Cookie Policy

1. Introduction

Cookies are text files containing small amounts of information which are downloaded to your device when you visit a website. Software on your device, for example a web browser, stores the cookies and sends them back to a website next time you visit. Cookies allow websites to recognise your device and preferences and provide information to CYJAX which can be used to improve your online experience.

For more details about cookies and details of how to delete and disable them, you can visit www.aboutcookies.org. Also see our section on more information and turning cookies off below.

1.1. How cookies are used by CYJAX

CYJAX uses both session and persistent cookies to enhance user experience to enable you to make enquiries through forms and live chat and collect information about your visit to our website based on your browsing activity. We also sometimes embed photos, videos, maps, and social media content from websites such as Google, Twitter, Facebook, LinkedIn, and YouTube. As a result, when visiting this embedded content, cookie information and permissions for these sites may be presented to you.

Cookies are used to improve services for you. For example by:

  • Enabling a service to recognise your device so you do not have to give the same information several times during one task
  • Measuring how many people are using services to make them easier to use and to ensure there is enough capacity for them to function quickly
  • Analysing data to help us understand how you use our services so we can improve them.

CYJAX uses the following types of cookies:

  • Necessary
  • Functional
  • Advertisement
  • Analytic

Session cookies usually store a Session ID that is not personally identifiable to users, allowing you to move from page to page without having to log in repeatedly.

Session cookies are only valid during your browsing session and expire when the browser is closed.

1.2. Website

The type of information gathered relates to the amount of time spent on the website and the pages visited. Any personal information CYJAX collects through cookies will be at your personal instigation by requesting further information, a demonstration, a quote or through the chat function.

When you view our website for the first time from a new device, you will see the following message pop up: “We value your privacy. We use cookies to enhance your browsing experience, serve content and anlayse our traffic. By Clicking “Accept All”, you consent to our use of cookies”

Necessary

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

CookieDurationDescription
__hssrcsessionThis cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookieyes-consent1 yearCookieYes sets this cookie to remember users' consent preferences so that their preferences are respected on their subsequent visits to this site. It does not collect or store any personal information of the site visitors.
hs-messages-is-open30 minutes

This cookie is used on the visitor UI side so HubSpot can determine/save whether the chat widget is open for future visits. It resets after 30 minutes to re-close the widget after 30 minutes of inactivity. It contains a Boolean value of True if present.

hs-messages-hide-welcome-message1 day

When you dismiss the welcome message in your messages tool, a cookie is set to prevent it from appearing again for one day. It contains a Boolean value of True or False.

csrf.appsession

Cross Site Request Forgery prevention

hubspotapi_csrf1 year

This is used for Cross Site Request Forgery prevention - preventing third party websites from accessing your data

content_cookie1 month

This cookie is set when you access any gated content on our website.

cf_clearance30 minutes

This cookie is used to present the visitor with a challenge with the aim to filter out bots and potential malicious users.

*We collect open-source information published on the internet and darknet in order to supply our clients with threat intelligence services. As part of this we may capture any information relating to individuals which has been made publicly available. However, we do not specifically target the collection of information relating to members of the public. The processing of this information enables our clients to be:

  • aware of vulnerabilities or exploits targeting them, ensuring they keep their networks secure
  • aware of data breaches either directly impacting them or third parties
  • protecting their critical assets
  • preventing PII-enabled attacks against them or their customers
  • aware of exposure of employee, or customer information
  • aware of direct threats to them or third parties

Due to the volume of data CYJAX is collecting for this purpose, we rely on exemptions in Articles 14 a) and b) of the General Data Protection Regulation (GDPR) as it cannot feasibly be verified whether individuals are already aware that their personal data has been exposed, and it would involve a disproportionate effort to notify them and ask their consent for storing this data. CYJAX’s processing of this data does minimise the threat to them and potentially mitigate against PII-related attacks that could be carried out against them.

http://www.privacy-regulation.eu/en/article-14-information-to-be-provided-where-personal-data-have-not-been-obtained-from-the-data-subject-GDPR.htm

3.1 If our business is sold

We will share your information with the purchaser of our business and your personal information will be shared for this purpose. In this instance, we have a legitimate interest to ensure that our business can continue for the buyer. If you object to the use of your personal information in this way, the buyer will not be able to provide the services you have subscribed to. In some circumstances we will need to share your personal information if we are under a legal obligation to do so.

4. Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements. When your data is no longer needed, we will securely delete or anonymise it

5. Security

CYJAX is dedicated to ensuring that all information is protected against unauthorised access, processed appropriately, and held securely in accordance with the UK  and EU General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Our ISMS (information security management system) is certified to ISO/IEC 27001, demonstrating that we have the appropriate Framework in place to ensure that all our information assets and networks are secure.

All data is encrypted both in transit, end-to-end and at rest using AES-258.

6. Storage

We will make every practical effort to store and process your information in the country in which it was submitted. However, some of our third-party suppliers may be based outside the UK and European Economic Area (EEA), so there may be instances when data is stored and transferred outside the UK or EEA. In the eventuality that data is transferred outside these areas, we have the following safeguards in place:

  • the country or relevant territory has an adequate level of protection as recognised by the Information Commission Office
  • specific contracts approved by the appropriate Commission which give your personal information the same protection it has as if it stayed in the UK or EEA along with effective data controls
  • the third-party supplier has met our data security standards and is compliant with our information management security framework
  • all data is encrypted both in transit, end-to-end and at rest
  • data is stored within defined retention periods and is regularly reviewed
6.1 Third parties and sub-processors

We may disclose information to our carefully selected third parties to provide elements of our services and management of these services, such as hosting, invoicing system administration, file management. If the third-party processes data on our behalf, we will ensure that the processor only has the information they require to perform their specific service and is only entitled to process personal data to our specific instructions.

If we need to transfer your personal information to another organisation for processing in countries that are not located in the United Kingdom, European Economic Area or listed as ‘adequate’ by the Information Commissioner’s Office, we will only do so if we have sufficient protections in place to safeguard information, including, where appropriate, contractual terms approved by the relevant regulatory authorities

7. Sharing

Any information you provide to CYJAX, or that CYJAX collects, will only be used within CYJAX. It will not be shared with any third parties for commercial gain or sold.

The only other instances in which we would share this information is where we are obliged or permitted to by law, or consent has been given.

8. Your rights in relation to personal data

Under data protection laws in the European Union and the UK, you have certain rights in relation to your personal information. You have the right:

  • to be informed about the collection and the use of their personal data
  • to access personal data and supplementary information
  • to have inaccurate personal data rectified, or completed if it is incomplete
  • to erasure (to be forgotten) in certain circumstances
  • to restrict processing in certain circumstances
  • to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
  • to cease/object to processing in certain circumstances
  • rights in relation to automated decision making and profiling
  • to complain to the Information Commissioner
  • to withdraw your consent at any time (where relevant) by contacting privacy@cyjax.com

A full list of your rights under the General Data Protection Regulation (GDPR) is available on the Information Commissioner’s Office (ICO) website.

We will handle all requests in accordance with applicable law. However, depending on the right you wish to exercise, and the nature of the personal information involved, there may be legal reasons why we cannot grant your request. If this is the case, we will write to you to explain the reasons why.

9. Accessing, rectifying, restricting, objecting to processing of, or erasure of your personal information

To exercise your right to access, rectify, restrict, object to processing of, or erase the personal information CYJAX holds about you, please contact our Data Privacy Manager at privacy[at]cyjax.com or, if you are based in the EU or our EU Representative (details below).

Requests will be acknowledged within three working days, with the final response and disclosure of information (subject to exemptions) within 30 calendar days.

A ‘cease processing request’ from an individual will be acknowledged immediately with an automatic email response stating that CYJAX intends to comply with the request.

For information on the Privacy and Electronic Communications (EC Directive) Regulations 2003, UK General Data Protection Regulation (GDPR), Data Protection Act 2018 and the Information Commissioner’s Office, please follow this link: https://ico.org.uk/.

CYJAX is registered with the United Kingdom Information Commissioner’s Office (ICO) under reference ZA053004, as required by UK (United Kingdom) legislation.

9.1 EU (European Union) Representative

As we do not have an establishment in the European Union (“EU”), we have appointed a representative based in Ireland, who you may contact if you are located in the EU to raise any issues or queries you may have relating to our processing of your Personal Data and/or this Privacy Notice.  Our EU representative is Data Protection Limited, located at 2 Pembroke House, 28-32 Upper Pembroke Street, Dublin, Ireland D02 EK84. Our EU representative can be contacted directly on 00 353 1 447 0402 or at cyjax@willansdps.com.

9.2 Disclaimer

As far as is possible, CYJAX will ensure that information provided on this website is accurate. We cannot accept any liability whatsoever for omission or error. Equally, as we regularly virus-check materials, we cannot accept any responsibility for any disruption or damage that may occur during use of this website.

Links to other websites included on this website do not imply any endorsement, validation, or responsibility by CYJAX as to the content or privacy policies of such sites. We cannot guarantee that these links will work all the time and we have no control over the availability of the linked pages.