Roles
For website enquiries and our own business operations, CyberONE OÜis typically a data controller. For client project data processed only on a client's instructions, we may act as a processor. The role should be confirmed in the project agreement.
Project data categories
- Business contact details and stakeholder communications.
- Website, analytics, SEO, advertising, email or IT configuration data.
- Access credentials or tokens if supplied for implementation work.
- Customer or lead data only when necessary and agreed for the project.
Processing purposes
We process project data to perform audits, configure systems, run campaigns, report on performance, troubleshoot issues, provide recommendations, and fulfil contractual or legal obligations.
Data processing agreement
Where GDPR or client policy requires processor terms, a Data Processing Agreement or Data Processing Addendum should be agreed before relevant personal data is shared. Email support@cyberonedigital.com to request one for a project.
Subprocessors
Subprocessors depend on the tools selected for each project, such as hosting, analytics, advertising, CRM, email, SEO, collaboration or cloud providers. We should document project-relevant subprocessors in the scope, DPA or shared onboarding notes.
Security and access
Access should be limited to the project team, protected with appropriate authentication, and removed when no longer needed. Clients should avoid sending secrets through insecure channels and should retain ownership of core business accounts.
Deletion and return
At the end of a project, clients may request return or deletion of project personal data where legally and technically feasible. Some records may be retained where needed for invoices, legal claims, security logs or compliance obligations.