Privacy Policy
Last updated: 5 December 2024
Cyber LMS ("we", "us", "our") is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you visit our website and use our services.
This policy is provided in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. If you are located in the European Union, we also comply with the EU General Data Protection Regulation (EU GDPR).
By using Cyber LMS, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
The data controller responsible for your personal data is:
For any questions regarding this Privacy Policy or our data practices, please contact us at the email addresses provided above.
We collect the following categories of personal data:
2.1 Account Information
- Full name
- Email address
- Password (securely hashed—we never store plaintext passwords)
- Job title and organization (optional)
- Profile preferences
2.2 Usage Data
- IP address
- Course progress and completion data
- Quiz scores and learning analytics
2.3 Cookies and Tracking Technologies
- Session cookies (essential for site functionality)
- Authentication tokens
- Analytics cookies (with your consent)
- Preference cookies
For more details on our cookie usage, please see our Cookie Policy.
2.4 Payment Information
- Billing name and address
- Transaction records
Note: Payment card details are processed directly by Stripe, our payment processor. We do not store, access, or process your full card numbers. Stripe's privacy policy applies to payment processing: https://stripe.com/privacy
We process your personal data under the following legal bases:
| Processing Purpose | Legal Basis |
|---|---|
| Account creation and management | Performance of a contract |
| Providing learning services | Performance of a contract |
| Processing payments | Performance of a contract |
| Service-related communications | Legitimate interest / Contract |
| Analytics and site improvement | Consent |
| Security and fraud prevention | Legitimate interest |
| Marketing emails | Explicit consent |
| Compliance with legal obligations | Legal obligation |
We use your personal data for the following purposes:
- Account Management: To create, maintain, and secure your user account.
- Service Delivery: To provide access to courses, track your progress, issue certificates, and deliver learning content.
- Payment Processing: To process subscriptions and transactions via our payment processor (Stripe).
- Communications: To send service updates, security alerts, and support responses.
- Personalization: To customize your learning experience and recommend relevant content.
- Analytics: To understand how our platform is used and to improve our services (with consent).
- Security: To detect and prevent fraudulent activity, unauthorized access, and other security threats.
- Legal Compliance: To comply with applicable laws, regulations, and legal processes.
We may share your personal data with the following categories of recipients:
5.1 Service Providers
- Amazon Web Services (AWS): Cloud hosting, data storage, and infrastructure services (servers located in EU/UK regions where possible).
- Stripe: Payment processing and subscription management.
5.2 Analytics Providers
With your consent, we may use analytics services to understand platform usage patterns.
5.3 Legal and Regulatory
We may disclose your data to law enforcement, regulators, or other parties when required by law or to protect our legal rights.
5.4 International Data Transfers
Some of our service providers (such as AWS and Stripe) may process data outside the UK/EU. When this occurs, we ensure appropriate safeguards are in place:
- UK International Data Transfer Agreement (IDTA)
- EU Standard Contractual Clauses (SCCs)
- Adequacy decisions where applicable
We do not sell your personal data to third parties for marketing purposes.
We retain your personal data for the following periods:
| Data Category | Retention Period |
|---|---|
| Account data | Duration of account + 2 years after deletion request |
| Course progress and certificates | Duration of account + 7 years (for verification purposes) |
| Payment records | 7 years (legal/tax requirements) |
| Security logs | 12 months |
| Analytics data | 26 months (anonymized after 14 months) |
| Backups | 30 days rolling |
| Marketing consent records | Duration of consent + 2 years |
After the retention period expires, data is securely deleted or anonymized. Some data may be retained longer if required by law or for legitimate business purposes.
Under UK GDPR and EU GDPR, you have the following rights regarding your personal data:
- Right of Access: You can request a copy of the personal data we hold about you.
- Right to Rectification: You can request that we correct any inaccurate or incomplete data.
- Right to Erasure ("Right to be Forgotten"): You can request deletion of your personal data in certain circumstances.
- Right to Data Portability: You can request to receive your data in a structured, commonly used, machine-readable format.
- Right to Restrict Processing: You can request that we limit how we use your data.
- Right to Object: You can object to certain types of processing, including direct marketing.
- Right to Withdraw Consent: Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.
- Right Not to be Subject to Automated Decision-Making: You have the right not to be subject to decisions based solely on automated processing that significantly affect you.
How to Exercise Your Rights
To exercise any of these rights, please contact us at: support@cyberlms.co.uk
We will respond to your request within one month. In complex cases, we may extend this by a further two months, but we will notify you if this is necessary.
Right to Lodge a Complaint
If you are not satisfied with how we handle your personal data, you have the right to lodge a complaint with the supervisory authority:
UK: Information Commissioner's Office (ICO)
https://ico.org.uk/make-a-complaint/
EU: Your local Data Protection Authority
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:
- Encryption of data in transit (TLS/SSL) and at rest
- Secure password hashing algorithms
- Multi-factor authentication options
- Regular security assessments and penetration testing
- Access controls and audit logging
- Employee training on data protection
- Incident response procedures
While we strive to protect your personal data, no method of transmission or storage is 100% secure. If you have reason to believe your interaction with us is no longer secure, please contact us immediately.
Cyber LMS is not intended for use by individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information.
If you believe we have collected information from a child under 16, please contact us at support@cyberlms.co.uk.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:
- We will update the "Last updated" date at the top of this page
- For significant changes, we will notify you via email or a prominent notice on our website
- We encourage you to review this policy periodically
Your continued use of Cyber LMS after any changes indicates your acceptance of the updated Privacy Policy.
For any questions, concerns, or requests regarding this Privacy Policy or your personal data:
Contact Email:
We aim to respond to all inquiries within 48 hours during business days.