1. Introduction & Scope
Cyrex Ltd ("we," "us") provides high-end penetration testing and load testing services. This Privacy Policy explains how we collect, use, and protect personal data from visitors to our website, and how we handle personal data when acting on behalf of our clients in accordance with the General Data Protection Regulation (GDPR).
This policy applies to:
- Visitors to our website (data we control as a Data Controller)
- Data encountered while performing services for clients (data we process as a Data Processor)
2. Roles: Controller vs. Processor
Controller (Website Data)
We are the Controller for personal data collected via our website, such as your name, email, or company information submitted through contact forms. We determine the purpose and means of processing this data.
Processor (Client Data)
We act as a Processor when handling personal data encountered during client engagements. This includes data such as system logs, metadata, or other client-related information. We process this data strictly under the terms of a Data Processing Agreement (DPA) and only according to client instructions.
3. Security Standards (ISO 27001)
Cyrex Ltd takes security seriously. We are ISO/IEC 27001 certified and adhere to globally recognized information security standards. Our measures include:
- Encryption: All data in transit and at rest is encrypted using industry-standard protocols (e.g., TLS 1.3, AES-256).
- Access Control: Only authorized engineers have access to project-specific data, protected by Multi-Factor Authentication (MFA).
- Testing Integrity: All testing is conducted in secure, isolated environments to prevent cross-contamination of client data.
- Regular Audits: We perform periodic security audits to ensure compliance with ISO standards and internal policies.
4. International Data Transfers
To support our global operations, we may transfer data to infrastructure outside the European Economic Area (EEA), including tools like Google Analytics 4 (GA4) or secure cloud storage.
We ensure these transfers comply with GDPR by:
- Using Standard Contractual Clauses (SCCs)
- Ensuring our providers are certified under the EU-U.S. Data Privacy Framework
5. Data Retention
We retain personal data only as long as necessary for business or contractual purposes:
- Website Inquiries: Contact form submissions are retained for 24 months to manage communications and follow-ups.
- Testing Logs and Reports: Client project data is deleted 90 days after the final report delivery, unless otherwise specified in the client contract.
6. Your GDPR Rights
Individuals whose personal data we process have the following rights under GDPR:
- Access: You can request a copy of your personal data we hold.
- Rectification: You can request corrections to inaccurate or incomplete data.
- Erasure ("Right to be Forgotten"): You can request deletion of your personal data.
- Restriction: You can request that processing of your data is limited.
- Data Portability: You can request your data in a structured, machine-readable format.
- Objection: You can object to certain processing activities, such as direct marketing.
To exercise any of these rights, contact us at hello@cyrex.tech.
7. Cookies and Tracking
Our website uses cookies and analytics tools (such as GA4) to improve user experience and analyze traffic. You can manage your cookie preferences via your browser settings.
8. Updates to This Policy
We may update this Privacy Policy from time to time. The "Last Updated" date at the top reflects the most recent changes. We encourage you to review this page periodically for updates.