Last Updated 27th October 2020
This policy describes how Mitigate Cyber aims to provide you with information about how we are handling or intend to handle personal information.
Regulation (EU) 2016/679 of the European Parliament (the General Data Protection Regulation (‘GDPR’)) and the Data Protection Act 2018 (referred to as Data Protection law) oblige us to provide you with information about how and why we use personal data. We recognise our obligations and your legal rights set out in the Data Protection Law.
2. Company details
Mitigate Cyber Limited,
Lancaster, LA1 4WA
Phone: +44 (0)333 3233 981
Email: [email protected]
3. Collection of personal data
We collect personal data from you for one or more of the following purposes:
Information you give us
You may give us information about you with your consent or as required for you to use our services, for example:
- Information you provide to create an account with us
- The forms, emails, and other communications that you send us or otherwise contribute, such as support inquiries.
- Your marketing preferences
- Information you share with us when you attend an online training course
- Information you share with us in connection with surveys or promotions
- Information you share with us by applying for a job at Mitigate Cyber
- Information you submit to us at a conference or exhibition
This information may be personal, financial, educational, or related to your employment history.
Sometimes we require you to provide us with information for legal reasons, such as to enter into a contract with us or purchasing services from us, or when you are applying for a job at Mitigate Cyber.
In addition, to ensure that each visitor to our website can use and navigate the site effectively, we collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, time zone setting, browser plug-in types and versions.
- Operating system and platform.
- Information about your visit, including the URL clicks to, through, and from our site.
We believe in protecting the privacy of children. In line with this belief, we do not knowingly collect or maintain personal information from persons under 16 years of age, and no part of any of our websites or online platforms is directed at persons under 16 years of age. If you are under 16 years of age, then please do not use or access our websites or online platforms at any time or in any manner. We will take appropriate steps to delete any personal information of persons less than 16 years of age.
If you are a parent or legal guardian and believe your child has given us information, you can contact us at [email protected], and we will take appropriate steps to investigate and address the issue.
5. Why does Mitigate Cyber collect personal information?
Mitigate Cyber collects information for some or all of following reasons:
- To provide services to you, for example:
- information that identifies you, such as your name, username and email address
- to allow you to register and use our hub
- to deliver online training you purchased from us
- after you have taken one of our educational certifications/ qualifications, to manage your certification, including validation of your certification/qualification by us
- to provide you with any of the services available via our websites and/or online platforms.
- To provide information about products or services you have shown interest in purchasing within a reasonable time afterwards, if you are an existing Mitigate Cyber customer.
- To provide information to you about products or services you have purchased from us, or related products or services.
- To provide information to you about our products and services if you have consented to receive it.
- To employ you or consider you for employment.
- To provide goods or services to you under contract.
- For legal reasons, for example, if you have entered into a contract with us.
6. Lawful basis for the processing of personal data
Mitigate Cyber may process your information because:
- We have a contract with you;
- You have given us permission to do so;
- We must provide services to you after you have purchased something from us or one of our business partners;
- We must provide services to you because you have taken one of our qualifications;
- To comply with the law.
All these are reasons Mitigate Cyber may legally process the information we have about you.
7. Storage of personal data
We primarily store and process your personal data in the EU/European Economic Area (“EEA”). If we do transfer your personal data outside the EEA it will be because you have consented or because we have a legal reason to do so. Your data may also be processed by staff (who work for us) operating outside the EEA all of whom are covered by this policy.
Some examples of reasons your data may be processed outside the EEA include:
- Order fulfilment
- Payment processing
- Technical support services
If your personal data cannot be processed within the EEA, we will:
- Comply with all other data protection principles;
- Where possible, process it in a country that is on the list of the EU Commissions’ countries that provide adequate protections for the rights and freedoms of data subjects;
- If the transfer is to the United States of America, we will use reasonable endeavours to make sure they participate in the Privacy Shield program;
- Make sure we have assessed the adequacy of protections in all other cases.
By using our services, or submitting your personal data, you agree to this transfer, storing and/or processing.
8. How long will we keep your personal information?
Mitigate Cyber will not retain your personal information for longer than required.
We will keep your personal information:
- For as long as required by law
- Until we no longer have a valid reason for keeping it
- Until you request us to stop processing it.
We will retain personal data collected for as long as required to do what we say we will in this policy, unless a longer retention period is required by law.
We may keep just enough of your personal information to ensure that we comply with your requests not to use your personal information or comply with your right to erasure. For example, we must keep your request to be erased even if it includes your personal data until such time as you are no longer our customer.
If you have questions about our Data Retention Policy or wish to be provided with a copy. Please contact: [email protected]
9. Your Rights
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email [email protected] or use the information supplied in the company details section above. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
- The right to be informed
- The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
- If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
- The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
- The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
- The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
a) The accuracy of the personal data is contested.
b) Processing of the personal data is unlawful.
c) We no longer need the personal data for processing but the personal data is required for part of a legal process.
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
- The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
- The right to object
You have the right to object to our processing of your data where
- Processing is based on legitimate interest;
- Processing is for the purpose of direct marketing;
- Processing is for the purposes of scientific or historic research; or
- Processing involves automated decision-making and profiling.