Privacy Policy

The CYBER SCHEME Ltd (hereafter referred to as “TCS”) will take all reasonable measures to safeguard the privacy of its website visitors.

TCS sets out in this policy the website data processing practices of the Company.

We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. The Cyber Scheme is based in the UK and operates in accordance with UK law. This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.

Information we collect

We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by booking an exam, or by signing up for newsletters). By providing us with personal information, you consent to the use of it as set out in this policy.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law. If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing.
We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them.
Customers are requested to keep their own personal information, such as name, address, email, billing information etc up to date.

What do we use personal information for?

TCS uses information solely for the purpose of responding to your requests.

TCS may use the personal information you provide to support on-going communication with you around your request for information about our services or bookings onto one of our exams.

We may use your contact details to contact you in the future about changes in service offerings or new service offerings but you will be provided with the option to ‘opt out’ of such communications should you so wish.

TCS will not pass your detail to other third parties directly.  If we identify another third party may be able to assist you we will provide that in our response to your enquiry and it will be for you to determine if to contact that supplier/organisation.

Your rights under the Data Protection Act 1998 and forthcoming GDPR regulations will continue to apply at all times.

Is my information secure?

TCS uses commercial products and services and regularly maintains recommended patching of software to ensure we have taken all reasonable measures to avoid data loss.

Access to email and customer details is strictly controlled on a need to know basis which is regularly reviewed by the TCS Directors. All personnel who have access to the data have been trained to maintain the confidentiality of such information. The only data we store is for the purpose of administering our exams; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled. When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).

How long is data kept?

Data is only retained as long as necessary to meet the purposes for which it was collected or as required by UK Law. Typically, retained information would cover areas such as:

  • Financial record keeping;
  • Information relating to Exams and certification as per our contractual obligations with the National Cyber Security Centre;
  • Data associated with the complaints processes.

If you choose to visit, your visit and any dispute over privacy is subject to this Privacy Notice, including limitations on damages and application of the laws of England.

If you have any concern about privacy please email us outlining your concerns in detail and we will do our best to investigate it.

Our Privacy notice is subject to change so you should check our website frequently to see any changes that might apply. Unless stated, our current Privacy Policy is applicable to all information that we have about you.


The primary form of communication with you will be via e-mail messages.  As part of the registration process for our e-newsletter, we collect personal information. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Andrew Jones at

Web visit statistics

At this time we do not actively collect or process web site visit data. However we may in the future make use of Google Analytics tracking and analytical cookies. Google’s commitment to data protection is outlined here. Google Analytics privacy statement is provided here. Google Analytics’ terms require us to include the following wording: “This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.”

Subject Access Requests

Under the Data Protection Act 1998, you can make a formal request for the following information:

  • clarification that your personal data are being processed by the Company;
  • a description and copies of such personal data;
  • the reasons why such data are being processed;
  • details of to whom they are or may be disclosed;

You may choose to restrict the collection or use of your personal information by unsubscribing from any marketing emails and/or by emailing us asking us to confirm that we have removed all records about you. Any EU customer with requests for personal data information or deletion can contact for assistance. Please note that we are obliged to keep some transactional records for audit or in case of disputes. You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. We may require appropriate evidence of identity.

If you are contemplating raising a ‘SAR’ please contact the CYBER SCHEME in the first instance so that we have the opportunity to respond in full to your concerns as per ICO guidance.

Secure Payment

As you are no doubt aware, the Internet is not a completely secure communication system, and users must assume that this may pose a risk to the integrity of information they provide. Accordingly, we accept no legal responsibility for any loss or misuse of the data that may occur while the data is in transmission. For payment services however, we make use of e-commerce infrastructure providers who provide encrypted internet level security. The methods used are based on Certification Authority certificates (built into computer operating systems) and encrypted communication methods based on HTTPS and SSL/TLS techniques (built into browser applications). We of course have no responsibility for the security of users’ own IT and communication systems, and strongly recommend that all users follow good IT practices when using the web.

We are committed to ensuring that your information is secure, and have chosen Stripe as our payment gateway, who have the necessary infrastructure to provide secure communications. Stripe have provided comprehensive documents on their commitment to data protection within the framework of the GDPR – please read them here.
Please note that when paying online, payment details including credit card numbers are supplied directly to our payment partner. We do not receive or store any financial details, other than the bare minimum needed to trace transactions for auditing purposes. For anti fraud reasons and to ensure your payments have not been misused, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
The outcome of any online payment transaction (successful or otherwise), is related back to The Cyber Scheme. We will then fulfil the order if the payment has succeeded or make contact in case there is a problem with the credit card (for example if the credit card expiry date has been reached).
We are also able to provide a VAT invoice at the point of order; please download the invoice via the button on your order confirmation page. The invoice contains the details required to make a payment for your exam; payment is required in full prior to the exam being taken. We will securely store bank account details given by you for the purpose of record keeping.


If you have any comments or concerns regarding this policy please contact The Cyber Scheme’s Data Controller via email at

©The Cyber Scheme Ltd, latest update November 2021