- info@cipherlegion.com
- Mon -Fri : 9:00 - 17:00
We are creative, ambitious and ready for challenges! Hire Us
Privacy Policy
Effective Date: 15-09-2024
At Cipher Legion Pvt. Ltd. our, your privacy is of utmost importance. This Privacy Policy explains how we collect, use, disclose and protect your personal information when you visit our website and use our services, including but not limited to cybersecurity assessments, penetration testing and vulnerability assessments (the “Services”). By using our website or Services, you agree to this Privacy Policy
1. Information We Collect
We may collect the following types of information:
a. Personal Information
• Contact Information: Name, email address, phone number and company details.
• Account Information: Username, password and other account-related data.
• Billing Information: Credit card details, invoicing address and other necessary financial details.
b. Technical Information
• Log Data: IP addresses, browser type, operating system, referring URLs, pages viewed and the time spent on the website.
• Cookies: We use cookies to enhance user experience, which may include session information, preferences and website analytics data. You can manage cookie preferences through your browser settings.
c. Information Collected from Clients
When conducting penetration testing or vulnerability assessments, we may collect sensitive information regarding your systems, infrastructure and applications. This information is strictly used to perform the Services as agreed upon and will not be shared without explicit consent, except as outlined below.
2. How We Use Information
We use your personal information for the following purposes:
• To Provide Services: Deliver cybersecurity services such as vulnerability assessments, penetration testing and other relevant services.
• Communication: Respond to your inquiries, send service updates and provide customer support.
• Billing and Invoicing: Process payments and manage accounts.
• Website Improvement: Analyse user behaviour to enhance our website’s functionality and user experience.
• Legal Compliance: Ensure compliance with laws, regulations and legal processes, including responding to legal requests or protecting the rights and safety of our company, users, or others.
3. Information Sharing and Disclosure
We do not sell or rent your personal information. We may share your information under
the following circumstances:
• Service Providers: We may share information with trusted third parties who assist us in operating our website, conducting our business, or servicing you (e.g.,payment processors, cloud hosting services, etc.), provided those parties agree to keep this information confidential.
• Legal Requirements: If required by law, such as to comply with a subpoena, court order, or legal process, or to protect our rights and safety, we may disclose your information.
• Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, we may transfer your information to the new owner.
4. Data Security
We prioritize the protection of your personal data. We implement industry-standard security measures, including encryption, firewalls and secure servers, to safeguard your information from unauthorized access, disclosure, or alteration. However, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but we are determined to follow the GDPR rules and data standards.
5. Data Retention
We will retain your personal information for as long as necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Information collected during penetration testing and assessments will be securely deleted after the completion of services unless otherwise required by applicable regulations.
6. Your Rights
You have the right to:
• Access: Request a copy of the personal data we hold about you.
• Rectification: Request corrections to any inaccurate or incomplete data.
• Deletion: Request that we delete your personal information, subject to legal requirements.
• Data Portability: Request your data in a structured, machine-readable format.
• Withdraw Consent: Withdraw your consent to data processing at any time, where consent was provided as the legal basis for processing.
To exercise these rights, please contact us at info@cipherlegion.com.
7. GDPR Regulations:
As part of our commitment to privacy and data protection at Cipher Legion Pvt. Ltd., we adhere to the General Data Protection Regulation (GDPR) when processing personal data, including sensitive information such as scan copies and data logs. We ensure that all data processing activities are grounded in lawful bases, such as obtaining explicit consent from individuals (data subjects’ reference 7.1 (a)). To safeguard personal data, we implement robust technical and organizational measures, ensuring full compliance with data security standards.
Under the GDPR, individuals have specific rights, including the right to access their personal data, correct any inaccuracies and request erasure of their data under certain conditions. In the event of cross-border data transfers, we apply appropriate safeguards, such as standard contractual clauses or binding corporate rules, to ensure data protection. Should a data breach occur, we are committed to notifying the relevant supervisory authorities and affected individuals within 72 hours of detection, in line with GDPR requirements. Cipher Legion is fully compliant with GDPR regulations and any applicable data protection laws as mandated by the Central Government of India.
7.1 (a):
1. Data Forms Defined:
1.1. Personal Identification Information:
• Name
• Date of Birth
• Nationality
• Government-issued IDs (e.g., Passport number, PAN, Aadhar)
• Photographs or scan copies of ID documents
1.2. Contact Information:
• Email address
• Phone number
• Residential address
• Emergency contact information
1.3. Financial Data:
• Bank account details
• Credit/Debit card information
• Tax identification numbers
1.4. Employment Information (if applicable):
• Job title
• Company name
• Work address
• Professional qualifications
• Previous employment records
1.5. Sensitive Personal Data (Special Category Data under GDPR):
• Biometric data (e.g., fingerprints, facial recognition data)
• Health information (if relevant to employment or services)
• Racial or ethnic origin
• Criminal records (if performing background checks)
1.6. System or Activity Data (if involved in cybersecurity services):
• IP addresses
• Device information (e.g., browser fingerprints)
• Login details (usernames, passwords, multi-factor authentication data)
• Logs of user activities on networks or systems
• Security incident details (e.g., logs from vulnerability assessments or penetration tests).
2. Data Subjects (Individuals from Whom Data May Be Collected)
2.1. Customers/Clients:
• Individuals or companies who seek cybersecurity services (e.g., vulnerability assessments, penetration testing).
• Personal data would include contact details, financial data, and business information.
2.2. Employees:
• Internal staff or employees of Cipher Legion.
• Includes employment records, financial information, and contact details.
• May also involve sensitive data such as health information or background checks.
2.3. Job Applicants:
• Individuals applying for positions at Cipher Legion.
• Personal data may include resumes, professional certifications, references, and background checks.
2.4. Third-party Service Providers:
• Vendors or contractors providing services to Cipher Legion.
• Relevant personal data may include business contact information, contractual details, and payment information.
2.5. Website Visitors or Users of Online Platforms:
• Individuals visiting Cipher Legion’s website or using its digital services.
• Data collected could include IP addresses, cookies, device information, and activity logs.
2.6. Partners or Business Associates:
• Data of individuals representing business partners or entities Cipher Legion collaborates with.
• Contact and business information would typically be gathered.
3. Lawful Basis for Processing Data
To process personal data from these individuals under GDPR, you must have a lawful basis, which could include:
• Consent: Explicit consent from the data subject for collecting and processing their personal data.
• Contractual Necessity: Processing is necessary for fulfilling a contract with the individual.
• Legitimate Interest: Processing data to protect the legitimate interests of the company (e.g., ensuring security through vulnerability testing).
• Legal Obligation: Complying with legal obligations (e.g., maintaining employee tax records).
• Vital Interests: Protecting someone’s life or well-being (rare for cybersecurity roles).
8. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies before providing them with any personal information.
9. Children’s Privacy
Our services are not directed to individuals under the age of 18 and we do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected such information, we will take steps to delete it.
10.Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we do, we will post the updated policy on this page and update the effective date at the top. Please review this policy periodically to stay informed.
11.Contact Us
If you have any questions or concerns about this Privacy Policy or our data practices,please contact us at:
• Company: Cipher Legion Pvt. Ltd.
• Email: info@cipherlegion.com
• Phone: +91-7487005667
• Address: Ground Floor, Office No. 04, Plot No. 44, Midas Tower, Phase – 1, RGIP,Hinjewadi, Pune, Maharashtra. Pin: 411057.
