1. Introduction

Cyber Path Insight Training is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our approach to ensuring that personal data is handled in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR).

2. Objectives

• To protect the rights and privacy of individuals whose personal data we collect, store, and process.
• To ensure that personal data is processed lawfully, fairly, and transparently.
• To implement appropriate technical and organizational measures to safeguard personal data.
• To ensure compliance with all relevant data protection laws and regulations.

3. Scope

This policy applies to all personal data processed by Cyber Path Insight Training, including data related to employees, learners, contractors, and other stakeholders.

4. Principles of Data Protection

• Lawfulness, Fairness, and Transparency: Personal data will be processed lawfully, fairly, and in a transparent manner.
• Purpose Limitation: Personal data will be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
• Data Minimization: Personal data will be adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed.
• Accuracy: Personal data will be accurate and, where necessary, kept up to date.
• Storage Limitation: Personal data will be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed.
• Integrity and Confidentiality: Personal data will be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

5. Data Collection and Use

• Data Collection: Personal data will be collected only for specific, explicit, and legitimate purposes. The data subject will be informed about the purposes of the collection and their rights regarding their data.
• Data Use: Personal data will be used only for the purposes for which it was collected unless the data subject has given consent for other uses or it is required by law.

6. Legal Basis for Processing

Cyber Path Insight Training will ensure that there is a lawful basis for processing personal data, which may include:

• Consent: The data subject has given explicit consent for processing their data for one or more specific purposes.
• Contract: Processing is necessary for the performance of a contract to which the data subject is a party.
• Legal Obligation: Processing is necessary for compliance with a legal obligation.
• Legitimate Interests: Processing is necessary for the purposes of legitimate interests pursued by Cyber Path Insight Training, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

7. Data Subject Rights

Data subjects have the following rights regarding their personal data:

• Right to Access: The right to obtain confirmation of whether their data is being processed and access to their personal data.
• Right to Rectification: The right to have inaccurate personal data corrected.
• Right to Erasure: The right to have their personal data erased under certain conditions.
• Right to Restriction of Processing: The right to restrict the processing of their personal data under certain conditions.
• Right to Data Portability: The right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.
• Right to Object: The right to object to the processing of their personal data under certain conditions.
• Right to Withdraw Consent: The right to withdraw consent at any time, where processing is based on consent.

8. Data Security

• Technical Measures: Implement appropriate technical measures to protect personal data, such as encryption, access controls, and secure storage.
• Organizational Measures: Implement appropriate organizational measures, such as staff training, data protection policies, and regular audits.

9. Data Breaches

• Incident Response: Establish a data breach response plan to address and manage data breaches promptly.
• Notification: Notify the relevant supervisory authority of a data breach within 72 hours of becoming aware of it, where feasible, unless the breach is unlikely to result in a risk to the rights and freedoms of individuals.
• Communication: Inform affected data subjects of a data breach without undue delay when it is likely to result in a high risk to their rights and freedoms.

10. Third-Party Processors

• Due Diligence: Conduct due diligence on third-party processors to ensure they provide adequate protection for personal data.
• Contracts: Enter into data processing agreements with third-party processors, specifying their obligations regarding data protection and security.

11. Data Protection Officer (DPO)

• Appointment: Appoint a Data Protection Officer to oversee data protection activities and ensure compliance with data protection laws.
• Responsibilities: The DPO will be responsible for monitoring compliance, providing advice and guidance, and serving as the point of contact for data subjects and supervisory authorities.

12. Training and Awareness

• Staff Training: Provide regular training to staff on data protection principles, policies, and procedures.
• Awareness: Promote awareness of data protection responsibilities and best practices among staff and stakeholders.

13. Monitoring and Review

• Regular Audits: Conduct regular audits to ensure compliance with data protection policies and procedures.
• Policy Review: Review this Data Protection Policy annually and update it as necessary to reflect changes in laws, regulations, or business practices.

14. Contact Information

For inquiries, concerns, or requests related to data protection, please contact: Data Protection Officer (DPO) Cyber Path Insight Training