GDPR Privacy Policy

General Data Protection Regulation Compliance | Last updated: January 2025

GDPR Compliance Overview

This GDPR Privacy Policy explains how the GRC Mind Map Platform collects, uses, and protects personal data of individuals in the European Union (EU) and European Economic Area (EEA) in compliance with the General Data Protection Regulation (GDPR).

We are committed to protecting your privacy and ensuring transparent data processing practices that respect your fundamental rights and freedoms.

Data Controller Information

Data Controller

BCYBER PTY LTD

GRC Mind Map Platform

Email: [email protected]

Address: Level 3 Suite 310, 247 Coward Street

Mascot, NSW, Australia, 2020

Lawful Basis for Processing

We process personal data based on the following lawful bases:

Consent (Article 6(1)(a))

For marketing communications and optional features

Contract Performance (Article 6(1)(b))

To provide platform services and maintain user accounts

Legitimate Interests (Article 6(1)(f))

For platform security, fraud prevention, and service improvement

Legal Obligation (Article 6(1)(c))

To comply with applicable laws and regulations

Your GDPR Rights

Under GDPR, you have the following rights regarding your personal data:

Access (Article 15)

Right to access your personal data and information about processing

Rectification (Article 16)

Right to correct inaccurate or incomplete data

Erasure (Article 17)

Right to deletion ("right to be forgotten")

Restriction (Article 18)

Right to restrict processing of your data

Portability (Article 20)

Right to receive your data in a portable format

Objection (Article 21)

Right to object to certain processing activities

How to Exercise Your Rights

Email: [email protected]

Subject: GDPR Rights Request

Response time: Within 30 days of request

Data Retention and International Transfers

Data Retention

  • Account data: Retained while account is active plus 3 years
  • Usage analytics: Anonymized after 24 months
  • Legal compliance data: As required by applicable law
  • Marketing consent: Until consent is withdrawn

International Data Transfers

We ensure adequate protection for any data transferred outside the EU/EEA through:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions where applicable
  • Additional technical and organizational safeguards

Data Protection Officer and Complaints

Data Protection Officer

Email: [email protected]

Subject: Data Protection Officer

Role: GDPR compliance oversight

Supervisory Authority

You have the right to lodge a complaint with your local data protection authority

Contact details available at: edpb.europa.eu

Consent Management

Where we rely on consent for processing, you have the right to:

  • Withdraw consent at any time
  • Receive clear information before giving consent
  • Give specific consent for each processing purpose

Withdrawing consent does not affect the lawfulness of processing before withdrawal.

Contact Information

For all GDPR-related inquiries, data protection questions, or to exercise your rights, please contact:

BCYBER PTY LTD

Email: [email protected]

Address: Level 3 Suite 310, 247 Coward Street

Mascot, NSW, Australia, 2020

Subject: GDPR Privacy Policy Inquiry