Legal notice & GDPR policy.

Definitions

Client: any business or individual with legal capacity within the meaning of Articles 1123 and following of the French Civil Code, or any legal entity, who visits the website covered by these general terms and conditions.

Services and offerings: cyna.security makes available to clients a set of content, services and features described on the website.

Content: all items constituting the information presented on the website, including text, images and videos.

Client information: hereinafter referred to as "Information", meaning all personal data that may be held by cyna.security for the purposes of managing your account, the client relationship, and for analytics and statistical purposes.

User: any internet user who connects to and uses the above-named website.

Personal information: "information that allows, in any form whatsoever, directly or indirectly, the identification of the natural persons to whom it applies" (Article 4 of the French Data Protection Act, Loi Informatique et Libertés, n° 78-17 of 6 January 1978).

The terms "personal data", "data subject", "processor" and "sensitive data" have the meaning defined by the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and by the UK GDPR (the retained EU law version applicable in the United Kingdom).

1. Editor and publisher of the website

Pursuant to Article 6 of the French Confidence in the Digital Economy Act (LCEN), Loi n° 2004-575 of 21 June 2004, users of the cyna.security website are informed of the identity of the parties involved in its creation and operation.

Publisher

Cyna-IT SAS, share capital of €12,000. VAT number: FR20913711032. Registered office: 10 rue de Penthièvre, 75008 Paris, France.

Publication director

Alexandre Elbaz, contactable at [email protected].

Hosting provider

OVH, 2 rue Kellermann, 59100 Roubaix, France.

Data Protection Officer

Sami Messaoudi, contactable at [email protected].

2. Terms of use of the website and services offered

The website is a work of the mind protected by the provisions of the French Intellectual Property Code and applicable international regulations. The client may not, in any way, reuse, transfer or exploit on its own behalf all or part of the elements or works contained on the website.

Use of the cyna.security website implies full and unreserved acceptance of the terms of use set out below. These terms may be amended or supplemented at any time; users are therefore invited to review them regularly.

The website is normally accessible to users at all times. Cyna may, however, decide to interrupt access for technical maintenance reasons, in which case it will endeavour to notify users in advance of the dates and times of the intervention. The website is updated regularly by Cyna. Likewise, this legal notice may be amended at any time; it nevertheless applies to the user, who is invited to refer to it as often as possible.

3. Description of services provided

The purpose of the cyna.security website is to provide information about all the activities of the company. Cyna endeavours to provide information on the website that is as accurate as possible. However, Cyna cannot be held liable for omissions, inaccuracies or shortcomings in the updating of information, whether on its own part or on the part of third-party partners who supply such information.

All information shown on the website is given for guidance only and is liable to change. Furthermore, the information provided on the website is not exhaustive; it is given subject to any modifications made since being put online.

4. Contractual limitations on technical data

The website uses JavaScript technology. The website cannot be held liable for any material damage linked to its use. In addition, the user undertakes to access the website using up-to-date equipment, free of viruses, and with an up-to-date modern browser. The cyna.security website is hosted by a provider located within the European Union, in accordance with the provisions of the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and the UK GDPR where applicable.

The objective is to deliver a service that ensures the best possible availability. The hosting provider ensures continuity of service 24 hours a day, every day of the year. It nevertheless reserves the right to interrupt the hosting service for the shortest possible periods, in particular for maintenance, infrastructure improvements, in the event of an infrastructure failure, or where the services generate traffic deemed abnormal.

Cyna and the hosting provider cannot be held liable in the event of a malfunction of the internet network, telephone lines, or computer and telephony equipment, in particular in the event of network congestion preventing access to the server.

5. Intellectual property and infringement

Cyna owns the intellectual property rights and holds the rights of use in respect of all items accessible on the website, including text, images, graphics, logos, videos, icons and sounds. Any reproduction, representation, modification, publication or adaptation of all or part of the items on the website, by any means and in any form whatsoever, is prohibited without the prior written authorisation of Cyna.

Any unauthorised use of the website or of any of the items it contains will be considered to constitute infringement and will be prosecuted in accordance with the provisions of Articles L.335-2 and following of the French Intellectual Property Code, and any equivalent provisions of UK law where applicable.

6. Limitations of liability

Cyna acts as the publisher of the website. Cyna is responsible for the quality and accuracy of the content it publishes.

Cyna cannot be held liable for direct or indirect damage caused to the user's equipment when accessing the cyna.security website, resulting either from the use of equipment that does not meet the specifications referred to in section 4, or from the appearance of a bug or incompatibility.

Cyna may also not be held liable for any indirect damage (such as loss of business or loss of opportunity) arising from use of the cyna.security website. Interactive areas (the ability to ask questions through the contact section) are made available to users. Cyna reserves the right to remove, without prior notice, any content posted in this area that breaches applicable law, in particular the provisions relating to data protection. Where appropriate, Cyna also reserves the right to pursue the civil or criminal liability of the user, in particular in the event of messages of a racist, abusive, defamatory or pornographic nature, in any format whatsoever (text, photograph, etc.).

7. Processing of personal data

The client is informed of the regulations applicable to marketing communications: the French Confidence in the Digital Economy Act of 21 June 2004, the French Data Protection Act (Loi Informatique et Libertés) of 6 January 1978 as amended, the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and, for users based in the United Kingdom, the UK GDPR and the Data Protection Act 2018.

7.1 Controllers of personal data

For the personal data collected when a user creates a personal account and browses the website, the data controller is Cyna-IT, represented by Nathan Bramli, its legal representative.

As controller of the data it collects, Cyna undertakes to comply with the applicable legal framework. In particular, it is responsible for establishing the purposes of its data processing activities, for providing prospects and clients with full information on the processing of their personal data on the basis of their consent, and for maintaining an accurate record of processing activities. Whenever Cyna processes personal data, it takes all reasonable steps to ensure that the personal data is accurate and relevant for the purposes for which it is processed.

7.2 Purposes of the data collected

Cyna may process all or part of the data collected for the following purposes:

• Enable navigation on the website and the management and traceability of the services ordered by the user: connection and usage data, invoicing, order history, etc.
• Prevent and combat computer fraud (spamming, hacking, etc.): equipment used for navigation, IP address, password.
• Improve navigation on the website: connection and usage data, and conduct optional satisfaction surveys: email address.
• Carry out communication campaigns (SMS, email): phone number, email address.

Cyna does not sell your personal data; it is used only where necessary or for statistical and analytical purposes.

7.3 Right of access, rectification and objection

In accordance with applicable European and UK regulations, users of cyna.security have the following rights:

• Right of access (Article 15 GDPR) and rectification (Article 16 GDPR), updating and completion of data.
• Right to restriction or erasure of personal data (Article 17 GDPR), where it is inaccurate, incomplete, ambiguous or out of date, or where collection, use, disclosure or retention is prohibited.
• Right to withdraw consent at any time (Article 13(2)(c) GDPR).
• Right to restriction of processing (Article 18 GDPR).
• Right to object to processing (Article 21 GDPR).
• Right to data portability of the data users have provided, where such data is subject to automated processing based on consent or a contract (Article 20 GDPR).
• Right to set out instructions regarding the fate of their data after death, and to choose to whom Cyna should (or should not) disclose such data, by designating a third party in advance.

As soon as Cyna becomes aware of a user's death, and in the absence of instructions from the user, Cyna undertakes to destroy the data, unless its retention is necessary for evidential purposes or to comply with a legal obligation.

If a user wishes to know how Cyna uses their personal data, request rectification or object to processing, they may contact Cyna in writing at the following address: [email protected].

In such cases, the user must specify the personal data they would like Cyna to correct, update or delete, identifying themselves precisely with a copy of an identity document (identity card or passport).

Requests to delete personal data will be subject to the obligations imposed on Cyna by law, in particular regarding the retention or archiving of documents. Finally, users of cyna.security may lodge a complaint with the supervisory authorities, in particular the French CNIL (www.cnil.fr/en/plaintes) and, in the United Kingdom, the Information Commissioner's Office (ICO, ico.org.uk).

7.4 Non-disclosure of personal data

Cyna undertakes not to process, host or transfer the information collected on its clients to a country located outside the European Union, or recognised as "not adequate" by the European Commission, without first informing the client. Transfers to the United Kingdom benefit from the European Commission's adequacy decision of 28 June 2021. Cyna nevertheless remains free to choose its technical and commercial subcontractors, provided they offer sufficient guarantees with regard to the requirements of the General Data Protection Regulation (GDPR), Regulation (EU) 2016/679, and the UK GDPR.

Cyna undertakes to take all necessary precautions to safeguard the security of information, in particular to ensure that it is not disclosed to unauthorised persons. However, should an incident affecting the integrity or confidentiality of the client's information come to Cyna's attention, Cyna will inform the client as soon as possible and communicate the corrective measures taken. Cyna does not collect any "sensitive data".

The user's personal data may be processed by Cyna's subsidiaries and by subcontractors (service providers), solely to carry out the purposes set out in this policy.

Within the limits of their respective duties, and for the purposes set out above, the persons most likely to have access to the data of cyna.security users are the agents of our client service team.

8. Incident notification

No matter how much effort is made, no method of transmission over the internet and no method of electronic storage is completely secure. As a result, we cannot guarantee absolute security. Should we become aware of a security breach, we will notify the affected users so they can take appropriate steps. Our incident notification procedures take account of our legal obligations at both national and European level, and, where applicable, under UK law. We undertake to keep our clients fully informed of all matters relating to the security of their account and to provide them with all the information they need to comply with their own regulatory reporting obligations.

No personal information of cyna.security users is published without their knowledge, exchanged, transferred, assigned or sold on any medium to third parties. Only in the event of the sale of Cyna and its rights would such information be transferred to the prospective buyer, who would in turn be subject to the same obligation to retain and amend data in respect of the cyna.security user.

Security

To ensure the security and confidentiality of personal data and personal health data, Cyna uses networks protected by standard measures such as firewalls, pseudonymisation, encryption and passwords.

When processing personal data, Cyna takes all reasonable steps to protect it against loss, misuse, unauthorised access, disclosure, alteration or destruction.

9. Hyperlinks, cookies and web beacons

The cyna.security website contains a number of hyperlinks to other websites, set up with Cyna's authorisation. However, Cyna is not able to check the content of the sites thus visited and will accept no liability in this regard.

Unless you choose to disable cookies, you accept that the website may use them. You may disable these cookies at any time, free of charge, using the options described below, bearing in mind that doing so may reduce or prevent access to all or part of the services offered by the website.

9.1 Cookies

A "cookie" is a small information file sent to the user's browser and stored on the user's device (for example a computer or a smartphone) (hereinafter "cookies"). This file contains information such as the user's domain name, the user's internet service provider, the user's operating system and the date and time of access. Cookies do not pose any risk of damage to the user's device.

Cyna may process information about the user's visit to the website, such as pages viewed or searches performed. This information allows Cyna to improve the website's content and the user's navigation.

As cookies facilitate navigation and the delivery of services offered by the website, the user may configure their browser to decide whether or not to accept them, so that cookies are stored on the device or, on the contrary, rejected, either systematically or based on the issuer. The user may also configure their browser so that the acceptance or refusal of cookies is offered on a case-by-case basis, before a cookie may be stored on the device. Cyna informs the user that, in this case, not all of the browser's features may be available.

If the user refuses to allow cookies to be stored on the device or browser, or deletes those that are already stored, the user is informed that navigation and experience on the website may be limited. The same may apply where Cyna or one of its providers cannot recognise, for technical compatibility purposes, the type of browser used by the device, language and display settings, or the country from which the device appears to be connected to the internet.

Where appropriate, Cyna disclaims all liability for the consequences linked to the degraded operation of the website and the services offered by Cyna, resulting from (i) the user's refusal of cookies or (ii) Cyna's inability to record or consult the cookies required for their operation as a result of the user's choice. The configuration of each browser is different. It is described in the browser's help menu, which will explain how the user can change their cookie preferences.

The user may, at any time, choose to express and modify their cookie preferences. Cyna may also call on external providers to help collect and process the information described in this section.

Finally, by clicking on the icons for the social networks (LinkedIn, X, Facebook) shown on the Cyna website, if the user has accepted the placing of cookies by continuing to browse the website, these networks may also place cookies on their devices (computer, tablet, mobile phone).

These types of cookies are only placed on the user's devices subject to the user's consent, given by continuing to browse the Cyna website. The user may, however, withdraw consent to Cyna placing this type of cookie at any time.

9.2 Web beacons

Cyna may occasionally use web beacons (also known as "tags", action tags, single-pixel GIFs, transparent GIFs, invisible GIFs or one-to-one GIFs) and deploy them through a specialist web analytics partner, which may be located (and may therefore store the corresponding information, including the user's IP address) in a foreign country.

These beacons are placed both in online advertisements that allow internet users to access the website, and on its various pages.

This technology allows Cyna to assess visitor responses to the website and the effectiveness of its activities (for example, the number of times a page is opened and the information consulted), as well as the user's use of the website.

The external provider may collect information about visitors to the website and other websites by means of these beacons, prepare reports on website activity for Cyna, and provide other services relating to use of the website and the internet.

10. Governing law and jurisdiction

Any dispute relating to use of the cyna.security website is subject to French law. Save where the law does not permit, exclusive jurisdiction is granted to the competent courts of Paris.