Our Statement of Applicability

This policy outlines how Cyberpan Support Services Ltd and UKALIA Ltd utilise and safeguard any information collected when you interact with our websites or use our services and email. We are committed to protecting your privacy and ensuring that any information you provide is used in accordance with this policy.

Any changes to this policy will be reflected on this page and within our documented ecosystem.

CYB^TM (Cyberpan Support Services Ltd and UKALIA Ltd) is dedicated to safeguarding and securing the personal information we process. We strive to maintain compliance in data protection measures, and we implement the ISO/IEC 27001:2022, ISO/IEC 27017:2015 and, ISO/IEC 27701:2019 as applicable.

Our scope of registration encompasses the provision of comprehensive intelligence, strategic planning, regulatory compliance, and tactical guidance across various domains, including energy transformation, usage optimization, and performance enhancement. Additionally, we specialise in regulatory and market approvals related to medical devices, in vitro diagnostics, and offer independent on-site, blended, or remote training and auditing services.

Our information security model operates under a Data Protection Agreement with our CRM provider, ensuring ongoing compliance across our global applications made available by that provider and that we have developed in the last decade.  

We have developed this Statement of Applicability to outline our strategy for implementing our compliance program. It details the deployment of our data protection roles, procedures, controls, and measures to maintain continual compliance with GDPR regulations and our email policy.

Please review this policy periodically to stay informed about how we handle your data.

Our GDPR Principles

CYB^TM takes the privacy and security of individuals and their personal information very seriously. Our principles for treating personal information (or PI) are:

• We will process all PI fairly and lawfully
• We will only process PI for specified and lawful purposes
• We will tend to anonymise PI where feasible or practicable
• Where practical, we will also keep PI up to date
• We will not keep PI for longer than is strictly necessary

Data Subjects Rights under GDPR

CYB^TM, confirms that anyone subject to our statement of applicability can request information about:

• What PI we hold about an individual
• The categories of PI we collect from an individual
• The purposes for collecting and processing PI from an individual
• How long we plan to keep the PI
• The process to have incomplete or inaccurate PI corrected or completed

We document the procedures for requesting or restricting the processing of personal information in accordance with data protection laws. Additionally, we provide a mechanism to object to any direct marketing from us, and we disclose any decision-making processes, including automated or semi-automated workflows or tasks.

Our GDPR Compliance Plan

Here's an overview of the steps that ensure compliance with GDPR at CYB^TM.

We conducted a data mapping inventory and analysis of collected personal information within our documented ecosystem.

We have established procedures and policies to restrict processing of personal information. Additionally, we have updated our procedures for data breaches and incident responses and have generated a range of knowledge articles for both internal and external use.

We have aligned this statement of applicability with our ISO 27001:2022 governance model.

Additionally, we have updated our Data Protection Policy, Data Retention Policy, Information Security Policy, Cookies Policy, Email Policy, and Privacy Policy to reflect these changes. 

We have extensively assessed all processing activities to establish the legal basis for handling personal information (PI), ensuring alignment between each basis and its corresponding activity.

This information has been documented within our business model and stored in relevant files within our Group Shared Folders, securely maintained within our CRM ecosystem.

Our Email Policy

We prioritise the security and integrity of our email messages to maintain a spam-free environment. Our email policy is designed to minimize the CO2 footprint generated by our messaging system. Before deployment, our workflows undergo rigorous testing and monitoring to ensure their effectiveness. Messages sent from our email addresses are often linked to previous conversations or pertain to direct one-to-one interactions based on personal knowledge. We typically avoid bouncing attachments in ongoing conversations. Due to recent developments in our organization, you may receive our emails with updated information or modifications:

Products or service packs, as well as invitations to virtual rooms or remote work sessions, along with follow-ups to visits, may be sent through an email address ending with @cyberpan.com. This email address is hosted by various service providers and is associated with CYB^TM, with all operational entities being overseen by Alessandro Gambara.

Leads or new sales opportunities stemming from in-field queries, back-office follow-ups, or any other sources of new business can be managed through an email address ending with @cyberpan.com as part of our organization's commercial engagement workflows.

Dormant contacts can be re-engaged using our automated workflows developed and operated by our organization. If contacts remain unresponsive or respond inappropriately to our workflows, CYB^TM reserves the right to disqualify or permanently delete those accounts from our CRM.

Our organization's email addresses serve various critical functions within the company. They are used for internal operations, such as automated workflows and assigning roles, as well as for financial matters. Additionally, these addresses are employed for external and internal communications, including interactions within our ecosystem, business partners, and customers.

Furthermore, they are utilised for accessing social accounts and setting up additional services. It's important to note that our emails are recognised and monitored by Government Authorities across multiple jurisdictions, enabling proactive alerting and investigations in case of significant threats. This comprehensive usage of email addresses underscores their importance in facilitating various aspects of our organisation's operations and communications while maintaining compliance and security standards.

Please review our emails carefully and avoid mistakenly marking them as spam. We invest significant resources into crafting valuable content to help improve the businesses we serve.

Leadinfo

We use the lead generation service provided by Leadinfo B.V., Rotterdam, The Netherlands, which recognizes visits of companies to our website based on IP addresses and shows us related publicly available information, such as company names or addresses. In addition, Leadinfo places two first-party cookies for providing transparency on how our visitors use our website and the tool processes domains from provided form inputs (e.g. “leadinfo.com”) to correlate IP addresses with companies and to enhance its services.

For additional information, please visit www.leadinfo.com. On this page: www.leadinfo.com/en/opt-out you have an opt-out option. In the event of an opt-out, your data will no longer be used by Leadinfo.

What We Collect

We may collect the following information:

• Name and job title
• Contact information including email address
• Demographic information such as postcode, preferences and interests
• Other information relevant to customer surveys and/or offers

What We Do With The Information We Gather

We require this information to understand your needs and provide you with a better service, and in particular for the following reasons.

• Internal record keeping
• We may use the information to improve our products and services
• We may periodically send promotional emails and special offers
• We may think you may find interesting technical, legal or other information
• We will use the email address which you have provided

Occasionally, we may reach out to you for market research purposes using your provided information. Our primary means of contact will be via email or phone, and on occasion, through mail. This information may be utilized to tailor our website to align with your interests.

Our Security Controls

To uphold the security of your information, we have implemented appropriate physical, electronic, and managerial measures and controls to prevent unauthorised access or disclosure. Our procedures are designed to safeguard and secure the information also collected online. These controls support this Policy and are all listed as knowledge articles in our CRM.

How We Use Cookies

A cookie is a small file that seeks permission to be stored on your computer's hard drive. Upon your consent, the file is added, enabling the analysis of web traffic or notification upon visiting a specific site. Cookies enable web applications to respond to you individually, allowing customization of operations based on your preferences, likes, and dislikes by gathering and retaining information.

We utilise traffic log cookies to identify the pages being accessed. This aids in analysing webpage traffic and refining our website to better suit customer needs. The information gathered is solely used for statistical analysis, after which it is promptly removed from the system. We may explore additional paid services or purpose-built SaaS or hardware solutions to further optimize traffic on our servers.

Cookies enable us to enhance your website experience by monitoring pages you find useful. Rest assured, cookies do not grant access to your computer or any personal information unless voluntarily shared. You have the option to accept or decline cookies, with most web browsers automatically accepting them. However, you can modify your browser settings to decline cookies, though this may limit website functionality.

Links To Other Websites

While our website may feature links to other sites, please be aware that we have no control over their content or practices. Consequently, we cannot be held liable for the protection and privacy of any information you provide while visiting those sites. Each site operates under its own privacy policy, so it's advisable to review their respective privacy statements for clarity and assurance.

Controlling Your Personal Information

You may choose to restrict the collection or use of your personal information in the following ways:

If you encounter a form on our website, keep an eye out for a checkbox that allows you to opt out of your information being used for direct marketing. If you've previously consented to us using your personal information for direct marketing and wish to revoke that permission, you can do so by emailing us.

Rest assured, we won't sell, distribute, or lease your personal information to third parties without your consent, unless required by law. If you indicate your interest, we may use your personal information to send you promotional material about third parties that we believe may be of interest to you.

If you wish to obtain details of the personal information we hold about you under the Data Protection Act 1998 or the EU 2016/679/EC, please open a case by sending a request from any contact forms on our websites. Please note that a small fee may be payable for this service.

If you believe that any information we hold about you is incorrect or incomplete, please contact us by writing to or emailing us at the addresses provided above. We will promptly correct any inaccuracies found.

Contact Us If You Have GDPR Related Questions

If you have any questions about this GDPR Compliance Statement, or our privacy and ICT security practices, please contact us:

• Web-to-case: www.cyberpan.com/contact and www.ukalia.com/contact 
• Data Protection Officer: Alessandro Gambara
• Email-to-case: support@cyberpan.com and info@ukalia.com

This document made available for public disclosure in year 2024, remains IP of CYB^TM