The CYBER SCHEME Ltd (hereafter referred to as “TCS”) will take all reasonable measures to safeguard the privacy of its website visitors.
TCS sets out in this policy the website data processing practices of the Company.
We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. The Cyber Scheme is based in the UK and operates in accordance with UK law. This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.
Information we collect
We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by booking an exam, or by signing up for newsletters). By providing us with personal information, you consent to the use of it as set out in this policy.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law. If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing.
We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them.
Customers are requested to keep their own personal information, such as name, address, email, billing information etc up to date.
What do we use personal information for?
TCS uses information solely for the purpose of responding to your requests.
TCS may use the personal information you provide to support on-going communication with you around your request for information about our services or bookings onto one of our exams.
We may use your contact details to contact you in the future about changes in service offerings or new service offerings but you will be provided with the option to ‘opt out’ of such communications should you so wish.
TCS will not pass your detail to other third parties directly. If we identify another third party may be able to assist you we will provide that in our response to your enquiry and it will be for you to determine if to contact that supplier/organisation.
Your rights under the Data Protection Act 1998 and forthcoming GDPR regulations will continue to apply at all times.
Is my information secure?
TCS uses commercial products and services and regularly maintains recommended patching of software to ensure we have taken all reasonable measures to avoid data loss.
Access to email and customer details is strictly controlled on a need to know basis which is regularly reviewed by the TCS Directors. All personnel who have access to the data have been trained to maintain the confidentiality of such information. The only data we store is for the purpose of administering our exams; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled. When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).
How long is data kept?
Data is only retained as long as necessary to meet the purposes for which it was collected or as required by UK Law. Typically, retained information would cover areas such as:
- Financial record keeping;
- Information relating to Exams and certification as per our contractual obligations with the National Cyber Security Centre;
- Data associated with the complaints processes.
If you choose to visit https://thecyberscheme.org, your visit and any dispute over privacy is subject to this Privacy Notice, including limitations on damages and application of the laws of England.
If you have any concern about privacy please email us outlining your concerns in detail and we will do our best to investigate it.
The primary form of communication with you will be via e-mail messages. As part of the registration process for our e-newsletter, we collect personal information. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Andrew Jones at Andrew.firstname.lastname@example.org
Web visit statistics
Subject Access Requests
Under the Data Protection Act 1998, you can make a formal request for the following information:
- clarification that your personal data are being processed by the Company;
- a description and copies of such personal data;
- the reasons why such data are being processed;
- details of to whom they are or may be disclosed;
You may choose to restrict the collection or use of your personal information by unsubscribing from any marketing emails and/or by emailing us asking us to confirm that we have removed all records about you. Any EU customer with requests for personal data information or deletion can contact email@example.com for assistance. Please note that we are obliged to keep some transactional records for audit or in case of disputes. You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. We may require appropriate evidence of identity.
If you are contemplating raising a ‘SAR’ please contact the CYBER SCHEME in the first instance so that we have the opportunity to respond in full to your concerns as per ICO guidance.
As you are no doubt aware, the Internet is not a completely secure communication system, and users must assume that this may pose a risk to the integrity of information they provide. Accordingly, we accept no legal responsibility for any loss or misuse of the data that may occur while the data is in transmission. For payment services however, we make use of e-commerce infrastructure providers who provide encrypted internet level security. The methods used are based on Certification Authority certificates (built into computer operating systems) and encrypted communication methods based on HTTPS and SSL/TLS techniques (built into browser applications). We of course have no responsibility for the security of users’ own IT and communication systems, and strongly recommend that all users follow good IT practices when using the web.
We are committed to ensuring that your information is secure, and have chosen Stripe as our payment gateway, who have the necessary infrastructure to provide secure communications. Stripe have provided comprehensive documents on their commitment to data protection within the framework of the GDPR – please read them here.
Please note that when paying online, payment details including credit card numbers are supplied directly to our payment partner. We do not receive or store any financial details, other than the bare minimum needed to trace transactions for auditing purposes. For anti fraud reasons and to ensure your payments have not been misused, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
The outcome of any online payment transaction (successful or otherwise), is related back to The Cyber Scheme. We will then fulfil the order if the payment has succeeded or make contact in case there is a problem with the credit card (for example if the credit card expiry date has been reached).
We are also able to provide a VAT invoice at the point of order; please download the invoice via the button on your order confirmation page. The invoice contains the details required to make a payment for your exam; payment is required in full prior to the exam being taken. We will securely store bank account details given by you for the purpose of record keeping.
If you have any comments or concerns regarding this policy please contact The Cyber Scheme’s Data Controller via email at firstname.lastname@example.org
©The Cyber Scheme Ltd, latest update November 2021