Privacy Notice

1. Who we are

Optimise Cyber Solutions Ltd is the controller of the personal data described in this Privacy Notice. This notice also applies to services delivered under the trading name Optimise Cyber Academy.

Contact details

Email: info@cybersecurityaware.net
Telephone: 01226 694040

Data protection contact

If you have any questions about this Privacy Notice or how we use your personal data, please contact us using the details above.

2. What this notice covers

This Privacy Notice explains how we collect, use, store, share and protect personal data when you:

• use our website
• make an enquiry
• book or attend training
• use our learning platform
• work with us as a client, learner, supplier or partner
• contact us by email, phone or online form

The ICO says privacy information should be clear, easy to understand and given at the time personal data is collected, or within a reasonable period if it comes from another source.

3. The personal data we collect

Depending on how you interact with us, we may collect:

Identity and contact data

Name, work email address, personal email address where provided, telephone number, employer, job title, billing address and business address.

Learner and training data

Course bookings, attendance, completion records, assessment results, certification records, learner support communications and learning history.

Account and platform data

Username, login details, access history, password reset records and platform activity.

Enquiry and communications data

Messages sent through our forms, email correspondence, call notes and support requests.

Technical and usage data

IP address, browser type, device information, operating system, pages visited, session information and diagnostic logs.

Transaction data

Payment status, invoice data and order details. We do not store full card details ourselves where payments are processed by third party providers.

Marketing preferences

Your preferences about receiving marketing from us.

We do not intentionally collect more personal data than we need for the relevant purpose.

4. Where we collect personal data from

We collect personal data:

• directly from you, for example when you fill in a form, contact us, book training or use our platform
• from your employer or organisation, for example where they enrol you onto training
• automatically through your use of our website or platform, including cookies and similar technologies where used
• from third party service providers involved in delivering our services, such as payment or hosting providers

5. How we use your personal data and our lawful bases

Under UK data protection law, we must have a lawful basis for using personal data, and our privacy notice should explain both the purpose and lawful basis we rely on.

We use personal data for the following purposes:

To respond to enquiries and provide information about our services

• Personal data used: name, contact details, enquiry details
• Lawful basis: legitimate interests, to respond to enquiries and manage prospective client relationships

To set up and manage client accounts, learner access and service delivery

• Personal data used: identity data, contact data, learner data, account data
• Lawful basis: performance of a contract, or steps taken before entering into a contract

To deliver training, assessments, certificates and learning records

• Personal data used: learner data, account data, communications data
• Lawful basis: performance of a contract, and legitimate interests in administering training and maintaining accurate records

To manage support requests, service communications and platform administration

• Personal data used: contact data, account data, communications data, technical data
• Lawful basis: performance of a contract, and legitimate interests in operating and securing our services

To improve our website, services and user experience

• Personal data used: technical and usage data
• Lawful basis: legitimate interests in monitoring, improving and securing our services, and consent where required for non essential cookies or similar technologies

To manage invoices, payments, records and business administration

• Personal data used: contact data, transaction data, service records
• Lawful basis: performance of a contract, legal obligation and legitimate interests in running our business

To meet legal, regulatory and compliance obligations

• Personal data used: relevant records needed for audits, complaints, compliance or legal obligations
• Lawful basis: legal obligation, and where relevant legitimate interests in establishing, exercising or defending legal claims

To send marketing communications

• Personal data used: name, email address, marketing preferences
• Lawful basis: consent where required, and in some limited business to business situations legitimate interests where permitted by law

If we rely on consent, you can withdraw that consent at any time.

6. Special category data

We do not normally need to collect special category data for standard website and training services.

If we need to process special category data in a specific case, such as accessibility or support information you choose to provide, we will only do so where we have a valid lawful basis and an additional condition under data protection law.

7. Cookies and similar technologies

We use cookies and similar technologies to help our website function, improve performance, understand usage and maintain security. The ICO says the rules on cookies sit under PECR, and consent is generally required for non essential cookies and similar technologies.

You can manage your cookie preferences through our cookie banner and your browser settings.

For more detail, please see our separate Cookie Policy.

8. Marketing

We may send you service related communications where necessary to administer your account, booking or training.

We will only send marketing emails or other electronic marketing where we are allowed to do so by law. The ICO states that you will often need specific consent for unsolicited direct marketing by email, text or similar electronic methods, particularly where individuals are concerned.

You can opt out of marketing at any time by using the unsubscribe link in the message or by contacting us.

9. Who we share personal data with

We may share personal data with trusted service providers where necessary to operate our business and deliver services, for example:

• website and platform hosting providers
• payment processors
• IT and support providers
• email and communication platforms
• analytics providers
• certificate issuing or assessment administration providers
• professional advisers, insurers or auditors where necessary
• regulators, law enforcement or public authorities where required by law

We only share personal data where there is a lawful basis to do so. The ICO states that you must identify a lawful basis before sharing personal data.

We do not sell personal data to third parties.

10. International transfers

We primarily aim to keep personal data within the United Kingdom.

If any supplier or platform we use stores or accesses personal data outside the UK, we will ensure that appropriate safeguards are in place in line with UK data protection law.

11. How long we keep personal data

The ICO expects privacy notices to explain how long personal data will be kept for, or the criteria used to decide that period.

We keep personal data only for as long as necessary for the relevant purpose, including to meet legal, contractual and operational requirements. As a guide:

Enquiries and prospect records

Usually up to 24 months after the last meaningful contact, unless a longer period is needed for a legitimate reason.

Client and supplier records

Usually up to 6 years after the end of the relationship for contractual, tax and legal record keeping purposes.

Learner, training and certification records

Usually up to 6 years after completion or account closure, unless a longer retention period is needed for certification, audit or funding compliance.

Technical logs and website analytics

Retained for periods appropriate to security, diagnostics and analytics needs.

Marketing records and preferences

Retained until you opt out, withdraw consent, or we decide the data is no longer needed.

Backups

Retained in line with our backup and disaster recovery processes and then securely overwritten or deleted.

We may keep data longer where required by law or where necessary to establish, exercise or defend legal claims.

12. How we protect personal data

We use appropriate technical and organisational security measures to protect personal data, including access controls, secure hosting, encryption where appropriate, monitoring, staff awareness and other security safeguards proportionate to the risks.

No online system can ever be guaranteed completely secure, but we work to reduce the risk of unauthorised access, loss, misuse or alteration.

13. Your rights

Under UK data protection law, you may have the right to:

• request access to your personal data
• request correction of inaccurate or incomplete data
• request deletion of your data in certain circumstances
• request restriction of processing in certain circumstances
• object to processing in certain circumstances
• request data portability in certain circumstances
• withdraw consent where we rely on consent

The ICO expects privacy notices to explain people's rights and how to complain.

To exercise your rights, contact us using the details in this notice.

14. How to complain

If you have any concerns about how we use your personal data, please contact us first and we will try to resolve the issue.

You also have the right to complain to the Information Commissioner's Office.

Telephone: 0303 123 1113

15. Third party websites

Our website may contain links to third party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to read their privacy notices.

16. Changes to this Privacy Notice

We may update this Privacy Notice from time to time. When we do, we will update the effective date and publish the latest version on our website.