The Privacy Policy
Last updated on 11 July 2025.
We attach great importance to the security and confidentiality of your personal data. This privacy policy informs you about how we process your personal data in compliance with applicable laws when you use Syba’s privacy and security services.
We also use cookies on our website. For more information, we kindly refer you to our cookie policy.​
1. When Does this Privacy Policy Apply?
​1.1. We collect and use your personal data when you:
-
Use our website (www.syba.io) or the contact form;
-
Use our social media (Facebook, Twitter, or LinkedIn);
-
Use our mobile app “Syba”;
-
Enter into an agreement with us or communicate with us in that context;
-
Register for or participate in our events;
-
Apply for one of our vacancies;
-
Visit our offices, sites, or facilities;
-
Communicate with us by email, phone, or any other digital communication channel;
-
Give us your business card; and
-
Receive our brochure.
1.2. This privacy policy may be amended as set forth in Article 9.
2. Who Are We?
​2.1. “We” in this privacy policy refers to Syba Europe bv:​
Name
Syba Europe bv
Address
Kardinaal Mercierstraat 74
8000 Brugge
Belgium
Company Number
0802.711.523
​2.2. We are the responsible data controller for the collection and use of your personal data in the manner explained in this privacy policy. If you have any questions about this, please contact us by e-mail (privacy@syba.io).
​
​2.3. In certain circumstances, third parties may (also) be responsible for the processing of your personal data. For example, if you click on a link and leave our website or if you use our social media and have your own social media account. We have no control over the data such providers collect about you. In that case, we recommend that you consult the privacy policies of these third parties.​
3. Which Personal Data Do We Process and Why?
We will only process your personal data for a specific purpose and to the extent permitted by law. We further explain below in which cases we collect and use your personal data. If we do not receive your personal data directly from you, we will also inform you of this below.
3.1. When You Use Our Website or Use The Contact Form or Pop-up Chat Window
When you use our website (www.syba.io), or use our contact form, or pop-up chat window, or other digital communication channel, we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Technical information (e.g. server log files) about your visit and the device you use (e.g. IP address, Internet Service Provider (ISP), time, visited webpage, operating system, browser type and version and location based on the IP address). We cannot identify you on the basis of this information, but third parties may be able to identify you (e.g. your internet service provider). | In order to ensure the most fault-free operation of our website and to detect and prevent malware, illegal content and conduct and other forms of potential abuse. | Our legitimate interest in keeping our online presence safe. |
Information about your browsing behaviour, how you use our website and the device that you use (e.g. number of sessions, average session duration, visited web pages, the files you browsed on our site like HTML pages, images, etc., when visitors visit us, how visitors are attracted, from which country visitors are browsing, device type, number of active visitors, number of repeat visitors, trends of active visitors, user retention, whether objectives are achieved). We cannot identify you on the basis of this information, but third parties may be able to identify you. We collect this information through cookies. For more information about this, please refer to our cookie policy. | In order to improve the content of and general experience on our website and social media and to develop new products or services. | Your consent. |
Identity and contact details provided by you (e.g. name, email address, company you work for) and the content of the message and the technical details of the message itself (e.g. date and time). | To enable communication between you and us. | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
3.2. When You Use Our Social Media
When you use our social media (Facebook, Twitter, LinkedIn), we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
When you send messages to us via social media, we collect your identity and contact information, your message content and your message technical details (e.g., date and time). | To enable messages between you and us via social media. These messages are not public. However, if you post a comment or like or post other data (e.g. photos) on our public social media, then these data are public. | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
Information publicly available on our social media (e.g. customer experiences or reactions to our products or services). | To track and monitor messages about our products or services, our company or our industry via social media. This is also referred to as 'social media listening'. | Our legitimate interest in tracking messages about our products or services or about us as a company or the industry in which we operate. |
3.3. When You Use Our App (SYBA)
3.3.1. Syba app is a mobile application available on iOS and Android that helps you protect your online privacy of your emails, social media usernames and router security.
3.3.2. When you use our mobile app (Syba), we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact information provided by you to us upon your registration and thereafter. | To create and manage your account so you can use our app and make use of our services. | Your consent. |
Contact information, first name, last name and birthyear | Data Deletion feature: Used only to detect and request removal of your personal data from data broker websites. | Your consent. |
Identity and contact information provided by you to us and information about the services you subscribed to through our mobile app. | To ensure a user-friendly way to subscribe to our services through our app and to monitor the subscription status. | We rely on the need to process your personal data in order to come to an agreement with you or to perform an existing agreement with you. |
Your IP address | Router Security feature: our IP Security test provider will use your IP address only for the purpose of checking if your IP address is known for open ports, router vulnerabilities and IP blacklisting | We rely on the need to perform an existing agreement with you. |
Your email address(es) | Data Breach feature: Our data breach service provider will use your email address only for the purpose of checking if your email address appeared in a data breach | We rely on the need to perform an existing agreement with you. |
Your social media usernames | Social Media feature: Our social media service provider will use your usernames only for the purpose of checking where your user name appeared in social media websites | We rely on the need to perform an existing agreement with you. |
Information about your device. | To improve the content and overall experience of our app. | Our legitimate interest in making sure our app works properly and to provide our users with the most trouble-free experience possible. |
Information about your use of our app. In addition, we also receive aggregate demographic data from Apple and Google for our total user base. | To improve the content and overall user experience of our app. | Our legitimate interest in providing our users with an interesting experience. |
Your location data (e.g. IP address). | To be able to provide the services. | Your consent. |
3.4. When You Contract With Us
When you enter into an agreement with us we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact details provided by you in the context of the agreement (e.g. name, e-mail address, professional function and language). | To fulfil our contractual obligations, and if you are a customer, to deliver provide our services, including processing or performing subscription orders or processing payments and communicating with you in this context. | If you are our customer or supplier as an individual, we rely on the necessity of processing your personal data for the performance of the contract we have with you. However, when you act on behalf of a company or other legal entity, we rely on our legitimate interest in being able to contract with customers and suppliers. |
Identity and contact details provided by you within the framework of the agreement and, if applicable, your company and invoicing details. | To carry out our normal business administration (e.g. invoicing and relationship management). | Our legitimate interest in managing our business activities in a responsible and professional manner. |
Identity and contact details provided by you and the reason for your contact with our customer service (e.g. your problem with or feedback about our services). | To solve your problems or your process feedback and communicate in you this regard. | Our legitimate interest in striving for high customer satisfaction. |
Your email address and information about your previous subscriptions if you are an existing customer and you did not object to this. | To send you our brochure or other electronic communication. | Our legitimate interest to contact you as an existing customer to inform you about our services and to improve our customer relationship. |
3.5. When You Register for or Participate in Our Events
When you register for or participate in our events (e.g. panel events to discuss cyber security topics with experts), we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact details provided by you to us in connection with, where applicable, your registration and participation in our events (e.g. name, e-mail address, telephone number, postal address, company you work for, professional position or payment details). | To process your registration and prepare, organize and secure our events. | Our agreement with you by your acceptance of the applicable terms and conditions. |
Your feedback about the event in which you participated and your identity and contact details provided to us in that regard, unless your feedback was anonymous. | To evaluate the event and improve future events. | Our legitimate interest to be able to organize interesting events or to promote our services. |
Photos taken during an event on which you are recognizable. | To capture and share ambience images of the event (e.g. on our website and our social media). | Your permission. |
3.6. When You Apply for a Job With Us
When you apply with us, we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact details (e.g. name, e-mail address, postal address and telephone number), information that you have included in your resume and cover letter and any other personal data you have chosen to include in your application. | In order to assess your application. | We rely on the necessity of processing your personal data in order to reach a possible agreement with you. If we decide not to cooperate with you, we will request your consent to be included in our recruitment reserve. |
3.7. When You Visit Us
When you visit us, we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact information provided by you to us during your visit (e.g. name and company name) and information about your visits (e.g. date, arrival and departure time, person you are visiting). | To ensure the safety of our sites and facilities and to notify the person you come to visit of your arrival. | Our legitimate interest in managing our business activities responsibly and professionally and in meeting contractual obligations with our business partners. |
Camera images taken during your visit on which you are recognisable. | To ensure the security of our sites and facilities. | Our legitimate interest in managing our business activities responsibly and professionally. |
Technical information about your device with which you connect to our Wi-Fi network (e.g. MAC address). | To let you make use of our Wi-Fi network for guests in a safe manner. | An agreement with you by your acceptance of the applicable terms and conditions. |
3.8. When You Meet With Us (in Person or Online) in a Commercial Context
When you meet with us within the context of commercial conversations, we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact information provided by you to us during our meeting(s) (e.g. name and company name, occupation and position within the company). | To prospect, to approach business prospects within a commercial context.
| Our legitimate interest in managing and expanding our business activities responsibly and professionally. |
3.9. When You Communicate With Us
When you communicate with us via social media, telephone, email or any other digital communication channel, we collect and use the following personal data.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact details provided by you to us, the content of the communication, the technical details of the communication itself (e.g. date and time) and, if applicable, the device you used. | To enable communication between you and us (e.g., when you use our contact form, pop-up chat window or contact us via social media, telephone or email). | Our legitimate interest in being able to respond to requests, questions or comments or to contact you proactively for questions of any kind. |
3.10. In Other Cases
Your personal data is also collected and used by us in the cases below.
Personal Data | Reason | Legal basis |
|---|---|---|
Identity and contact details on the business card you give us. | In order to be able to contact you within the framework of normal relationship management. | Our legitimate interest in building our network of contacts. |
Your postal address and other personal data in order to personalise your brochures (e.g. name, language, interests and product preferences). | To deliver our personalized brochure to you. | Our legitimate interest in informing you about our services. |
3.11. In All of the Above Cases
For all personal data that we collect in the above circumstances, we would like to make it clear that we will also process your personal data in the following cases.
Personal Data | Reason | Legal basis |
|---|---|---|
Above-mentioned personal data. | To comply with our legal obligations or to comply with any reasonable request from competent police authorities, judicial authorities, government institutions or bodies, including competent data protection authorities. | Our legal obligation. |
Above-mentioned personal data. | To prevent, detect and combat fraud or other illegal or unauthorized activities. | Our legal obligation. |
Above-mentioned personal data. | To defend ourselves in legal proceedings. | Our legitimate interest in using your personal data in these proceedings. |
Above-mentioned personal data. | To inform a third party in the context of a possible merger with, acquisition of/by or demerger by that third party, even if that third party is located outside the EU. | Our legitimate interest in entering into business transactions. |
4. With Whom Do We Share Your Personal Data?
4.1. In principle, we do not share your personal data with anyone other than the persons who work for us, as well as with the suppliers who help us process your personal data. This means that only the following categories of recipients will receive your personal data:
-
You;
-
Your employer or business partners, but only when this is necessary for the purposes mentioned above (e.g. when your employer is our supplier or customer);
-
Our employees;
-
Our suppliers (these may include cloud service providers such as Microsoft Azure) and app stores to distribute our app; and
-
Government or judicial authorities to the extent that we are obliged to share your personal data with them (e.g. tax authorities, police or judicial authorities).
​
4.2. Anyone who has access to your personal data will always be bound by strict legal or contractual obligations to keep your personal data safe and confidential.
5. International Transfers (Data Transfers)
5.1 All personal data relating to data subjects located in the European Economic Area (EEA) (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland) are stored within the EEA.
​
5.2. We only transfer data outside of the EEA in following limited cases:
-
As a member of the Syba Group, we may cooperate with other companies within the group (e.g. Syba US) for the purpose of prospecting and managing/expanding our business activities as stated in Article 3.8.
-
For some specific tasks, we rely on suppliers or third-party service providers, which may qualify as data processors as appropriate when they access or need to use certain personal data collected by us as part of their duties. Some of these carefully selected processors may be located outside of the EEA. The data that is transferred outside of the EEA in these cases is limited to the data processed for the purpose of support in app-related functionalities and services as stated in Article 3.3.
​
5.3. In case of international transfers from the EEA to a non-EEA country or organisation located outside of the EEA, we will take adequate safeguards to protect your personal data when we transfer your personal data, such as:
-
if applicable, an adequacy decision, as adopted by the European Commission (i.e. a decision of the European Commission where the latter has recognised that the country to which your data is transferred ensures an adequate level of protection); or
-
in the event that your data is transferred to a country whose level of protection of your data is not recognised as adequate by the European Commission, we will rely on standard data protection clauses adopted by the European Commission.
-
In addition, where necessary, we may take additional measures to ensure a compliant level of personal data protection as guaranteed within the European Economic Area by implementation of additional data protection measures and/or preliminary assessments.
6. How Long Do We Keep Your Personal Data?
6.1. Your personal data will only be processed for as long as necessary to achieve the purposes described above or, when we have asked you for your consent, until you withdraw your consent. In this article we provide you with the information you need to evaluate how long we will keep your personal data identifiable.
​
6.2. As a general rule, we will de-identify your personal data when it is no longer needed for the purposes described above or when the retention period, as explained in this Article 6, has expired. However, we cannot delete your personal data if there is a legal or regulatory obligation or a court or administrative order preventing us from doing so.
​
6.3. We retain all personal data collected through our website for as long as necessary to protect the legitimate interests stated in Article 3.1. We retain technical information such as our server log files until 6 months after your visit to our website, after which it will be deleted or de-identified. Messages that you send us via the contact form will be retained as long as necessary to handle and follow up your question, request, comment, or other input. We also keep an archive of so-called tickets we received via the contact form. We will remove or de-identify tickets we have closed no later than 5 years after closure. We do not retain information about your browsing behaviour (e.g. user ID) longer than 26 months after your visit to our website, after which it will be deleted or de-identified.
6.4. All personal data we collect through our social media (Facebook, Twitter, LinkedIn) we retain as long as necessary to protect the legitimate interests stated in Article 3.2 or until such time as your personal data is no longer required for the purposes of the promotion. We consider this retention to be necessary at least as long as you can legally challenge the result of this. Messages that you send to us via social media and your identity and contact details and technical details related thereto, we will retain as long as necessary to handle and follow up your question, request, comment or other input. We will not retain this data longer than 5 years after your message, after which it will be deleted or de-identified. If information about our products or services, our company or our industry based on publicly available social media interactions (“social media listening”) contains personal data, we will retain it for as long as necessary to protect our legitimate interest. We will not retain this data longer than 5 years after the collection of this information.
6.5. All personal data we collect through our mobile app (Syba) we retain as long as necessary to protect the legitimate interests stated in Article 3.3 or until you withdraw your consent. You can disable location sharing via your mobile device in your device settings. Identity and contact information related to your subscription order or previous orders via our mobile app will be retained until your personal data is no longer required for the purposes of your order or its follow-up. We consider this retention to be necessary at least as long as you can take legal action in connection with this order. We will not retain technical information related to your use of our mobile app for longer than 5 years after your last use of our app, after which it will be deleted or de-identified. We will not retain information about your use of our mobile app for longer than 5 years after the last time you used our app, after which it will be deleted or de-identified.
6.6. We will retain all personal data collected in connection with our events for as long as necessary to protect the legitimate interests stated in Article 3.5 or until you withdraw your consent. If your photo was not published, we will not keep your photo longer than 2 years after the event in question. If you wish to object to a published photo of you during an event, please let us know (see Article 10). Identity and contact details in the context of your registration for or participation in an event, we will retain your personal data until your personal data are no longer necessary in this context. We consider this retention to be necessary at least as long as you can take legal action in connection with the event in question. Your feedback about a particular event and your identity and contact information to the extent you have provided it to us, we will retain as long as necessary to process your feedback for future events. We will not retain this data longer than 2 years after the event in question.
6.7. We will retain all personal data we collect from you as part of your application for the duration of the application process and, if we choose to employ you, for the entire duration of your contract with us and up to 10 years upon termination of the contract. If we do not choose to employ you, but we have invited you for an interview, we will retain your personal data for 5 years after the review process has ended. If you consent to the inclusion of your personal data in our recruitment reserve, we will retain your personal data for 5 years after receipt of your personal data.
​
6.8. All personal data we collect when you visit us will be retained as long as necessary to protect the legitimate interests stated in Article 3.7 or, if you have used our wifi network, until your personal data is no longer required for this purpose. We consider this retention to be necessary until 12 months after your last access to our wifi network. Identity and contact details and other information collected as part of your visit, we retain as long as necessary to manage our business activities responsibly and professionally. We will not retain this data longer than 2 years after your visit. We do not retain camera images recorded during your visit for more than 1 month after the image was recorded, unless there is a legitimate reason to retain these camera images for a longer period of time.
​
6.9. All personal data we collect when we meet (in person or online) within the context of commercial purposes will be retained as long as necessary to protect the legitimate interests stated in Article 3.8. Identity and contact details and other information collected as part of our meeting, we retain as long as necessary to manage and expand our business activities responsibly and professionally. We will not retain this data longer than 5 years after our meeting.
6.10. All personal data we collect through our interactions with you through social media, telephone, email or other digital communication channels will be retained for as long as necessary to communicate with you, but also to maintain a historical record of our communications. This allows us to return to previous communications when you come back to us with new questions, requests, comments or other input.
6.11. All personal data we collect when you give us your business card, we keep as long as you do not ask us to delete your personal data.
6.12. All the personal data we collect and use when you receive our brochure we will keep as long as we provide you with our brochure. If you no longer wish to receive our brochure, please let us know (see Article 10).
7. How Do We Keep Your Personal Data Secure?
7.1. The security and confidentiality of the personal data we process is very important to us. That is why we have taken measures to ensure that all personal data processed is kept secure. These measures include technical and organizational measures to protect our infrastructure, systems, applications, processes and sites. We've also taken other measures, such as taking internal policy measures, limiting the processing to the personal data necessary for the fulfillment of the purposes, minimizing the processing of personal data, the pseudonymization of personal data as soon as possible, transparency with regard to the functions and processing of personal data, enabling the data subject to exercise control over the processing of information, enabling the controller to create and improve security features, restricting access to personal data based on roles, taking backups of personal data and periodically evaluating our security measures.
To implement such measures, we have taken into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for your rights and freedoms as a data subject.
8. Your Rights Regarding Your Personal Data
8.1. When we collect and use your personal data, you have rights that you can exercise in the manner described below. Please note that when you wish to exercise a right, we will ask you for proof of identity. We do this to prevent a personal data breach (e.g. because an unauthorized person is impersonating you and is exercising a right in your name).
​
8.2. You have the right to access your personal data, which means that you may ask us to provide you with information about the personal data we hold about you. You may also request a copy of your personal data. Please note, however, that you must indicate for which processing activities you wish to have access to your personal data.
8.3. You have the right to request that we correct your personal data if you can demonstrate that the personal data we process about you is inaccurate, incomplete, or out of date. Please indicate the context in which we use your personal information (e.g. to respond to a request), so that we can review your request quickly and accurately.
8.4. If we ask your consent to collect and use your personal data, you have the right to withdraw this previously given consent.
8.5. You may ask us to erase your personal data if the personal data is no longer necessary for the purposes for which we collected it, if its collection was unlawful or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. If any of these circumstances apply, we will delete your personal data immediately, unless legal obligations or administrative or court orders prohibit us from deleting your personal data.
8.6. You may ask us to restrict the processing of your personal data:
-
during the time we review your request for correction of your personal data;
-
during the time we review your objection to the processing of your personal data;
-
when such processing was unlawful, but you prefer a restriction to erasure; and
-
when we no longer need your personal data, but you need them for the establishment, exercise, or defense of any legal action.
8.7. When we process your personal data on the basis of our own legitimate interests, i.e. you have not given us consent and we do not need them for the performance of a contract, nor to comply with legal obligations, you have the right to object to our processing of your personal data. If our interest relates to direct marketing, we will grant your request immediately. For other interests, for example our security interests, we ask you to describe your specific circumstances that give rise to a request. Then we must balance your circumstances against our interests. If this balancing test results in your circumstances outweighing our interests, we will cease processing your personal data.
8.8. If we have collected your personal data on the basis of your consent or because they were necessary for the performance of a contract with you, you have the right to obtain a copy from us in a structured, widely used and machine-readable format. However, this right only applies to personal data that you have provided to us.
8.9. If you wish to exercise any of these rights, we ask you to contact our privacy manager by sending an email to privacy@syba.io. The above rights may be subject to certain legal conditions.
Specifically in relation to the right of access, correction, restriction or erasure, you can access, rectify, restrict or delete your personal data directly through the Syba app or by contacting the support team directly through the Syba app.
If you want to have all your personal data deleted, you can delete your account directly through the Syba app.
8.10. If you make the same request repeatedly and clearly cause inconvenience, we may refuse these successive requests or charge you an administrative fee to cover the costs. We may also deny you the right of access to your personal data or grant your request only partly, if such access could cause disproportionate harm to the rights and freedoms of others, including ours.
8.11. If you have a complaint about the processing of your personal data by us, you can always contact us at the e-mail address mentioned in Article If you are not satisfied with our response, you may lodge a complaint with the competent data protection authority, i.e. the Belgian Gegevensbeschermingsautoriteit (www.gegevensbeschermingsautoriteit.be).
9. Changes to this Privacy Policy
9.1. We can change this privacy policy on our own initiative at any time. If material changes to this privacy policy may affect the processing of your personal data, we will communicate these changes to you in a way that we normally communicate with you (e.g. via e-mail or via a message on our website or in the app).
9.2. We invite you to read the latest version of this privacy policy on our website (www.syba.io). Our privacy policy states the date our privacy policy was last changed.
10. Do You Have Any Questions?
Should you have any further questions about the processing of your personal data or regarding this Privacy Policy, please do not hesitate to contact our privacy manager by sending an e-mail to privacy@syba.io.