Welcome to the Cyber Insurance Academy Platform, comprised of ‘the campus’ and ‘the community’ (collectively, the “Platform”). The Platform is owned and operated by Cyber Advisory Excellence Ltd. (“Company”, or “we”, “us”, “our”). This Privacy Policy (the “Policy”) explains how information about you and others is collected and used on the Platform.
We are committed to complying with applicable data protection laws, including the EU and the UK General Data Protection Regulation (GDPR).
We do not knowingly collect information from minors under the age of 18. If you have reason to believe that a minor under the age of 18 has provided their personal information to us through the Platform, please contact us and we will endeavor to delete it.
This Policy may be amended from time to time. We will post any change to this Policy on our Platform, at a reasonable time in advance of the effective date of the change, and we will also make efforts to proactively notify you by email of the changes if we have your email address.
Contact us
If you have any questions about our Platform or these Terms, you can contact us at: info@cyberinsuranceacademy.com, in English.
What we collect and why
| Scenario | Purposes | Categories of information processed |
| Registering to the Platform | Providing you with the functionality of the Platform and contacting you regarding administrative issues related to the Platform, this Policy or our Terms of Use, or for support and maintenance purposes | Name, email address, role, company, company type, country and LinkedIn or Google Single Sign On (SSO) information, if LinkedIn or Google sign-in is used. If you register to the Platform on behalf of another legal entity and provide us with the personal information of third parties, you must obtain their consent to do so first. We refer to this as ”Registration Information”. You must register to the Platform in order to use it, but you do not have a legal obligation to do so. |
| Activity on the Platform | Operation of the Platform; provision of Platform features and functions. | The courses you’ve taken, content you’ve reviewed, your user posts, tests you’ve taken and their results. We refer to this as “Activity Information“. |
| Reports of abuse and inappropriate content | Content moderation and removal of inappropriate or illegal content | Your email address and name, the information you provided in the report, the substance of the reportedly inappropriate content posted by the fellow user, and the contact information of the posting user. We refer to this as “Report Information“. |
| Contacting you regarding inquiries | Responding to your inquiry; our business development; maintaining our customer relations with you | Your contact details and the contents of your inquiry. We refer to this as “Inquiry Information”. You do not have a legal obligation to provide your Inquiry Information; however, if you choose to not share this information with us, we may not be able to respond to your inquiry. |
| Collecting analytics about your use of the Platform | Operation of the Platform; improvement and enhancement of the Platform | When you use the Platform, we collect information about your interactions with the Platform, including the pages you viewed and the actions you took while using the Platform. We refer to this as “Analytics“. The Analytics do not directly identify you and we use them to learn about the general usage of our Platform. |
Methods and sources for collecting your personal information
We collect the personal information from several sources:
- Directly from you, when you register to the Platform and use it, when you submit reports about content, or when you contact us with inquiries.
- From our service providers helping in operating the Platform.
- Through the device you use to access our Platform.
Sharing your personal information
We will not share your information with third parties, except in the events listed below or when you provide us with your explicit and informed consent.
| Scenario | Purposes | Examples of Third parties involved |
| We will share your information with our service providers who assist us with the internal operations of the Platform. These companies are authorized to use your personal information in this context only as necessary to provide these services to us and not for their own promotional purposes. | Operating the Platform and our business |
|
| If you registered to the Platform through an organization (such as your employer), we will share your personal information with that organization, for its own purposes. | Your organization’s business purposes. Please note that your organization is a separate controller of such information and its use of the information will be subject to its own privacy policy. |
The organization you are affiliated with. |
| We will share your Registration Information and your course achievements, with other users of the Platform, as part of your public profile on the Platform. | Operating our Platform; providing the functionality of the Platform you requested | Other registered users. |
| If you abused your rights to use the Platform, performed an illegal conduct through the Platform (e.g., shared abusive content on the Platform) or otherwise violated any applicable law while using the Platform. | Responding to, handling, and mitigating suspected violations of law in connection with our business | Competent authorities, legal counsels and advisors. |
| If a judicial, governmental, or regulatory authority requires us to disclose your information. | Complying with a binding request from a competent authority | Competent authorities. |
| If the operation of the Platform or our Company is organized within a different framework, or through another legal structure or entity. | Enabling a structural change in the operation of the Platform and our Company | The target entity of the merger or acquisition, legal counsels and advisors |
Some of the third parties with whom we share your personal information may be located outside of your jurisdiction. If we transfer your personal information for processing at locations outside your jurisdiction, we will abide by the data transfer rules applicable to these situations.
Data retention and security
Data retention. We retain your information for as long as you are an active user of the Platform. Thereafter, we will still retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims and enforce our agreements.
Security. We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute information security. Therefore, although efforts are made to secure your personal information, there is no guarantee that it will be immune from information security risks
Additional information for individuals in EU and UK
Controller
Cyber Advisory Excellence Ltd. is the data controller of your personal information that is collected when you use the Platform. Our address is 45 Rothschild blvd., Tel Aviv-Jaffa, 6578403, Israel.
International data transfers
To facilitate processing your information through the Platform and by our service providers, we will transfer your information to countries such as Israel. We do so under an adequacy decision or under the terms of a data transfer agreement which contains standard data protection contract clauses with adequate safeguards determined by the EU Commission and UK Information Commissioner’s Office.
Legal basis for processing your personal data
| Purpose or Scenario | Legal Basis |
| Registering to our Platform |
|
| Activity on the Platform | Performance of our Terms of Use agreement with you. |
| Reports of abuse and inappropriate content |
|
| Contacting you regarding inquiries | Our legitimate interests in responding to your inquiries. |
| Collecting analytics about your use of the Platform | Our legitimate interest in developing and enhancing our business and the Platform. |
| Sharing your personal information with your affiliated organization | Performance of our agreement with your affiliated organization. |
| Responding to, handling, and mitigating suspected violations of law in connection with our business | Our legitimate interests in defending and enforcing against violations and breaches that are harmful to our business. |
| Complying with a binding request from a competent authority | Our legitimate interests in complying with mandatory legal requirements imposed on us. |
| Enabling a structural change in the operation of the Platform and our business | Our legitimate interests in our business continuity. |
Data subject rights
If you are in the EU or the UK, you have the following rights under the GDPR:
- Right to Access and receive a copy of your personal information that we process.
- Right to Rectify inaccurate personal information we have concerning you and to have incomplete personal information completed.
- Right to Data Portability, that is, to receive the personal information that you provided to us, in a structured, commonly used, and machine-readable format. You have the right to transmit this data to another person or entity. Where technically feasible, you have the right to have your personal information transmitted directly from us to the person or entity you designate.
- Right to withdraw your consent to processing your personal information, easily and at any time, if the basis for our processing is your consent. We may continue to process personal information with respect to which your consent is not necessary. Withdrawing your consent will not affect the lawfulness of processing we carried out based on your consent before such withdrawal.
- Right to Object to our processing of your personal information based on our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or if we need to process such personal information for the establishment, exercise, or defense of legal claims.
- Right to Restrict us from processing your personal information (except for storing it): (a) if you contest the accuracy of the personal information (in which case the restriction applies only for a period enabling us to determine the accuracy of the personal information); (b) if the processing is unlawful and you prefer to restrict the processing of the personal information rather than requiring the deletion of such data by us; (c) if we no longer need the personal information for the purposes outlined in this Policy, but you require the personal information to establish, exercise or defend legal claims; or (d) if you object to our processing based on our legitimate interest (in which case the restriction applies only for the period enabling us to determine whether our legitimate grounds for processing override yours).
- Right to be Forgotten. Under certain circumstances, such as when you object to our processing of your personal information based on our legitimate interest and there are no overriding legitimate grounds for the processing, you have the right to ask us to erase your personal information. However, notwithstanding such a request, we may still process your personal information if it is necessary to comply with our legal obligations, or for the establishment, exercise, or defense of legal claims. If you wish to exercise any of these rights, please contact us through the channels listed in this Policy.
When you contact us, we reserve the right to ask for reasonable evidence to verify your identity before we provide you with information. If we are not able to provide you with the information that you have asked for, we will explain the reason.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, then according to Article 77 of the GDPR, you can lodge a complaint to the supervisory authority, in the Member State of your residence, place of work, or place of an alleged infringement of the GDPR. For a list of supervisory authorities in the EU, click here.
If you are in the UK, you can lodge a complaint to the Information Commissioner’s Office (ICO) pursuant to the instructions provided here.
