DE
EN
Login
Last update of the privacy policy on 08.10.2025.
Data protection is a major concern for us. That’s why our privacy policy is very comprehensive—also to fully comply with legal requirements. For your orientation, here is a summary of the individual chapters at the beginning so you can quickly find the information you’re looking for.
With the following privacy policy, we would like to inform you about the type, scope, and purposes of the collection, processing, and use of personal data in connection with the use of the website offered by CyRiSo Cyber Risk Solutions GmbH (hereinafter "CyRiSo") and the services offered through it. CyRiSo values your trust and the protection of your personal data very highly. Therefore, we want to transparently show you how and for what purposes your data is used. We process your data exclusively based on the current legal provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2003).
We operate according to the following principles when processing your personal data:
This privacy policy applies to this website, its sub-domains, and all future sub-domains of CyRiSo. By storing, processing, and using personal data, we aim to provide you with a user-friendly, smooth, customer-oriented, and secure service.
We will not use or disclose your data except as described in this privacy policy. By using the service, you agree to the collection and use of information in accordance with this policy. Unless otherwise stated in this privacy policy, the terms used herein have the same meanings as in our General Terms and Conditions.
CyRiSo uses so-called cookies on this website. These are small text files stored on your device via your internet browser. They do not cause any harm. Cookies help speed up navigation on our website, tailor it to your needs and interests, and prevent misuse of the services. Once you reconnect with our website, our server can identify your device in this way, so you don’t have to reset your language preference every time you visit.
CyRiSo uses so-called session cookies, which are deleted when you close your web browser, as they only contain information necessary for a single visit to CyRiSo. In addition to session cookies, we also use so-called permanent cookies. These allow us to retain and offer your personal settings or displays over a longer period (depending on the service). Permanent cookies are automatically deleted after a predefined duration, which may vary depending on the cookie. You can delete cookies at any time in your browser’s security settings.
You can configure your browser settings according to your preferences and refuse the acceptance of cookies. However, please note that you may not be able to use all functions of the website. Our concern regarding these cookies under GDPR Art. 6 para. 1 lit. f is our legitimate interest in improving our offering and overall web presence.
We may also collect information that your browser sends when you visit our service or access it via a mobile device ("log data").
These log data may include information such as browser type, browser version, IP address of the device, pages of our services visited by you, time and date of your visit, time spent on those pages, and other statistics.
If you access the service from or through a mobile device, these log data may include information such as the type of mobile device used, the unique ID of the mobile device, the IP address of your mobile device, your mobile operating system, the type of mobile internet browser, and other statistics.
We may retain your personal data for as long as necessary to fulfill the purpose for which it was collected or as required or permitted by applicable laws.
We will cease storing your personal data or remove the means by which the data can be associated with you once it can reasonably be assumed that such storage no longer serves the purpose for which the personal data was collected and is no longer required for legal or business purposes.
To provide our services, we use carefully selected external service providers (processors). These process personal data exclusively based on contractual agreements in accordance with Art. 28 GDPR and only according to our instructions. Disclosure of data for the service providers’ own purposes is excluded. Appropriate technical and organizational measures ensure an adequate level of protection for your data.
We use the services of Cloudflare Inc. ("Cloudflare") on our website, a provider of content delivery networks (CDN) and security solutions. The use of Cloudflare is to secure our website and optimize loading times (Art. 6 para. 1 lit. f GDPR, legitimate interest).
Requests between your browser and our server are routed through Cloudflare’s servers. Cloudflare processes, among other things, your IP address, system configuration information, and other data automatically transmitted by your browser. This processing is necessary to defend against attacks (e.g., DDoS attacks) and to deliver our content worldwide more quickly.
Data may also be transferred to countries outside the European Union, particularly the USA. Cloudflare has committed to maintaining an adequate level of data protection. The basis for the transfer to the USA includes the EU standard contractual clauses implemented by Cloudflare. Your data is stored only as long as necessary for the described purposes. Data is not merged with other data sets.
Further information on data processing by Cloudflare and your rights can be found in Cloudflare’s privacy policy: https://www.cloudflare.com/privacypolicy/.
We do not actively transfer personal data to countries outside the European Union (EU) or the European Economic Area (EEA). However, it cannot be ruled out that employees of our contracted service providers from third countries (e.g., in the context of support or maintenance services) may access personal data. In such cases, we ensure compliance with the provisions of Art. 44 et seq. GDPR. This is done in particular through the use of appropriate safeguards, such as the standard contractual clauses adopted by the EU Commission, or—if necessary—through your explicit consent. This ensures that even in the event of access from a third country, a level of data protection comparable to the GDPR is maintained.
Our service is not directed at individuals under the age of 14 (“children”). We do not knowingly or intentionally collect personal data from children under 14 years of age. If you are a parent or guardian and are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children under 14 without the consent of their legal guardians, we will take steps to remove such information from our servers.
The security of your personal information is very important to us, but please remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use all commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
We implement the following technical and organizational measures to ensure the security of your personal data:
Details can be found in our Trust Center.
You have the right to request confirmation as to whether personal data concerning you is being processed by us. If this is the case, we will gladly provide you with information about such personal data and the details listed in Art. 15 GDPR. Furthermore, under the respective legal conditions, you have the right to rectification (Art. 16 GDPR), the right to restriction of processing (Art. 18 GDPR), the right to erasure (Art. 17 GDPR), and the right to data portability (Art. 20 GDPR).
You also have the right, under legal conditions, to object to the processing (Art. 21 GDPR).
Regardless of these rights and the possibility of asserting another administrative or judicial remedy, you always have the right to lodge a complaint with a supervisory authority, particularly in the Member State of your residence, place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates data protection regulations (Art. 77 GDPR).
In Austria, this is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, Phone: +43 1 52 152-0, Email: [email protected]
If you have questions about data protection or wish to exercise your rights, our Data Protection Officer is happy to assist you. Simply send us an email at [email protected] or use the following contact link:
As we continue to develop our services and implement new technologies, CyRiSo Cyber Risk Solutions GmbH reserves the right to continuously update this privacy policy. Therefore, we recommend that you revisit and read this privacy policy from time to time.
Data protection is important to us!
Best regards
CyRiSo Cyber Risk Solutions GmbH
Back
CyRiSo Cyber Risk Solutions GmbH
Deutschmeisterplatz 4
1010 Wien
[email protected]
+43 664 780 65500
Company Register Number: FN631222v
Company Register Court: Vienna Commercial Court
VAT ID: ATU80880557
CyRiSo is a cybersecurity consulting company focused on as-a-Service solutions for the most pressing challenges in cybersecurity, such as the technical security of systems, applications, and networks, rapid incident response and Business Continuity Management, comprehensive information security, compliance with legal data protection regulations, and adherence to industry-specific standards and norms.
CyRiSo places cyber risk at the core of its approach, assisting with assessment, benchmarking against others, and improving the risk landscape. This cyber rating serves as the foundation for planning measures together with our clients, ensuring that cyber risks are maintained at an acceptable and low level.