Privacy Policy

CyberPeace Institute Privacy Policy

The CyberPeace Institute is committed to making privacy easy to understand for everyone. We believe that providing transparent information is a fundamental component of peace in cyberspace. By providing information about data processing in plain and accessible language, we hope to encourage people to take the time to read this notice and to understand how they can exercise their rights.

The CyberPeace Institute (acting as Data Controller) is based in Switzerland, so we follow the provisions set out by the Federal Act on Data Protection (“FADP”) of 19 June 1992 (Status as of 1 March 2019, and subsequent updates). In addition, due to the global reach of the CyberPeace Institute, we also process personal data that falls under the scope of application of the General Data Protection Regulation (Reg. (EU) 206/679 or “GDPR”), when we offer goods or services to people located in the EU.

Why we collect personal data

Below are the main reasons why we collect personal data, as well as detailed information about the type of data collected, the purpose of processing and the data retention period. Click on each title to read more information.

  • Email address
  • Other contact information (if provided by you)

To sign up to our newsletter, we only ask for your email address. We use a double opt-in procedure, whereby we send you a link that you must click on in order to activate the newsletter subscription. We do this in order to ensure that you are the owner of the email address used to subscribe to the newsletter.

We use a service provided by HubSpot to store your email address and to manage the sending of newsletters. This service allows us to enter additional data about you, if you provide such information during subsequent interactions with us. Additional data includes: first name, last name, company, work title, phone number, work address, meeting minutes.

We entered into a Data Processing Agreement with HubSpot in order to ensure that they only process personal data in accordance with our instructions, and within the limits imposed by their mandate. For more specific information about how HubSpot processes your personal data, you may access their privacy policy here.

We store your email address and other contact information that you give us until you unsubscribe from our newsletters, or you otherwise inform us that you no longer wish that we contact you.

  • IP Addresses (including Location Data)
  • Type Of Browser
  • Operation System
  • Visiting Time (Local And Server)
  • Session
  • Actions per visit
  • Pageviews per visit 
  • Returning Visitors
  • Referring Site Information

When you browse the website, we use digital tools to deliver the website user experience, including cookies and other identifiers. Whenever possible, we use anonymous data to count website visitors, for example by anonymising the IP collected by Google Analytics cookies.

Cookie

Domain

Type

Cookies used

Lifespan

_ga

.cyberpeaceinstitute.org

Third-party

This cookie is installed by Google Analytics. 

2 years

_gid

.cyberpeaceinstitute.org

Third-party

This cookie is installed by Google Analytics. 

1 day

_gat_gtag_UA_1xxxxxxxxx

.cyberpeaceinstitute.org

First-party

This cookie is set by Google 

1 minute

_gat_UA-1xxxxxxxxx

.cyberpeaceinstitute.org

First-party

This is a pattern type cookie set by Google Analytics, volume websites.

1 minute

_gat_UA-xxxxxxxxx

.cyberpeaceinstitute.org

First-party

This is a pattern type cookie set by Google 

1 minute

cookielawinfo-checkbox-necessary

.cyberpeaceinstitute.org

First-party

This cookie is set by GDPR Cookie Consent plugin. 

1 year

cookielawinfo-checkbox-non-necessary

.cyberpeaceinstitute.org

First-party

This cookie is set by GDPR Cookie Consent plugin. 

1 year

_GRECAPTCHA

.google.com

First-party
Necessary

This cookie is set by Google. 

5 months 27 days

YSC

.youtube.com

Third-party

targeting cookie

6 months

VISITOR_INFO1_LIVE

.youtube.com

Third-party

targeting cookie

6 months

elementor

.cyberpeaceinstitute.org

Third-party

No description available.

never

viewed_cookie_policy

.cyberpeaceinstitute.org

First-party

This cookie is set by GDPR Cookie Consent plugin. 

1 year

_ga

.cyber4healthcare.org

Third-party

This cookie is installed by Google Analytics. 

2 years

_ga

.cyber4healthcare.com

Third-party

This cookie is installed by Google Analytics. 

2 years



  • First name, last name, address, contact details, nationality (to determine which type of work permit may be required)
  • CV and information about previous work experience and educational background, portfolio (if applicable)
  • Answers to screening questions
  • Information collected during interview(s)
  • References (if applicable, depending on the position)
  • Results of assessment test or technical test (if applicable, depending on the position)

When you apply for a job at the CyberPeace Institute, we collect some initial information about you in order to conduct an initial screening: your first name, last name, address, contact details, CV and information about previous work experience and educational background, as well as answers to screening questions. If you pass the initial stage, we will collect further information about your skills through assessment tests, which have different content depending on the position you applied for.

We conduct assessment and skills on the basis of our legitimate interest of making sure that we evaluate job candidates using objective criteria. We use a platform provided by a company called iMocha, and we have entered into a Data Processing Agreement with iMocha, which contains the Standard Contractual Clauses for transferring personal data to India, where iMocha processes personal data. For more specific information about how iMocha processes your personal data, you may access their privacy policy here.

Please note that iMocha has an “anti-cheating feature”, which – if enabled – can track whether candidates open another page of the browser while completing an assessment or leave the computer for an extended period of time. We have decided not to use this feature, in order to preserve your privacy and because we trust all candidates to complete the assessments in a fair way, without cheating.

For some of the assessments, depending on the requirements of the specific role, we may ask candidates to record a video of themselves answering a question. The videos are recorded using the iMocha platform and are stored only for the necessary time to allow us to evaluate the candidate’s performance against that of other candidates. Once a position has been filled, the videos of all candidates are permanently deleted.

We do not use automated decision making tools as part of our recruitment process. A real person reads and evaluates each application fairly and in accordance with our non-discrimination policy.

In the unlikely circumstance that special categories of personal data are processed during the recruitment process (for example, if you disclose a specific medical condition that may impact your work), we will ensure that the processing of such data is based on your express and freely given consent.

By default, we keep job candidate data for a period of maximum 12 months, unless you request that we delete your data earlier. After 12 months, we will contact you to ask if you want us to store your data for longer, and we will only continue storing your data if you have given your consent.

  • First name, last name, email address
  • Organisation 

We organise online events to raise awareness about cybersecurity issues that impact the achievement and enforcement of cyber peace in the world. To sign you up to these events and send you the link to attend them, we need your first name, last name and email address. You also have the option of providing the name of your organisation, however, not providing it will not affect your ability to participate in the event.

We use this data on the basis of our legitimate interests of running the online events and, more specifically, to ensure that only registered participants are able to participate in our sessions. We may also use the data to conduct internal statistics, such as to evaluate the ratio between people who sign up to a session and those who actually attend.

  • First name, last name, email address

On our Contact page, you can send us a question, suggestion, request or another message, in order for us to contact you back. We need your first name, last name and email address to process your request, on the basis of our legitimate interest to contact you and respond to your query.

We strongly encourage you to refrain from sending any personal or sensitive information in the “Your Message” box, whether it is your own information or someone else’s. Should we need to receive any particular information from you, we will get in touch to let you know a secure way to share it.

We currently accept online donations via credit card and PayPal, and you can either donate through your PayPal account or using your credit card. The CyberPeace Institute does not store your credit card details.

If you choose to donate using PayPal, PayPal will act as an autonomous data controller to process your donation, and is therefore responsible for the processing of your personal data for donation purposes. A copy of PayPal’s privacy policy is available here.

If you would like to make a donation using another method (e.g., bank transfer), please contact us by email at: [email protected].

  • First name, last name
  • Location
  • Skillset
  • Availability
  • Further information, on a case by case basis

The CyberPeace Institute offers exceptional volunteering opportunities, to further develop your skills by helping build a successful international organisation. 

Volunteers are invited to submit their applications and letters of interest to the email address  [email protected]. The specific personal data collected depends on each volunteering opportunity, for that reason we will provide a separate information notice to volunteers who are selected to join the CyberPeace Institute’s volunteer network.

  • First name, last name
  • Company, Job title
  • Personal data of third parties, for example victims of cyberattacks

Whenever we enter into a partnership with an individual or a company, we provide a separate information notice to describe the data processing activities that we carry out in the context of that specific partnership. If necessary, we enter into a Data Processing Agreement or another type of data sharing agreement, on a case by case basis.

The CyberPeace Institute carries out investigative activities using data from publicly available sources. Whenever the collected data refers to individuals, within the meaning of applicable data protection legislation, we comply with the principles of lawfulness, fairness, transparency, data minimisation, data accuracy, purpose and storage limitation, accuracy, as well as integrity and confidentiality. We inform data subjects of the data processing and of their rights, whenever the provision of such information is possible and does not involve a disproportionate effort, or in so far as it is not likely to render impossible or seriously impair the achievement of the objectives of the data processing.

How to exercise your rights

Whether you are a job candidate, a current/former employee, a newsletter subscriber, a volunteer, a donor or a partner, you have a number of rights that you can exercise in relation to your personal data. These rights are not absolute, and limitations may depend on how the data was collected and the purposes of that data collection. Each data subject rights request (DSR) is carefully evaluated on a case by case basis by our Data Protection Officer, who replies to each DSR within 30 days from the date of receipt of all the information needed to process the request.

Below is a list of rights that you may ask to exercise in connection with your personal data:

  • Right of access to the personal data
  • Right to rectification of incorrect data
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object to data processing
  • Right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you

If you wish to exercise any of these rights, kindly contact us at [email protected]. To be sure that the request is coming from you (and not from somebody pretending to be you), we may ask you to provide us with additional information to confirm your identity. If you provide any such information to us, then we will only use it to respond to your request.

You may also send us postal mail with your requests to: CyberPeace Institute, Avenue de Sécheron 15, Genève 1202, Switzerland. Please specify on the envelope “For the attention of the Data Protection Officer”. Please note that we are not responsible for delays or failures of the postal service, so we do encourage you to send your requests by registered mail or by email, whenever possible.

Should you be unsatisfied with the response received, or should you wish to lodge a complaint, you may do so by contacting a data protection supervisory authority. A list of contact details of supervisory authorities is available here.

Data security measures & data retention

We take reasonable technical, administrative and physical measures to protect the security of personal data under our control from unauthorised use, disclosure, alteration and breach. We apply procedural safeguards to all personal data that we process, regardless of the technology used. In the unlikely event of a data breach, we will comply with applicable data protection legislation and we will inform you as soon as feasible, in order to allow you to take measures to limit the effects of the breach.

Our website may contain links to external sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites, products or services. We strongly advise you to review the Privacy Policy and terms and conditions of every site you visit.

Unless explicitly stated otherwise, when you provide personal data to the CyberPeace Institute, you are sharing that data only with us and, in limited cases, with our service providers and contractors working under obligations of confidentiality – and appropriate contractual safeguards, such as Data Processing Agreements – solely to provide services to our organisation.

We may share anonymised information (non-personal data) about digital trends or modus operandi with trusted partners, or as a part of public reporting, in order to fulfil our mission. Such data does not identify any individual and does not fall within the remit of “personal data”.

We store personal data for a limited time, and only for the proper delivery of the CyberPeace Institute’s products and services for which the personal data was collected in the first place. Depending on the purposes of data collection, data retention periods may vary. 

To ensure that strong data protection principles are enforced, the CyberPeace Institute organises regular personal data reviews, to assess the relevance of maintaining data processing as well as the accuracy of the personal data. Such reviews happen no later than 3 years after the time of the personal data collection, or 10 years in the event that the is publicly available at the time of collection.

If you would like to find out the retention periods applicable to your personal data, you may contact us at [email protected].

Last update

This Privacy Policy went into effect on June 3, 2020 and was reviewed on June 25, 2021. We reserve the right to update this Privacy Policy from time to time, as laws evolve or as our services or processing activities change. If we update this Privacy Policy, we will post a new version on our website. We encourage you to check this page regularly, before providing personal data, to ensure you have access to the most updated version.