Cyber Security Challenge UK Ltd is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations to update and expand our existing protection program to meet the demands of the General Data Protection Regulation (‘GDPR’) and the UK’s Data Protection Act. We have an externally verified UK GDPR Page through our subscription to Naq Cyber: www.naqcyber.com/uk-gdpr-certs/cyber-security-challenge and we are Cyber Essentials Certified through The IASME Consortium, with our Certificate available for inspection at the Blockmark Registry here: https://registry.blockmarktech.com/certificates/73159f80-fae1-463a-9059-b4a8286cf5b1/
Data protection: our main policy and procedure documents for data protection have been overhauled to meet the standard and requirements of GDPR. Accountability and governance measures have been improved to ensure that we understand and adequately evidence our obligations and responsibilities. We focus on privacy by design and the rights of individuals.
Data retention and erasure: we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically and in accordance with the data subjects rights.
Under the General Data Protection Regulation (GDPR), we are required to inform you about how long we will retain your personal data. We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected but never longer than 7 years after you have signed up as a contestant in one of our games or competitions. In some cases, we may be required to retain your data for longer periods of time to comply with legal or regulatory obligations. When your personal data is no longer required, we will securely delete or anonymise it. You have the right to request access to, correction of, or erasure of your personal data at any time. If you have any questions about our data retention practices or wish to exercise your rights under the GDPR, please contact us.
Data breaches: our breach procedures have been updated to ensure we have safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time.
Obtaining consent: we have reviewed and updated our consent mechanism for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. Evidence of an affirmative opt-in, along with time and date records is an important part of this process, and supports the individuals ability to understand their right to withdraw consent at any time.
Processor agreements: where we use any third party to process personal information on our behalf we are drafting compliant processor agreements and due diligence procedures to ensure that they meet and understand their GDPR obligations.
You can read more in the sections below.