Privacy Policy and Terms of Service

Effective Date: 31/05/2025
Document Version: 1.0
Last Reviewed: 31/05/2025

Prepared by:

Optimise Cyber Solutions Ltd
Junction 38 Business Park
Barnsley, South Yorkshire
S75 5QQ
United Kingdom

Website: www.optimisecyber.co.uk | www.optimisecyber.com
Email: info@optimisecyber.co.uk
Phone: +441226 694040

Document Purpose

This Privacy Policy and Terms of Service explains how Optimise Cyber Solutions Ltd ("we", "our", or "us") collects, uses, shares, and protects your information in connection with the services we offer, including through our trading name Optimise Cyber Academy.

It outlines the legal terms that govern your access and use of our services and websites and your rights in relation to the personal data we collect and process.

We are committed to safeguarding your personal data and complying with the requirements set out under applicable Data Protection Laws, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Disclaimer

This document forms a binding agreement between Optimise Cyber Solutions Ltd and its Clients.
By accessing or using our services, you agree to the terms set forth in this policy.

 

Table of Contents

1. Definitions

2. Interpretations

3. Information We Collect

4. Data Hosting and Transfers

5. Use of Personal Data

6. Data Retention

7. Data Security

8. Your Rights

9. Cookies

10. Third Parties

11. Changes to This Policy

12. Contact Us

13. Service Availability and Optimise Obligations

14. Client Obligations

15. Data Protection and Breach Notification

16. Third Party Data Processing

17. Intellectual Property Rights

18. Confidentiality

19. Limitation of Liability

20. Force Majeure

21. Termination

22. Assignment

23. Entire Agreement

24. Third Party Rights

25. Governing Law and Jurisdiction

26. Schedule: Particulars of Personal Data to be Processed

1. Definitions

When you see "we", "our" or "us", this is a reference to Optimise Cyber Solutions Ltd, including services provided under the trading name Optimise Cyber Academy.

When you see "you" or "your", we are referring to the organisation, company, entity, or individual who has registered with us or otherwise engages with our services.

"Terms" means these terms and conditions, including our privacy policy and any referenced documents or annexes.

"Websites" means our websites located at www.optimisecyber.co.uk and www.optimisecyber.com, including all subdomains and associated websites now and in the future operated by Optimise Cyber Solutions Ltd.

"Optimise" or "Optimise Cyber Solutions" refers collectively to our Websites, Services, Software, and any associated materials.

"Information" means all forms of data that you provide to us directly, indirectly, or that we collect from your use of the Websites, Services, Software, or other interactions with Optimise.

2. Interpretations

2.1 The following expressions shall have the following meanings:

• Agreement: Each service agreement, subscription agreement, or order form together with these terms and conditions.

• Applicable Laws: All laws, statutes, regulations, codes of practice, and guidance applicable in the United Kingdom and in any jurisdiction relevant to the Services.

• Artwork: Logos, characters, trademarks, branding, visual identities, images, and other intellectual property owned by Optimise.

• Back-Up Policy: The current backup, archiving, and disaster recovery procedures adopted by Optimise, updated from time to time.

• Optimise: Optimise Cyber Solutions Ltd, incorporated and registered in England and Wales, with registered office at Junction 38 Business Park, Barnsley, South Yorkshire, S75 5QQ.

• Training Catalogue: The current published list of training modules and offerings available through Optimise Cyber Academy.

• Business Day: Any day other than a Saturday, Sunday, or public holiday in England and Wales.

• Confidential Information: Information marked or reasonably deemed confidential, including proprietary data, trade secrets, business methods, strategies, and financial data.

• Client: The contracting party named in the Service Agreement or Subscription Agreement.

• Customer Data: Data inputted by the client, their employees, or by Optimise on the client's behalf, including but not limited to personal data.

• Customer Equipment: The hardware and software systems required by the client to access the Services, typically including up-to-date browsers and antivirus protection.

• Customer Materials: Any data, content, information, documentation, or other materials provided to Optimise by or on behalf of the client.

• Data Controller: As defined in the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

• Data Processor: As defined in the UK GDPR and Data Protection Act 2018.

• Data Protection Laws: All applicable laws and regulations relating to data protection, privacy, and the processing of personal data, including but not limited to the UK GDPR and the Data Protection Act 2018.

• Data Subject: An identified or identifiable natural person to whom the Personal Data relates.

• Data Subject Request: A request made by a Data Subject under the Data Protection Laws exercising their legal rights.

• Deliverables: Any outputs or results of the Services provided by Optimise.

• Documentation: All documents provided by Optimise relating to the Services, whether in printed, electronic, or other form.

• Intellectual Property Rights: All patents, copyrights, database rights, trademarks, trade names, service marks, domain names, rights in designs, moral rights, know-how, and any other intellectual property rights, in each case whether registered or unregistered.

• Modules: Individual training modules or units described in the Training Catalogue.

• New Releases: Subsequent updates to the Modules that provide new functionality, enhancements, or improvements.

• Normal Business Hours: 9:00 am to 5:00 pm, Monday to Friday (excluding public holidays) in England and Wales.

• Ongoing Development: Continuous improvement and innovation in the Modules and other Services.

• Personal Data: As defined in the UK GDPR and Data Protection Act 2018.

• Personal Data Breach: A breach of security leading to accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data.

• Processing / Process: Any operation or set of operations performed on personal data.

• Privacy and Security Policies: Optimise’s internal policies governing the privacy, confidentiality, and security of Customer Data.

• Regulator: Any supervisory authority under the Data Protection Laws, including the Information Commissioner’s Office (ICO).

• Regulatory Correspondence: Any correspondence, complaint, inquiry, or notice received from a Regulator.

• Service Agreement: A contract for services entered into between Optimise and the client.

• Services: The services provided by Optimise including, but not limited to, cybersecurity training, consultancy, assessments, and certifications.

• Software: Online software applications and platforms provided by Optimise.

• Start Date: The date on which Optimise agrees to begin delivery of the Services.

• Support Services: Assistance provided by Optimise to ensure the operability of the Services.

• Technical Support: Maintenance and support services including Updates and troubleshooting assistance.

• Updates: Bug fixes, patches, and improvements to the Software or Modules.

• Users: Authorised individuals who access or use the Services.

• Virus: Any malware, ransomware, spyware, or similar code intended to adversely affect computer software or data integrity.

2.2 Standard Interpretations Include:

• Singular includes plural and vice versa.

• References to "writing" include electronic communications (e.g., email).

• References to legislation include all amendments or replacements.

• Words following "including", "include", or "for example" shall not limit the preceding words.

3. Information We Collect

We collect and process different categories of Personal Data, including but not limited to:

• Company Information: Name of the company, registered address, company number, contact details.

• Individual Learner Information:

  • First name and surname

  • Email address (business or personal depending on registration)

  • Job title and department (where applicable)

• Training and Certification Records:

  • Courses undertaken

  • Completion status

  • Certificates issued

  • Assessment and quiz scores (where applicable)

• Communications Data:

  • Enquiries and correspondence sent to us via web forms, email, or post

  • Support requests and helpdesk interactions

• Website Usage Data:

  • IP addresses

  • Browser type and version

  • Time zone setting

  • Browser plug-in types and versions

  • Operating system and platform

  • Information about visits, including the full Uniform Resource Locators (URL), clickstream to, through, and from our site

  • Page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.

Financial Information:
We do not collect or store cardholder data. All online payment transactions are handled securely by third-party processors such as Stripe. Direct payments may also be made securely via bank transfer to Optimise Cyber Solutions Ltd.

4. Data Hosting and Transfers

• Hosting Location: All Personal Data is securely hosted within the United Kingdom.

• Hosting Provider: Optimise Cyber Academy services are hosted by Rolley Ltd, a UK-based company certified under Cyber Essentials, ensuring compliance with recognised UK security standards.

• Data Transfers: We do not transfer your Personal Data outside of the United Kingdom. Should it become necessary to transfer data outside the UK (for example, if hosting providers change), we will ensure adequate safeguards are in place such as Standard Contractual Clauses (SCCs) approved under UK Data Protection Laws.

5. Use of Personal Data

We use your Personal Data only for purposes necessary for service delivery, compliance, and administration, including:

• Provision and administration of the Optimise Cyber Academy platform.

• Registration and management of Users.

• Delivery of courses, certifications, and training programmes.

• Issuance of course completion certificates and record-keeping.

• Responding to enquiries and support requests.

• Managing and maintaining our websites and Services.

• Communicating updates, changes, and essential service notices.

• Conducting research and analysis to maintain and improve the services.

• Complying with legal and regulatory obligations, including reporting and auditing.

Marketing:
We will not send marketing communications unless we have received your clear, informed, and affirmative consent. You have the right to withdraw your consent at any time.

6. Data Retention

• Duration: We will retain Personal Data for as long as necessary to provide services and for a reasonable period thereafter in case of reactivation or inquiries, typically for a maximum of six (6) years after service termination in accordance with our legal obligations.

• Post-Termination:
  Upon service termination or at the client's request, Personal Data will be securely deleted unless we are legally required to retain it.

• Backup and Deletion:
  Backups are maintained for disaster recovery purposes for a rolling period not exceeding 90 days before automatic purge.

7. Data Security

We maintain strict technical and organisational measures to secure your Personal Data, including:

• Encryption of data at rest and in transit.

• Access controls ensuring that only authorised personnel have access to data on a need-to-know basis.

• Regular security assessments and audits.

• Multi-factor authentication (MFA) for administrative access.

• Continuous data backup processes and secure storage.

• Network firewalls, intrusion detection systems, and anti-virus software.

• Employee training on information security and privacy awareness.

However, please note that no system is completely immune from breaches; while we strive to protect your Personal Data, we cannot guarantee absolute security, particularly during transmission over the Internet.

8. Your Rights

Under UK Data Protection Laws, you have rights regarding your Personal Data:

• Right of Access: Obtain confirmation as to whether or not your Personal Data is being processed and access a copy.

• Right to Rectification: Request correction of any inaccurate or incomplete data.

• Right to Erasure ("right to be forgotten"): Request deletion where data is no longer necessary or you withdraw consent.

• Right to Restrict Processing: Request restriction where you contest data accuracy or object to processing.

• Right to Data Portability: Receive your data in a structured, commonly used, and machine-readable format.

• Right to Object: Object to processing for direct marketing or on grounds relating to your particular situation.

• Right to Lodge a Complaint: Contact the Information Commissioner’s Office (ICO) if you believe your rights have been infringed.

You can exercise your rights by contacting us via info@optimisecyber.co.uk.

9. Cookies

What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, mobile) when you visit websites. They are widely used to make websites work more efficiently and to provide information to website owners.

How We Use Cookies

We use cookies to:

• Enhance the functionality and usability of our websites.

• Improve your browsing experience by remembering your preferences.

• Track website traffic and user interaction through analytics tools (e.g., Google Analytics).

• Enable certain website features such as access to secure areas.

• Ensure website security.

Types of Cookies We Use:

• Strictly Necessary Cookies: Essential for you to move around the website and use its features.

• Performance Cookies: Collect information about how visitors use our website.

• Functionality Cookies: Allow the website to remember choices you make (such as your username or language).

• Targeting/Advertising Cookies: Record your visit to our website, the pages you have visited, and the links you have followed. We do not currently use targeting cookies for advertising purposes.

Cookie Control:
You can control and manage cookies through your browser settings. You can also delete cookies already stored on your device. Please note that disabling cookies may affect your website experience and limit functionality.

For detailed information on our use of cookies, please review our Cookie Policy.

10. Third Parties

We may engage trusted third parties ("Subprocessors") to process Personal Data on our behalf. These include:

• Hosting providers (Rolley Ltd)

• Payment processors (Stripe)

• CRM and email communication tools

• Analytics and monitoring services (e.g., Google Analytics)

• Certification management systems

All third-party service providers are contractually obligated to:

• Use the data only for the services we specify.

• Protect your Personal Data to the standards required under Data Protection Laws.

• Act only on our written instructions.

• Provide sufficient guarantees to implement appropriate technical and organisational measures.

We perform due diligence on all third parties before engaging them and monitor their compliance continuously.

We will not share, sell, rent, or trade your Personal Data with third parties for their marketing purposes.

11. Changes to This Policy

We reserve the right to update this Privacy Policy at any time. When changes are made, we will:

• Publish the updated Privacy Policy on our website.

• Update the "Effective Date" at the top of the document.

• Where appropriate, notify you by email or through platform notifications.

You are encouraged to review this Privacy Policy periodically to stay informed of updates.

12. Contact Us

If you have any questions, concerns, or complaints about this Privacy Policy or how we handle your data, please contact:

Data Protection Officer
Optimise Cyber Solutions Ltd
Junction 38 Business Park
Barnsley, South Yorkshire, S75 5QQ
Email: info@optimisecyber.co.uk

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

Website: https://ico.org.uk/
Helpline number: 0303 123 1113

13. Service Availability and Optimise Obligations

We are committed to providing reliable service, but service availability is subject to:

• Planned Maintenance: Scheduled during low-usage hours (typically between 10:00 PM and 2:00 AM UK time).

• Unscheduled Maintenance: Undertaken to fix urgent issues. We will endeavour to give at least 6 business hours’ notice where possible.

We do not warrant that:

• The service will be error-free or uninterrupted.

• The service, documentation, or information obtained will meet all your expectations.

We are not liable for:

• Delays or failures caused by issues inherent in internet communications.

We provide:

• Technical Support during Normal Business Hours (9:00 AM – 5:00 PM UK time, Monday to Friday excluding bank holidays).

• Updates and New Releases as part of our Ongoing Development commitment.

14. Client Obligations

Clients must:

• Use the Services solely for their internal business purposes.

• Keep access credentials confidential and secure.

• Ensure that their network and systems meet the minimum requirements specified by Optimise.

• Inform Optimise promptly of any security breach or suspected breach.

• Ensure that Users are authorised and comply with the Agreement.

Clients must not:

• Copy, modify, or create derivative works of the Software or Documentation.

• Reverse-engineer, decompile, disassemble, or otherwise attempt to derive source code.

• License, sell, rent, lease, or commercially exploit the Services or Documentation.

• Use the Services for any illegal, harmful, or discriminatory activities.

• Introduce viruses, trojans, or other harmful material.

Failure to comply may result in:

• Immediate suspension of access.

• Termination of the Agreement.

• Legal action where necessary.

15. Data Protection and Breach Notification

We commit to ensuring the highest standards of data security and compliance with Data Protection Laws, including but not limited to the UK GDPR and the Data Protection Act 2018.

We shall:

• Process Personal Data strictly in accordance with your written instructions and the terms of the Agreement.

• Implement appropriate technical and organisational measures to safeguard Personal Data, including encryption, access control, and secure backups.

• Ensure that all personnel authorised to process Personal Data are under contractual obligations of confidentiality.

Breach Notification

If we become aware of a Personal Data Breach, we will:

• Notify you without undue delay, and in any event within 24 hours of becoming aware.

• Provide you with:

  • A description of the nature of the breach, including the categories and approximate number of data subjects and records concerned.

  • Contact details of the Data Protection Officer or other contact point.

  • Likely consequences of the breach.

  • Measures taken or proposed to address the breach and mitigate its effects.

• Co-operate fully with any investigation or remediation efforts.

We will not disclose any breach to third parties, including affected data subjects or regulators, without your prior consent, unless required by law.

16. Third-Party Data Processing

We may authorise third-party subprocessors to process Personal Data on our behalf under strict contractual terms that mirror the obligations set out in this policy.

Subprocessors must:

• Process Personal Data only on our documented instructions.

• Implement appropriate technical and organisational security measures.

• Ensure that personnel processing Personal Data are subject to confidentiality obligations.

• Assist us in complying with our obligations in relation to security, data breach notification, data protection impact assessments, and rights of data subjects.

• Delete or return Personal Data upon termination of services.

Subprocessing agreements will terminate automatically upon the termination of our service agreement with you.

We maintain an up-to-date list of all current subprocessors, which is available upon request.

17. Intellectual Property Rights

All Intellectual Property Rights in or arising out of or in connection with the Services, Software, Documentation, and Artwork remain vested in Optimise Cyber Solutions Ltd.

Clients:

• Retain all rights, title, and interest in their Customer Data.

• Grant us a non-exclusive, royalty-free licence to use Customer Data solely for the purpose of delivering the Services.

Clients may not:

• Reproduce, duplicate, copy, sell, resell, or exploit any portion of the Services or Documentation without our express prior written permission.

We reserve the right to use anonymised and aggregated data derived from the provision of Services for internal purposes such as improving service delivery, provided such data cannot identify any individual or Client.

18. Confidentiality

Each party undertakes that it shall not at any time during the term of the Agreement, and for a period of two (2) years after its termination, disclose to any person any confidential information concerning the business, affairs, customers, clients, or suppliers of the other party, except:

• To employees, officers, representatives, or advisers who need to know such information for the purposes of carrying out the party's obligations under the Agreement.

• As may be required by law, a court of competent jurisdiction, or any governmental or regulatory authority.

No party shall use any other party’s confidential information for any purpose other than to perform its obligations under the Agreement.

Confidential information does not include information that:

• Is or becomes publicly known other than through any act or omission of the receiving party.

• Was in the other party’s lawful possession before the disclosure.

• Is lawfully disclosed to the receiving party by a third party without restriction on disclosure.

19. Limitation of Liability

Nothing in this policy limits or excludes liability for:

• Death or personal injury caused by negligence.

• Fraud or fraudulent misrepresentation.

• Any other liability that cannot be excluded by law.

Subject to the above:

• Neither party shall be liable to the other for any indirect, incidental, special, consequential, or punitive damages, including loss of profits, sales, business, or data.

• Each party's total liability to the other under or in connection with the Agreement shall be limited to £250,000.

All warranties, conditions, and other terms implied by statute or common law are, to the fullest extent permitted by law, excluded from the Agreement.

The Services and Documentation are provided on an “as is” basis.

20. Force Majeure

We shall have no liability to you under the Agreement if we are prevented from or delayed in performing our obligations due to events beyond our reasonable control, including but not limited to:

• Acts of God, flood, drought, earthquake, or other natural disaster.

• Epidemic or pandemic.

• Terrorist attack, civil war, civil commotion or riots.

• War, threat of or preparation for war.

• Imposition of sanctions, embargo, or breaking off of diplomatic relations.

• Nuclear, chemical, or biological contamination.

• Fire, explosion, or accident.

• Labour or trade disputes, strikes, industrial action.

• Non-performance by suppliers or subcontractors.

• Interruption or failure of utility service.

We will notify you as soon as reasonably practicable of the occurrence of such an event.

21. Termination

Either party may terminate the Agreement immediately upon written notice if:

• The other party commits a material breach which is incapable of remedy or fails to remedy within 14 days of notice.

• The other party becomes insolvent or subject to an insolvency event.

Upon termination:

• All licences granted under this Agreement shall immediately terminate.

• Clients must cease all use of the Services and Documentation.

• We will, at your option, return or securely delete all Customer Data (subject to legal obligations requiring retention).

Termination shall not affect any rights, remedies, obligations, or liabilities that have accrued up to the date of termination.

22. Assignment

Neither party may assign, transfer, or subcontract any of their rights or obligations under the Agreement without the other party’s prior written consent, except that:

• We may subcontract any of our obligations without prior consent, provided that we remain liable for the acts and omissions of our subcontractors.

23. Entire Agreement

This Privacy Policy and the Service Agreement constitute the entire agreement between the parties and supersede all prior agreements, understandings, and negotiations, whether written or oral.

Each party acknowledges that in entering into the Agreement, it does not rely on any statement, representation, assurance, or warranty that is not set out in the Agreement.

24. Third-Party Rights

No one other than a party to this Agreement, their successors, and permitted assignees shall have any right to enforce any of its terms under the Contracts (Rights of Third Parties) Act 1999.

25. Governing Law and Jurisdiction

The Agreement, including this Privacy Policy, and any disputes or claims arising out of or in connection with it shall be governed by and construed in accordance with English law.

The parties irrevocably agree that the courts of England and Wales shall have exclusive jurisdiction to settle any dispute or claim arising out of or in connection with the Agreement.

26. Schedule: Particulars of Personal Data to be Processed

Purpose and Subject Matter of Processing
Delivery of cybersecurity training services to Clients’ employees, managing course enrolment, participation, and certification.

Duration of Processing
For the duration of the Service Agreement and any retention period required by law or legitimate business need.

Type of Personal Data

• Full name

• Email address

• Login credentials

• Records of course participation and completion

• Certification status

Categories of Data Subjects
Employees, contractors, or authorised representatives of Clients.

Processing Activities

• Collection of personal data during registration and participation.

• Storage and maintenance of training records.

• Communication of training-related information.

• Deletion or anonymisation of records after retention period.

Special Categories of Data
None. We do not process sensitive personal data such as race, ethnicity, health information, or political opinions.