Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it
Cybsafe Limited (“We”) are committed to protecting and respecting your privacy.
This policy together with:
- where you use the Cybsafe mobile application app (App) available from App Store and Google Play once you have downloaded a copy of the App onto your mobile telephone or handheld device (Device), the end user licence agreement; and
- any other documents referred to in either of them
sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting www.cybsafe.com and/or continuing to use the App or the site via which you access our service (either directly or via the App) (Service Sites) you are accepting this policy. www.cybsafe.com, the App Site and the Service Sites are together Our Sites.
Where we collect and use your data in our capacity as a data controller, for the purpose of the Data Protection Act 1998 and, with effect from 25 May 2018 the General Data Protection Regulation (EU) 2016/679 (the DP Laws), our details are Cybsafe Limited of Windmill Hill Business Park, Whitehill Way, Swindon SN5 6QR.
We collect most of the data about you in our capacity as a data processor and therefore are only able to use that data in accordance with the instructions of your Employer, who is the data controller of that data. However, this policy explains what data we collect and how we use it and look after it.
Information we may collect from you
We may collect and process the following data about you:
- Information you give us. You may give us information about you by inputting data on Our Sites or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our service and when you report a problem with Our Sites. The information you give us may include your name, address, business e-mail address, personal e-mail address, phone number, user name, password, the company that you are using Our Sites in connection with (your Employer), the department that you work for, the country you primarily work in, your default language, your age bracket and your gender.
- Information your Employer gives us. Your Employer may give us information about you when registering you to use our service. The information they give us may include your name, address, business e-mail address, personal e-mail address, phone number, user name, password, your Employer, the department that you work for, the country you primarily work in, your default language, your age bracket and your gender.
- Information we collect about you. With regard to each of your visits to Our Sites or each use of our App we may automatically collect the following information:
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, the type of mobile device you use, a unique device identifier (for example your Device’s IMEI number, the MAC address of the Device’s wireless network interface, or the mobile phone number used by the Device), mobile network information, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
- information about your use of the service accessed via Our Sites or the App including but not limited to log in attempts, your progress on the course including which resources you have accessed, which modules you have taken, which tests you have attempted, your answers to test questions and your test results.
If you contact us, we may keep a copy of that correspondence.
Uses made of the information
We use information held about you in the following ways:
- Information you give to us. We will use this information:
- to allow you to access our service and to provide you with the course.
- to remind you to complete a module or modules of the course.
- to provide you with further services linked to the course (for example we may send you notification of additional course content and questions for you to answer to reinforce your learning).
- to notify you about changes to our service;
- to ensure that content from Our Sites is presented in the most effective manner for you and for your computer.
- Information we collect about you. We will use this information:
- to administer Our Sites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve Our Sites to ensure that content is presented in the most effective manner for you and for your computer;
- to allow you to participate in interactive features of our service, when you choose to do so;
- as part of our efforts to keep Our Sites safe and secure;
- to report your progress and results to your Employer;
- Information your Employer gives to us. We may combine this information with information you give to us and information we collect about you. We may us this information and the combined information for the purposes set out above (depending on the types of information we receive).
- We may anonymise your information (so that you cannot be identified from it) and use it to provide comparative and statistical information to your Employer and other subscribers to our service on an anonymised basis.
Disclosure of your information
We may share your personal information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006.
We may share your information with selected third parties as follows:
- your Employer, to provide them with details of your progress on the course, and analyses of your understanding and behaviour in relation to cyber security.
- any Reseller of ours who introduced your Employer to us, to enable the Reseller to oversee the use of our service by your Employer and by those your Employer has registered to use the service.
We may disclose your personal information to third parties:
- If CybSafe Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers and service users will be one of the transferred assets.
- Some of our processing activity is carried out on our behalf by third parties, such as cloud storage providers. This is always subject to contractual assurances that personal data will be kept securely and only in accordance with our specific directions.
Where we store your personal data and how we protect it
The data that we collect from you will not be transferred to, or stored at, a destination outside the European Economic Area (“EEA”).
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
All information you provide to us is stored on our secure servers. Password details will be encrypted and you are responsible for keeping your password confidential. We ask you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to Our Sites; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How long do we keep your information?
We will hold your personal data on our systems for as long as you are using our services and for as long afterwards as is necessary to comply with our legal obligations and / or the instructions of your Employer. We may retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. the establishment exercise or defence of legal claims.
You have rights under the DP Laws:
(a) to access your personal data
(b) to be provided with information about how your personal data is processed
(c) to have your personal data corrected
(d) to have your personal data erased in certain circumstances
(e) to object to or restrict how your personal data is processed
(f) to have your personal data transferred to yourself or to another business in certain circumstances.
You have the right to take any complaints about how we process your personal data to the Information Commissioner:
0303 123 1113.
Information Commissioner’s Office
Cheshire SK9 5AF
Our Sites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.