Privacy Policy - CybersecureGuard

Controller
Cordula Böck
Hauptstr. 56 a
86825 Bad Wörishofen

Email address: Cordula.A.Boeck@outlook.de

Imprint: https://cybersecureguard.org/imprint/

Overview of Processing
The following overview summarizes the types of data processed and the purposes of their processing, and refers to the data subjects concerned.

Categories of Data Subjects

Service recipients and clients
Interested parties
Communication partners
Users
Business and contractual partners

Purposes of Processing

Relevant Legal Bases
Relevant legal bases under the GDPR: The following provides an overview of the legal bases of the GDPR on which we process personal data. Please note that, in addition to the provisions of the GDPR, national data protection regulations in your or our country of residence or establishment may apply. If, in individual cases, more specific legal bases are relevant, we will inform you of these in the privacy policy.

Consent (Art. 6(1)(a) GDPR) – The data subject has given their consent to the processing of their personal data for one or more specific purposes.
Performance of contract and pre-contractual inquiries (Art. 6(1)(b) GDPR) – Processing is necessary for the performance of a contract to which the data subject is party, or to take steps at the request of the data subject prior to entering into a contract.
Legal obligation (Art. 6(1)(c) GDPR) – Processing is necessary for compliance with a legal obligation to which the controller is subject.
Legitimate interests (Art. 6(1)(f) GDPR) – Processing is necessary for the purposes of the legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data.

National data protection regulations in Germany:
In addition to the GDPR’s data protection regulations, national data protection regulations apply in Germany. In particular, this includes the Federal Data Protection Act (Bundesdatenschutzgesetz – BDSG), which contains special provisions on the right to access, the right to erasure, the right to object, the processing of special categories of personal data, processing for other purposes, transmission, as well as automated individual decision-making including profiling. Additionally, data protection laws of the individual federal states may also apply.

Note on the Applicability of the GDPR and the Swiss DPA: These data protection notices serve to provide information both under the Swiss Federal Act on Data Protection (DPA) and the General Data Protection Regulation (GDPR). For this reason, we kindly ask you to note that due to the broader geographical application and comprehensibility, the terms of the GDPR are used. In particular, instead of the terms “Bearbeitung” (processing) of “Personendaten” (personal data), “überwiegendes Interesse” (overriding interest), and “besonders schützenswerte Personendaten” (sensitive personal data) used in the Swiss DPA, the terms “Verarbeitung” (processing) of “personenbezogene Daten” (personal data), “berechtigtes Interesse” (legitimate interest), and “besondere Kategorien von Daten” (special categories of data) used in the GDPR are applied. However, the legal meaning of the terms is still determined by the Swiss DPA within the scope of its applicability.

Security Measures

In accordance with legal requirements and taking into account the state of the art, implementation costs, the nature, scope, context, and purposes of the processing, as well as the varying likelihoods and severity of risks to the rights and freedoms of natural persons, we take appropriate technical and organizational measures to ensure a level of protection commensurate with the risk.

These measures particularly include ensuring the confidentiality, integrity, and availability of data by controlling physical and electronic access to the data, as well as access, entry, disclosure, ensuring availability, and their separation. Furthermore, we have established procedures that ensure the exercise of data subject rights, the deletion of data, and responses to data breaches. We also consider the protection of personal data from the very beginning of the development or selection of hardware, software, and procedures, in line with the principle of data protection by design and by default.

Securing Online Connections through TLS/SSL Encryption Technology (HTTPS)

To protect user data transmitted via our online services from unauthorized access, we use TLS/SSL encryption technology. Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are the cornerstones of secure data transmission on the internet. These technologies encrypt the information transmitted between the website or app and the user’s browser (or between two servers), thereby protecting the data from unauthorized access. TLS, as the more advanced and secure version of SSL, ensures that all data transmissions comply with the highest security standards. When a website is secured by an SSL/TLS certificate, this is indicated by the display of HTTPS in the URL. This serves as an indicator to users that their data is being transmitted securely and encrypted.

Transmission of Personal Data

In the course of our processing of personal data, it may happen that this data is transmitted to or disclosed to other entities, companies, legally independent organizational units, or individuals. Recipients of this data may include, for example, service providers entrusted with IT tasks or providers of services and content embedded in a website. In such cases, we comply with legal requirements and, in particular, conclude corresponding contracts or agreements with the recipients of your data that serve to protect your data.

International Data Transfers

Data Processing in Third Countries: If we transfer data to a third country (i.e., outside the European Union (EU) or the European Economic Area (EEA)) or if this occurs as part of the use of third-party services or the disclosure or transmission of data to other persons, entities, or companies (which can be recognized by the postal address of the respective provider or if the privacy policy explicitly refers to data transfer to third countries), this is always done in accordance with legal requirements.

For data transfers to the USA, we primarily rely on the Data Privacy Framework (DPF), which was recognized as a secure legal framework by an adequacy decision of the EU Commission on July 10, 2023. In addition, we have concluded standard contractual clauses with the respective providers that comply with the requirements of the EU Commission and establish contractual obligations for the protection of your data.

This dual protection ensures comprehensive protection of your data: the DPF forms the primary level of protection, while the standard contractual clauses serve as an additional safeguard. Should there be changes within the DPF, the standard contractual clauses serve as a reliable fallback option. This is how we ensure that your data remains adequately protected even in the event of any political or legal changes.

For individual service providers, we inform you whether they are certified under the DPF and whether standard contractual clauses are in place. Further information on the DPF and a list of certified companies can be found on the website of the U.S. Department of Commerce at https://www.dataprivacyframework.gov/ (in English).

For data transfers to other third countries, corresponding security measures apply, in particular standard contractual clauses, explicit consent, or legally required transfers. Information on third-country transfers and applicable adequacy decisions can be found in the information provided by the EU Commission.