Your privacy is important to Cybot A/S (“Cybot”). This Privacy Policy covers what we collect and how we use, disclose, transfer and store your information.

1. Identity of Cybot If there are any questions regarding this Privacy Policy you may contact us using the information below.

Cybot A/S
Havnegade 39
1058 Copenhagen
Denmark
Phone: + 45 50 333 777
E-mail: mail@cookiebot.com
Company registration number DK34624607

Our customers may submit inquiries regarding personal data protection, privacy and security matters to CEO Daniel Johannsen, Cybot A/S, dpo@cookiebot.com.

2. What information do we collect?
You may visit our site anonymously.

If you choose to register on our website, four categories of data to and on behalf of you will be processed:

“Account data”
When you register for an account on our site, place an order, subscribe to our newsletter or respond to a survey, basic contact details are collected such as the e-mail address and name of your contact person, company name, address, phone number, VAT number, preferred language and currency, any purchase order number, any e-mail address of invoice receivers and masked credit card or bank account details.

“Configuration data”
We collect your direct input to our cloud service Cookiebot (the “Service”) after login, like the domain name(s) of the website(s) where you implement the Service and configuration of the content, looks and behavior towards website visitors (“End Users”).

“End User Data” Data generated by End Users browsing your website(s) using the Service. When an End User submits a consent from your website(s), the following data are automatically logged at Cybot:

The End User’s IP number in anonymized form (last three digits are set to ‘0’). The date and time of the consent. User agent of the End User’s browser. The URL from which the consent was submitted. An anonymous, random and encrypted key value. The End User’s consent state, serving as proof of consent. The key and consent state are also saved in the End User’s browser in the first party cookie “CookieConsent” so that the website can automatically read and respect the End User’s consent on all subsequent page requests and future End User sessions for up to 12 months. The key is used for proof of consent and an option to verify that the consent state stored in the End User’s browser is unaltered compared to the original consent submitted to Cybot.

If you activate the Service feature “bulk consent” to enable consent for multiple websites by a single End User submission, the Service will also store a separate random, unique ID with the End User’s consent. If all of the following criteria are met, this key will be stored in an encrypted form in the third party cookie “CookieConsentBulkTicket” on the End User’s browser:

You enable the bulk consent feature in the Service configuration. The End User allows third party cookies through browser settings. The End User has disabled “Do Not Track” through browser settings. The End User accepts all or at least “preferences” types of cookies when consenting. “System Generated Data” The Service automatically creates and stores meta data on baskis of the other types of data, e.g.:

Subscription data, like start date, latest invoice date and the result of a mandatory VAT number validation. Issued invoices are stored so that you may access any issued invoices from within the Service Manager. Definitions of the cookies found when the Service has scanned your website(s), including reports on the result of each scan. Aggregated statistical data on End User consents. You can issue instructions to Cybot through configuration and/or execution of relevant functions offered by the Service from the Service Manager. If a specific instruction regarding personal data cannot be carried out through the Service Manager, you may send instructions to us through the help desk provided at www.cookiebot.com/en/helpdesk.

You will be informed by Cybot about relevant changes concerning the Service, such as the implementation of additional functions, by e-mail, if you subscribe to Cybot's newsletter from the account settings page in the Service Manager.

3. What do we use your information for? Any of the information we collect from you may be used for one or more of the following purposes:

3.1. To personalize your experience (the information will help Cybot better respond to your individual needs);

3.2. To enable you to control the user experience towards End Users and enable the Service to automatically apply the End User’s consent to other websites of yours;

3.3. To improve our website (Cybot continually strives to improve our website offerings based on the information and feedback we receive from our customers);

3.4. To identify you as a contracting party;

3.5. To enable secure login for you in the Service Manager at cookiebot.com;

3.6. To establish a primary channel of communication with you;

3.7. To enable Cybot to issue valid VAT invoices and to process transactions (your information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than for the express purpose of delivering the service requested);

3.8. To enable automated handling of the subscriptions;

3.9. To produce and display cookie declarations to End Users and store and display scan report(s) to you;

3.10. To provide you with aggregated information on the choices of the End Users regarding accepted cookie types and generate a graphical representation in the Service Manager; and/or

3.11. To send periodic e-mails (The e-mail address you provide for order processing, may be used to send you information and updates pertaining to your order, in addition to receiving occasional company news (if accepted), updates, related product or service information, etc.) If at any time you would like to unsubscribe from receiving future e-mails, you can cancel your account after login by clicking on "Cancel my account"

4. Legal basis

4.1. EU General Data Protection Regulation (GDPR) The processing of your data is either based on your consent or in case the processing is necessary for the performance of a contract to which you are a party, or in order to take steps at your request prior to entering into a contract, cf. GDPR art. 6(1)(a)-(b).

If the processing is based on your consent, you may at any time withdraw your consent by contacting us using the contact information in clause 1.

In order to enter into a contract regarding the purchase of Cybot’s Service, you must provide us with the required personal data. If you do not to provide us with all the required information, it will not be possible to deliver the Service.

4.2. California Online Privacy Protection Act Compliance Because Cybot values your privacy we have taken the necessary precautions to be in compliance with the California Online Privacy Protection Act. We therefore will not distribute any personal information to outside parties without your consent except as stated in clause 7.

As part of the California Online Privacy Protection Act, all users of our website may make any changes to their information at any time by logging into their account and navigating to the “profile page”.

4.3. Children’s Online Privacy Protection Act Compliance Cybot is in compliance with the requirements of the Children’s Online Privacy Protection Act. We will not intentionally collect any information from anyone under 13 years of age. Our website, products and services are all directed at people who are at least 13 years old or older.

5. How do we protect your information? Cybot implements the following technical, physical and organizational measures to maintain the safety of your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized use, unauthorized modification, disclosure or access and against all other unlawful forms of processing.

5.1. Availability The Service utilizes the extensive features of the cloud environment to ensure high availability, like full redundancy, load balancing, automatic capacity scaling, continuous data backup and geo-replication along with a traffic manager for automatic geographical failover on datacenter level disasters. All failover mechanisms are fully automated.

No personal data is stored permanently outside Cybot’s cloud platforms. The physical security is thereby maintained by Cybot’s subcontractors, see clause 7. Microsoft’s datacenters comply with industry standards such as ISO 27001 for physical security and availability, e.g. by using security staff around the clock, two-factor access control using biometric and card readers, barriers, fencing, security cameras and other measures.

5.2. Integrity To ensure integrity, all data transits are encrypted to align with best practices for protecting confidentiality and data integrity. E.g. all supplied credit card information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway provider’s database only to be accessible by those who are authorized to access such systems and who are required to keep the information confidential.

For data in transit, the Service uses industry-standard transport protocols between devices and Microsoft datacenters and within datacenters themselves.

5.3. Confidentiality All personnel are subject to full confidentiality and any subcontractors and subprocessors are required to sign a confidentiality agreement if not full confidentiality is part of the main agreement between the parties.

Whenever personal data is accessed by authorized personnel the access is only possible over an encrypted connection. When accessing the data in a database, the IP number of the person accessing the data must also be pre-authorized to obtain access. international code of practice for cloud privacy, ISO/IEC 27018. The subprocessor E-conomic International A/S is certified in “International Standards on Assurance Engagements 3000” (ISAE 3000).