Privacy Notice
Introduction
Welcome to the Privacy Notice (Notice) of SecureWeb3 Ltd (SecureWeb3, we, our or us).
We respect your privacy and value the compliant and moral handling of your personal data. This Notice outlines how we collect, use and share personal data about you and provides you with details on your legal rights regarding your personal data and processing of it.
Unless otherwise stated, this Notice applies when you visit, sign-up or use any SecureWeb3 website, mobile application, online platform, portal, API or other medium where we interact with you (our Platforms). It also applies when we provide or make available to you any of our services, including training content or other informational services irrespective of whether provided through the Platforms or otherwise (the Services).
By accessing our Platforms or receiving our Services, you agree to the terms of this Privacy Notice. You shouldn’t access or interact with our Platforms or receive any of the Services if you don’t agree with the terms contained in this Notice.
Important information and who we are
Purpose of this Notice
This Notice aims to give you information on how we collect and process your personal data through:
your use of our Platforms (as may be updated from time to time) when you access, register, create an account or otherwise use our Platforms, whether through a mobile or handheld device or web-browser; or
us providing you with any of our Services.
Our Platforms and Services are not intended for children and we do not knowingly collect data relating to children.
It is important that you read this Notice, together with our Terns of Service and any other policies which we may refer or incorporate by reference (collectively the, Agreement) before accessing our Platforms or receiving our Services.
If you are unsure about anything contained in the Agreement (including this Notice), we recommend that you contact us or seek independent advice.
Controller
SecureWeb3 Ltd is a limited company registered in the United Kingdom (with company number 14593990) and is the controller responsible for the handling of your personal data. References to SecureWeb3 (or any other reference deemed to mean SecureWeb3) should also be interpreted and construed to be a reference to any of our affiliated or subsidiary companies under common control or ownership.
Contact details
We have appointed a data protection officer (DPO) who is responsible for overseeing the implementation of this Notice and responding to any questions you may have.
If you have any questions about this Notice or our privacy practices, please contact our DPO by emailing us at [email protected].
You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
Changes to the Notice and your duty to inform us of changes
We keep this Notice under regular review and may update it from time to time in accordance with applicable laws or as we improve and expand our Services and Platforms. This Notice was last updated on 16 April 2023.
If we make any material amendments to this Notice we will notify you by email or pop-up notice when you next access our Platforms (Policy Changes). The Policy Changes may be displayed on-screen and you may be required to read and accept the Policy Changes to continue using our Platforms and Services.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during our relationship with you.
Third-party links
Our Platforms may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Platforms, we encourage you to read the privacy statement and other relevant policies of the websites or third-party links which you visit.
The data we collect about you
We collect certain personal data from you directly, such as information you enter and provide to us yourself, data about your consumption of content, and data from third parties that help us provide you with our Services. We also collect some data automatically, like information about your device and what parts of our Platform you interact with or spend time using. All data listed in this section is subject to the following processing activities: collecting, recording, structuring, storing, altering, retrieving, encrypting, pseudonymizing, erasing, combining, and transmitting. References to process or processing shall mean references to one or multiple of these activities. |
The data you provide to us
When you access our Platforms or receive our Services, you will need to provide us with certain personal data. The types of personal data which we may collect from you directly (as may be required to provide you with access to our Platforms or provide our Services), or voluntarily (to receive access to a particular feature of our Services or complete your profile), are provided below.
Category of Personal Data | Description |
Identity Data | In order for us to identify you when you register for our Services or an account on our Platforms, or when you ask us to contact you, you will be required to provide us with certain Identity Data. Identity Data includes data such as your first name, last name, title, date of birth and other similar types of data that identifies you. |
Contact Data | In order for us to contact you for any reason, you will need to provide us with certain information for us to do so. Contact Data includes information such as your phone number, email address, and residential, work or billing address. |
Learning Data | When you access content we provide as part of our Services, we collect certain data including which courses and quizzes you’ve started and completed, subscriptions details, content and subscription purchases, completion certificates, and related content based information. |
Payment Data | When you purchase our Services, we collect certain data about your purchase as necessary to process your order and which may optionally be saved to process future orders. You must provide certain payment and billing data to our payment service providers, including your name, credit card information and billing address. |
Account Data | When you register an account on our Platforms you need to create a user account which requires us to collect and store your email address, password, and account settings. If you register an account on our Platforms using another third-party account (such as Facebook or Google), we may also collect Third-Party Account Data (described below) provided to us by the third-party utilized to register your account with us. |
Communication Data | If you contact us for support or to report a problem or concern (regardless of whether you have registered an account on our Platforms), we collect and store information relevant to our communication with you such as your Contact Data, Identity Data, Account Data, Payment Data and other data necessary for us to resolve a complaint or support you. |
Marketing Data | So we, or our affiliates, don’t send you marketing materials you don’t wish to receive, you will be required to provide us with your preferences on marketing (opt in preference) and other communication preferences. |
Content Data | There may be features enabled on our Platforms which enable you to upload, communicate, review, comment on otherwise interact with us or other users of our Platforms. The information you upload may be visible to other users of Platform and subject to the Acceptable Use provisions of our Terms of Service. |
Third-party Account Data | When you sign up or register for an account on our Platforms, you may have the option to do so by directly using your existing social media or other accounts held with a third-party. If you do so, we will receive certain Third-Party Account Data to register your account such as your name and email address. |
The data we collect automatically
When you access our Platforms or receive our Services, we may also collect certain types of personal data by automated means. These data categories are provided below.
Category of Personal Data | Description |
System Data | To ensure that our Services operate smoothly and are compatible, we may collect certain types of system data. System data we may automatically collect includes data such as information about your about your computer or device (such as type, operating system, model), IP address, browser, domain and other systems data. |
Usage Data | To ensure that our Services are continually improved and relevant to you, we may collect certain data on how you use our Services. Usage data includes things such as your usage statistics, interactions with our Services (such as content accessed, time spent etc) and other data regarding your use of the Services. |
The data we collect from third parties
There may be certain instances where we collect certain categoris of data about you from third-party sources. The data we collect form third-party sources may be Contact Data, Identity Data or Payment Data (each as described above) and will take place when we provide you with our Services in collaboration with a third-party. For example, we may receive your Payment Data from our third-party payment processing agent in order to successfully process a purchase you make on our Platforms to ensure that the payment was successful.
Aggregated data
We may also collect, use and share aggregated data such as statistical or demographic data. Aggregated data could be derived from your personal data but is not considered personal data as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this Notice.
Excluded categories of data
We do not collect any special categories of data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sexual orientation or activity, political opinions, trade union membership, information about your health (including genetic or biometric data) or criminal record.
If you fail to provide personal data
Where you fail to provide us with certain personal data we require in order to provide you with our Services or register an account on our Platforms, or where required by law, we may not be able to provide you with the Services or successfully register your account on our Platforms. We may also be required to cease providing you with any pre-existing Services or cancel your account on our Platforms.
How we use your personal data
We use your personal data to do things like provide our Services, set up an account on our Platforms, communicate with you, troubleshoot issues, improve and update our Services, analyze how people use our Services or as required by law. We will never use your personal data for any purpose which is illegal or not in our legitimate interests. |
Legitimate Interest
One ground for the processing of your personal data is if such processing is in our legitimate interests. Our legitimate interest means the interest of our business in conducting and managing our service offerings to give you the best and most secure service and experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
Purposes for which we will use your personal data
We have set out below a description of the ways we plan to use your personal data and legal basis we rely upon to do so. We have also identified what our legitimate interests are for each processing activity where appropriate.
Note that we may process your personal data under more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Purpose/Activity | Type of Personal Data | Legal Grounds for Processing |
Contacting you upon your request (for example, through completion of the Contact Us feature on our Platforms) | Identity Data; Contact Data | Legitimate interests (customer service, service provisioning, expanding our business) |
Register a user account on our Platforms upon your request | Identity Data; Contact Data; Acount Data; Marketinf Data; Third Party Account Data. | Performance of a contract Legitimate interests (service provisioning, customer service and expanding our business) |
Provide you with our Services (including delivering you with any learning or customized content) | Identity Data; Contact Data; Learning Data; Payment Data; Account Data; Communication Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data. | Performance of a contract Legitimate interests (service provisioning, verification, Platform and Service functionality improvements) |
Process your payments made on our Platforms | Payment Data | Performance of contract Legitimate interests (facilitation of payment, fraud prevention) Legal obligation |
Process any request or order you may make on our Platforms or in relation to our Services | Identity Data; Contact Data; Learning Data; Account Data; Third-party Account Data; System Data; Usage Data. | Performance of a contract Legitimate interests (service provisioning, customer service and expanding our business) |
Communicate with you for the purposes of administering your account or responding to a complaint or suggestion | Identity Data; Contact Data; Learning Data; Payment Data; Account Data; Communication Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data. | Performance of a contract Legitimate interest (customer service and improving out Services) |
Manage or administer your account | Identity Data; Contact Data; Learning Data; Payment Data; Account Data; Communication Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data.Data | Performance of a contract Legitimate interests (provisioning of a service, customer service) |
Verify your identify for any legitimate reason such as ensuring you are who you say you are | Identity Data; Contact Data; Account Data | Legitimate interests (identity verification, fraud prevention) Legal obligation |
Administer our Platforms or Service or upgrade our technology and systems | Identity Data; Contact Data; Learning Data; Payment Data; Account Data; Communication Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data. | Legitimate interest (improve our services, expand our business) |
Tailor our marketing to you | Identity Data; Contact Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data. | Legitimate interests (expand our business) |
As required by law | Identity Data; Contact Data; Learning Data; Payment Data; Account Data; Communication Data; Marketing Data; Content Data; Third-Party Account Data; System Data; Usage Data. | Legal obligation |
Marketing
We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established following personal data control mechanisms:
We may use your Identity Data, Contact Data, Marketing Data, Content Data, Third-Party Account Data, System Data and Usage Data to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you (we call this marketing).
You will only receive marketing communications from us if you have chosen to opt in to marketing.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time.
Cookies
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who we share your personal data with
We will only share personal data about you in accordance with this Notice and applicable laws. If we share your personal data, we require all third-parties with whom we share it to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. |
Generally, we will only share your personal data with those third-parties who may be required to process it for the purposes of us providing you with our Services and Platforms.The table below provides certain circumstances where we may share your personal data with a third-party.
Data Sharing | Purpose |
With service providers, contractors or agents | We may share your personal data with specific third-parties who perform services on our behalf (such as payment processing, fraud and abuse prevention, data analysis, marketing and advertising services and other support services). These service providers may require access your personal data and will use it solely as we direct them to in order for us to receive the necessary services and support. |
With our affiliates | We may share your personal data with our affiliates or subsidiaries that are related by common ownership or control and who may provide us with support in providing you with the Services or Platforms. |
With business partners | We may choose to enter into agreements with third-party organizations to distribute our Services. If in our legitimate interests, we may share your data with these third parties. |
For advertising | If we decide to provide targeted advertising in the future, we may use and share certain personal data with third-party advertising agencies or service providers to show general demographic and preference information. |
For security or legal reasons | We may disclose your personal data to third parties if we believe that such disclosure is reasonably required (or if instructed by a competent authority): as part of a judicial, governmental, or legal inquiry, order, or proceeding including any court initiated process such as a subpoena; to detect, prevent, or address fraud, abuse, misuse, potential violations of law (or rule or regulation), or security or technical issues; to enforce our Agreement, including in order to assess our disclosure obligations under this Notice; or or permitted by law.
|
During a change in our corporate structure or control | If we sell, merge or dissolve our business, or if we acquire a new business or business’ assets, we may be required to share or transfer your personal data during the transition or transaction in order to complete it. |
With your permission | With your consent, we may share data to third parties outside the scope of this Notice. |
International transfers
As at the date of this Notice, our Platforms (and associated content) are hosted in the United States of America. Our hosting agent is Amazon Web Services (US) who has safeguards in place to protect your personal data no less stringent than as prescribed in this Notice.
We do not process or transfer your personal data outside of the UK but for the hosting of our Platforms.
Data security
We ensure that appropriate levels of security are employed to ensure the ongoing safeguarding of your personal data. In certain circumstances, however, the security of your personal data is taken out of our control such as if you lose or have your password stolen. |
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties on a needs to know basis and will only divulge the personal data that is reasonably necessary. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Data retention
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, or to satisfy some other legal or regulatory requirement. In most cases, you may request that we delete the personal data we hold about you, at which point we will delete and no longer retain your personal data. |
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, or for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
If you are based in the United Kingdom, by law we have to keep basic information about our customers for six years after they cease being customers for tax purposes.
In some circumstances you can ask us to delete your data: see your legal rights below for further information.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
Your legal rights
SecureWeb3 respects and promotes the proper upholding of your legal rights. If you wish to exercise any of your legal rights, please contact us. |
The following table provides an overview of some of your legal rights in relation to the processing and handling of your personal data.
Legal Right | Description |
Right to Access | You have the right to request access to your personal data (commonly known as a data subject access request). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. |
Right to Correct | You have the right to request the correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. |
Right to Erase | You have the right to request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Its important to note however that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. |
Right to Object | You have the right to object to the processing of your personal data. This enables you to object to our processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. |
Right to Restrict | You have the right to request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: if you want us to establish the data's accuracy; where our use of the data is unlawful but you do not want us to erase it; where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
|
Right to Transfer | You have the right to request the transfer of your personal data to you or to a third party. In such instances, we will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or for information we used when providing you with the Services or Platforms. |
Right to Withdraw | You have the right to withdraw consent at any time where we are relying on consent to process your personal data. If you choose to withdraw your consent, we may not be able to provide certain services to you and will advise you of these details at the time you withdraw your consent. It’s important to note however that withdrawing your consent will not effect the lawfulness of the processing of your personal data which took place before you chose to withdraw your consent. |
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights) however we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you.
THIS NOTICE WAS LAST UPDATED ON 18 APRIL 2023.
