Last modified: July 20 2023
Cyber Security Challenge UK Ltd (“The Challenge”) respects the privacy of its customers, suppliers, partners and employees. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. If you require any additional information about the protection of personal data, please visit https://ico.org.uk/.
Party responsible for processing personal data (the “Controller”):
○ Cyber Security Challenge UK Ltd, with registered address at Audley House, Northbridge Road, Berkhamsted, England, HP4 1EH, 07202469.
Data Protection Authority:
○ Information Commissioner.
Data Protection laws:
○ The UK Data Protection Act 2018 and the UK GDPR 2020;
○ The UK e-privacy regulation;
○ The EU GDPR 2018;
○ The EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation).
Collection of data:
Your personal data will be collected by Cyber Security Challenge UK Ltd and its data processors.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Your personal information will be:
… processed fairly, lawfully and you will be informed as to the nature of that processing;
… collected for specified, explicit and legitimate purposes and not processed in a manner which is incompatible with those purposes;
… adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
… adequate and where necessary kept up to date;
… kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
… processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The Challenge will only capture and process personal information for legitimate business purposes, for the marketing, management and administration of competitions and events and for the purposes of fulfilling contractual obligations with our partners and sponsors.
Under no circumstances will we sell or make commercial use of personal information provided to us in good faith without prior, written, specific and explicit consent.
The information we collect:
● information that you provide for the purpose of registering for Challenge competitions and events;
● demographic information (e.g. age, gender, residence locale) for anonymised analysis and reporting purposes;
● information about transactions carried out through our web channels (including web site and social media).
Data collection as described above is based on your consent. Anonymised data is processed based on our legitimate interest.
Storage and protection of data:
Your data is protected by Cyber Security Challenge UK Ltd and its processors in pursuance to all legal requirements set by the relevant data processing laws. Cyber Security Challenge UK Ltd has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. Cyber Security Challenge UK Ltd has signed processing agreements with its processors to ensure an adequate level of data protection.
Who we share your data with:
We may share your data with our suppliers to ensure that we can provide the service that you have requested from us. This includes cloud-service providers.
We may also share your data with suppliers that enable The Challenge to carry out day-to-day business activities such as our accountants and bookkeeping software.
Upon request, we will share a list of our (sub)processors.
International data transfers:
Where there is an international data transfer, we rely on adequacy decisions or Standard Contractual clauses to ensure that the personal data is handled in accordance with the relevant data protection legislation.
Your rights regarding information:
Pursuant to Article 13 paragraph 2 sub b GDPR each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
You can exercise these rights by contacting us at the following email address: firstname.lastname@example.org and put “GDPR request” in the subject line of your email.
Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
Depending on the complexity and the number of the requests this period may be extended to two months.
You may receive commercial offers from The Challenge. If you do not wish to receive them (anymore), please send us an email to the following address: email@example.com
Your personal data will not be used by our partners for commercial purposes.
If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Cyber Security Challenge account, system or other data processing medium in accordance with the process described above.
These conditions are governed by the laws of England and Wales. The court in the district where the controller has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.