- We try to protect your privacy like we would protect ours.
Last modified: August 29, 2019
In plain English
In providing the Cyclopt service, Cyclopt PC may control and/or process data that counts as personal data underthe European General Data Protection Regulation 2016/679 (the “Regulation”), or more precisely under the law of theGreece that implements this Regulation, or under other similar laws created in other jurisdictions as implementations of said Regulation.
Most importantly: we process your personal data only to comply with some obligations we have towards you under theCyclopt terms of service. For instance, we are obliged to contact you in some case, for which we need to keep your contact info.
We will not share your personal data with anyone. The only exceptions are the providets that host the virtual serverson which we run Cyclopt, and a few other third-party Data Processors. A complete list can be found at https://cyclopt.com/thirdparty.
It is possible that you submit to Cyclopt personal data of others. This may happen when the repository yousubmit to Cyclopt contains e.g. personal data in test files. In that case, you are a data controller for that data,Cyclopt PC is merely a data processor, and these terms act as a Data Processing Agreement between you and Cyclopt.
We also take reasonable security measures to protect your personal data; Appendix 2 provides some details.
You have the right to review your personal data, and have it corrected or deleted. We will informyou in the unlikely case there would be a security incident. Last but not least, our liability towardsyou is limited to the amount you paid to us over the 12-month period preceding the event for whichwe are liable towards you.
Below is the legally binding version of these terms in “contract language”.They should say the same as the above, but in more precise language. If there's nevertheless adifference in interpretation, the official terms below have precedence over the explanation in plain English above.
The binding version of our privacy terms
The customer agreeing to these terms (“Customer”) and Cyclopt P.C., (“Cyclopt”) have entered intoa Cyclopt agreement under the “Cyclopt Terms of Service” (“the Agreement”).These Privacy and Security Terms, including the Appendices (collectively, the “Terms”) form anintegral part of said Agreement, and in so far as necessary, the provisions of these Terms aredeemed incorporated into the Agreement. Acceptance of the Agreement, in a way as set forth in the Agreement,implies also acceptance of these Terms as of the same Effective Date at which the Agreement is effective.These Terms remain effective for the period set forth in Sections 3 and 7 hereinafter.
These Terms reflect the Parties’ understanding with respect to terms governing the processingof Customer Personal Data and security of all Customer Data under the Agreement.
2.1. Capitalized terms used but not defined in these Terms have the meanings set out in the Agreement.In these Terms, unless expressly stated otherwise:
“Customer Personal Data“ means the personal data that is contained within the Customer Data.
“Data Incident“ means (a) any unlawful access to Customer Data stored in theService or systems, equipment, or facilities of Cyclopt or its Subprocessors, or (b)unauthorized access to such Service, systems, equipment, or facilities that results in loss,disclosure, or alteration of Customer Data.
“Data Protection Legislation“ means: the Greek law, which is the Greek implementation of the Regulation.
“Regulation“ means the General Data Protection Regulation 2016/679 of the European Union.
“Security Measures“ has the meaning given in Section 6.1 (Security Measures) of these Terms.
“Subprocessors“ means all third parties that are engaged to provideservices to Customer or Cyclopt and that have logical access to, and process, Customer PersonalData (each, a “Third Party Subprocessor“).
2.2. The terms “personal data”, “processing”, “data subject”, “controller” and “processor”have the meanings given to them in the Regulation.
These Terms will take effect on the Effective Date and, notwithstanding expiry or termination of the Agreement,will remain in effect until, and automatically terminate upon, deletion by Cyclopt of all data as described inSection 7 (Data Correction, Blocking, Exporting, and Deletion) of these Terms.
4. Data Protection Legislation
The Parties agree and acknowledge that the Data Protection Legislation may apply to the processing ofCustomer Personal Data.
5. Processing of Customer Personal Data
5.1. Customer Personal Data provided by Customer at the request of Cyclopt. If the Data Protection Legislation applies to the processing of Customer Personal Data, then as between the Parties,the Parties acknowledge and agree that: (a) Cyclopt is the controller of Customer Personal Data Data provided underthe Agreement by Customer to Cyclopt at the request of Cyclopt; (b) Cyclopt will comply with its obligations underthe Data Protection Legislation as the controller for such Customer Personal Data provided by Customer at therequest of Cyclopt; and (c) Cyclopt will only process such Customer Personal Data provided by Customer at therequest of Cyclopt to be able to provide the Service and/or to carry out Cyclopt's rights and obligations towardsCustomer, and Cyclopt will not process Customer Personal Data for any other purpose.
5.2. Other Personal Data. Customer will not provide to Cyclopt any other personal data than Customer Personal Data to beprovided by Customer at the request of Cyclopt. Customer is deemed the controller and will carry outits obligations as such (including but not limited to obligations stemming from the applicable DataProtection Legislation or other similar legislation applicable to the jurisdiction of Customer), withrespect to any such personal data provided to Cyclopt (including but not limited to such personal datasubmitted to the Cyclopt App) not based on a request from Cyclopt to do so. To the extent Customer or anauthorized Customer Affiliate acts as controller, the use of the Service counts as the only instructionsfor general data processing given to Cyclopt. Customer shall defend, indemnify and hold harmless Cycloptfrom and against all damages, liabilities, losses and expenses, including reasonable attorneys’ fees and expenses,resulting from any claim, suit or proceeding that arises from the provision by Customer to Cyclopt of personal dataother than personal data provided by Customer to Cyclopt at the request of Cyclopt.
5.3. Customer Affiliate.If under the Data Protection Legislation a Customer Affiliate is considered the controller(either alone or jointly with the Customer) with respect to certain Customer Personal Data,Customer represents and warrants to Cyclopt that Customer is authorized: (i) to act on behalfof such Customer Affiliate in relation to such Customer Personal Data as described in these Terms,and (ii) to bind the Customer Affiliate to these Terms.
5.4. Categories of Personal Data. Appendix 1 sets out a description of the categories of data that may fall withinCustomer Personal Data and of the categories of data subjects to which that data may relate.
6. Data Security; Security Compliance; Audits
6.1. Security Measures. Cyclopt will take and implement technical and organizational measures intended toprotect Customer Data against accidental or unlawful destruction or accidental lossor alteration, or unauthorized disclosure or access, or other unauthorized processing,as detailed in Appendix 2 (the “Security Measures“). Cyclopt may update or modify the SecurityMeasures from time to time provided that such updates and modifications do not result in the degradationof the overall security of the Service. Customer agrees that it is solely responsible for its use of theService, including securing its account authentication credentials, and that Cyclopt has no obligationto protect Customer Data that Customer elects to store or transfer outside of Cyclopt’s and its Subprocessors’systems (e.g., offline or on-premise storage).
6.2. Security Compliance by Cyclopt Staff. Cyclopt will take appropriate steps to ensure compliance with the Security Measures by its employees,contractors and Subprocessors to the extent applicable to their scope of performance.
6.3. Data Incidents. If Cyclopt becomes aware of a Data Incident, Cyclopt will promptly notify Customerof the Data Incident, and take reasonable steps to minimize harm and secure Customer Data.Notification(s) of any Data Incident(s) will be delivered to the email address provided byCustomer or, at Cyclopt’s discretion, by direct Customer communication (e.g., by phone callor an in-person meeting). Customer acknowledges that it is solely responsible for ensuring thatthe contact information set forth above is current and valid, and for fulfilling any third partynotification obligations. Customer agrees that “Data Incidents” do not include: (i) unsuccessfulaccess attempts or similar events that do not compromise the security or privacy of Customer Data,including pings, port scans, denial of service attacks, and other network attacks on firewalls ornetworked systems; or (ii) accidental loss or disclosure of Customer Data caused by Customer’s useof the Service or Customer’s loss of account authentication credentials. Cyclopt’s obligation toreport or respond to a Data Incident under this Section will not be construed as an acknowledgementby Cyclopt of any fault or liability with respect to the Data Incident.
7. Data Correction, Blocking, Exporting, and Deletion
During the Term, Cyclopt will provide Customer with the ability to review, correct and delete CustomerData in a manner consistent with the functionality of the Service and in accordance with the termsof the Agreement. Once Customer deletes Customer Data via the Service such that the Customer Datacannot be recovered by Customer (the “Customer-Deleted Data”), Cyclopt will delete the Customer-Deleted Datawithin a maximum period of sixty days, unless applicable legislation or legal process prevents it from doingso. On the expiry or termination of the Agreement (or, if applicable on expiry of any post-termination periodduring which Cyclopt may agree to continue providing access to the Service), after a recovery period of up tothirty days following such expiry or termination, Cyclopt will thereafter delete the Customer-Deleted Datawithin a maximum period of sixty days, unless applicable legislation or legal process prevents it from doing so.
8. Access; Export of Data
During the Term, Cyclopt will make available to Customer the Customer Data in a manner consistentwith the functionality of the Service and in accordance with the terms of the Agreement.Customer Data is only available through the Service, Cyclopt will not make available Customer Data outside the Service.
9. Support Desk for Cyclopt
Cyclopt's Support Desk for Cyclopt App can be contacted by Customers firstname.lastname@example.org (or via such other means as Cyclopt may provide).
10. Data Transfers
10.1. Data Location and Transfers. Cyclopt may store and process the relevant Customer Data anywhere Cyclopt or its Subprocessors maintain facilities.
11.1. Subprocessors. Cyclopt may engage processors or Subprocessors to provide limited parts of the Service, subject to therestrictions in these Terms.
11.2. Subprocessing Restrictions. Cyclopt will ensure that processors and Subprocessors only access and use Customer Data in accordance withSection 10.1 (Data Location and Transfers) and terms of the Agreement and that they are bound by writtenagreements that require them to provide at least the level of data protection required by the Data Protection Legislation.
11.3. Consent to Subprocessing. Customer consents to Cyclopt subcontracting the processing of Customer Data to processors or Subprocessorsin accordance with the Agreement.
11.4. Additional Information. At the publication date of these Privacy Terms, Cyclopt uses subprocessors as defined in this list: https://cyclopt.com/thirdparty.At the written request of the Customer, Cyclopt will provide additional information regarding processors andSubprocessors and their locations. Any such requests must be sent to Cyclopt's Support Desk for Cyclopt App,the contact details of which are set out in Section 9 (Support Desk for Cyclopt App) above.
11.5. Termination. Cyclopt will, at least fifteen days before appointing any new processors or Third Party Subprocessor,inform Customer of the appointment (including the name and location of such processors or Third PartySubprocessor and the activities it will perform) by sending an email to Customer and (ii) if Customerobjects to Cyclopt's use of any new processors or Third Party Subprocessors, Customer may, as its soleand exclusive remedy, terminate the Agreement by giving written notice to Cyclopt within thirty days ofbeing informed by Cyclopt of the appointment of such processor or Third Party Subprocessor.
12. Liability Cap
For the avoidance of doubt, to the maximum extent permitted by law, the total liability fordirect and indirect damages, either under the Data Protection Legislation, these Terms or otherwise,towards Customer is limited as set out in the Agreement.
Appendix 1: Categories of Personal Data and Data Subjects
1. Categories of Personal Data.Data relating to individuals (such as name and email address) provided to Cyclopt via the Service,by (or at the direction of) Customer.
2. Data Subjects.Data subjects include the individuals about whom data is provided to Cyclopt via the Service by(or at the direction of) Customer.
Appendix 2: Security Measures
Cyclopt has taken and implemented the Security Measures set out in this Appendix. Cyclopt may update or modifysuch Security Measures from time to time provided that such updates and modifications do not result in the degradationof the overall security of the Service.
1. Data Center and Network Security
(a) Data Centers.
Cyclopt uses virtual servers maintained by its Subprocessor in physically secure data centers. These servers usea Linux-based operating system customized for the application environment. Data is stored on encrypted virtual harddisks.Cyclopt employs a code review process to increase the security of the code used to provide the Service and enhancethe security products in production environments.
Cyclopt has designed and regularly plans and tests its business continuity planning/disaster recovery programs.
(b) Networks and Transmission.
Cyclopt uses encrypted data links between the virtual servers that Cyclopt uses for the Service. These linksare designed to prevent data from being read, copied, altered or removed without authorization during electronictransfer or transport. Cyclopt transfers data via Internet standard protocols.
(c) Encryption Technologies.
Cyclopt uses HTTPS encryption (also referred to as SSL or TLS connection).
2. Access Controls
Cyclopt has, and maintains, a security policy for its personnel, and requires security training aspart of the training package for its personnel. Cyclopt's infrastructure security personnel are responsiblefor the ongoing monitoring of Cyclopt's security infrastructure, the review of the Service, and responding tosecurity incidents.
Cyclopt stores data in a multi-tenant environment on third-party servers.
4. Personnel Security
Cyclopt personnel are required to conduct themselves in a manner consistent with the company's guidelinesregarding confidentiality, business ethics, appropriate usage, and professional standards.Cyclopt conducts reasonably appropriate backgrounds checks to the extent legally permissible andin accordance with applicable local labor law and statutory regulations.
Personnel are required to execute a confidentiality clause and must acknowledge receipt of, and compliance with,Cyclopt's confidentiality and privacy policies. Personnel are provided with security training. Cyclopt's personnelwill not process Customer Data without authorization.
5. Subprocessor Security
Prior to onboarding Subprocessors, Cyclopt reviews the security and privacy practices of Subprocessors to ensureSubprocessors provide a level of security and privacy appropriate to their access to data and the scope of the servicesthey are engaged to provide. Once Cyclopt has assessed the risks presented by the Subprocessor, then subjectto the requirements set out in Section 11.2 (Subprocessing Restrictions) of these Terms, the Subprocessor isrequired to enter into appropriate security, confidentiality and privacy contract terms.
The text of these Terms is an adaption of the SIG's Better Code Hub Privacy and Security Terms, which is published by SIG under a Creative Commons Attribution 3.0 Licenseand which in turn are an adaption of the Google Cloud Platform Data Processing and Security Terms, which is published by Google under a Creative Commons Attribution 3.0 License. Cyclopt's adaption of SIG's text is itselflicensed under a Creative Commons Attribution 3.0 License as well.