Data Protection Notice

(Latest update 2025-06-12).

Thank you for visiting the CYBERMINUTE (cyberminute.com) or the NIS INSTITUTE (nisinstitute.eu) website. 

These websites are owned and operated by CyberMinute B.V.  (“the website” or “site”). 

In short

This online data protection notice policy provides you information about how we manage data protection for all our activities at CyberMinute and NIS Institute. 

Please note that the Cookie Policy on this website will explain how we manage cookies on this website to provide you with a smooth experience.

Who we are

NIS Institute is a registered trademark by CyberMinute.

Our legal, registered addres is : 

  • CyberMinute BV
  • Rue du congrès-straat 37, 1000 BRUSSELS
  • Company registration (VAT/BTW) is BE 0735.946.423

Contact 

For general inquiries, you can contact us via 

 For specific question on data protection you can mail at dpo@cyberminute.com

What are our services that are processing your data

Cyberminute

  • our Cyberminute website
  • Social media: LinkedIN, Facebook
  • Visitors at our offices
  • Prospects & customers
  • Partner & Suppliers management
  • Internal operational services: HR, IT, CRM, Legal, …
  • Security Consulting services (ISMS & Odoo Security)

NIS Institute

  • The NIS institute website
  • Social media: LinkedIN, Facebook
  • Prospects & customers
  • Partner & Suppliers management
  • NIS Institute education & training services

Purpose definitions

Execution of agreement

If you use the above-mentioned service, we use your personal data for the following purposes:

  • To allow you to use the products and services we offer;
  • To improve our products;
  • To provide you with the appropriate support concerning the usage of our product/services.

Communication

Your personal data might be processed for communication purposes in the following circumstances:

  • To communicate with you after contact initiation via our website, contact e-mail or phone;
  • To provide you with (targeted) information on services and products (only if you are customer or based on legitimate interest;
  • In any case, you can always opt out of receiving any more of these communications.

Website

If you visit our website, we collect personal data via cookies for

  • To improve, effectively present, and personalize our website;
  • To display (targeted) messages on our website;
  • We use the analytical services from third parties to evaluate your usage of the website by with the following:
    • Reports on the activity;
    • Anonymous demographic data;
    • Performance data.

Legal basis for the processing of your data

We process your personal data in strict accordance with the applicable privacy and data protection legislation and on the basis of legal grounds outlined below.

Performance of a contract

We need to process some of your personal data to deliver our services and comply with our contractual and legal obligations. For example, we need your contact details to inform you about installation of one of our products at your site, as agreed in contracts with you as a customer.

Legal obligations

In some cases, we are legally obligated to process certain information about you, for example, because of tax and VAT, when we have to send you invoices.

Public and vital interest

In limited situations, defined by law we might need to process personal data due to public or vital interest, for example in case of (medical) emergency.

Consent

We may also process your data if you have provided explicit consent, for example …

  • … when you request information;
  • … when you send us your personal information in case of interest for an open vacancy.

Legitimate interest

In rare cases, If you are a customer or more generally in an existing trade relationship with us, we will send you information about our products and services based on a legitimate interest to act upon the trade relationship.

Categories of information we collect  

Website & social media

CYBERMINUTE collects information from the website in two ways: (1) passively (for example, through cookies and similar technology), and (2) actively (for example, if you send us an e-mail request).

When you visit our website, we automatically collect some information from your computer. The information includes:

  • Information about your computer, including (where available) your IP address, operating system and browser type. This is used for system administration, to filter traffic, to look up user domains and to report on statistics.
  • Details of your visits to our website and the resources that you access (including but not limited to, traffic data, location data, weblogs and other communication data). Please see our Cookies policy below for more information.

We also collect information when you voluntarily submit it to us. For example,

  • Information that you provide by submitting forms on our website. This includes registering to use the site, subscribing to services, newsletters and alerts, registering for an event, requesting a white paper or applying for a job. Pages that collect this type of information may provide further explanation as to why your data is needed and how it will be used. It is completely up to you whether you want to provide it.
  • Any postings, comments or other content that you upload or post to an CYBERMINUTE site.

Prospects & customers, partners & supplier management

  • Information that you submit to us when you want to engage in business with us.
  • If you contact us, we may keep a record of that correspondence.
  • Responses to surveys that we distribute in which you elect to participate.

When this information relates to or identifies you, we will treat it as “personal data.” 

SENSITIVE INFORMATION

We generally avoid to collect sensitive personal data, as we do not need this information.

If we do need to collect such data, we will ask your explicit consent to our proposed uses of the data.

If you provide us with unsolicited sensitive personal data, you are consenting to our use of that data subject to applicable law.

The term “sensitive personal data” refers to the various categories of personal data identified by European and other data privacy laws that require special treatment, including in some circumstances the need to obtain explicit consent.

These categories comprise personal identity numbers, data about personality and private life, financial account information, racial or ethnic origin, nationality, political opinions, membership of political parties or movements, religious, philosophical or other similar beliefs, membership of a trade union or profession or trade association, physical or mental health, biometric or genetic data, addictions, sexual life, property matters or criminal record (including information about suspected criminal activities). 

How we collection information

Directly – Information you provide to us

We use personal data that you submit to us, to provide you with relevant information, process requests you submit through the website, and for other purposes which we describe at the point where it is collected. For example, we need personal data to:

  • Fulfill your requests for white papers, articles, newsletters or other content.
  • Create and analyze surveys or research questionnaires.
  • Personalize your site experience.
  • Process job applications you submit.
  • Determine your suitability as an CYBERMINUTE business partner.
  • Provide you with additional information about CYBERMINUTE services.
  • Respond to technical questions you submit and request clarification if needed.
  • Contact you for marketing purposes (with your consent, when required).

If you submit technical questions, we may post them to our website to help other users. However, we will only associate the minimum information (like first + last name) any posted questions.

Directly – Recruiting information

If you contact us through our website to apply for employment opportunities with CYBERMINUTE, we may collect and store the personal data that you provide for recruiting purposes for any type of profile.

We may ask you to submit essential information for the recruiting process such as

  • your name,
  • contact information and
  • CV,
  • technical experience.

We may also process your personal data if we are required to do by law or legal process.

However, before you can submit your CV/Resume, you may be required to consent to the following conditions respecting the use of your CV/Resume by CYBERMINUTE:

  • CYBERMINUTE, its affiliates, and agents will store, access, and use the information in any jurisdiction, including jurisdictions whose privacy laws may be different and less protective than those of your home jurisdiction; and
  • CYBERMINUTE, its affiliates and agents, may use this information to evaluate your eligibility for employment and to contact you for recruiting purposes.

Please note that people under 18 years old are not authorized to submit recruiting information on our website.

 

Indirectly – Information collection

In limited cases we use professional communication channels and public information to get in touch.

Some most frequently used channels are LinkedIn, partner events, conferences, professional network events…

We do not harvest data from internet, of from direct marketing contacts lists.

How we use your information

  • Business services: meaning the core services of Cyberminute and NIS Institute
  • Website operations & security: we track and analyze the performance of your infrastructure to maintain the expected level of performance and security.
  • Targeted Email: We send emails to individuals with whom we want to develop or maintain a relationship. Our targeted email messages typically include cookies and similar technologies that allow us to know whether you open, read, or delete the message, and links you may click. When you click a link in an email you receive from CYBERMINUTE, we will also use a cookie to log what pages you view and what content you download from our websites, even if you are not registered at or signed into our site.
  • Business Analytics combining and Analyzing Personal Data — We may combine personal data from publicly available sources, and from our email, website, and personal interactions with you. We combine this personal data to better assess the suitability of our employment opportunities with your qualifications, to send you relevant information about careers and opportunities at CYBERMINUTE, and to analyze the effectiveness of our recruitment efforts and resources.

INFORMATION SHARING

Do not sell

We will not sell personal data to third parties.

Contracted service providers

We generally only share personal data with our contracted service providers and advisors. However, there will be other times when we need to share or disclose personal data you provide for a specific purpose. For example:

  • We may need to share certain personal data, like food preferences and special accommodation requirements, to caterers, hotels, and to other business partners, if we are managing a jointly sponsored event and these other parties have a business need to know this information. We will inform you at the time of collection that the personal data will be shared with our partners and you will have the option of providing it or not providing it.
  • We may need to disclose your personal data to third parties if we sell or liquidate any part of our business or assets. Clients’ personal data can be one of the transferred business assets in such circumstances.
  • We may need to disclose or share your personal data to comply with a legal obligation, or to enforce or apply our Terms of Use; or to protect the rights, property, or safety of CYBERMINUTE, our clients, or others.

We also may provide aggregate, non-personally identifiable data (“Aggregate Information”) to third parties, including information about your access and use of the website. For example, we might provide such Aggregate Information to a third party to inform the party of the number of users of the site and the activities that they conduct while on the site.

DATA SECURITY

State of the art

We take reasonable steps to maintain state-of-the art security of personal data collected via CYBERMINUTE’s operations.

Reliable partners

We ensure that we only allow reliable partners to process your data, verifying that they will process
data in compliance with the requirements of this Privacy Policy and the privacy regulations.

Data retention

Further, we make reasonable efforts to delete or destroy personal data when there is no longer a business need to retain it.

Website

Our website may, from time to time, contain links to and from the sites of our partner networks, advertisers and affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for these policies or sites. Please check these policies before you submit any personal data to these sites.

CYBERMINUTE also uses mobiles applications, which have their own privacy policies. If an CYBERMINUTE app does not have its own privacy policy, then this privacy policy will apply.

Security = people, process & technology

We protect your data including (but not only) security measures for

  • access control (login requirements, password policy, role division, etc.),
  • storage (encryption, backup, etc.), and
  • external access (firewall, antiviral software, etc.) of the media on which personal data is
    stored,

Organizational controls

This includes raising awareness among employees about the importance of privacy, the enforcement of policies, the continuous maintenance of a data register, compliance with a data policy, etc.

Despite the security measures that we take, it is important to know that the transfer of data via an
Internet connection is never without risks and you must take the necessary precautions when you are connected with the Internet in order to protect yourself from viruses, malware, etc.

PROCESSING PERSONAL INFORMATION

As a global organization, personal data that we collect may be routed, stored, or transferred internationally throughout CYBERMINUTE’s worldwide organization. We have internal policies in place that are designed to ensure an equivalent level of protection is in place across our organization.

CYBERMINUTE will also use and process information submitted by you for CYBERMINUTE’s internal analytics purposes in order to advance our Core Values and Code of Business Ethics, particularly on diversity.

Your rights

At any time, you can contact us to exercise your rights, via the contact methods as listed in the ‘About us’ section.

Right to withdraw consent

In case the processing of your personal data is based on consent, you have the right to withdraw this consent at any time. The withdrawal of consent does not affect the lawfulness of the processing before its withdrawal.

Right of access

You are always entitled to know…

  • … which data we have about you;
  • … how, where, and for how long it is processed.

Right of rectification

You have a right to access and correct the data we have about you.

Right to be forgotten

  • You can exercise your ‘right to be forgotten’ or request that we suspend the processing of your data;
  • You can always refuse any form of direct marketing, profiling or automatic decision-making;

You can retract any permission you may have given for processing your data at any time.

We will comply with the above requests as soon as possible and within the required response times as defined by the law (ref. GDPR).

In case of violation of Cyberminute’s rights or neglection of obligations from your side, we can reasonably limit the exercise of your right to be forgotten.

Please be aware that certain right might be superseded by higher legal requirements, rights and permissions. (Eg. We cannot delete invoicing data if tax legislation requires an archive to be kept).

Right to data portability

As stipulated in GDPR art. 20: The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • The processing is based on consent
  • The processing is caried out by automated means

Right to object

You have the right to object to the processing of your personal data for non-essential services at any time as long as the exclusions mentioned in Art. 17.3 of the GDPR do not apply. Any essential
communication of CyberMinute is not considered direct marketing.

Right to restrict processing

You have the right to restrict processing of personal data in the circumstances mentioned in Art.18.1 of the GDPR, for example in case you contest the accuracy of the personal data.

Right to lodge a complaint – Contact us first

If you are of the opinion that we are not handling your data correctly, then we wish to know what your objections are so that we can investigate these and rectify the situation, when necessary.

Escalation options

We would like to work with you first to handle your complaint.

If you think we did not handle your complaint according to your expectations, you are entitled to file a complaint to the data protection authority in your country of residence, for example:

You can find the full list of EU authorities on this page: https://edpb.europa.eu/about-edpb/aboutedpb/members_en.

Please be aware that you’ll be asked to contact us first, as you are expected to expedite the process with the data controller first before you escalate to the data protection authority.

DATA PROTECTION NOTICE UPDATES

CYBERMINUTE reserves the right to change the provisions of this data protection notices at any time, without explicit notice or communication.

The version on this notice indicates changes that with refernce to the publication date. The published version is the only version applicable and updates replace and supersede previous versions. 

We encourage you to review our data protection notice regularly to stay up to date on the latest version.

SUBMISSIONS

You agree that any materials provided by you in any form, including but not limited to questions, comments, posts, suggestions, documents, links, original or creative materials, or other information (other than personal identifiable information) are subject to the CYBERMINUTE data protection notices, 

in the form of e-mail or submissions to CYBERMINUTE, or postings on this Web site, are non-confidential and shall become the sole property of CYBERMINUTE. CYBERMINUTE shall own exclusive rights, including all intellectual property rights, and shall be entitled to the unrestricted use of these materials for any purpose, commercial or otherwise, without acknowledgment or compensation to you. The submission of any materials to CYBERMINUTE, including the posting of materials to any forum or interactive area, irrevocably waives any and all “moral rights” in such materials, including the rights of attribution and integrity.

Terms and conditions

In the Terms and Conditions, you can find more information about 

  • the fair use of any data on this website or used in our activities.
  • your rights and obligations 

Disclaimer email messages 

The information sent in or with our e-mails and any attachments is confidential and only intended for the individual or entity to which they are addressed. If you receive e-mails by mistake, please inform us of this and delete these messages and any added files from your system. Disclosure, copying, distribution, distribution or other use in any form whatsoever of the content of the messages without our express and prior consent is not permitted. The integrity and security of the e-mail messages, including all attachments, cannot be guaranteed and can be susceptible to viruses, interception and changes for which no authorization has been granted and for which we do not accept any liability. We are not liable for any damage, of whatever nature, which is the direct and / or indirect result of actions and / or decisions that are based on information sent in or with our e-mails.

© 2025 CYBERMINUTE. All rights reserved

More information

  • Cookie notice
  • Responsible disclosure policy

Contact

Contact us for coaching or a cybersecurity maturity assessment or any other question

Would you like to learn more about how we can help you to improve your organization’s cybersecurity? Or do you have questions about our services, such as ISO 27001 implemementation coaching, ISO certification, NIS 2 compliance, interim management, or cybersecurity training? 

You’re looking for a partner to guide you in implementing a robust cybersecurity framework?

Don’t hesitate to get in touch with us. We are available to advise and support you in protecting your digital assets. Together, we work towards a future-proof and secure digital environment.