Privacy Policy
Last Updated: September 2025
SecureNet Academy is committed to protecting your privacy and personal data. This policy explains how we collect, use, and safeguard your information when you use our cyber security training services and website. We comply with GDPR and Cyprus data protection laws.
Data Collection
Personal Data We Collect
Contact Information
- Full name and professional titles
- Email address and phone number
- Company information and job role
- Mailing address for course materials
Usage Data
- IP address and browser information
- Pages visited and time spent on site
- Course progress and lab activity
- Device type and operating system
Communication Data
- Messages sent through contact forms
- Email correspondence and inquiries
- Support tickets and feedback
- Training session recordings (with consent)
Financial Data
- Payment processing information
- Billing address and payment history
- Invoice details and transaction records
- VAT information for EU compliance
How We Collect Data
Direct Collection
Information you provide when registering for courses, contacting us, or participating in training programs. This includes forms, surveys, and direct communications.
Automatic Collection
Technical data collected through cookies, web beacons, and analytics tools when you visit our website or use our training platform.
Third-Party Sources
Professional information from LinkedIn or other business networks when you connect your accounts or participate in industry events.
How We Use Your Data
Legal Basis for Processing
Contract Performance
To provide requested cyber security training services, process payments, and fulfill our obligations under course enrollment agreements.
Consent
For marketing communications, newsletter subscriptions, and optional analytics tracking with your explicit permission.
Legitimate Interest
For business operations, fraud prevention, and improving our training programs based on aggregated usage patterns.
Legal Obligation
For tax reporting, regulatory compliance, and maintaining records as required by Cyprus and EU law.
Specific Use Cases
Service Delivery
- Course enrollment and progress tracking
- Laboratory environment access management
- Certification and achievement records
- Technical support and assistance
Communication
- Course updates and announcements
- Security alerts and industry news
- Event invitations and networking opportunities
- Feedback surveys and quality improvement
Business Operations
- Website analytics and performance monitoring
- Fraud prevention and security measures
- System maintenance and troubleshooting
- Alumni network management and career services
Data Protection & Security
Security Measures
Technical Safeguards
- SSL/TLS encryption for all data transmission
- Encrypted storage of sensitive personal data
- Multi-factor authentication for admin access
- Continuous monitoring and intrusion detection
Operational Safeguards
- Role-based access controls and permissions
- Regular security audits and assessments
- Staff training on data protection practices
- Data processing agreements with third parties
Data Retention
Retention Periods
- Contact form submissions: 3 years
- Student records: 5 years after course completion
- Financial records: 7 years (legal requirement)
- Marketing data: Until consent withdrawn
- Website analytics: 26 months maximum
Deletion Process
Data is automatically deleted after retention periods expire, unless required for legal compliance. Students can request early deletion of personal data not subject to legal retention requirements.
Breach Notification
In the unlikely event of a data breach affecting personal information, we will notify the Cyprus Data Protection Authority within 72 hours and affected individuals without undue delay, in accordance with GDPR requirements. We maintain an incident response plan specifically for data protection breaches.
Your Privacy Rights
Right to Access
Request a copy of all personal data we hold about you, including how it's being processed and who it's shared with.
Right to Rectification
Correct any inaccurate or incomplete personal data we have about you. Updates are processed within 30 days.
Right to Erasure
Request deletion of your personal data when it's no longer needed or you withdraw consent (subject to legal retention requirements).
Right to Portability
Receive your personal data in a structured, machine-readable format and transfer it to another service provider.
Right to Object
Object to processing based on legitimate interests, direct marketing, or profiling. We'll stop unless we have compelling legitimate grounds.
Right to Withdraw Consent
Withdraw consent for marketing communications or optional data processing at any time without affecting prior processing.
How to Exercise Your Rights
Contact Information
Email: privacy@domain.com
Phone: +357 25 842756
Address: 23 Griva Digeni Avenue, 3105 Limassol, Cyprus
Response Time: Within 30 days of request
Required Information
- Proof of identity for security purposes
- Specific details of your request
- Email address associated with your account
Complaint Rights
If you believe your privacy rights have been violated, you have the right to lodge a complaint with the Cyprus Data Protection Authority:
Cyprus Data Protection Authority
Email: commissioner@dataprotection.gov.cy
Phone: +357 22 818 456
Website: www.dataprotection.gov.cy
International Data Transfers
Third-Party Services
Some of our service providers may process data outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:
Google Analytics
EU-US Data Privacy Framework and Standard Contractual Clauses
Payment Processors
PCI DSS compliance and adequacy decisions for secure processing
Cloud Storage
Data processing agreements with EU data residency options
Questions About Your Privacy?
Contact our privacy team for any questions about this policy or your data rights.