Privacy Policy

Effective date: January 13, 2026

1. Scope of This Policy

This Privacy Policy applies to:

  • Visitors to the SmartSec Academy website
  • Organisations using SmartSec Academy for cybersecurity awareness training
  • Employees and users enrolled in training programmes
  • Individuals who contact us or interact with our services

This policy applies only to information processed by SmartSec Academy and does not cover third-party websites or services linked from our platform.

2. Information We Collect

We collect only the information necessary to deliver training, issue certificates, and operate the platform responsibly.

2.1 Information You Provide

This may include:

  • Name
  • Work email address
  • Organisation name
  • Role or department (where relevant to training delivery)
  • Training completion and assessment results
  • Communications sent to us (e.g. contact enquiries)

2.2 Information Collected Automatically

When you use our website or platform, we may collect limited technical information, such as:

  • IP address
  • Browser type and device information
  • Access timestamps
  • Pages viewed or actions taken within the platform

This data is used for security, operational reliability, and service improvement.

3. How We Use Personal Information

We use personal data for the following purposes:

  • Delivering cybersecurity awareness training
  • Tracking training progress and completion
  • Issuing and verifying certificates
  • Providing organisations with visibility into training status
  • Responding to enquiries and support requests
  • Maintaining platform security and operational integrity
  • Meeting legal, regulatory, or contractual obligations

We do not use personal data for unrelated marketing or profiling purposes.

4. Certificate Issuance and Verification

Training certificates are issued only after confirmed completion of required training and assessments.

Certificate verification is designed to:

  • Confirm authenticity using a unique reference
  • Avoid disclosure of unnecessary personal information
  • Support organisational assurance and audit needs

Verification processes are intentionally privacy-conscious and limited in scope.

5. Legal Basis for Processing

Where applicable, we process personal data based on one or more of the following legal grounds:

  • Performance of a contract (training delivery and certification)
  • Legitimate interests (platform security, operational integrity)
  • Legal or regulatory obligations
  • Consent, where explicitly required

6. Data Sharing and Disclosure

We do not sell personal data.

Personal information may be shared only:

  • With the organisation sponsoring the training, for visibility and assurance
  • With trusted service providers who support platform operations (under confidentiality obligations)
  • Where required by law, regulation, or legal process

All data sharing is limited to what is necessary and appropriate.

7. Data Retention

Personal data is retained only for as long as necessary to:

  • Deliver training and maintain records
  • Support certificate verification
  • Meet contractual, legal, or regulatory requirements

When data is no longer required, it is securely deleted or anonymised.

8. Data Security

SmartSec Academy implements appropriate technical and organisational measures to protect personal data, including:

  • Access controls
  • Secure systems and infrastructure
  • Controlled certificate issuance and verification processes

While no system can guarantee absolute security, we take reasonable steps to safeguard information against unauthorised access, loss, or misuse.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your personal data
  • Request correction of inaccurate information
  • Request deletion of personal data (subject to legal or contractual limits)
  • Object to or restrict certain processing activities

Requests can be made by contacting us using the details below.

10. Cookies and Tracking

SmartSec Academy may use limited cookies or similar technologies to support website functionality and security. We do not use cookies for invasive tracking or behavioural advertising.

You can manage cookie preferences through your browser settings where applicable.

11. International Data Transfers

Where data is processed or stored outside your country, we take reasonable steps to ensure appropriate safeguards are in place to protect personal information.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or operational practices. The latest version will always be published on our website.