User Rights Policy
Last updated: March 1, 2021
Subject to applicable law requirements, BIG Cyber LLC (“Company”, “we”, “us” or “our”) will provide individuals with the opportunity to exercise their rights regarding their Personal Data (as such term is defined in our Privacy Policy).
We value the privacy rights of our Visitors and our Customers (as such terms are defined in our Privacy Policy and collectively “you” or “yours”). We therefore designed this User Rights Policy (“User Rights Policy” or “Policy”) as an overview of the rights that may apply to you in connection with your Personal Data, under the applicable data protection laws in your jurisdiction, including, without limitations and solely where applicable, the Australian National Privacy Principles in the Privacy Act 1988 (“APP”), the European Union General Data Protection Regulation (“GDPR”), the Canadian Personal Information Protection and Electronic Documents Act (“PIPEDA”) as well as the California Consumer Privacy Act (“CCPA“).
Access to specific information and data portability rights
You have a right to request us to confirm whether we process certain Personal Data related to you, as well as a right to obtain a copy of such Personal Data, with additional information regarding how and why we use this Personal Data. The GDPR and CCPA provide different protections for this right. The GDPR enables access to all Personal Data processed by the controller, while the CCPA’s “Access Right” applies only to Personal Information collected in the 12 months prior to the request. After we receive such request, we will analyze and determine the veracity and appropriateness of the access request and provide you with the applicable confirmation of processing, the copy of the Personal Data or a description of the Personal Data and categories of data processed, the purpose for which such data is being held and processed, and details about the source of the Personal Data that was not provided by you. Our response detailed above will be provided within the period required by law (please see additional information under the “Response Timing and Format” section below).
Deletion request rights
Depending on your jurisdiction, the Company is legally obligated to comply with a request to delete Personal Data if:
- the data is no longer needed for the original purpose and no new lawful purpose exists for its continued processing;
- the lawful basis for processing is consent of the data subject and such consent is withdrawn;
- the data subject exercises his or her right to object to the Company’s processing of his or her Personal Data, and the Company has no overriding grounds for processing the data;
- the Personal Data is processed unlawfully;
- erasure of the Personal Data is necessary to comply with applicable laws.
- if the Company has passed on Personal Data to a third party, a data subject also has a right to oblige the Company to tell those third parties that the information should be erased.
The right to erasure is not absolute. Even if a data subject falls into one of the categories described above, the Company is entitled to reject the data subject’s request and continue processing the Personal Data, subject to applicable law, if such processing is:
- necessary to comply with legal obligations;
- necessary to establish, exercise or defend legal claims; or is necessary for scientific research, etc.;
- necessary to perform a contract between the data subject and the Company;
- necessary to detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for that activity;
- necessary to debug, identify and repair errors that impair existing intended functionality;
- done solely for internal uses that are reasonably aligned with your expectations based on our relationship with you.
Right to object / right to opt out
Under the lawful basis of our legitimate interests and with regards to Personal Data processed by us (such as direct marketing), you may object to our processing on such grounds. However, even if we receive your objection, we will be permitted to continue processing the Personal Data in the event that (subject to applicable laws and regulations):
- our legitimate interests for processing override your rights, interests and freedoms;
- the processing of such Personal Data is necessary to establish, exercise or defend a legal claim or right, etc.
Your right to be informed
You have the right to be informed with respect to the Company’s details (e.g. name, address, etc.), as well as why and how we process Personal Data. This right includes, among others, the right to be informed with respect to the identity of the business, the reasons and lawful basis for processing Personal Data, and additional information necessary to ensure the fair and transparent processing of Personal Data. Furthermore, you have the right to be informed regarding the categories of Personal Information (as such term is defined under the CCPA) collected, sold, or disclosed by us in the past 12 months. As such, we will make sure that our CCPA Privacy Notice discloses all of the above and is updated every 12 months. Please see our Privacy Policy and our CCPA Privacy Notice for more information.
The right of rectification
The Company must ensure that all Personal Data that it holds and uses about a data subject is correct. If such data is not accurate, a data subject has the right to require that the Company updates such data so it will be accurate. In addition, if the Company has passed on incorrect information about a data subject to a third party, the data subject also has a right to oblige the Company to inform those third parties that this information should be updated.
The right of restriction
A data subject may limit the purposes for which the Company may process its Personal Data. The Company’s processing activities may be restricted if: the accuracy of the data is contested; the processing of the Personal Data is unlawful and the data subject requests restriction instead of erasure; the Company no longer needs the data for its original purpose, but the data is still required to establish, exercise or defend legal rights; or in consideration of overriding grounds in the context of an erasure request.
Data portability
You may request us to send or “port” your Personal Data held by us to a third-party entity, however it is important to note, that the GDPR and the CCPA apply differently to this right, thus, we will handle this according to applicable laws in your jurisdiction.
Nondiscrimination
Under the CCPA, you must not be discriminated against for exercising any of your rights, including by being denied goods or services, charging you different fees for goods or services, including through the use of discounts or other benefits or imposing penalties or by it being suggested to you that you will receive a different price or rate for goods or services.
Notwithstanding the above, it is permitted to set up schemes for providing financial incentives and you can opt-in to become part of them.
Response timing and format
We aim to respond to a verifiable consumer request without undue delay. If we require more time, we will inform you of the reason and length of the extension period in writing. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your Personal Data in that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
Furthermore, please note, that under the CCPA your rights only apply to the Personal Information collected 12 months prior to your request to exercise them and you are not entitled to submit more than 2 requests in a 12-month period.
This Policy solely applies to your rights concerning your Personal Data / Personal Information (as defined under the applicable law in your jurisdiction) that is processed by us.
Please submit a request by either:
* Filling in the Data Subject Request form and emailing it to us at: privacy@bigcyberdefense.com
* Calling us at +1 702 407 2420 ext.3000