Effective date: January 1, 2020
Last update: January 1, 2020
Introduction
CYVA has created this privacy statement in order to demonstrate our firm commitment to privacy: informational self-determination. As a technology firm that is forwarding privacy enforcement technology, services and infrastructure it is of central importance that we own a strong commitment to fair information practices and more as we strive to empower people to directly control their digital identity and information assets wherever they exist.
These practices and policy are evolving as international harmonization efforts proceed and our digital economy comes to realize the critical value people worldwide ascribe to their personal information. We have incorporated central elements of the European and Canadian standards commensurate with our desire to maintain the highest level of compliance and will update this privacy statement as those international standards evolve.
CYVA Research as Example
In view of our mission and work with Data Protection Authorities (European, Canadian, and others), US government agencies, industry, online privacy alliances, legal experts, citizens and privacy advocates we’ve created this privacy statement, not only to demonstrate our commitment to privacy but in setting an example in how organizations can utilize emerging technology to squarely address the security, privacy, and liberty challenges facing our expanding digital economy and rapidly evolving information society.
Acknowledgements
We would like to acknowledge the work of technology and service firms, KPMG LLC, PricewaterhouseCoopers LLC, the W3C and its members, Data Protection Authorities, US regulators and legal experts as much of their efforts have contributed to this privacy statement. A special thanks to Diana Alonso Blas of the Registratiekamer (Dutch Data Protection Authority) in more fully understanding the underlining rationale of the EU Data Protection Directive and the work of the Article 29 Working Party.
Contact Us
Should you our web site guest or members have comments or questions, feel free to direct these to our privacy office at: privacy@cyva.com or write to us at our corporate address.
Privacy Statement
1. What information do we collect?
2. How is personally identifiable information used?
4. Is information disclosed to Third Parties?
5. How long is the information kept?
7. What choices are available for collection and use?
8. Can I change or delete the information later?
9. How is my information secured?
10. Who are the Data Controllers and which sites are included?
11. Changes to the Privacy Statement
12. Children's online privacy protection
13. California Consumer Privacy Act 2018
1. What information do we collect?
Visitors
The web site automatically logs and collects IP address information (not your e-mail address) to help diagnose problems with our server and to administer our Web site. The web site does not collect any personally identifiable information from visitors to our web site.
Employee Applicants and Information Requests
Employee applicants and information requesters may choose to fill out a downloadable employment form or information request form located on our Web site. This data is submitted online and is processed via the CYVA web site. The data collected online includes, Applicant or Information Requestor Name, Company Name, Company Description, including First and Last Name, Title, Address, Country, Phone, Fax and Email ID.
Visitor Email
Visitors are able to send email through the site. Their messages will contain the email address, as well as any additional information the user may wish to include in the message.
Sensitive Information
CYVA policy is not to seek any sensitive information from visitors through our web site. Sensitive information includes a number of types of data relating to: race or ethnic origin; political opinions; religious or other similar beliefs; trade union membership; physical or mental health; sexual life or criminal record. We suggest that you do not provide sensitive information of this nature.
2. How is personally identifiable information used?
The Employment and Information Request Form information is used to process a request for CYVA employment consideration and to fulfill information requests. CYVA’s employees utilize the information for responding to these requests. CYVA does not rent or sell this information.
Product Ordering
Although most demonstration or 'trial use' products are provided as downloads, customers have the opportunity to license CYVA products either online, by calling our company number, or by faxing order forms. We will collect order information and banking information, where applicable, in order to facilitate shipment and payment for the product or services offered.
3. Are Cookies used?
Cookies are not used on the visitor portions of our site. Generally a cookie is generated by a software application on a sites server which enables it to customize services to the interests of the user by tracking the user's navigation through a small text file on the user's hard drive. For example, a cookie can be used to store registration information in an area of the site so that a user does not need to re-enter it on subsequent visits to that area.
Because cookies can be used to track navigational habits, store information on the user's hard drive, and in their early use were not disclosed to the user, the use of cookies has previously raised significant privacy concerns. However, cookies are used to aid in managing web site navigation and facilitate access control features.
If you are concerned about cookies, most browsers now recognize when a cookie is offered, and permits users to opt-out of receiving it. If you are not sure whether your browser has this capability, you should check with the software manufacturer or your Internet service provider. It is CYVA policy to use cookies to make the use of our web's 'protected use'secure and facilitate efficient and accountable use.
In order to properly manage our web site we may anonymously log information on our operational systems, and identify categories of visitors by items such as domains and browser types. These statistics are reported in the aggregate to our webmasters. This is to ensure that our website presents the best web experience for visitors and is an effective information resource.
4. Is information disclosed to Third Parties?
It is CYVA policy to only disclose information to third parties under the following circumstances:
- as required by law through subpoena, search warrant or other legal process
- when explicitly requested by a visitor or member
- when required to deliver publications or reference materials requested by a visitor or member
- when required to facilitate conferences or events hosted by a third party.
We note that CYVA's policy is to disclose these parties upon visitors submitting their requests e.g. when ordering a product, we display the party fulfilling the order. We do not use cookies to collect and distribute information to third parties for any purpose.
CYVA encourages all web visitors to review the privacy and security policies of all externally linked reference and other services sites. These policies are usually found on a footer on the sites' home page and/or at the point of collection of personally identifiable information.
CYVA does not collect or compile personally identifying information for dissemination or sale to outside parties for consumer marketing purposes, or host mailings on behalf of third parties.
5. How long is the information kept?
Some of the information we receive is kept - for example, we usually keep email and mailing addresses for white paper requests. Contact information about Information Requestors will be kept as long as the information is required to completely service the information request, maintain information delivery records or until an individual requests that we delete that information.
6. Links to Third Party Sites
Because CYVA licenses its technology and participates in alliances we provide a number of links to third party sites. CYVA assumes no responsibility for the information practices of sites a user is able to access through ours, and encourages visitors to review each site's privacy policy before disclosing any personally identifiable information.
7. What choices are available for the collection and use of identifying information?
As a policy, visitors are not required to register to gain access to the visitor areas of the CYVA web site. In certain cases, as our CYVA web site capability expands, we may require visitors to register in order to obtain a user-id and/or digital certificate for authentication and secure access to a demonstration or trial use of CYVA's products or services.
Personally identifiable information provided to CYVA through its web site for such product or service use, demonstrations, or information requests is provided voluntarily. Should potential clients or customers subsequently choose to unsubscribe from services we accept and process request by email to: privacy@cyva.com.
8. Can I change or delete the information later?
Each person has the right of access to personal data they have submitted through the Employment or Information Request processes. CYVA Employment or Information Requesters, that request information be removed, should direct request to: privacy@cyva.com. CYVA is committed to providing assertive access to personal information and encourages independence in identifying and correcting any inaccuracies. CYVA will delete identifying information from current operational systems at the users request.
When personally identifiable information is retained, CYVA assumes responsibility for keeping an accurate record of the information once an enrolling (Employment, Information Requester) person has submitted and verified the data. CYVA does not assume responsibility for verifying the ongoing accuracy of the content of personal information. When practically possible, if CYVA is informed that any personal data collected through our employment or information request is no longer accurate, CYVA will make appropriate corrections based on the updated information provided by the person.
9. How is my information secured?
CYVA has implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction that is submitted by non-PIA means. Only authorized CYVA employees are provided access to personally identifiable information of employment inquiries and information requesters. CYVA's policy is to use secure socket layer technology and encryption for the protection of document exchanges and credit card information submitted through web forms.
10. Who are the data controllers and which sites are included?
This privacy statement applies to the CYVA web site located within the domain: https://cyva.com.
The data controller collecting the data described herein is CYVA. By submitting data on CYVA's web site, or our email address, the employment or information requester is providing explicit consent to transborder transmission of data collected on the web site for the fulfillment of their requests for information or employment opportunities.
11. Changes to the Privacy Statement
CYVA reserves the right to modify or amend this Statement at any time and for any reason. Nothing contained in this Statement is intended to create a contract or agreement between CYVA and any user visiting the site or providing identifying information in any form.
In order to keep members and visitors informed, CYVA will ensure that we notify users of changes to our Privacy Statement by identifying the alteration for a period of not less than two weeks on our web site at http://www.cyva.com and identifying the effective date at the beginning of this statement.
12. Children's online privacy protection
CYVA understands the importance of protecting children's privacy especially in an online environment. The CYVA web site covered by this privacy statement is not intentionally designed for or directed at children 13 years of age or younger. It is CYVA's policy never to knowingly collect or maintain information about anyone under the age of 13.
13. California Consumer Privacy Act of 2018
Consumer Rights
1798.110.
(a) A consumer shall have the right to request that a business that collects personal information about the consumer disclose to the consumer the following:
(1) The categories of personal information it has collected about that consumer.
(2) The categories of sources from which the personal information is collected.
(3) The business or commercial purpose for collecting or selling personal information.
(4) The categories of third parties with whom the business shares personal information.
(5) The specific pieces of personal information it has collected about that consumer.
(b) A business that collects personal information about a consumer shall disclose to the consumer, pursuant to paragraph (3) of subdivision (a) of Section 1798.130, the information specified in subdivision (a) upon receipt of a verifiable consumer request from the consumer.
(c) A business that collects personal information about consumers shall disclose, pursuant to subparagraph (B) of paragraph (5) of subdivision (a) of Section 1798.130:
(1) The categories of personal information it has collected about that consumer.
(2) The categories of sources from which the personal information is collected.
(3) The business or commercial purpose for collecting or selling personal information.
(4) The categories of third parties with whom the business shares personal information.
(5) The specific pieces of personal information the business has collected about that consumer.
(d) This section does not require a business to do the following:
(1) Retain any personal information about a consumer collected for a single one-time transaction if, in the ordinary course of business, that information about the consumer is not retained.
(2) Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information.
1798.115.
(a) A consumer shall have the right to request that a business that sells the consumer’s personal information, or that discloses it for a business purpose, disclose to that consumer:
(1) The categories of personal information that the business collected about the consumer.
(2) The categories of personal information that the business sold about the consumer and the categories of third parties to whom the personal information was sold, by category or categories of personal information for each third party to whom the personal information was sold.
(3) The categories of personal information that the business disclosed about the consumer for a business purpose.
(b) A business that sells personal information about a consumer, or that discloses a consumer’s personal information for a business purpose, shall disclose, pursuant to paragraph (4) of subdivision (a) of Section 1798.130, the information specified in subdivision (a) to the consumer upon receipt of a verifiable consumer request from the consumer.
(c) A business that sells consumers’ personal information, or that discloses consumers’ personal information for a business purpose, shall disclose, pursuant to subparagraph (C) of paragraph (5) of subdivision (a) of Section 1798.130:
(1) The category or categories of consumers’ personal information it has sold, or if the business has not sold consumers’ personal information, it shall disclose that fact.
(2) The category or categories of consumers’ personal information it has disclosed for a business purpose, or if the business has not disclosed the consumers’ personal information for a business purpose, it shall disclose that fact.
(d) A third party shall not sell personal information about a consumer that has been sold to the third party by a business unless the consumer has received explicit notice and is provided an opportunity to exercise the right to opt-out pursuant to Section 1798.120.
1798.125.
(a) (1) A business shall not discriminate against a consumer because the consumer exercised any of the consumer’s rights under this title, including, but not limited to, by:
(A) Denying goods or services to the consumer.
(B) Charging different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties.
(C) Providing a different level or quality of goods or services to the consumer.
(D) Suggesting that the consumer will receive a different price or rate for goods or services or a different level or quality of goods or services.
(2) Nothing in this subdivision prohibits a business from charging a consumer a different price or rate, or from providing a different level or quality of goods or services to the consumer, if that difference is reasonably related to the value provided to the consumer by the consumer’s data.
(b) (1) A business may offer financial incentives, including payments to consumers as compensation, for the collection of personal information, the sale of personal information, or the deletion of personal information. A business may also offer a different price, rate, level, or quality of goods or services to the consumer if that price or difference is directly related to the value provided to the consumer by the consumer’s data.
(2) A business that offers any financial incentives pursuant to subdivision (a), shall notify consumers of the financial incentives pursuant to Section 1798.135.
(3) A business may enter a consumer into a financial incentive program only if the consumer gives the business prior opt-in consent pursuant to Section 1798.135 which clearly describes the material terms of the financial incentive program, and which may be revoked by the consumer at any time.
(4) A business shall not use financial incentive practices that are unjust, unreasonable, coercive, or usurious in nature.
Contact our privacy office
Although our privacy statement is limited to the site listed above, we welcome your inquiries or comments about our privacy statement and any queries or concerns that you may have about CYVA's web site. You may direct these to our privacy office at: privacy@cyva.com or write to us at our corporate mailing address.
Phone: 858-793-8100
Website: www.cyva.com
Email: privacy@cyva.com
Postal Address: 3525 Del Mar Heights Road, Ste. #327 | San Diego, CA 92130