2- Our Details
2.1. The website “www.peakcyberinstitute.com” is owned and operated by Peak Cyber Academy Limited which is duly registered in the United Kingdom with the company number 12947653 trading as Trading as Peak Cyber Institute.
2.2.Our registered address is: 86-90 Paul Street, 3rd Floor, EC2A 4NE, London, United Kingdom
2.3.Our trading address is: 86-90 Paul Street, 3rd Floor, EC2A 4NE, London, United Kingdom
2.4.VAT number: N/A
3- What we collect
3.1.We may collect your Personal Information during your engagement with us, which will include the below:
Personal data you put into forms, when entering a competition, promotion or surveys on our Site at any time. This includes personal data provided at the time of registering to use our Site and/or Goods and Services, subscribing to our service, creating an account on our Site, posting material or requesting further services.
requests that marketing material be sent to you;
personal data you provide via our social media platforms; and
personal data you provide to us when you contact us by email, phone or otherwise.
3.2.We may also collect your Personal Information for the specific uses including the following purposes and content;
We may hold information about your debit or credit card or other means of payment when you first provide it to us. We will do this with your consent and only the authorised staff will have access to this information. This will ease your further payments on repeating purchases. We will automatically delete your payment information when the card expires.
When you agree to set up a direct debit, the information you give to us will be passed to our bank for processing in accordance to our instructions. We do not keep a copy in this event.
When you send us information regarding a job application, we may keep the information up to 30 (thirty) days in case we decide to contact you for further details. If we employ you, we will collect further information during your employment.
When you contact us regarding an issue or question, either by phone, email or from our website, we collect the data you have given to us in order to reply with the information you need. We will also keep information to identify you as a person in association with your message as your name and email address to increase efficiency.
When you make a complain, we record all the information you give to use, for the purpose of resolving your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
5- How we use
5.1.We collect your Personal Information for one or more of the following purposes:
To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;
To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services;
To fulfil a contract that we have entered into with you or with the entity that you represent;
To ensure the security and safe operation of our websites and underlying business infrastructure; and
To manage any communication between you and us.
5.2.In order to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:
Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;
Your login information, browser type and version, time zone setting, browser plug-in types and versions;
Operating system and platform;
Information about your visit, including the Uniform Resource Locators (URL) clickstream to, though, and from our site.
5.3.In addition to the purposes and uses described above, we may collect and use your Personal Information in the following ways:
To identify you when you visit our website.
To track your progress through our certification programs.
To verify your certifications when requested by you or a third party.
To provide training and services or to process returns.
To improve our services and product offerings.
To conduct analytics.
To respond to inquiries related to support, sales, or other requests.
To send marketing and promotional materials, including information relating to our products, services, sales, or promotions.
For internal administrative purposes, as well as to manage our relationships.
We may also use your name, location or photo for marketing purposes.
6.1.Our main policy is not to disclose any of your information with any third party. However, we reserve the right to disclose your information to one or more of the parties providing services to you:
Under our websites, we may have public platforms for users to post comments and or/review or reply to existing comments with their profile picture and name. If you decide to submit information in these platforms, you accept that this information will be publicly available.
We work with several service providers to administer our website, host the web platform, conduct surveys, provide technical support, process payment, assist orders and increase efficiency etc. We may share your Personal Information to these service providers.
6.3.In addition, we are allowed to disclose your personal data in the following cases:
We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control).
We may share information if another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
We may share information if we have a legal obligation to do so in connection with legal proceedings (including prospective proceedings), in order to establish or defend legal rights;
We may exchange information with others against fraud and credit risks.
7- Where we store
7.1.Our websites are mainly hosted inside the European Union, UK and USA. The majority of our websites and web applications are hosted in the USA and are accessed only by our UK-based staff.
7.2.We further use data storages outside the European Economic Area (EEA) in connection with Goods and Services provided under the Site, from time to time. For example, some of our websites may process and store information in the United State of America to improve the efficiency of the Site. Where such processing takes place, we will take all reasonable steps to keep your data secure under the same standards applicable in the United Kingdom.
7.3.We use a wide range of Cloud Service Providers (CSPs) as part of our processing environment. The majority of our CSPs are in the EU, however, we may use data storages outside the EU. Where such processing takes place, we will take all reasonable steps to keep your data secure under the same standards applicable in the United Kingdom.
8- Security measures
8.1.We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.
8.2.No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.
8.3.Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.
9- Your Rights
9.1.You have a number of rights under the Data Protection Legislation:
The right to be informed of the Personal Information we hold about you. We have the duty to provide clear and transparent information about what we hold;
The right to request a copy of the Personal Information we hold about you. We will provide you a copy of the information, on your request. This is mostly free of charge, however, we may ask for an administration fee in limited circumstances such as repeated requests;
The right to ask for inaccurate data to be corrected and incomplete data to be added into your record;
The right to request any out of date Personal Information to be erased, as long as we are not required to hold it due to legal obligations or business needs;
The right to restrict the processing of Personal Information, in limited circumstances and when we don’t have legitimate grounds for processing your data;
The right to object the processing of your Personal Information for marketing purposes and research purposes. We will always ask for your consent for these uses. You may object by clicking the related sections in our forms or contacting us from support@ peakcyberinstitute.com
To exercise any of your right under the law, please contact us from support@ peakcyberinstitute.com
10- Complaints and Dispute Resolution
10.1.We are committed to provide high quality services and resolve any complain as soon as possible. If you have a complain, please contact us via email at support@ peakcyberinstitute.com. Our team will do our best to return to your complain within 7 working days to assist you with your complain.
10.2.If we cannot resolve a claim using internal complaint handling procedure within 14 day from the day of your first email, it will turn into a dispute and both parties agree to engage into negotiations to solve the dispute by negotiations.
10.3.If a dispute cannot be solved within 28 days from the start of the negotiations, parties agree to engage into one of the alternative dispute resolution methods from either mediation or arbitration. Both parties will agree for alternative dispute resolution from one the providers listed under the Alternative Dispute Resolution for Consumer Dispute Regulations 2015.
10.4.If you are not satisfied with our response you can raise a complaint with the UK’s Information Commissioner’s Office, the UK’s independent authority set up to enforce Data Protection Legislation. For further information on exercising your rights on organisations processing your personal data read the information provided in the following link: “https://ico.org.uk/your-data-matters/your-right-of-access/”.
11- Schedule for Retention
Purpose of collection
Purpose for collection
Lawful basis for processing
Data shared with?
1. To provide you with information
Subject matter information
Name, company name, geographic location, email address, business sector.
To provide appropriate online or email information about products and services that you have requested
Maximum 8 years from the data the information is collected.
6 months if a marketing email is left unopened
To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.
Follow-up to ensure requested information meets needs and identify further requirements
Personal contact information as provided through website forms or at trade shows or any other means.
General mailing list subscription
2. Transactional information
Name, physical address, email address, telephone number, bank account details (for credit accounts), other medium of content delivery
To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.
Maximum 8 years from the date of the performance of the contract.
6 months from the data the data subject has input personal information but has not proceeded with a transaction.
8 years for VAT records from the performance of the contract
For accounting and taxation purposes
Internally and professional advisers
Documentation should any contractual legal claim arise
Internally and professional advisers
Payment card data
Primary account number (PAN), cardholder name, service code, expiration date
To fulfil purchase requests using payment cards
Payment card companies, all in line with PCI DSS
Only retained whist authorisation is pending.
3. Fulfilment information
Name, dietary requirements
Appropriate catering arrangements for training courses
Internally and training venues
Maximum 6 years from the date of the performance of the contract.
Name, contact and identification details
Access to training courses, attendance registers
Internally and training venues
Name, contact and identification details
Exam attendance, exam results and certifications
Internally and external examiners, proctors and certification bodies
Name, contact details
Licensing details necessary for allocation and maintenance of a licence purchased for use of software and related products, distance and e-learning.
Internally and any third parties whose products or services you may have purchased from us.
Name, address(es), email address, contact details
Actual delivery of products or services, in physical or digital form, that you may have purchased from us.
Internally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements.
Technical information, as described above, plus any other information that may be required for this purpose
To protect our websites and infrastructure from cyber attach or other threats and to report and deal with any illegal acts.
Internally, forensic and other organisations with whom we might contract for this purpose.
Relevant statutes of limitation
Names, contact details, identification details
To communicate with you about any issue that you raise with us or which follows from an interaction between us.
Internally and, as necessary, with professional advisers.
Relevant statutes of limitation.
Furthermore, the following provides examples of the type of information that we collect from you and how we use that information.
Types of Data
Primary Purpose for Collection and Use of Data
Account Registration or Membership Application
We collect your name, contact information, and professional information such as your company or industry when you create an account. We also collect information relating to the actions that you perform while logged into your account.
We have a legitimate interest in providing account related functionalities to our users. Accounts can be used to save your preferences and transaction history.
We collect attendance records from events, meetings, or examinations, as well as the information you enter on exams (which may include video of you and your surroundings if you select the online testing option), customer service interactions, and any certification verification requests that you have made.
We have a legitimate interest in ensuring that our certification standards are being met, including when and how our members are verifying those certifications.
Cookies and first party tracking
We have a legitimate interest in making our website operate efficiently.
Cookies and Third Party Tracking
We participate in behaviour-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.
We have a legitimate interest in engaging in behaviour-based advertising and capturing website analytics.
We collect personal information, such as your age, gender, or location.
We have a legitimate interest in understanding our users and providing tailored services.
If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.
We have a legitimate interest in understanding how you interact with our communications to you.
If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.
We have a legitimate interest in receiving, and acting upon, your feedback or issues.
When you sign up for one of our mailing lists we collect your email address or postal address.
We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.
We collect information from your mobile device such as unique identifying information broadcast from your device and location when visiting our website or using our application.
We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.
We collect information that you provide as part of a co-branded promotion with another company. We may also have service providers collect information on our or our partners’ behalf.
We have a legitimate interest in fulfilling our promotions.
We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.
We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.
We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud or other security incidents.
We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.
In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, our affiliates, or publicly available sources. For example, we may receive information on graduates from a university or an employer.
12- Terms and Conditions
12.1.Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website.
13- Compliance with Law