Privacy Policy‍‍
‍
Phalynx Cyber, LLC ("Phalynx," "we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, share, and protect personal data when you use our website (the "Phalynx Site") and our products and services (together, the "Phalynx Services").This Policy is incorporated into our Terms of Use. By using the Phalynx Services, you confirm that you have read and agree to this Policy and the Terms, and that you are over 18. If you do not agree, please do not use the Phalynx Site or the Phalynx Services.We may update this Policy from time to time. Material changes will be posted here and, where appropriate, sent by email. Continued use of the Phalynx Services after changes take effect means you accept the updated Policy.For data protection purposes, Phalynx is the Data Controller. Contact details are at the end of this Policy.

1. Information we collect
We collect personal data in five ways.
‍
‍Directly from you. When you contact us, register, fill out forms, or upload content to the Phalynx Services.

‍Through our relationship with you. When you become a customer, Buyer, or otherwise engage with us in the ordinary course of business.

‍From your use of the Phalynx Site. Including information collected automatically when you visit or use features.

‍From content you make public. Such as posts on social media or business networking profiles.

‍From third parties. Including credit reference agencies, law enforcement, and partners who provide compliance, screening, or analytics services.We may also create personal data about you, such as records of your interactions with us, our Clients, or our Buyers.

The categories we may process include:
‍
• Personal details. Name, preferred name, photograph (if provided), date of birth, salutation, title, and language preferences.
‍
• Contact details. Address, phone, email, and public business networking profiles or online biographies.

• Buyer data. Wireless device addresses (including text message addresses), payment information, professional biography, and profiling information related to your experience and expertise.

• Payment details. Invoice and payment records, billing address, payment method, bank or card details, BACS, SWIFT, IBAN, payment amount, and payment date.

• Site data. Device type, operating system, browser type and settings, IP address, language settings, login details, dates and times of access, usage data, ISP details, referring and exit pages, clickstream data, and transcripts of Sessions.

• Employer details. Where you interact with us through your employer, the name, address, phone, and email of your employer to the extent relevant.

• Consent records. Any consents you have given, including the date, method, and subject of consent.

• Views and opinions. Anything you send us or post publicly about us.

The Phalynx Services include tools that let you upload electronic copies of technology pitches. Information you submit through these tools will be available to Buyers. Be cautious about what you share. Do not include information you would not want to make available to other users.

2. Sensitive personal data
‍We do not collect or process Sensitive Personal Data in the ordinary course of business. Where it becomes necessary, we rely on one of the following:

• Compliance with applicable law, including reporting obligations.
• Detection or prevention of crime, including fraud.
• Establishment, exercise, or defense of legal rights.
• Your prior, express consent, where the processing is voluntary.

If you provide Sensitive Personal Data to us, you must ensure it is lawful for you to disclose it.

3. How we use your information.
We process personal data to:

• Provide the Phalynx Services. Deliver the Phalynx Site and Phalynx Services, fulfill requests, and communicate with you about them.
• Operate the Phalynx Site. Manage and maintain the site, deliver content, display relevant advertising and information, and notify you of changes.
• Manage Buyer relationships. Communicate with Buyers and prospective Buyers about Sessions and developments. In line with applicable terms, we may share information with Clients and other parties to provide the Phalynx Services and promote our business, including in marketing materials. You may opt out of promotional use by contacting your Phalynx Member Associate.
• Communicate with you. Send updates about events, offerings, and content that may be relevant, by email, phone, text, social media, post, or in person, in compliance with applicable law and your preferences.
• Run our communications and IT systems. Including security audits and operations.
• Manage finance and operations. Including sales, audit, and vendor management.
• Conduct surveys to get your views on the Phalynx Services.
• Maintain security, both physical (premises records, CCTV) and electronic (login records, access details).
• Investigate misuse. Detect, investigate, and prevent breaches of policy, fraud, and violations of law.
• Pursue legal proceedings. Establish, exercise, and defend legal rights.
• Meet legal obligations. Comply with applicable laws and regulations.
• Improve the Phalynx Services. Identify issues, plan improvements, and develop new features and offerings.
• Recruit. Run hiring activities, including job advertising, interviews, and offer management.

4. Legal basis for processing
Where required by data protection law, we rely on one or more of the following bases:
‍
• Consent. Where you have given prior, express consent for voluntary processing.
• Contract. Where processing is necessary to perform a contract with you, including Buyer agreements and Phalynx Client agreements.
• Legal obligation. Where required by applicable law.
• Vital interests. Where necessary to protect the vital interests of any individual.
• Legitimate interests. Where we have a legitimate business interest in the processing, balanced against your rights. We have confirmed that any such processing is lawful, proportionate, necessary for our business, and unlikely to materially affect your rights or freedoms.

5. How we share your information
We may share personal data with:
‍
• Other Phalynx entities, for legitimate business purposes.
• You and your authorized representatives.
• Legal and regulatory authorities, on request or to report actual or suspected breaches.
• Outside professional advisors, including auditors, lawyers, and accountants, under confidentiality.
• Third-party Processors, including payment, survey, marketing, and cloud service providers, under contractual obligations to protect your data and process it only on our instructions.
• Law enforcement, courts, or other parties, for the establishment, exercise, or defense of legal rights, or for the prevention or investigation of crime.
• Any party, where we believe disclosure is necessary to prevent physical, financial, or other harm.
• Acquirers, in the event of a sale, reorganization, dissolution, or liquidation of all or part of our business.
• Third-party providers of advertising, plugins, or content used on the Phalynx Site. If you interact with these, your data may be shared with the relevant provider, subject to their privacy policy.

If you are a Buyer, we may also share your information with current and former employers, companies you have provided services to, and partners that support surveys, compliance checks, and screenings. Our Clients may disclose project information about you, such as your name and the amount you were paid on a project, where required by law or by their compliance policies.

We may use third-party analytics tools, such as Google Analytics, on the Phalynx Site. These tools use cookies to collect data including time of visit, pages viewed, IP address, and operating system. You can opt out using the relevant vendor's preferences page. For Google Analytics, see tools.google.com/dlpage/gaoptout.

6. International transfers
We may transfer personal data to recipients in other countries, including for business operations and to the third parties listed above.

Where we transfer personal data from the European Economic Area (EEA) to a recipient outside the EEA that is not in an Adequate Jurisdiction, we do so on the basis of Standard Contractual Clauses. You may request a copy using the contact details below.If you are located outside the United States, please note that personal data you provide will be transmitted to and processed in the United States, where data protection laws may differ from those in your country.

If you transfer personal data directly to a Phalynx entity established outside the EEA, we are not responsible for that transfer, but will process the data in line with this Policy from the point we receive it.

7. Security

We use appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or unauthorized access. The internet is not fully secure, so transmission of information online is at your own risk. Take care to send any personal data to us securely.

8. Accuracy and minimization

‍We take reasonable steps to keep personal data accurate, up to date, and limited to what is necessary for the purposes described in this Policy. Inaccurate data will be corrected or erased without undue delay once identified. We may ask you to confirm the accuracy of your information from time to time.

9. Retention
‍
We retain personal data only as long as needed for the purposes set out in this Policy.

The period depends on:
• The nature of our relationship with you, for example while you are a registered user, an active Buyer, or subscribed to our communications.
• For Buyers who cease engagement, up to six (6) years from your most recent interaction with any Phalynx Client.
• Any applicable limitation period under law, plus an additional two (2) months to allow time to identify any relevant data if a claim is brought late.
• The duration of any active legal claim, where retention is necessary in connection with that claim.

During retention beyond active use, processing is limited to storage and security. Once retention periods end, we either permanently delete or anonymize the data.

10. Your rights
‍
Subject to applicable law, you may have the following rights regarding personal data we control about you:

• Request access to your data and information about how it is processed.
• Correct inaccurate data.
• Request erasure or restriction of processing on legitimate grounds.
• Object to processing on legitimate grounds.
• Receive your data in a structured, commonly used, machine-readable format, where applicable.
• Withdraw consent, where processing relies on consent. Withdrawal does not affect the lawfulness of processing before withdrawal, or processing under another legal basis.
• Lodge a complaint with a Data Protection Authority.

You also have the right not to provide personal data to us. Note that we may not be able to deliver the full benefit of the Phalynx Services without it.

We may require proof of your identity before responding to a request. Where a request requires us to investigate further, we will do so promptly before deciding what action to take.

California residents
Under California law, you may have additional rights, including the right to request that we disclose:

• The categories of personal data we have collected about you.
• The categories of sources from which we collected it.
• The business or commercial purposes for collecting or selling personal data.The categories of third parties with whom we share personal data.
• The categories of personal data we have sold or disclosed for a business purpose, and to whom (if any).
• The specific pieces of personal data we have collected about you.

You may also request that we delete personal data we have collected about you, subject to legal exceptions.

We currently do not share or sell personal data to third parties for their direct marketing purposes. If we change this practice, we will implement an opt-out as required.

You may use an authorized agent to make a request, with written permission or a power of attorney under California Probate Code sections 4000 to 4465. We may need to verify your identity directly.

We will acknowledge a verifiable consumer request within 10 days and respond within 45 days. If we need more time (up to 90 days), we will let you know in writing. Disclosures cover the 12 months before we receive your request. We are not required to respond to disclosure requests more than twice in a 12-month period. Requests are free unless they are excessive, repetitive, or manifestly unfounded, in which case we will tell you why and provide a cost estimate first.You will not be discriminated against for exercising these rights. We will not deny goods or services, charge different prices, provide a different level of service, or suggest that we will, except where California law permits.To make any request, please use the contact details below.

11. Cookies
‍
We may process personal data through cookies and similar technologies, including web beacons and clear GIFs, when you visit the Phalynx Site. We use cookies to record information about your device, browser, and preferences. For details, see our Cookie Policy. Where required by law, we will obtain your consent before placing cookies.

12. Direct marketing
‍
We may use your contact details to send you information about the Phalynx Services, events, and offerings that may be relevant to you, in compliance with applicable law. You can unsubscribe from promotional emails at any time using the link in any such email. After unsubscribing, we may still contact you about Phalynx Services you have requested.

13. Terms
‍
Your use of the Phalynx Site and Phalynx Services is governed by our Terms of Use. Please review the Terms regularly.

14. Contact us
‍
For questions or requests related to this Policy or our processing of personal data, including requests for prior versions of this Policy, contact us at contact@phalynx.com.

15. Definitions

• Adequate Jurisdiction. A jurisdiction formally designated by the European Commission as providing an adequate level of data protection.
• Buyer. A cybersecurity leader or operator who uses their expertise to share feedback on building or buying cybersecurity technology and programs.
• Client. A Vendor or an Investor.
• Cookie. A small file placed on your device when you visit a website, including analogous technologies such as web beacons and clear GIFs.
• Data Controller. The entity that decides how and why personal data is processed.
• Data Protection Authority. An independent public authority that oversees compliance with data protection laws.
• EEA. The European Economic Area.
• Investor. A person who subscribes to the Phalynx Services as an investor in technology startups for market intelligence purposes.
• Personal Data. Information about any individual, or from which any individual is directly or indirectly identifiable.
• Process / Processing. Anything done with personal data, including collection, storage, use, disclosure, and erasure.
• Processor. A person or entity that processes personal data on behalf of the Data Controller.
• Profiling. Any automated processing of personal data used to evaluate aspects of a person, such as their performance, preferences, behavior, or location.
• Sensitive Personal Data. Personal data about race or ethnicity, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, sexual life, criminal offences or penalties, national identification numbers, or any other data deemed sensitive under applicable law.
• Standard Contractual Clauses. Template transfer clauses adopted by the European Commission or a Data Protection Authority and approved by the European Commission.
• Vendor. A product team that has executed or consented to terms of use of the Phalynx Services to obtain feedback on technology pitches to drive future sales.