Privacy Policy
This privacy policy for Maniac Enterprises, Inc. (“we”, “us”, or “our”) describes how and why we might collect, store, use, and/or share (“process”) your information when you use our services (“Services”), such as when you:
- Visit our website(s) at cybermaniacs.com, or any website of ours that links to this privacy notice.
- Engage with us in other related ways, including any sales, marketing, or events.
Questions or concerns? Reading this Privacy Policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at +1 (737) 250-8005.
Summary of Key Points
This summary provides key points from our Privacy Policy. You can find more details about any of these topics by clicking the link following each key point or by using the Table of Contents below to find the section you are looking for.
What personal information do we process? When you visit, use, or navigate our website and/or Services, we may process your personal information depending on how you interact with us and the Services, the choices you make, and the products and features you use. Learn more about personal information you disclose to us.
Do we process any sensitive personal information? We may process sensitive personal information when necessary with your consent or as otherwise permitted by applicable law. Learn more about sensitive information we process.
Do we receive any information from third parties? We do not receive any information from third parties.
How do we process your personal information? We process your personal information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with our legal obligations. We may also process your personal information for other purposes with your consent. We process your information only when we have a valid legal reason to do so. Learn more about how we process your information.
In what situations and with which parties do we share personal information? We may share information in specific situations and with specific third parties. Learn more about when and with whom we share your personal information.
How do we keep your personal information safe? We have organizational and technical processes and procedures in place to protect your personal information. However, no electronic communication over the internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Learn more about how we keep your information safe.
What are your rights? Depending on where you are located, the applicable privacy law may mean you have certain rights regarding your personal information. Learn more about your privacy rights.
How do you exercise your rights? The easiest way to exercise your rights is by visiting https://cybermaniacs.com/cybermaniacs-demo, or by contacting us at privacy@thecybermaniacs.com. We will consider and act upon any request in accordance with applicable data protection laws.
Want to learn more about what we do with any information we collect? Review the Privacy Policy in full.
- What Information Do We Collect?
- How Do We Process Your Information?
- What Legal Bases Do We Rely On To Process Your Information?
- When and With Whom Do We Share Your Personal Information?
- Do We Use Cookies And Other Tracking Technologies?
- How Long Do We Keep Your Information?
- How Do We Keep Your Information Safe?
- Do We Collect Information From Minors?
- What Are Your Privacy Rights?
- Controls For Do-Not-Track Features
- Do United States Residents Have Specific Privacy Rights?
- Do We Make Updates To This Privacy Policy?
- How Can You Contact Us About This Notice?
- How Can You Review, Update, Or Delete The Data We Collect From You?
What Information Do We Collect?
In Short: We collect the personal information you provide us.
We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities on the Services, or otherwise when you contact us.
Personal Information Provided By You. The personal information we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:
- Names
- Phone Numbers
- Email Addresses
- Mailing Addresses
- Job Titles
- Contact Preferences
- Billing Addresses
- Debit/Credit Card Numbers
Sensitive Information. When necessary, with your consent or otherwise permitted by applicable law, we process the following categories of sensitive information:
- Social Security Numbers or other Government Identifiers
- Biometric Data (Dietary Information)
All personal information you provide to us must be true, complete and accurate, and you must notify us of any changes to such personal information.
Information Automatically Collected.
In Short: Some information - such as your Internet Protocol (IP) address and/or browser or other device characteristics - is collected automatically when you visit our Services.
We automatically collect certain information when you visit, use, or navigate our Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser, device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.
Like many businesses, we also collect information through cookies and similar technologies.
The information we collect includes:
- Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance data our servers automatically collect when you access or use our Services and which we record in log files. Depending on how you interact with us, this data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error messages (sometimes referred to as “crash dumps”), and hardware settings).
- Device Data. We collect device data such as information about your computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identifiers, location, browser type, hardware model, internet service provider and/or mobile carrier, operating system, and system configuration information.
- Location Data. We collect location data such as information about your device’s location, which can either be precise or imprecise. How much information we collect depends on the type and setting of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation information that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling the Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.
How Do We Process Your Information?
In Short:We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention, and to comply with our legal obligations. We may also process your information for other purposes with your consent.
We process your personal information for a variety of reasons, depending on how you interact with our Services, including:
- To deliver and facilitate delivery of services to you. We may process your information to provide you with the requested services.
- To respond to user inquiries and/or offer support to users. We may process your information to respond to your inquiries and solve any potential problems you might have with the requested services.
- To send administrative information to you. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.
- To request feedback. We may process your information when necessary to request feedback and to contact you about your use of our Services.
- To send you marketing and promotional communications. We may process the personal information you provide for our marketing purposes, if this is in accordance with your marketing preferences. You may opt out of receiving marketing communications at any time. For more information, see “What Are Your Privacy Rights?” below.
- To deliver targeted advertising to you. We may process your information to develop and display personalized content and advertising tailored to your interests, location, and more.
- To identify usage trends. We may process information about how you use our Services to better understand how they are being used so we can improve them. To determine the effectiveness of our marketing and promotional campaigns. We may process your information to better understand how to provide marketing and promotional campaigns that are most relevant to you.
- To save or protect an individual’s vital interest. We may process your information when necessary to save or protect an individual’s vital interest, such as to prevent harm.
What Legal Bases Do We Rely On To Process Your Information?
In Short:We only process your personal information when we believe it is necessary and we have a valid legal reason to do so under applicable law, like with your consent, to comply with laws, to provide you with services to enter into or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests.
If you are located in the EU or the UK, this section applies to you.
The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the valid legal bases we rely on in order to process your personal information. As such, we may rely on the following to process your personal information.
- Consent. We may process your personal information if you have given us permission (consent) to do so for a specific purpose. You may withdraw your consent at any time. Learn more about withdrawing your consent.
- Performance of a Contract. We may process your personal information when we believe it is necessary to fulfill our contractual obligations to you, including providing our Services to you or at your request prior to entering into a contract with you.
- Legitimate Interests. We may process your personal information when we believe that it is reasonably necessary to achieve our legitimate business interests and those interests do not outweigh your interests and fundamental rights and freedoms. For example, we may process your personal information for some of the purposes described in order to:
- Send users information about special offers and discounts on our products and services.
- Develop and display personalized and relevant advertising content for our users.
- Analyze how our Services are used so we can improve them to engage and retain users.
- Support our marketing activities.
- Understand how our users use our products and services so we can improve user experience.
- Legal Obligations. We may process your personal information where we believe it is necessary to comply with our legal obligations, such as to cooperate with a law enforcement body or regulatory agency, exercise or defend our legal rights, or disclose your personal information as evidence in litigation in which we are involved.
- Vital Interests. We may process your personal information where we believe it is necessary to protect your vital interests or the vital interests of a third party, such as situations involving potential threats to the safety of any person.
If you are located in Canada, this section applies to you.
We may process your personal information if you have given us specific permission (express consent) to use your personal information for a specific purpose, or in a situation where your permission can be inferred (implied consent). You can withdraw your consent at any time.
In some exceptional cases, we may be legally permitted under applicable law to process your personal information without your consent, including, for example:
- If collection is clearly in the interests of an individual and consent cannot be obtained in a timely way.
- For investigations and fraud detection and prevention.
- For business transactions provided certain conditions are met.
- If it is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim.
- For identifying injured, ill, or deceased persons and communicating with the next of kin.
- If we have reasonable grounds to believe an individual has been, is, or may be a victim of financial abuse.
- If it is reasonable to expect collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.
- If it was produced by an individual in the course of their employment, business, or profession and the collection is consistent with the purposes for which the information was produced.
- If the collection is solely for journalistic, artistic, or literary purposes.
- If the information is publicly available and is specified by the regulations.
When and With Whom Do We Share Your Personal Information?
In Short: We may share your information in specific situations described in this section and/or with the following third parties.
Vendors, Consultants, and Other Third Party Service Providers. We may share your data with third party vendors, service providers, contractors, or agents (“third parties'') who perform services for us or on our behalf and require access to such information to do that work. We have contracts in place with our third parties, which we designed to safeguard your personal information. This means they cannot do anything with your personal information unless we have instructed them to do it. They will also not share your personal information with any organization apart from us. They also commit to protect the data they hold on our behalf and to retain it for the period we instruct. The categories of third parties we may share personal information with are as follows:
- Cloud Computing Services
- Communication and Collaboration Tools
- Data Analytics Services
- Data Storage Service Providers
- Order Fulfillment Service Providers
- Payment Processors
- Performance Monitoring Tools
- Sales & Marketing Tools
- User Account Registration & Authentication Services
- Website Hosting Service Providers
We may also need to share your personal information in the following situations:
Business Transfers. We may share your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business by another company.Do We Use Cookies And Other Tracking Technologies?
In Short: We may use cookies or other tracking technologies to collect and store your information.
We may use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.
How Long Do We Keep Your Information?
In Short: We keep your information as long as necessary to fulfill the purposes outlined in this Privacy Policy unless otherwise required by law.
We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Policy, unless a longer retention period is required or permitted by law (such as taxes, accounting, or other legal requirements).
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such personal information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
How Do We Keep Your Information Safe?
In Short: We aim to protect your personal information through a system of organizational and technical security measures.
We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. However, despite our safeguards and efforts to secure your personal information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security measures and improperly collect, access, steal, or modify your personal information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
Do We Collect Information From Minors?
In Short: We do not knowingly collect data from or market to children under the age of 18.
We do not knowingly solicit data from or market to children under 18 years of age. By using the Services, you represent that you are at least 18 years of age, or that you are the parent or legal guardian of such a minor and consent to such minor dependent’s use of the Services. If we learn that personal information from users less than 18 years of age has been collected, we will deactivate the account and take reasonable steps to promptly delete such data from our records. If you become aware of any data we may have collected from children under 18, please contact us at privacy@thecybermaniacs.com.
What Are Your Privacy Rights?
In Short: In some regions, such as the European Economic Area (EEA), United Kingdom (UK), Switzerland, and Canada, you have rights that allow you greater access to and control over your personal information. You may review, change, or terminate your account at any time.
In some regions (like the EEA, UK, Switzerland, and Canada), you have certain rights under applicable Data Protection laws. These may include the right:
- To request access and obtain a copy of your personal information.
- To request correction or erasure of your personal information.
- To restrict processing of your personal information.
- To data portability.
- To not be subject to automated decision making.
In certain circumstances, you may also have the right to object to the processing of your personal information. You may make such a request by contacting us by using the contact information provided in the section “How Can Your Contact Us About This Notice?”
We will consider and act upon any request in accordance with applicable Data Protection laws.
If you are located in the EEA or UK and you believe we are unlawfully processing your personal information, you also have the right to complain to your Member State Data Protection Authority or UK Data Protection Authority.
If you are located in Switzerland, you may contact the Federal Data Protection and Information Commissioner.
Withdrawing Your Consent: If we are relying on your consent to process personal information, which may be expressed or implied depending on applicable law, you have the right to withdraw your consent at any time. You can withdraw your consent at any time by contacting us using the contact details provided in the section “How Can You Contact Us About This Notice?”.
However, please note that this will not affect the lawfulness of the processing before its withdrawal nor, when applicable law allows, will it affect the processing of your personal information conducted in reliance on lawful processing grounds other than consent.
Opting Out Of Marketing And Promotional Communications: You can unsubscribe from our marketing and promotional communications at any time by clicking on the unsubscribe link in the emails that we send, or by contacting us using the contact details provided in the section “How Can You Contact Us About This Notice?”. You will then be removed from the marketing lists. However, we may still communicate with you - for example, to send you service related messages that are necessary for the administration and use of your account, to respond to service requests, or for other non-marketing purposes.
Cookies And Similar Technologies: Most web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Services.
If you have questions or comments about your privacy rights, you may email us at privacy@thecybermaniacs.com.
Controls For Do-Not-Track Features
Most web browsers and some mobile operating systems and mobile applications include a Do Not Track feature or setting you can activate to signal your privacy preferences not to have data about your online browsing activities monitored and collected. At this stage no uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we currently do not respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.Do United States Residents Have Specific Privacy Rights?
In Short: If you are resident of a state that has enacted Data Protection legislation (for example, California, Virginia, Colorado, etc.), you are granted specific rights regarding access to your personal information.
What Categories Of Personal Information Do We Collect?
We have collected the following categories of personal information in the past twelve (12) months:
Category |
Examples |
Collected? |
A. Identifiers |
Contact details, such as real name, alias, postal address, telephone or mobile number, unique personal identifier, online identifier, IP address, email address, and account name |
Yes |
B. Protected classification characteristics under state or federal law |
Gender and/or date of birth |
Yes |
C. Commercial information |
Transaction information, purchase history, financial details, and payment information |
Yes |
D. Biometric information |
Fingerprints and voiceprints |
No |
E. Internet or other similar network activity |
Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements |
Yes |
F. Geolocation data |
Device location |
Yes |
G. Audio, electronic, visual, thermal, olfactory, or other similar information |
Images and audio, video or call recordings created in connection with our business activities |
No |
H. Professional or employment related information |
Business contact details in order to provide you with our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us |
Yes |
I. Education information |
Student records and directory information |
No |
J. Inferences drawn from collected personal information |
Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics |
Yes |
K. Sensitive Personal Information |
Specific government identifiers, dietary information, religious, philosophical, or political beliefs. |
Yes |
We will use and retain the collected personal information as needed to provide the Services or for:
Purpose of Collection |
Data Collected |
Processing Activity |
Lawful Basis |
Retention Period |
To provide you with information |
Name, company name, geolocation, email address, business sector |
To provide appropriate online or email information about products and services you requested. |
Contractual Fulfillment |
Maximum of eight (8) years from date of collection. |
To provide further, related, online or email information and ongoing news updates in relation to the identified area(s) of interest. |
Legitimate Interest |
Maximum of eight (8) years from date of collection. |
||
Telephone Number |
Follow-up to ensure requested information meets needs and identify further requirements. |
Legitimate Interest |
Six (6) months if marketing email(s) are left unopened. |
|
Personal contact information as provided through website forms, trade shows, or other means |
General mailing list subscription |
Consent |
Six (6) months if marketing email(s) are left unopened. |
|
Transactional Information |
Name, physical address, email address, telephone number, bank account details (for credit accounts), other medium of content delivery |
To process purchase transactions for products and services with customers, and to ensure any transaction issues can be addressed. |
Contractual Performance |
Six (6) months from the date the Data Subject has provided the information but has not proceeded with a transaction. |
For accounting and tax purposes |
Statutory Obligation |
Six (6) months from the date the Data Subject has provided the information but has not proceeded with a transaction. |
||
Documentation should any contractual legal claim arise |
Legitimate Interest |
Eight (8) years for VAT records from the performance of the contract. |
||
Primary account number (PAN), cardholder name, service code, expiration date |
To fulfill purchases using payment cards |
Contractual Performance |
Only retained while authorization is processed. We utilize Payment Processors certified to PCI/DSS standards. |
|
Name, dietary requirements |
Appropriate catering arrangements for training courses |
Contractual Performance |
Retained until the course has been completed. |
|
Name, contact and identification details |
Access to training courses, attendance registers |
Contractual Performance |
One (1) year from the course completion date |
|
Name, contact and identification details |
Exam attendance, exam results, and certifications |
Contractual Performance |
One (1) year from exam completion. |
|
Fulfillment Information |
Name, contact details |
Licensing details necessary for allocation and maintenance of a license purchased for the use of our software and/or related products, distance, and e-learning |
Contractual Performance |
Maximum of six (6) years from the date of the performance of the contract. |
Name, address(es), email addresses, contact details |
Delivery of products and/or services, in physical or electronic form, that have been purchase from us |
Contractual Performance |
Maximum of six (6) years from the date of the performance of the contract. |
|
Security Information |
Technical information as described above, plus any other information that may be required. |
To protect our website and infrastructure from cyber attack(s) or other threats and to report and address any illegal acts. |
Legitimate Interest |
Relevant statutes of limitation. |
Communication Information |
Names, contact details, identification details |
To communicate with you about any issue raised with us or which follows from an interaction with us. |
Legitimate Interest |
Relevant statutes of limitation. |
Product Development Information |
Names, contact details, identification details |
To improve existing and/or develop new products and/or services that meet expectations and requirements of our customers |
Consent |
Where not anonymized, data will be retained for a maximum of one (1) year. |
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
- Receiving help through our customer support channels.
- Participation in customer surveys and/or contests.
- Facilitation in the delivery of our Services and to respond to your inquiries.
How do we share your personal information?
Learn about how we use your personal information in the section “How Do We Process Your Information?”
We collect and share information through:
- Targeting cookies
- Marketing cookies
- Beacons/Pixels/Tags
Will your information be shared with anyone else?
We may disclose your personal information with our service providers pursuant to a written contract between us and each service provider. Learn more about how we disclose your personal information in the section “When And With Whom Do We Share Your Personal Information?”.
We may use your personal information for our own business purposes, such as undertaking internal research for technological development and demonstration. This is not considered to be “selling” your personal information.
We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months.
- Category A - Identifiers
- Category B - Characteristics of protected classifications under state or federal law
- Category C - Commercial information
- Category E - Internet or other electronic network activity information
- Category F - Geolocation information
- Category H - Professional or employment related information
- Category J - Inferences drawn from collected personal information
- Category K - Sensitive personal information
The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under “When And With Whom Do We Share Your Personal Information?”
Do We Make Updates To This Privacy Policy?
In short: Yes, we will update this Privacy Policy as necessary to stay compliant with relevant laws.
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Policy, we may notify you by either prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.
How Can You Contact Us About This Notice?
If you have any questions or concerns about this notice, you may contact our Data Protection Officer (DPO) Michael Brett by email at dpo@thecybermaniacs.com or by phone at +1 (737) 637-5012
You may also contact us at our mailing address:
251 Little Falls Drive
Wilmington, DE 19808
How Can You Review, Update, Or Delete The Data We Collect From You?
Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, change that information, correct the information, or request that we delete the information.
To request review, update, or deletion of your personal information, please email us at privacy@thecybermaniacs.com.
Contents
1. Introduction
2. Who we are
3. Websites within scope
4. Collection of personal data
5. Lawful basis for the processing of personal data
6. Storage of personal data
7. Security measures
8. Your rights as a data subject
9. Contact us
10. Complaints
1. Introduction
We appreciate the trust you place in us when sharing your personal data. The security of that data is very important to us. In this document, we will explain how we collect, use and protect your personal data.
We will also explain what rights you have with regards to your personal data and how you can exercise those rights.
2. Who we are
Cybermaniacs Ltd is a private company.
Our registered office address is:
Cybermaniacs Ltd
4 Prince Albert Road
London
NW1 7SN
United Kingdom
If you have questions about how we process personal data, or would like to exercise your data subject rights, please email us at hello@thecybermaniacs.com
3. Websites within scope
The following websites are within scope for this privacy policy:
This policy also covers any additional personal data collected in the following online web applications:
learn.thecybermaniacs.com
It includes personal data that is collected through our websites, by telephone, through LiveChat and through any related social media applications.
- Collection of personal data
We collect personal data from you for one or more of the following purposes:
1. To provide you with information that you have requested or that we think may be relevant to a subject in which you have demonstrated an interest.2. To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services.
3. To fulfil a contract that we have entered into with you or with the entity that you represent. In these circumstances it may be your entity, rather than yourself, that has provided us with your personal data.
4. To ensure the security and safe operation of our websites and underlying business infrastructure.
5. To manage any communication between you and us.
The table in section 5 below provides more detail about the data that we collect for each of these purposes, the lawful basis for doing so, and the period for which we will retain each type of data.
Technical information
In addition, to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
- Technical information, including the IP (Internet Protocol) address used to connect your device to the Internet.
- Your login information, browser type and version, time zone setting, browser plug-in types and versions.
- Operating system and platform.
- Information about your visit, including the URL (Uniform Resource Locators) clickstream to, through, and from our site.
In section 8 below, we identify your rights in respect of the personal data that we collect and describe how you can exercise those rights.
5. Lawful basis for the processing of personal data
The table below describes the various forms of personal data we collect and the lawful basis for processing this data. Our business architecture, accounting and systems infrastructure and compliance organisation means that all personal data is processed on common, group-wide platforms. We have processes in place to make sure that only those people in our organisation who need to access your data can do so. A number of data elements are collected for multiple purposes, as the table below shows. Some data may be shared with third parties; where this happens, this is also identified below.
When we process on the lawful basis of legitimate interest, we apply the following test to determine whether it is appropriate:
The purpose test – is there a legitimate interest behind the processing?
Necessity test – is the processing necessary for that purpose?
Balancing test – is the legitimate interest overridden, or not, by the individual’s interests, rights or freedoms?
Purpose of collection | Information category | Data collected | Purpose for collection | Lawful basis for processing | Data shared with? | Retention period |
1. To provide you with information | Subject matter information | Name, company name, geographic location, email address, business sector. | To provide appropriate online or email information about products and services that you have requested | Contractual fulfilment | Internally only | Maximum eight years from the date the information is collected.
Six months if a marketing email is left unopened |
To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest. | Legitimate interest | Internally only | ||||
Telephone number. | Follow-up to ensure requested information meets needs and identify further requirements. | Legitimate interest | Internally only | |||
Personal contact information as provided through website forms or at trade shows or any other means. | General mailing list subscription. | Consent | Internally only | |||
2. Transactional information | Transaction details | Name, physical address, email address, telephone number, bank account details (for credit accounts), other medium of content delivery. | To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with. | Contractual performance | Internally only | Maximum eight years from the date of the performance of the contract.
Six months from the date the data subject has input personal information but has not proceeded with a transaction. Eight years for VAT records from the performance of the contract |
For accounting and taxation purposes | Statutory obligation | Internally and professional advisers | ||||
Documentation should any contractual legal claim arise. | Legitimate Interest | Internally and professional advisers | ||||
Payment card data | Primary account number (PAN), cardholder name, service code, expiration date | To fulfil purchase requests using payment cards. | Contractual performance | Payment card companies, all in line with the PCI DSS | Only retained while authorisation is pending. | |
3. Fulfilment information | Fulfilment data | Name, dietary requirements. | Appropriate catering arrangements for training courses. | Contractual performance | Internally and training venues | Maximum six years from the date of the performance of the contract. |
Name, contact and identification details. | Access to training courses, attendance registers. | Contractual performance | Internally and training venues | |||
Name, contact and identification details. | Exam attendance, exam results and certifications. | Contractual performance | Internally and external examiners, proctors and certification bodies | |||
Name, contact details. | Licensing details necessary for allocation and maintenance of a licence purchased for use of software and related products, distance and e-learning. | Contractual performance | Internally and any third parties whose products or services you may have purchased from us. | |||
Name, address(es), email address, contact details. | Actual delivery of products or services, in physical or digital form, that you may have purchased from us. | Contractual performance | Internally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements. | |||
4. Security | Security information | Technical information, as described above, plus any other information that may be required for this purpose. | To protect our websites and infrastructure from cyber attack or other threats and to report and deal with any illegal acts. | Legitimate interest | Internally, forensic and other organisations with which we might contract for this purpose. | Relevant statutes of limitation. |
5. Communications | Contact information | Names, contact details, identification details. | To communicate with you about any issue that you raise with us or which follows from an interaction between us. | Legitimate interest | Internally and, as necessary, with professional advisers. | Relevant statutes of limitation. |
6. Product development | Survey data | Names, contact details, identification details. | To develop existing and new products that meet the expectations and requirement of our customers. | Consent | Internally and where additional consent is given for marketing purposes. | If anonymised for statistical research, this data may be kept indefinitely.
Where not anonymised, it shall be retained for a maximum of one year. |
6. Storage of personal data
Cybermaniacs Ltd is a UK-domiciled organisation whose primary offices are in the UK.
Our websites and web applications are hosted in the EU.
Our customer relationship management, marketing and accounting systems for all our businesses are either EU-based or hosted by companies participating in the EU-US Privacy Shield Framework.
We use a wide range of CSPs (Cloud service providers) as part of our processing environment. Unless we specifically state otherwise, we are, in respect of all these CSPs, the data controller.
Unless we specifically state otherwise, all the CSPs that we use utilise EU-located processing facilities.
Our payment processors and banking arrangements are based in the EU.
We ship and deliver physical products around the world; we therefore use logistics companies that are based outside the EU and operate in other countries. We have appropriate legal and security relationships with those partners.
We operate a data retention policy in respect of all data, whether paper-based or digital, and those aspects of it that relate to personal data are contained in the table at 5, above.
7. Security measures
We have what we believe are appropriate security controls in place to protect personal data. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
8. Your rights as a data subject
As a data subject whose personal information we hold, you have certain rights. If you wish to exercise any of these rights, please email hello@thecybermaniacs.com or use the information supplied in the Contact us section below. To process your request, we will ask you to provide two valid forms of identification for verification purposes. Your rights are as follows:
The right to be informed
As a data controller, we are obliged to provide clear and transparent information about our data processing activities. This is provided by this privacy policy and any related communications we may send you.
The right of access
You may request a copy of the personal data we hold about you free of charge. Once we have verified your identity and, if relevant, the authority of any third-party requestor, we will provide access to the personal data we hold about you as well as the following information:
a) The purposes of the processing
b) The categories of personal data concerned
c) The recipients to whom the personal data has been disclosed
d) The retention period or envisioned retention period for that personal data
e) When personal data has been collected from a third party, the source of the personal data
If there are exceptional circumstances that mean we can refuse to provide the information, we will explain them. If requests are frivolous or vexatious, we reserve the right to refuse them. If answering requests is likely to require additional time or occasions unreasonable expense (which you may have to meet), we will inform you.
The right to rectification
When you believe we hold inaccurate or incomplete personal information about you, you may exercise your right to correct or complete this data. This may be used with the right to restrict processing to make sure that incorrect/incomplete information is not processed until it is corrected.
The right to erasure (the ‘right to be forgotten’)
Where no overriding legal basis or legitimate reason continues to exist for processing personal data, you may request that we delete the personal data. This includes personal data that may have been unlawfully processed. We will take all reasonable steps to ensure erasure.
The right to restrict processing
You may ask us to stop processing your personal data. We will still hold the data, but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies you may exercise the right to restrict processing:
a) The accuracy of the personal data is contested.
b) Processing of the personal data is unlawful.
c) We no longer need the personal data for processing but the personal data is required for part of a legal process.
d) The right to object has been exercised and processing is restricted pending a decision on the status of the processing.
The right to data portability
You may request your set of personal data be transferred to another controller or processor, provided in a commonly used and machine-readable format. This right is only available if the original processing was on the basis of consent, the processing is by automated means and if the processing is based on the fulfilment of a contractual obligation.
The right to object
You have the right to object to our processing of your data where
Processing is based on legitimate interest;
Processing is for the purpose of direct marketing;
Processing is for the purposes of scientific or historical research; or
Processing involves automated decision-making and profiling.
9. Contact us
Any comments, questions or suggestions about this privacy policy or our handling of your personal data should be emailed to hello@thecybermaniacs.com
10. Complaints
Should you wish to discuss a complaint, please feel free to contact us using the details provided above. All complaints will be treated in a confidential manner.
Should you feel unsatisfied with our handling of your data, or about any complaint that you have made to us about our handling of your data, you are entitled to escalate your complaint to a supervisory authority within the European Union. For the UK, this is the ICO (Information Commissioner’s Office), which is also our lead supervisory authority. Its contact information can be found at https://ico.org.uk/global/contact-us/.