Legal Notice - Statement of Data Privacy


At CyberVadis, protecting user information is our priority. We have prepared this Statement of Data Privacy to describe our practices regarding “Personal Information” (as defined below) which we collect from natural persons that browse, send information or have a relationship with CyberVadis or CyberVadis’ Customers (hereinafter “Users”of our web Services including but not limited to sites located at, all subdomains, and all other online services of CyberVadis SAS (“Services”). For the purposes of this Statement of Data Privacy, unless otherwise noted, all references to CyberVadis include all online web services of CyberVadis SAS.

We respect each individual’s right to personal privacy. We will collect and use information we receive directly from Users through the CyberVadis website or services only in the ways which are disclosed in this Statement of Data Privacy. Information provided to CyberVadis by our corporate customers is collected and processed by them, acting as data controllers and under their privacy policies. By using CyberVadis web Services Users agree to the data practices described herein and Users acknowledge the collection, use and disclosure of their Personal Information in accordance with this Statement of Data Privacy.

CyberVadis SAS as a data controller adheres to the set of data protection principles developed by the French data protection authority CNIL (COMMISSION NATIONALE DE L’INFORMATIQUE ET DES LIBERTÉS) under the French Data Protection Act as well as to the General Data Protection Regulation (GDPR) applicable from May 25th 2018 and as far as they are applicable also to international data protection laws.
To learn more about the CNIL please visit:

This published Statement of Data Privacy is accurate, comprehensive, prominently displayed, completely implemented, accessible, and conforms to the set of data protection principles developed by the French Data Protection Act and in compliance with any current regulation applicable to the processing of Personal Information, and in particular with Law 78-17 of 6 January 1978 amended.

Pursuant to these laws, the Users shall have the right to request access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability related to, any personal information you provide on the website. Such request may be sent to the Support Service or directly to the following address: CyberVadis SAS, Data Protection Officer, 43 Avenue de la Grande Armée, 75116 Paris – FRANCE,

CyberVadis SAS has signed with its subsidiaries CyberVadis (Mauritius) Ltd and CyberVadis Polska sp. z o.o as well as with its providers, Standard Contractual Clauses (SCC) provided by the European Commission in order to apply a compliant mechanism under the GDPR Art 46 for the transfer of personal data to third countries which do not ensure an adequate level of data protection.

Collection of User Personal Information

We use the personal information we collect from our customers and potential customers for the following purposes : (1) contract and billing administration, (2) product and service delivery, (3) call and chat recordings from support services (4) communications regarding marketing and technical information concerning our products and services, (5) customer account management, (6) website audience tracking and viewer statistics for customer prospection, and (7) fulfillment of our business obligations to our customers.

CyberVadis collects and uses a user’s Personal Information such as name and email address (user name) to deliver the services a user has requested. CyberVadis may also use your Personal Information to inform Users of other products or services available from and through CyberVadis . CyberVadis may also contact Users via surveys to conduct research about user opinions of current services or of potential new services that may be offered.

If a user purchases services from CyberVadis, we may request billing and credit card information. The credit card information is not stored by CyberVadis.

Personal and non-personal Information about the user’s computer hardware and software may be automatically collected by CyberVadis. This information can include: the user’s IP address, browser type, domain names, access times and referring website addresses. This information is used for the operation of the service, to maintain and to improve the quality of the service, and to provide general statistics regarding the use of CyberVadis web services. CyberVadis may keep track of the websites and pages our Users visit while using the CyberVadis web services, in order to improve the user experience and determine what CyberVadis services are the most popular.

We also collect and use data from job applicants for the purpose of hiring through dedicated job portals.

Legal notices concerning data processing are displayed on the website :

For more information about data processing during the Cyber security assessment please see here.

For more information about prospection please see here.

Third parties

CyberVadis does not sell, rent or lease their customer lists to third parties.

CyberVadis may share data with trusted providers for different data processings (purposes) like for the delivery of the the product and service, statistical analysis of usage, user behaviour, customer prospection, human resources and recruitment management, email account management, invoicing and to provide customer support and communication; and CyberVadis has signed with all the providers, acting as Data Processors, Data Processing Agreements (DPAs) in order to ensure all the obligation and responsibilities in the GDPR’s framework.

All such third parties are prohibited from using a user’s Personal Information except to provide these services to CyberVadis , and they are required to maintain the strict confidentiality of user information.

CyberVadis, as a data controller, determines the purposes for which and the means by which personal data is processed and is liable in cases of onward transfers to third parties, such as processors and sub-processors.

CyberVadis will disclose user Personal Information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on CyberVadis or the site; (b) protect and defend the rights or property of CyberVadis; and, (c) act under exigent circumstances to protect the personal safety of Users of CyberVadis, or the public.

Use of Cookies may use “cookies” to help personalize a User’s online experience. A cookie is a text file that is placed on the user’s hard disk by a web page server. Cookies cannot be used to run programs or deliver viruses to a user’s computer. Cookies are uniquely assigned to the individual user, and can only be read by a web server in the domain that issued the cookie to the User. One of the primary purposes of cookies is to provide a convenient feature to save the user time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if a user personalizes CyberVadis pages, or registers on the CyberVadis website or to the services, a cookie helps CyberVadis to recall the user’s specific information on subsequent visits. This simplifies the process of recording a user’s Personal Information, such as login information. When a user returns to, the information the user previously provided can be retrieved, so the user can easily use the CyberVadis features which they had customized.

Users have the ability to accept or decline cookies (Targeting, Functional and Performance cookies) except for the strictly necessary cookies for the performance of the website. Users can modify their browser settings to block cookies if they prefer. If a user chooses to block cookies, the user may not be able to fully experience the interactive features of the CyberVadis website(s) they visit or service(s) used.

Security of a User’s Personal Information

CyberVadis uses industry-standard technologies when transferring and receiving user data exchanged between CyberVadis and third parties to help ensure data security. CyberVadis’ website has security measures in place to protect the loss, misuse and alteration of information.

CyberVadis uses the ISO 27001 standard, for which we are certified, as a framework and integrates personal data protection in its management system.

As part of this management system, we provide appropriate employee training and have internal procedures to periodically review our compliance with the French Data Protection Act and GDPR.

For more information on our information security management system please visit our trust center :

User data are stored on servers in Europe maintained by the hosting provider Microsoft Azure and subject to their security safeguards.

Credit card transactions are made securely through PayPal ( or Alipay (

Children Under Eighteen

CyberVadis Services are directed towards users in their business capacity and are not designed for or directed to children under the age of 18, and we will not intentionally collect or maintain information about anyone under the age of 18.

International Users

Please note that the personal information a user submits to CyberVadis may be transferred or saved in Europe and processed under GDPR If the User is not a resident of France or a country subject to GDPR , the User acknowledges that we may collect, process, use, and store a user’s personal information, as discussed in this Statement, and outside the User’s resident jurisdiction which is different to the French law, GDPR and the following new legislation or regulations applicable

The following applies to Users who are resident in the Russian Federation:
The services offered by CyberVadis and any of its affiliated companies are exclusively delivered from data centers located outside of Russia. If you are a Russian citizen residing in Russia, you are hereby notified that any Personal Data that you input into the services will be solely at your own risk and responsibility and that you expressly agree that CyberVadis SAS may gather your Personal Data and will store this data in the EU and that you will not hold CyberVadis SAS and any of its affiliated companies accountable for any potential non-compliance with legislation of the Russian Federation.

Opt-Out & Unsubscribe

We respect user privacy and give Users an opportunity to opt-out of receiving announcements about certain information. Users may object to / opt-out of receiving any or all communications from CyberVadis by following the “unsubscribe” link on communication received from CyberVadis or otherwise by contacting us.

Changes to this Statement

CyberVadis will occasionally update this Statement of Data Privacy to reflect company and customer feedback. CyberVadis encourages Users to periodically review this Statement to be informed about how CyberVadis protects user information.

Contact Information

CyberVadis welcomes your questions or comments regarding this Statement of Data Privacy. If you believe that CyberVadis has not adhered to this Statement, please contact CyberVadis at:

CyberVadis SAS
Data Protection Officer
43 Avenue de la Grande Armée
75116 Paris, France

Intellectual Property

Our website is protected by national and international laws and regulations relating to Intellectual property.

You recognize CyberVadis SAS ownership of title, service marks, trade names, logotype, patents, copyright, and other intellectual property rights arising out of the website’s content and related. Any use of elements of CyberVadis SAS website shall obtain CyberVadis – or concerned third party – prior written consent.

See our General Terms and Conditions of Use

Want to know more?
Contact us