privacy policy.

At inday, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal data when you visit our website or use our services, and outlines your rights under applicable data protection laws, including the General Data Protection Regulation (GDPR).

INTRODUCTION

This policy applies to the personal data we collect through our website (www.indaycyber.com) and services we provide. By using our website and services, you agree to the collection and use of information as outlined in this policy.

WHO WE ARE

inday is a cybersecurity training company that specialises in delivering tailored, user-centric online learning modules. We are the data controller for the personal information we process, and we are responsible for ensuring that your data is handled securely and in accordance with applicable data protection laws.

If you have any questions about this Privacy Policy or how we use your personal data, please contact us at:

  • Email: privacy@indaycyber.com

  • Address: 5 South Charlotte Street, Edinburgh, EH2 4AN

  • Data Protection Officer (DPO): Jack McLaren-Stewart

WHAT PERSONAL DATA WE COLLECT

We collect the following types of personal data from users of our website and services:

  • Identity Information: Name, job title, and company details.

  • Contact Information: Email address, phone number, and postal address.

  • Technical Data: IP address, browser type, and usage data such as pages visited and time spent on the website.

  • Marketing and Communications Data: Your preferences for receiving marketing from us and your communication preferences.

  • Training Data (where applicable): Information regarding the completion of training courses, feedback, and progress.

HOW WE COLLECT PERSONAL DATA

We collect personal data through the following methods:

  • Direct Interactions: When you fill out forms on our website, contact us by phone or email, subscribe to our newsletter, or provide feedback.

  • Automated Technologies: As you interact with our website, we automatically collect data using cookies, server logs, and similar technologies.

  • Third Parties: We may receive personal data about you from third parties, such as analytics providers (e.g. Google Analytics), advertising networks, and providers of technical, payment, and delivery services.

HOW WE USE YOUR PERSONAL DATA

We use your personal data for the following purposes:

  • To Provide Services: To deliver our tailored cybersecurity training and ensure access to our online learning platform.

  • Customer Support: To respond to inquiries, troubleshoot issues, and improve the user experience.

  • Marketing: To send you information about our services, special offers, and updates, where you have consented to receive such communications.

  • Analytics: To monitor and improve the performance and functionality of our website.

  • Legal Compliance: To comply with our legal obligations, including data protection laws, and to protect our business interests.

LAWFUL BASIS FOR PROCESSING

We process personal data on the following lawful bases:

  • Consent: Where you have provided consent to receive marketing communications or subscribe to services.

  • Contractual Necessity: To fulfil contractual obligations to provide training or services you have requested.

  • Legal Obligation: Where we are required by law to process personal data.

  • Legitimate Interests: For the purposes of operating and improving our business, ensuring network and information security, and preventing fraud.

HOW WE SHARE YOUR PERSONAL DATA

We do not sell, trade, or rent your personal information to third parties. However, we may share your personal data with:

  • Service Providers: Third parties who provide services to help us operate our business, such as IT services, cloud hosting, and analytics providers.

  • Legal Authorities: Where required by law or to enforce our legal rights.

  • Business Transfers: In the event of a merger, sale, or acquisition, we may transfer personal data as part of the transaction.

All third-party service providers are required to respect the confidentiality and security of your data and to process it in accordance with GDPR requirements.

INTERNATIONAL DATA TRANSFERS

If we transfer your personal data outside of the European Economic Area (EEA), we will ensure that appropriate safeguards, such as Standard Contractual Clauses (SCCs), are in place to protect your data in accordance with GDPR.

DATA SECURITY

We take the security of your personal data seriously and have implemented appropriate technical and organisational measures to protect it from unauthorised access, alteration, disclosure, or destruction. These measures include:

  • Data encryption in transit and at rest.

  • Access controls and user authentication.

  • Regular security audits and vulnerability assessments.

DATA RETENTION

We retain personal data for as long as necessary to fulfil the purposes outlined in this policy or as required by law. Once the retention period has expired, personal data will be securely deleted or anonymised.

YOUR RIGHTS UNDER GDPR

As a data subject under the GDPR, you have the following rights:

  • Right to Access: You can request access to your personal data and ask how it is used.

  • Right to Rectification: You can request corrections to inaccurate or incomplete personal data.

  • Right to Erasure (Right to be Forgotten): You can request the deletion of your personal data, subject to certain legal exceptions.

  • Right to Restrict Processing: You can request restrictions on the processing of your personal data.

  • Right to Data Portability: You can request that your personal data be transferred to another service provider in a structured, machine-readable format.

  • Right to Object: You can object to the processing of your data for certain purposes, such as direct marketing.

To exercise any of these rights, please contact us at privacy@indaycyber.com.

COOKIES

Our website uses cookies to improve your browsing experience and track usage. Cookies are small files stored on your device that allow us to recognise you and remember your preferences. You can set your browser to refuse cookies or alert you when cookies are being sent. However, some parts of our website may not function properly if you disable cookies.

THIRD-PARTY LINKS

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies before sharing any personal data.

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Any updates will be posted on this page, and where significant changes are made, we will notify you by email or through our website.

CONTACT US

If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at:

  • Email: privacy@indaycyber.com

  • Address: 5 South Charlotte Street, Edinburgh, EH2 4AN