XM Cyber Ltd., Privacy Policy

Last Revised: July 12, 2023

If you are a California resident, please refer to our Privacy Notice for California Residents.

XM Cyber Ltd., its affiliates, and its existing subsidiaries (if any) (“XM Cyber”, “Company”,” we” or” us”) respect the privacy of the users of its website at the address xmcyber.com (the “User” or “you” and the “Site” respectively) and is committed to protecting the personal information that its Users share with it. We believe that you have a right to know our practices regarding the information we may collect and use when you use our Site.

Capitalized terms which are not defined herein, shall have the meaning ascribed to them in our Terms of Use at xmcyber.com/terms-of-use, which this Privacy Policy is incorporated thereto by reference.

In general, we will only collect Personal Information (as defined below) directly from you. We are further committed to processing Personal Information for lawful purposes as defined in Article 6 of Regulation 2016/679 – General Data Protection Regulation (“GDPR”).

 

1. Which information we may collect on our Users?

We may collect two types of data and information from our Users:

The first type of information is “Non-personal Information” or information that does not relate to an identified or identifiable natural person (in other words, a living human being). Non-personal Information may include aggregated user behavioral information, metadata, aggregated or anonymized system data and other similar types of data that does not relate to an identified or identifiable natural person.

Another type of information is “Personal Information” which is information about an identified or identifiable natural person.  Examples of Personal Information can include names, contact information, government identification numbers, emails, birth dates, and other types of information that meet the GDPR’s definition of personal data (or that of other applicable privacy laws).

Personal Information which is being gathered may include personal details provided consciously and voluntarily by a User or information derived from cookies as discussed below, and, in certain cases, Personal Information obtained from third parties. The Personal Information required from the User while filling in the Contact Forms may include the User’s full name, e-mail address, country, company, job title, and other similar information.

A User may opt to provide us voluntarily as detailed below in section 2 of this Notice.

We typically treat Non-Personal Information connected or linked to any Personal Information shall be as Personal Information as long as such connection or linkage exists, as determined by applicable data privacy laws. Under this Notice, the term “Information” shall mean both Personal and Non-personal Information.

2. How Do We Collect Information on Our Users?

There are two main methods we use:

  • We collect information through Users’ use of the Site based on cookies and other similar mechanisms. This includes information that we gather, collect, and record the information relating to Users’ usage, either independently or through the help of third-party services as detailed below.
  • We also collect information that Users provide us voluntarily.

– For example, we may collect Personal information which you voluntarily provide when you fill in one of the call-to-action forms (including without limitation, our contact forms), or register for the newsletter or other marketing communications in order to receive updates about XM Cyber’s developments, when you request to book and receive a demo, when you request to receive reports or webinars or other additional documentation related to XM Cyber’s services, when you contact us.

We store Personal Information either independently or through the help of our authorized third-party service providers as detailed below.

3. What are the LEGAL BASIS AND Purposes of the Collection and Use of Information?

Providing you with the requested services

We collect Personal Information to provide you with information via our Site regarding services you contracted to receive or wish to receive. Such collection of information is facilitated to enable us to contact Users for the purpose of providing them with technical assistance, support, handling requests and complaints (and to be able to reply to User online queries), and collecting feedback in connection with the performance of the Site.

We collect Personal Information to allow you to apply for a job at XM Cyber, we will collect the information detailed under section 11 below, to be able to consider your application.

When you contact us and provide us with Personal Information as part of initiating a contract or within an existing contractual relationship, we use Art. 6(1)(b) GDPR (performance of a contract) as our legal basis for processing.

Improvement and development of the Site

We collect Personal Information to develop, improve and customize the Site, the experience of other users, and the offering available through the Site (including by way of using statistical information and creating aggregated anonymous data).

We collect Personal Information for ongoing improvement and review of the information provided via the Site to ensure user satisfaction with our Site.

When we process your Personal Information for improvement and development of the Site, we use Art. 6(1)(f) GDPR (legitimate interests) as our legal basis for data processing, based on our objective of ensuring your level of satisfaction when you use the Site.

 

Safeguarding and securing the Site

We may use your information to limit and prevent abusive or fraudulent incidents as well as security incidents, in the following ways:

  • Verification and authentication of your identity to prevent unauthorized or illegal activities;
  • Enhancement of the safety and security of our Site (including by way of conducting risk assessment and security investigation);
  • Preventing or taking action against activities that are or may be in breach of our Terms and applicable laws.

When we process your Personal Information to safeguard and secure the Site, we use Art. 6(1)(f) GDPR (legitimate interests) as our legal basis for the data processing, based on our objective of protecting our systems and preventing misuse and fraudulent behavior for persons accessing our Site.

Adherence to applicable laws

We may use your Personal Data to ensure our compliance with any governmental agencies’ legal requests or court orders, and/or with any applicable law, rule or regulation.

We process your Personal Information, for this reason, using Art. 6(1)(c) GDPR (processing necessary for a legal obligation) as the legal basis for the data processing, based on our objective of compliance with the legal obligations to which we are subject.

Advertising, marketing, and personalizing the content available through the Site

We may use your Personal Information to personalize the content available to you via the Site, and to advertise and promote our products and services. This includes:

Displaying and sending Users marketing and advertising material when they use the Site, including in accordance with our ‘Direct Marketing’ efforts.

To the extent you have already used the Site in the past, we based our processing activity on our legitimate interest, as provided in Art. 6(1)(f) GDPR, in matching the data we collect about you with data we have collected in the past and in providing you with enhanced service offerings.

To the extent that you have not accessed marketing or advertising services in the past, we: (a) clearly explain the nature of those services for purposes of transparency, and (b) provide you with the option to opt-out, as set forth in section 16, below.

Advertising and marketing personalization allows us to better understand your needs and interests, optimize the content sent to you and make it more relevant to your needs.

It also allows us to improve your experience on the Site by providing you with recommendations, features, and personalized content.

When we process your Personal Information for advertising and marketing purposes, we rely on either Art. 6(1)(a) GDPR (consent) as the legal basis for the data processing, which arise from the objective of promoting, marketing and advertising our products and services to you.

We may also process your Personal Information on the basis of Art. 6(1)(f) GDPR (legitimate interests) based on our objective of personalizing your experience and customizing our content.

Additional information on processing justification

Below is a more detailed description of our justifications for processing of Personal Information:

  • Consent: This applies when a data subject has given clear and specific consent for the processing of their Personal Information for one or more specific purposes. Consent must be freely given, informed, and unambiguous. Users must have the ability to withdraw their consent at any time.
  • Contractual Necessity: This applies when we process Personal Information that is necessary for the performance of a contract to which the data subject is a party or for taking steps at the data subject’s request prior to entering into a contract. This basis typically applies when Personal Information is processed to fulfill an agreement with the data subject such as commercial agreement.
  • Legal Obligation: This applies when we process Personal Information that is necessary for our compliance with a legal obligation. This basis is relevant when processing is required to fulfill a legal requirement imposed on us such as answering questions from a regulator.
  • Legitimate Interests: This basis applies when we process Personal Information that is necessary for the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the data subject’s interests or fundamental rights and freedoms. Examples of this basis include processing Personal Information to improve our service offerings, providing technical support, managing User feedback, and replying to User requests and complaints. When relying on legitimate interests, we use our best efforts to verify that the interests or rights of the data subject do not outweigh our legitimate interests.

4. Sharing Information with Third Parties

XM Cyber does not, as a matter of practice, share any Personal Information it collects with third parties (i) other than as legally required, (ii) to our subprocessors who have entered into contractual agreements with us related to their processing activities, (iii) to third-party personnel with a duty of confidentiality, who are either contractually or ethically bound by such duty, or (iv) as set forth below.

Notwithstanding, XM Cyber may disclose Personal Information in the following cases, and to the extent permitted under applicable data protection laws:

  • to satisfy any applicable law, regulation, legal process, subpoena, or governmental request;
  • to enforce this Privacy Policy and/or the Terms of Use, including investigation of potential violations thereof;
  • to detect, prevent, or otherwise address fraud, security, or technical issues;
  • to respond to User’s support requests;
  • to respond to claims that any content available on the Site violates the rights of third parties;
  • to respond to claims that contact information (e.g., name, e-mail address, etc.) of a third-party has been posted or transmitted without their consent or as a form of harassment;
  • to protect the rights, property, or personal safety of XM Cyber, its Users, or the general public;
  • when XM Cyber is undergoing any change in control, including by means of merger, acquisition, or purchase of all or substantially all of its assets;
  • to collect, hold and/or manage your Personal Information through XM Cyber’s authorized Third Party Service Providers (as defined below), as reasonable for its business purposes, which may be located in a country that does not have the same data protection laws as your jurisdiction;
  • pursuant to your explicit approval prior to the disclosure; or
  • cooperate with third parties for the purpose of enhancing the User’s experience.

XM Cyber may transfer and disclose Non-personal Information to third parties at its own discretion, subject to applicable laws and our contractual arrangements.

5. DATA RETENTION

Typically, we retain the Personal Information that we collect only for as long as needed in order to provide Users with our services and to comply with applicable laws and regulations including, for example, applicable European Union data retention laws. We then either use commercially and technically practicable means and technical and organizational measures, to delete such Personal Information from our systems or anonymize it without further notice to you.

If you withdraw your consent to us and cease to allow us to process your Personal Information, we will use commercially and technically practicable means to delete your Personal Information from our systems (except to the extent such data in whole or in part to comply with any applicable law, rule, or regulation and/or response or defend against legal proceedings versus us or our affiliates).

6. Minors

To use our Site, you must be over the age of eighteen (18). XM Cyber does not knowingly collect Personal Information from children under the age of eighteen (18) and does not wish to do so. We reserve the right to request proof of age at any stage so that we can verify that minors under the age of eighteen (18) are not using the Site.

7. Security

We are committed to safeguarding the security of the Site and the Personal Information of our Users. To this end, we implement and maintain industry-standard technical, security, and administrative measures ranging from technical security protocols, policies and procedures, and physical safeguards to protect the confidentiality, integrity, and availability of Users’ Personal Information, and to prevent unauthorized access.

While we strive to ensure the security of personal information, it is important to note that no system or transmission method can guarantee complete security. Despite our best efforts, unauthorized access or breaches may still occur. However, in the event of any such incident, we have implemented incident response procedures to mitigate the impact and notify relevant authorities as required by applicable data protection laws.

We also monitor and review our security practices to verify our level of data protection. We encourage our users to promptly report any security concerns or suspicious activities to us so that we can investigate and take appropriate action.

Protecting the privacy and security of our users’ personal information is of utmost importance to us, and we remain dedicated to fulfilling our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection laws.

8. Third-Party Software/Service

We use third-party software and/or service for various needs including, for example to collect and/or process Personal Information and improve our service offerings (the “Third-Party Service Provider(s)”).

These Third-Party Service Providers are carefully chosen based on our understanding of their commitment to data protection and privacy and are contractually obligated to process your information only as instructed and in line with relevant data protection laws.

We also assess the privacy practices of these providers to verify compliance with our standards.

However, while we take every precaution, no data transmission or storage method can guarantee absolute security. And, other than as required by law or by our contractual obligations, we do not assume any liability for their acts, omissions, or privacy and security practices.

Third-Party Service providers, together with their privacy policies, include the following:

  • HubSpot: https://legal.hubspot.com/privacy-policy
  • Google Analytics: http://www.google.com/intl/en/analytics/privacyoverview.html
  • Comeet: https://help.comeet.com/en/articles/5470454-privacy-notice-for-platform-users
  • Treandemon: https://trendemon.com/privacy.html?v=2023
  • Easy Webinar: https://easywebinar.com/privacy/
  • TechTarget: https://www.techtarget.com/privacy-policy/
  • Foundry: https://www.foundry.com/privacy-notice
  • LinkedIn: https://www.linkedin.com/legal/privacy-policy
  • BrightTALK: https://www.brighttalk.com/business/company/privacy-policy

9. Cookies

When you access or use the Site, the Company may use industry-wide technologies such “cookies” (or similar technologies), which store certain information on your computer (“Local Storage”), and which will allow us to enable automatic activation of certain features and make your service experience much more convenient and effortless. Most browsers will allow you to erase cookies from your computer’s hard drive, block the acceptance of cookies, or receive a warning before a cookie is stored. However, if you block or erase cookies your online experience may be limited.

Cookies and similar technologies used to process usage data are deployed for the following purposes, depending on the categories of the cookies and other technologies:

  • Strictly Necessary Cookies: These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you that amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
  • Functional Cookies: These cookies enable the website to provide enhanced functionality and personalization. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, then some or all of these services may not function properly.
  • Performance Cookies: These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.
  • Targeting Cookies: These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

 

A list of the cookies that we use that fall into each of the above categories is located in our Cookie Policy.

Our legal basis for using preference, statistics and marketing cookies is your consent given pursuant to Article 6(1)(a) GDPR (consent). The legal basis for using technically necessary cookies and other technologies is Article 6(1)(f) GDPR (legitimate interest). Our legitimate interests in this regard are to promote the technically stable and safe operation of the Site and to enable us to provide better services to our Users.

You may choose to disable cookies using the following links:

Google Chrome

Internet Explorer

Firefox

Safari

Safari Mobile

Opera

If you wish to opt out of interest-based advertising, click <http://preferences-mgr.truste.com/>. If you are located in the European Union, click <http://www.youronlinechoices.eu/>.

SSO Scripts

We may also utilize SSO (single sign-on) scripts, which allow you to log in to our Site using sign-in services provided by third parties, such as Facebook or Google. These services authenticate your identity and provide you with the option to share certain personal information with us such as your name and email address to pre-populate our sign-up form.

Do Not Track/Privacy Mode

Do Not Track/Privacy Mode is a function that allows users to opt out from being tracked by websites for any purpose including the use of analytics services, advertising networks and social platforms. If you have enabled the “do not track” function in your browser, you will not be tracked. This is in addition to you opting out of the aggregation and analysis of data for the website and app statistics.

10. WHERE DO WE STORE USER’S PERSONAL INFORMATION?

Information regarding Users is generally maintained, processed and stored by us and our authorized affiliates and service providers.

Information regarding the Users may be maintained, processed and stored by us and our authorized affiliates and service providers in the United States (if permitted), European Union, Australia and in Israel, and as necessary, in secured cloud storage, provided by our Third-Party Service Provider(s).

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates, and our service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

Providers in the United States (if permitted) European Union, Australia and in Israel, and as necessary, in secured cloud storage, provided by our Third-Party Service Provider(s).

To the extent required by applicable privacy laws and our commercial agreements, we will comply with legally required data transfer mechanisms.

While the data protection laws in the above jurisdictions may be different than the laws of your residence or location, please know that we, our affiliates, and our service providers that store or process your Personal Information on our behalf are each committed to keep it protected and secured, pursuant to this Privacy Policy and industry standards, regardless of any lesser legal requirements that may apply in their jurisdiction.

 

11. JOB CANDIDATES

We welcome candidates (“Candidates”) to apply to any of the open positions posted on our Site or otherwise (including without limitation – Facebook, LinkedIn) by sending us their contact details and CV (“Candidates Information).

We are committed to keep Candidates’ Information private and use it solely for our internal recruitment purposes (including for identifying Candidates, evaluating their applications, making hiring and employment decisions, and contacting Candidates by phone or in writing).

Please note that the Company may retain Candidates Information submitted to it even after the applied position has been filled or closed. This is done so that we could re-consider Candidates for other positions and opportunities at the Company, so, we can use their Candidates Information as reference for future applications submitted by them; and in case the Candidate is hired, for additional employment and business purposes related to their work. However, we do recognize that this information is considered to be Personal Information and that data subjects may have certain rights with respect to such data including the right to be forgotten or the right to correct their Personal Information.

If the law applicable to you grants you such rights (for example, if you are a data subject protected by the GDPR), you may ask to access, correct, or delete your Personal Information that is stored in our systems. You may also ask for our confirmation as to whether or not we process your Personal Information.

Subject to the limitations in applicable privacy laws, you may:

  • Request that we update, correct, or delete inaccurate or outdated information. You may also request that we suspend the use of any Personal Information whose accuracy you contest while we verify the status of that data.
  • Be entitled to obtain the Personal Information you directly provided us (excluding data we obtained from other sources) in a structured, commonly used, and machine-readable format and may have the right to transmit such data to another party.

If you wish to exercise any of these rights, contact us at: [email protected]. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

To find out whether these rights apply to you and on any other privacy-related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

12. UPDATING, OBTAINING A COPY OF, OR DELETING YOUR PERSONAL INFORMATION

Certain persons may have additional Personal Information rights. For example, data subjects whose Personal Information is protected by the GDPR have the:

  • Right to be informed – the right to obtain information about their Personal Information, how that data will be Processed and its Processing purposes before it is collected.
  • Right of access – the right to request access to their Personal Information and to obtain further information from a Controller regarding:

– the Processing purpose(s) and categories of Personal Information Processed;

– third party access to their Personal Information, including recipients in third countries;

– the data source, if the Data Subject did not provide their Personal Information directly to the Controller; and

– the predicted period for which the Data Subject’s Personal Information will be stored, or, if not possible, the criteria used by the Controller to determine that period.

Data Subjects may also request a copy of the Personal Information undergoing Processing.

  • Right of erasure – the right to request that a Controller erase their Personal Information in both hard copy and electronic format when the Controller does not have a legitimate reason for retaining that data. When we Process Personal Information while acting as a Controller, we will use all reasonable efforts to delete or destroy the Personal Information that we deem not to be held by us for a legitimate purpose.
  • Right of rectification – the right to require their Personal Information to be up to date and accurate. A Controller who receives a request from a Data Subject must verify whether the Data Subject’s Personal Information is up to date and accurate, and if not, must make the requested corrections.
  • Right to restrict Processing – When a Data Subject contests the accuracy of his or her Personal Information, objects to its Processing or claims that the Processing of such Personal Information is unlawful, or during the period in which a complaint regarding his or her Personal Information is being investigated, the Data Subject has the right to restrict the Processing of that data.
  • Right to object to Processing – Data Subjects may object to a Controller’s Processing of Personal Information based on a claim of Controller legitimate interest unless the Controller’s reasons for Processing outweigh any prejudice to the Data Subject’s data privacy rights; and
  • Right to data portability/automated decision-making – Data Subjects may obtain and reuse their own Personal Information for their own purposes across different services in a structured and machine-readable format. This right applies to Personal Information that is Processed based on either individual Consent or pursuant to a contract and by automated means.

If you wish to exercise any of these rights, contact us at: [email protected]. When handling these requests, we may ask for additional information to confirm your identity and your request. Please note, upon request to delete your Personal Information, we may retain such data in whole or in part to comply with any applicable rule or regulation and/or response or defend against legal proceedings versus us or our affiliates.

To find out whether these rights apply to you and on any other privacy related matter, you can contact your local data protection authority if you have concerns regarding your rights under local law.

13. Direct Marketing

We may use your contact details provided during registration, for the purpose of informing you regarding our products and Site which may interest you, and to send to you other marketing material subject to your explicit consent. Please note that you may withdraw your consent via sending a written notice to the Company by email to the following address: [email protected] or by pressing the “Unsubscribe” button in the mail.

14. Changes to the Privacy Policy

The terms of this Privacy Policy will govern the use of the Site and any information collected therein. XM Cyber reserves the right to change this policy at any time, so please re-visit this page frequently. We will provide notice of substantial changes of this policy on the homepage of the Site and/or we will send you an e-mail regarding such changes to the e-mail address that you may have provided us with. Such substantial changes will take effect seven (7) days after such notice was provided on our Site or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated ”Last Revised” date and your continued use of the Site after the Last Revised date will constitute acceptance of, and agreement to be bound by, those changes.

15. GENERAL INFORMATION

This Privacy Policy, its interpretation, and any claims and disputes related hereto, shall be governed by the laws of the State of Israel, without respect to its criminal law principles. Any and all such claims and disputes shall be brought in, and you hereby consent to them being litigated in and decided exclusively by a court of competent jurisdiction located in Tel Aviv, Israel.

This Privacy Policy was written in English and may be translated into other languages for your convenience. If a translated (non-English) version of this Privacy Policy conflicts in any way with the English version, the provisions of the English version shall prevail.

16. Have any Questions?

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email to the following address, and we will try to reply within a reasonable timeframe:

Dan Anconina, CISO

7 Sapir St., Herzliya, Israel 4685211

+972-3-978-6668

[email protected]

In addition, if you are a resident of the EEA or the UK, you may contact our GDPR registered agent at

Rickert

Rechtsanwaltsgesellschaft m.b.H

Colmantstraße 15

53115 Bonn, Germany

Phone: +49 (0) 228 – 74 89 80

Fax: +49 (0) 228 – 74 89 86 6

E-Mail: [email protected]