Rebyc Security GDPR Privacy Policy

Effective Date: January 1, 2026

Rebyc Security LLC GDPR Privacy Policy

Rebyc Security LLC (“Rebyc Security,” “we,” “us,” or “our”) respects your privacy and is

committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website rebycsecurity.com, use our cybersecurity services, or otherwise interact with us (collectively, the “Services”).

This Privacy Policy applies to personal data other than human resources data. If you are an employee or job applicant, please contact info@rebycsecurity.com for our separate HR Privacy Policy.

By using our services, you consent to the practices described in this Privacy Policy.

  1. Information We Collect

We collect the following categories of personal data:

  • Contact and Identity Data: Name, email address, phone number, company name, job title.
  • Service Usage Data: IP address, browser type, device information, logs, and analytics data collected through cookies and similar technologies.
  • Client Data: Personal data processed on behalf of our clients in the course of providing cybersecurity services (e.g., threat intelligence, vulnerability
  • assessments).
  • Marketing and Communications Data: Preferences for receiving newsletters, event invitations, or promotional materials.

We do not knowingly collect personal data from children under 16.

  1. How We Use Your Personal Data

We use your personal data for the following purposes:

  • To provide, maintain, and improve our cybersecurity services.
  • To communicate with you, respond to inquiries, and provide customer support.
  • To send marketing communications (with your consent where required).
  • To comply with legal obligations, enforce our agreements, and protect our rights.
  • To conduct analytics and research to enhance our services.
  1. How We Share Your Personal Data

We may share personal data with:

  • Professional advisers (lawyers, accountants) as needed.
  • Regulators or law enforcement when required by law.
  • In the event of a merger or acquisition.

Rebyc Security LLC does not plan to transfer personal information to third parties. Therefore, the provision regarding liability for the actions of agent processors may not apply. If we change this policy in the future, Rebyc Security LLC shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles.

We do not sell your personal data.

  1. Your Rights and Choices

Depending on your location, you may have the following rights:

  • Access, correct, or delete your personal data.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is based on consent.
  • Data portability (where applicable).

To exercise these rights, contact us at info@rebycsecurity.com. We will respond within 30

days (or as required by law).

We will also provide an individual opt-out choice, or opt-in for sensitive data, before we share your data with third parties other than our agents, or before we use it for a purpose other than which it was originally collected or subsequently authorized. To request to limit the use and disclosure of your personal information, please submit a written request to info@rebycsecrity.com.

You may also manage cookies and tracking technologies through your browser settings or our cookie consent banner.

  1. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure, consistent with industry standards for cybersecurity providers.

  1. Data Retention

We retain personal data only as long as necessary for the purposes outlined above or as required by law.

  1. International Data Transfers

We are a U.S.-based company. When we transfer personal data from the European

Economic Area (EEA), United Kingdom, or Switzerland to the United States, we rely on the

EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and/or the

Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), as applicable.

EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. Data Privacy Framework

Rebyc Security complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Rebyc Security has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. Rebyc Security has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, Rebyc Security commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of human resources data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF in the context of the employment relationship.

Rebyc Security LLC commits to resolve DPF-related complaints about our collection and use of personal data received from the EU, UK, and Switzerland. EU, UK, and Swiss individuals with DPF Principles-related complaints should first contact us at:

info@rebycsecurity.com

If we do not resolve your complaint within 45 days, or if you are not satisfied with our response, you may refer the complaint (free of charge) to our independent recourse mechanism, BBB National Programs Data Privacy Framework Dispute Resolution, at https://bbbprograms.org/dpf-complaints (or the complaint form linked on that page).

We also commit to cooperate with the panel established by the relevant data protection authorities and to comply with any final decisions issued by them.

Under certain limited circumstances, you may be able to invoke binding arbitration through

the DPF arbitral panel (see Annex I to the DPF Principles:

https://www.dataprivacyframework.gov/framework-article/ANNEX-I-introduction

Rebyc Security LLC is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.  

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the Effective Date.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us at:

Rebyc Security LLC Attn: Legal Department info@rebycsecurity.com

You may also reach us by mail at our principal business address (available upon request).