Menu Close

Privacy Policy

Cyber Risk Assurance Pty Ltd – Privacy Policy

General information

Welcome to Cyber Risk Assurance’s (CRA’s) Privacy Policy page.

When you use our web site products and services, you trust us with your information. This Privacy Policy is meant to help you understand what data we collect, why we collect it, and what we do with it. 

When you share information with us, we can make our products tools and services even better for you. For instance, we can show you more relevant examples to address any cyber risks, improve our ability to answer your queries and search results, help you connect with other companies or to make collaboration with our alliance partners quicker and easier. As you use our products and services, we want you to be clear in how we use your information and the ways in which you can protect your privacy. This is important, and we hope you will take time to read this carefully. Remember, you can find controls to manage your information and protect your privacy and security and you can provide feedback. We’ve tried to keep it as simple as possible. 

Right to access, correct and delete data and to object to data processing

Our clients and customers have the right to access, correct and delete their own personal data, and to object to the processing of such data, by addressing a written request, at any time to us at We make every effort to put in place suitable precautions to safeguard the security and privacy of our clients’ and customers’ personally identifiable (PII) data, and to prevent it from being altered, corrupted, destroyed or accessed by unauthorized third parties. However, the Company does not control each and every risk related to the use of the Internet, and therefore warns its clients and end user customers of the potential risks involved in the functioning and use of the Internet. Our website, web portal, products, tools and solutions may include links to other web sites or other internet sources. As CRA cannot control these web sites and external sources, we cannot be held responsible for the provision or display of these web sites and external sources, and may not be held liable for the content, advertising, products, services or any other material available on and/or from these web sites or external products, tools, solutions and their ability to access your personally identifiable data (PII). 

Management of personal data

You can view or edit your personally identifiable information (PII) and any data online for many of our products and services. You can also make choices about our collection and use of your data. How you can access or control your PII will depend on which services you use. You can choose whether you wish to receive promotional communications from our web app and/or Company website by email, SMS, physical mail, telephone and/or any social media. If you receive any promotional email or SMS messages from us, you may wish to opt out, and you can do so by following the directions in that message. You can also make choices about the receipt of promotional email, telephone calls, postal mail and/or social media channel by visiting your own Account Profile which allows you to manage your own contact information, contact preferences, opt out of email subscriptions, and choose whether to share your contact information with our partners. You can also provide feedback to us at 

These choices may not apply to mandatory service communications that are part of our web app or other product, tool and/or solution.  

Information We Collect

Our web app, products, tools and solutions collect data to operate effectively and provide our clients and our alliance partners an optimised user experience. You may provide some of this data directly, such as when you create a personal account with CRA. We get some of it by recording how you interact with our services, for example, by using technologies like cookies, and receiving error reports or usage data from software running on your device. We may also obtain data from third parties (including our alliance partners). For example, we supplement the data we collect by purchasing relevant data from third parties. We also use products, tool and services from other companies to help us determine a location based on your IP address in order to customize certain products and services to your location. The data we collect on you may depend on the products, services and features you use. 

How We Use Your Information

Our web site uses the data we collect for the following purposes: 

  1. to help you improve your cyber risk resilience and your ability to react to a cyber threat and/or cyber breach;
  2. to operate our business and provide (including improving and personalizing) the products, tools and services we offer, 
  3. to send you communications, including promotional communications, 
  4. to display advertising;
  5. to conduct research so we can improve our offerings;

In carrying out these tasks, we combine the data we collect through the various web sites, products, tools and services you use to give you a more seamless, consistent and personalized experience. However, to enhance privacy, we have built in technological and procedural safeguards designed to prevent certain data combinations, such as when we store the data we collect from you when you are unauthenticated (not signed in) separately from any account information that directly identifies you, such as your name, email address or phone number. We also use third party payment processing so as to separate your personal details from your credit card and/or payments data. 

EU GDPR Compliance

Based on information available from various sources CRA must limit the use of the retained PII or as it is called in the EU “personal data” and we must maintain it securely. CRA also needs to do the following: 

•            Gain your explicit consent for each processing activity as to any covered date;

•            Provide you with access, free of charge, to “any data subject on request to a “data controller” (a person at the company charged with maintaining data), who, in turn, must assure that any “data processor” (any person or company that takes data from consumers and manipulates or uses it in some way to then pass along information to a third party) is compliant as to the requested action.”

•            You as a “data subject” have the right to be ‘forgotten’, i.e., to have your own data expunged, and you may revoke your consent at will.

What does the GDPR require CRA to do if there is a data breach? Data breaches that “may” pose a risk to individuals must be notified officially within 72 hours and to affected persons without undue delay.