Privacy and Confidentiality Policy
The CYBER SCHEME Ltd (hereafter referred to as “TCS”) will take all reasonable measures to safeguard the privacy of its website visitors.
Please contact us if you have any queries.
TCS sets out in this policy the website data processing practices of the Company.
We take your privacy seriously and are committed to protecting it, as indeed we are required to by law. We will only use the information that we collect about you within the restrictions placed on us by law. The Cyber Scheme is based in the UK and operates in accordance with UK law. This policy tells you how we deal with your personal data (i.e. any data that can identify you), what kinds of personal data we collect, how we use and protect it, and who we disclose it to. Please do not use our website unless you are completely happy with this policy. If you do use our website, we will assume that you do accept it.
Information we collect
We may collect the following information: name, contact information (physical and email addresses) and website usage data including IP addresses, the web browser used, and referrer IP sites. We will not collect any personally-identifiable information about you (e.g. your name, address, telephone number or e-mail address), unless you voluntarily choose to provide it to us (e.g. by deciding to use this site, by booking an exam, or by signing up for newsletters). By providing us with personal information, you consent to the use of it as set out in this policy.
We may also collect information pertaining to ‘reasonable adjustments’ if you choose to provide it voluntarily. We do not require that you provide medical details in support of reasonable adjustments claims.
We will use this data to communicate with you, answer your queries, process your order, or provide you access to specific account information and also, subject to you agreeing to receive marketing communications, to support our relationship with you. In cases of suspicious activity we may use information provided by you in order to conduct appropriate anti fraud checks. We may disclose personal data so far as reasonably necessary if we have reason to believe that it breaches our terms and conditions, or that such steps are necessary to protect us or others, or that a criminal act has been committed, or if there has been a complaint about content posted by you, or if we are required to do so by law. If you choose not to have your personal information used to support our customer relationship by receiving marketing communications, we will respect your choice. You can choose to opt out of marketing communications at any time by unsubscribing using the link provided on our email marketing.
We do not store credit card details nor do we share customer details with any third parties except for the purpose of processing orders (e.g. for processing payments) unless you give us permission to do so, or we are obliged or permitted by law to disclose them. Customers are requested to keep their own personal information, such as name, address, email, billing information etc up to date.
What do we use personal information for?
TCS uses information solely for the purpose of responding to your requests, and making ‘reasonable adjustments’. We delete all reasonable adjustments information that could be associated with an individual in a monthly data cleanse exercise.
TCS may use the personal information you provide to support on-going communication with you around your request for information about our services or bookings onto one of our exams.
We may use your contact details to contact you in the future about changes in service offerings or new service offerings but you will be provided with the option to ‘opt out’ of such communications should you so wish.
TCS will not pass your detail to other third parties directly. If we identify another third party may be able to assist you we will provide that in our response to your enquiry and it will be for you to determine if to contact that supplier/organisation.
Your rights under the Data Protection Act 1998 and forthcoming GDPR regulations will continue to apply at all times.
Is my information secure?
TCS uses commercial products and services and regularly maintains recommended patching of software to ensure we have taken all reasonable measures to avoid data loss.
Access to email and customer details is strictly controlled on a need to know basis which is regularly reviewed by the TCS Directors. All personnel who have access to the data have been trained to maintain the confidentiality of such information. The only data we store is for the purpose of administering our exams; all information is kept within password-protected documents on encrypted servers and all information is deleted as soon as its purpose has been fulfilled. When you access our website, we may automatically collect information that is not personally identifiable (e.g. type of Internet browser and computer operating system used; domain name of the website from which you came; number of visits, average time spent, pages viewed etc).
How long is data kept?
Data is only retained as long as necessary to meet the purposes for which it was collected or as required by UK Law. Typically, retained information would cover areas such as:
- Financial record keeping;
- Information relating to Exams and certification as per our contractual obligations with the National Cyber Security Centre;
- Data associated with the complaints processes.
If you choose to visit https://thecyberscheme.org, your visit and any dispute over privacy is subject to this Privacy Notice, including limitations on damages and application of the laws of England.
If you have any concern about privacy please email us outlining your concerns in detail and we will do our best to investigate it.
Our Privacy notice is subject to change so you should check our website frequently to see any changes that might apply. Unless stated, our current Privacy Policy is applicable to all information that we have about you.
The primary form of communication with you will be via e-mail messages. As part of the registration process for our e-newsletter, we collect personal information. We use a third-party provider, MailChimp, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. You can unsubscribe to general mailings at any time by clicking the unsubscribe link at the bottom of any of our emails or by emailing our data protection officer Andrew Jones at [email protected]
Web visit statistics
We sometimes collect or process web site visit data using Google Analytics tracking and analytical cookies. Google’s commitment to data protection is outlined here. Google Analytics privacy statement is provided here. Google Analytics’ terms require us to include the following wording: “This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses “cookies”, which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.”
Subject Access Requests
Under the Data Protection Act 1998, you can make a formal request for the following information:
- clarification that your personal data are being processed by the Company;
- a description and copies of such personal data;
- the reasons why such data are being processed;
- details of to whom they are or may be disclosed;
You may choose to restrict the collection or use of your personal information by unsubscribing from any marketing emails and/or by emailing us asking us to confirm that we have removed all records about you. Any EU customer with requests for personal data information or deletion can contact [email protected] for assistance. Please note that we are obliged to keep some transactional records for audit or in case of disputes. You have the right to request personal data that we hold about you, subject to us reserving the right to withhold such data to the extent permitted by law. We may require appropriate evidence of identity.
If you are contemplating raising a ‘SAR’ please contact the CYBER SCHEME in the first instance so that we have the opportunity to respond in full to your concerns as per ICO guidance.
Secure Payment
As you are no doubt aware, the Internet is not a completely secure communication system, and users must assume that this may pose a risk to the integrity of information they provide. Accordingly, we accept no legal responsibility for any loss or misuse of the data that may occur while the data is in transmission. For payment services however, we make use of e-commerce infrastructure providers who provide encrypted internet level security. The methods used are based on Certification Authority certificates (built into computer operating systems) and encrypted communication methods based on HTTPS and SSL/TLS techniques (built into browser applications). We of course have no responsibility for the security of users’ own IT and communication systems, and strongly recommend that all users follow good IT practices when using the web.
We are committed to ensuring that your information is secure, and have chosen Stripe as our payment gateway, who have the necessary infrastructure to provide secure communications. Stripe have provided comprehensive documents on their commitment to data protection within the framework of the GDPR – please read them here.
Please note that when paying online, payment details including credit card numbers are supplied directly to our payment partner. We do not receive or store any financial details, other than the bare minimum needed to trace transactions for auditing purposes. For anti fraud reasons and to ensure your payments have not been misused, your personal data may be supplied by our payment partners to relevant third parties including credit reference and fraud prevention agencies, who may keep a record of that information.
The outcome of any online payment transaction (successful or otherwise), is related back to The Cyber Scheme. We will then fulfil the order if the payment has succeeded or make contact in case there is a problem with the credit card (for example if the credit card expiry date has been reached).
We are also able to provide a VAT invoice at the point of order; please download the invoice via the button on your order confirmation page. The invoice contains the details required to make a payment for your exam; payment is required in full prior to the exam being taken. We will securely store bank account details given by you for the purpose of record keeping.
Confidentiality
Completion of detailed applications and submitting CVs as evidence for assessment against the UK Cyber Security Councils professional register is mandatory. However, we recognise that there may be challenges in the nature and substance of such evidence, given non-disclosure agreements may be in place by both you employer and/or by clients you have worked for.
Applying for professional registration requires a commitment from you that you will not only be bound by the ethical requirements of the profession, but also your integrity in meeting any legal requirements associated with your work. When completing your application, you should ensure that you have permission to use all the information you provide and by submitting the application you confirm that is the case.
Applications require referees to attest that what has been presented is a true and accurate reflection of your experience and competence, and that it meets the standard for the registration level being applied for. They should also ensure that the information you have provided does not breach any agreements they might and/or should be aware of.
If you are an employee of a company, you may wish to ensure that your HR and/or Legal Team have no objections to any of the content before sending your application to The Cyber Scheme.
A non-disclosure agreement (NDA) is a legally binding contract that establishes a confidential relationship. The party or parties signing the agreement agree that sensitive information they may obtain will not be made available to others. An NDA may also be referred to as a confidentiality agreement.
As an employee (or a sole trader) you should be aware of your obligations when you sign your employment contract or client contract. Your employers’ /clients expect complete confidentiality, and they will expect information related to trade secrets or security vulnerabilities remain secret. Therefore, a breach of confidentiality occurs when an employee shares certain information that could damage the business, other employees, and/or clients.
Quality Policy
TCS is committed to providing high-quality training, assessment and certification services to our clients. We are dedicated to achieving customer satisfaction and continuously improving our services through the effective implementation of our Quality Management System, in compliance with the requirements of ISO 9001.
To achieve our commitment, we:
- Understand and meet the needs and expectations of our clients by providing relevant, reliable and up-to-date examination and training services.
- Continuously improve our processes, products and services to meet the changing needs and expectations of our clients, interested parties, regulatory bodies and National Authorities.
- Continuously review and improve our processes, products and services to meet the requirements of ISO9001:2015 and other relevant standards and regulations.
- Provide timely and accurate information to our clients, interested parties and external authorities to demonstrate the effectiveness of our QMS.
- Establish and maintain effective communication with interested parties to ensure their needs and expectations are understood and met.
- Train and develop our staff to deliver services in line with our Quality Management System and provide them with the necessary resources to carry out their duties effectively.
- Comply with applicable legal and regulatory requirements and continuously monitor our compliance to ensure our services are delivered in a safe and responsible manner.
- Set and review quality objectives and targets to ensure continuous improvement of our services and QMS.