Last Updated: October 13, 2025

1. INTRODUCTION

CyberTested (operated by Verdatek OÜ, registry code: 16650214, registered address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551 Estonia) ("we," "us," or "our") is committed to protecting your personal data and respecting your privacy rights.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services and website. This policy applies to users worldwide and complies with:

  • Estonian Personal Data Protection Act (Isikuandmete kaitse seadus)
  • European Union General Data Protection Regulation (GDPR) (EU) 2016/679
  • California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • Other applicable international data protection laws

By using our services, you acknowledge that you have read and understood this Privacy Policy.

2. DATA CONTROLLER

Verdatek OÜ (trading as CyberTested)
Registry Code: 16650214
Registered Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia
Email: contact@cybertested.com

  1. DEFINITIONS
  • Personal Data: Any information relating to an identified or identifiable natural person.
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
  • User/You: Any individual who accesses or uses our website, services, or applications.
  • Services: All products, services, and features provided by CyberTested.

4. PERSONAL DATA WE COLLECT

4.1 Information You Provide

When you use our services, we may collect:

  • Full name
  • Email address
  • Phone number
  • Country of residence
  • Billing and payment information
  • Company name and business information (for business customers)
  • Communications with us

4.2 Automatically Collected Information

  • IP address and location data
  • Browser type and version
  • Device information
  • Usage data and analytics
  • Cookies and similar tracking technologies (see Section 10)

4.3 Information from Third Parties

We may receive information about you from third-party service providers, payment processors, or business partners with your consent or as permitted by law.

5. LEGAL BASIS FOR PROCESSING (GDPR/ESTONIAN LAW)

We process your personal data based on:

  • Consent: You have given clear consent for specific purposes
  • Contract Performance: Processing is necessary to fulfill our contract with you
  • Legal Obligation: Required by Estonian or EU law
  • Legitimate Interests: Our business interests that do not override your rights

6. HOW WE USE YOUR PERSONAL DATA

We use your information to:

  • Provide, maintain, and improve our services
  • Process transactions and send transaction notifications
  • Respond to your inquiries and provide customer support
  • Send administrative information, updates, and security alerts
  • Conduct analytics and research to improve user experience
  • Comply with legal obligations and enforce our terms
  • Prevent fraud and ensure security
  • Send marketing communications (with your consent where required)

7. DATA SHARING AND DISCLOSURE

7.1 Service Providers

We may share your data with trusted third-party service providers who assist us in:

  • Payment processing
  • Cloud hosting and data storage
  • Email delivery and communications
  • Analytics and marketing services

All service providers are bound by data processing agreements and must comply with applicable data protection laws.

7.2 Legal Requirements

We may disclose your information when required by law or in response to:

  • Valid legal requests from government authorities
  • Court orders or legal proceedings
  • Protection of our rights, property, or safety
  • Investigation of fraud or security issues

7.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the successor entity.

7.4 International Transfers

We may transfer your data to countries outside Estonia/EU. When we do, we ensure appropriate safeguards are in place, including:

  • European Commission approved Standard Contractual Clauses
  • Adequacy decisions by the European Commission
  • Your explicit consent where required

For users in the EU/EEA, we ensure transfers comply with GDPR Chapter V requirements.

8. YOUR RIGHTS

8.1 Rights Under GDPR/Estonian Law (EU/EEA Users)

You have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we process your data
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time without affecting prior processing
  • Lodge a Complaint: File a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon)

Estonian Data Protection Inspectorate
Address: Tatari 39, 10134 Tallinn, Estonia
Phone: +372 627 4135
Email: info@aki.ee
Website: www.aki.ee

8.2 Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, use, disclose, or sell
  • Delete your personal information
  • Opt-out of the sale or sharing of personal information
  • Correct inaccurate personal information
  • Limit use of sensitive personal information
  • Non-discrimination for exercising your rights

We do not sell your personal information.

To exercise these rights, contact us at contact@cybertested.com.

8.3 Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident, you have the right to:

  • Access your personal information
  • Challenge the accuracy and completeness of your information
  • Withdraw consent for processing
  • File a complaint with the Office of the Privacy Commissioner of Canada

8.4 Exercising Your Rights

To exercise any of these rights, please contact us at:

  • Email: contact@cybertested.com
  • Mail: Verdatek OÜ, Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia

We will respond to your request within:

  • 30 days (GDPR/Estonian law)
  • 45 days (CCPA, extendable to 90 days)
  • 30 days (PIPEDA)

9. DATA RETENTION

We retain your personal data only as long as necessary for:

  • Fulfilling the purposes described in this policy
  • Complying with legal, accounting, or reporting obligations
  • Resolving disputes and enforcing agreements

Specific retention periods:

  • Account information: Duration of account + 7 years (Estonian accounting requirements)
  • Transaction records: 7 years (Estonian tax law)
  • Marketing data: Until you withdraw consent or 2 years of inactivity
  • Support communications: 3 years

After retention periods expire, we securely delete or anonymize your data.

10. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience. You can manage cookie preferences through your browser settings or our cookie consent tool.

11. DATA SECURITY

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication
  • Regular security assessments
  • Employee training on data protection
  • Incident response procedures

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

12. CHILDREN'S PRIVACY

Our services are not directed to individuals under 16 years of age (or 13 in the USA). We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

13. DO NOT TRACK SIGNALS

Our website does not currently respond to "Do Not Track" browser signals. You can manage tracking preferences through our cookie consent tool.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email notification
  • Updating the "Last Updated" date

Continued use of our services after changes constitutes acceptance of the updated policy.

15. CONTACT US

For questions about this Privacy Policy or to exercise your rights, contact us at:

Verdatek OÜ (CyberTested)
Email: contact@cybertested.com
Address: Harju maakond, Tallinn, Lasnamäe linnaosa, Sepapaja tn 6, 15551, Estonia

ADDITIONAL NOTICES FOR SPECIFIC JURISDICTIONS

For California Residents

Notice at Collection: We collect the categories of personal information listed in Section 4 for the purposes described in Section 6.

Shine the Light: You may request information about our disclosure of personal information to third parties for direct marketing purposes.

For Canadian Residents

We are committed to the principles outlined in PIPEDA, including accountability, identifying purposes, consent, limiting collection, limiting use/disclosure/retention, accuracy, safeguards, openness, individual access, and challenging compliance.

For Nevada Residents

Nevada law allows residents to opt-out of the sale of personal information. We do not sell personal information as defined under Nevada law.

This Privacy Policy is effective as of the date stated above and governs our collection and use of your personal information.

An automatic penetration test, supported by artificial intelligence (AI), will be carried out 24/7, on the basis of which periodic reports will be generated, including instructions for remediation.

NAVIGATE

Home

Pricing

Services

Connect
PRIVACY & TOS

Terms of Service

Privacy Policy
CONTACT US

+44(203)8089317

contact@cybertested.com