such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates).

6. Minors

To use of Site, you must be over the age of sixteen (16). Therefore, XM Cyber does not knowingly collect Personal Information from children under the age of sixteen (16) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of sixteen (16) are not using the Site. 

7. Security

We take great care in implementing and maintaining the security of XM Cyber’s Site and its User’s Personal Information. XM Cyber employs industry-standard procedures and policies to ensure the safety of its Users’ Personal Information, and prevent unauthorized use of any such information.  However, we do not guarantee that unauthorized access will never occur.

8. Third-Party Software/Service

While using the Service we may be using third-party software and/or service for various needs, inter alia, in order to collect and/or process the information detailed herein (the “Third Party Service Provider(s)”). Note that these are independent software and/or service providers and XM Cyber does not take any liability for the information collection policies of these providers, or about any kind of issue, legal or otherwise, relating thereto. Third-Party Service providers include the following:

9. Cookies

When you access or use the Site, the Company may use industry-wide technologies such “cookies” (or similar technologies), which store certain information on your computer (“Local Storage”) and which will allow us to enable automatic activation of certain features, and make your service experience much more convenient and effortless. The cookies used by the Site are created per session, does not include any information about you, other than your session key and are removed as your session ends. It is easy to prohibit the Local Storage. Most browsers will allow you to erase cookies from your computer’s hard drive, block acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.

Cookies and similar technologies used to process usage data are deployed for the following purposes, depending on the categories of the cookies and other technologies: 

  • Necessary – Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
  • Preferences – Using these technologies, allows us to take into account your actual or perceived preferences to enhance the user experience. For example, we can use your settings to display our websites in a language relevant to you. They also mean we can avoid displaying products that may not be available in your region.
  • Statistics – These technologies enable us to tailor the design of our services by producing anonymized statistics about how they are used. For example, we can use them to determine how better to adapt our websites to user habits.
  • Marketing – These enable us to display relevant advertising content based on an analysis of your usage behavior. Your usage behavior can also be tracked over various websites, browsers or devices via a user ID (unique identifier).

The legal basis for using preference, statistics and marketing cookies is your consent given pursuant to Article 6(1)(a) GDPR. The legal basis for using technically necessary cookies and other technologies is Article 6(1)(f) GDPR. Our legitimate interest in this regard is a technically stable and safe operation of the website.

We may also utilize SSO (single sign-on) scripts, which allow you to log in to our Site using sign-in services provided by third parties, such as Facebook or Google. These services authenticate your identity and provide you with the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form.

Learn more about your choices and how to opt-out of tracking technologies please visit our [Cookie Policy Link]   

10. WHERE DO WE STORE USER’S PERSONAL INFORMATION?

Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service prov

Information regarding the Users will be maintained, processed and stored by us and our authorized affiliates and service providers in the United States, Australia and in Israel, and as necessary, in secured cloud storage, provided by our Third Party Service Provider(s).

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

You hereby accept the place of storage and the transfer of information as described above.

iders in the United States, Australia and in Israel, and as necessary, in secured cloud storage, provided by our Third Party Service Provider(s).

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates and our service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

You hereby accept the place of storage and the transfer of information as described above. 

11. JOB CANDIDATES

The Company welcomes all qualified candidates (“Candidates”) to apply to any of the open positions posted on our Site or otherwise (including without limitation – Facebook, LinkedIn) by sending us their contact details and CV (“Candidates Information). We are committed to keep Candidates’ Information private and use it solely for our internal recruitment purposes (including for identifying Candidates, evaluating their applications, making hiring and employment decisions, and contacting Candidates by phone or in writing).

Please note that the Company may retain Candidates Information submitted to it even after the applied position has been filled or closed. This is done so we could re-consider Candidates for other positions and opportunities at the Company; so, we could use their Candidates Information as reference for future applications submitted by them; and in case the Candidate is hired, for additional employment and business purposes related to their work.

If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information.

Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data.

Subject the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.

If you wish to exercise any of these rights, contact us at: [email protected] When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

To find out whether these rights apply to you and on any other privacy-related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

 

12. UPDATING, OBTAINING A COPY OF, OR DELETING YOUR PERSONAL INFORMATION

If the law applicable to you grants you such rights, you may ask to access, correct, or delete your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information.

Subject to the limitations in law, you may request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data.

Subject the limitations in law, you may also be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.

If you wish to exercise any of these rights, contact us at: [email protected] . When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

13. Direct Marketing

You hereby agree that we may use your contact details provided during registration, for the purpose of informing you regarding our products and Site which may interest you, and to send to you other marketing material subject to your explicit consent. You may withdraw your consent via sending a written notice to the Company by email to the following address: [email protected] or by pressing the “Unsubscribe” button in the mail.

14. Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the Site and any information collected therein. XM Cyber reserves the right to change this policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this policy on the homepage of the Site and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided us with. Such substantial changes will take effect seven (7) days after such notice was provided on our Site or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated ”Last Revised” date and your continued use of the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

15. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of Israel, without respect to its criminal law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Tel Aviv, Israel.

This Privacy Policy was written in English, and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

16. Have any Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email to the following address, and we will make an effort to reply within a reasonable timeframe: [email protected]