top of page


1- Introduction

1.1.This is our Privacy Policy (together with any relevant document referred). It applies to your use of (a) our website and all corresponding domains, subdomains, web pages and websites associated therewith (the “Site”), and (b) any other content, applications, features, functionality, information and services offered on or through the Site (the foregoing subsections (a) and (b) are collectively referred to herein as the “Goods and Services”).

1.2.In this document, “we”, “our”, or “us” refer to Peak Cyber Institute. We are the “Data Controller” under this Privacy Policy and this is a notice to inform you about the information that we record about you.

1.3.The Privacy Policy sets out the terms on the information we collect about you or the information you provide to us, which collectively will be your “Personal Information”. We may collect, store, use or otherwise treat, collectively as “Process” your Personal Information, within the limits permitted by law.

1.4.Please read this Privacy Policy carefully to understand our policy on how we Process your Personal Information. By using the Goods and Services and accessing our Site, you agree the Processing of your Personal Information in accordance with this Privacy Policy.

1.5.We reserve the right to update and make changes in this Privacy Policy to comply with the most recent regulations. Please check back regularly to keep informed of updates to this Privacy Policy. If we essential to do so, we will send you an email with regard to the changes.

1.6.Your first use of our Site and/or Goods and Services will be deemed as an acceptance of our Privacy Policy. Please kindly be aware that if you do not accept and agree with this Privacy Policy, you must stop using our Site immediately.

1.7.If you would like to discuss any of the terms under this Privacy Policy or would like to exercise your data subject rights, please contact us from

2- Our Details

2.1. The website “” is owned and operated by Peak Cyber Academy Limited which is duly registered in the United Kingdom with the company number 12947653 trading as Trading as Peak Cyber Institute.

2.2.Our registered address is: 86-90 Paul Street, 3rd Floor, EC2A 4NE, London, United Kingdom

2.3.Our trading address is: 86-90 Paul Street, 3rd Floor, EC2A 4NE, London, United Kingdom

2.4.VAT number: N/A

2.5.The Website under the definition Site and within the scope of this Privacy Policy are “www.”, “” and all the subdomains ending with *

3- What we collect

3.1.We may collect your Personal Information during your engagement with us, which will include the below:

Personal data you put into forms, when entering a competition, promotion or surveys on our Site at any time. This includes personal data provided at the time of registering to use our Site and/or Goods and Services, subscribing to our service, creating an account on our Site, posting material or requesting further services.

requests that marketing material be sent to you;

personal data you provide via our social media platforms; and

personal data you provide to us when you contact us by email, phone or otherwise.

3.2.We may also collect your Personal Information for the specific uses including the following purposes and content;

We may hold information about your debit or credit card or other means of payment when you first provide it to us. We will do this with your consent and only the authorised staff will have access to this information. This will ease your further payments on repeating purchases. We will automatically delete your payment information when the card expires.

When you agree to set up a direct debit, the information you give to us will be passed to our bank for processing in accordance to our instructions. We do not keep a copy in this event.

When you send us information regarding a job application, we may keep the information up to 30 (thirty) days in case we decide to contact you for further details. If we employ you, we will collect further information during your employment.

When you contact us regarding an issue or question, either by phone, email or from our website, we collect the data you have given to us in order to reply with the information you need. We will also keep information to identify you as a person in association with your message as your name and email address to increase efficiency.

When you make a complain, we record all the information you give to use, for the purpose of resolving your complaint. If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

4- Cookies

4.1.We use Cookies, which are small text files that are placed on your computer’s hard drive by your web browser when you visit our website. Please check our Cookies Policy from our website for more information about our policy on cookies.

5- How we use

5.1.We collect your Personal Information for one or more of the following purposes:

To provide you with information that you have requested or which we think may be relevant to a subject in which you have demonstrated an interest;

To initiate and complete commercial transactions with you, or the entity that you represent, for the purchase of products and/or services;

To fulfil a contract that we have entered into with you or with the entity that you represent;

To ensure the security and safe operation of our websites and underlying business infrastructure; and

To manage any communication between you and us.

5.2.In order to ensure that each visitor to any of our websites can use and navigate the site effectively, we collect the following:

Technical information, including the Internet Protocol (IP) address used to connect your device to the Internet;

Your login information, browser type and version, time zone setting, browser plug-in types and versions;

Operating system and platform;

Information about your visit, including the Uniform Resource Locators (URL) clickstream to, though, and from our site.

5.3.In addition to the purposes and uses described above, we may collect and use your Personal Information in the following ways:

To identify you when you visit our website.

To track your progress through our certification programs.

To verify your certifications when requested by you or a third party.

To provide training and services or to process returns.

To improve our services and product offerings.

To conduct analytics.

To respond to inquiries related to support, sales, or other requests.

To send marketing and promotional materials, including information relating to our products, services, sales, or promotions.

For internal administrative purposes, as well as to manage our relationships.

We may also use your name, location or photo for marketing purposes.

6- Disclosures

6.1.Our main policy is not to disclose any of your information with any third party. However, we reserve the right to disclose your information to one or more of the parties providing services to you:

Under our websites, we may have public platforms for users to post comments and or/review or reply to existing comments with their profile picture and name. If you decide to submit information in these platforms, you accept that this information will be publicly available.

We work with several service providers to administer our website, host the web platform, conduct surveys, provide technical support, process payment, assist orders and increase efficiency etc. We may share your Personal Information to these service providers.

We may offer contests, sweepstakes, or other promotions with third party partners. If you decide to enter a contest, sweepstakes, or promotion that is sponsored by a third party partner the information that you provide will be shared with us and with them. Their use of your information is not governed by this privacy policy.

6.2.In some cases, we may specifically ask for your consent to disclose your Personal Information, not classified in this Privacy Policy. This will either be a certain group or to public. If you accept by clicking the consent section, you will be consenting us to share the related information.

6.3.In addition, we are allowed to disclose your personal data in the following cases:

We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control).

We may share information if another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.

We may share information if we have a legal obligation to do so in connection with legal proceedings (including prospective proceedings), in order to establish or defend legal rights;

We may exchange information with others against fraud and credit risks.

7- Where we store

7.1.Our websites are mainly hosted inside the European Union, UK and USA. The majority of our websites and web applications are hosted in the USA and are accessed only by our UK-based staff.

7.2.We further use data storages outside the European Economic Area (EEA) in connection with Goods and Services provided under the Site, from time to time. For example, some of our websites may process and store information in the United State of America to improve the efficiency of the Site. Where such processing takes place, we will take all reasonable steps to keep your data secure under the same standards applicable in the United Kingdom.

7.3.We use a wide range of Cloud Service Providers (CSPs) as part of our processing environment. The majority of our CSPs are in the EU, however, we may use data storages outside the EU. Where such processing takes place, we will take all reasonable steps to keep your data secure under the same standards applicable in the United Kingdom.

8- Security measures

8.1.We have what we believe are appropriate security controls in place to protect personal data. Risk assessment, including assessing risks to the rights and freedoms of data subjects, is at the heart of our ISMS. We do not, however, have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many information security risks that exist and take appropriate steps to safeguard your own information. We accept no liability in respect of breaches that occur beyond our sphere of control.

8.2.No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

8.3.Some of our websites permit you to create an account. When you do you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether or not such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

9- Your Rights

9.1.You have a number of rights under the Data Protection Legislation:

The right to be informed of the Personal Information we hold about you. We have the duty to provide clear and transparent information about what we hold;

The right to request a copy of the Personal Information we hold about you. We will provide you a copy of the information, on your request. This is mostly free of charge, however, we may ask for an administration fee in limited circumstances such as repeated requests;

The right to ask for inaccurate data to be corrected and incomplete data to be added into your record;

The right to request any out of date Personal Information to be erased, as long as we are not required to hold it due to legal obligations or business needs;

The right to restrict the processing of Personal Information, in limited circumstances and when we don’t have legitimate grounds for processing your data;

The right to object the processing of your Personal Information for marketing purposes and research purposes. We will always ask for your consent for these uses. You may object by clicking the related sections in our forms or contacting us from support@

To exercise any of your right under the law, please contact us from support@

10- Complaints and Dispute Resolution

10.1.We are committed to provide high quality services and resolve any complain as soon as possible. If you have a complain, please contact us via email at support@ Our team will do our best to return to your complain within 7 working days to assist you with your complain.

10.2.If we cannot resolve a claim using internal complaint handling procedure within 14 day from the day of your first email, it will turn into a dispute and both parties agree to engage into negotiations to solve the dispute by negotiations.

10.3.If a dispute cannot be solved within 28 days from the start of the negotiations, parties agree to engage into one of the alternative dispute resolution methods from either mediation or arbitration. Both parties will agree for alternative dispute resolution from one the providers listed under the Alternative Dispute Resolution for Consumer Dispute Regulations 2015.

10.4.If you are not satisfied with our response you can raise a complaint with the UK’s Information Commissioner’s Office, the UK’s independent authority set up to enforce Data Protection Legislation. For further information on exercising your rights on organisations processing your personal data read the information provided in the following link: “”.

11- Schedule for Retention

11.1.In addition to the Processing of Private Information as described in this Privacy Policy, your information may be used and retained as shown in the schedule.

Purpose of collection

Information category

Data collected

Purpose for collection

Lawful basis for processing

Data shared with?

Retention period

1. To provide you with information

Subject matter information

Name, company name, geographic location, email address, business sector.

To provide appropriate online or email information about products and services that you have requested

Contractual fulfilment

Internally only

Maximum 8 years from the data the information is collected.

6 months if a marketing email is left unopened

To provide further, related, online or email information and ongoing news updates in relation to the identified area of interest.

Legitimate interest

Internally only

Telephone number

Follow-up to ensure requested information meets needs and identify further requirements

Legitimate interest

Internally only

Personal contact information as provided through website forms or at trade shows or any other means.

General mailing list subscription


Internally only

2. Transactional information

Transaction details

Name, physical address, email address, telephone number, bank account details (for credit accounts), other medium of content delivery

To process purchase transactions for products and services with customers, and to ensure any transaction issues can be dealt with.

Contractual performance

Internally only

Maximum 8 years from the date of the performance of the contract.

6 months from the data the data subject has input personal information but has not proceeded with a transaction.

8 years for VAT records from the performance of the contract

For accounting and taxation purposes

Statutory obligation

Internally and professional advisers

Documentation should any contractual legal claim arise

Legitimate Interest

Internally and professional advisers

Payment card data

Primary account number (PAN), cardholder name, service code, expiration date

To fulfil purchase requests using payment cards

Contractual performance

Payment card companies, all in line with PCI DSS

Only retained whist authorisation is pending.

3. Fulfilment information

Fulfilment data

Name, dietary requirements

Appropriate catering arrangements for training courses

Contractual performance

Internally and training venues

Maximum 6 years from the date of the performance of the contract.

Name, contact and identification details

Access to training courses, attendance registers

Contractual performance

Internally and training venues

Name, contact and identification details

Exam attendance, exam results and certifications

Contractual performance

Internally and external examiners, proctors and certification bodies

Name, contact details

Licensing details necessary for allocation and maintenance of a licence purchased for use of software and related products, distance and e-learning.

Contractual performance

Internally and any third parties whose products or services you may have purchased from us.

Name, address(es), email address, contact details

Actual delivery of products or services, in physical or digital form, that you may have purchased from us.

Contractual performance

Internally and any third party logistics or supplier companies with whom we contract in order to fulfil these requirements.

4. Security

Security information

Technical information, as described above, plus any other information that may be required for this purpose

To protect our websites and infrastructure from cyber attach or other threats and to report and deal with any illegal acts.

Legitimate interest

Internally, forensic and other organisations with whom we might contract for this purpose.

Relevant statutes of limitation

5. Communications

Contact information

Names, contact details, identification details

To communicate with you about any issue that you raise with us or which follows from an interaction between us.

Legitimate interest

Internally and, as necessary, with professional advisers.

Relevant statutes of limitation.

Furthermore, the following provides examples of the type of information that we collect from you and how we use that information.


Types of Data

Primary Purpose for Collection and Use of Data

Account Registration or Membership Application

We collect your name, contact information, and professional information such as your company or industry when you create an account. We also collect information relating to the actions that you perform while logged into your account.

We have a legitimate interest in providing account related functionalities to our users. Accounts can be used to save your preferences and transaction history.


We collect attendance records from events, meetings, or examinations, as well as the information you enter on exams (which may include video of you and your surroundings if you select the online testing option), customer service interactions, and any certification verification requests that you have made.

We have a legitimate interest in ensuring that our certification standards are being met, including when and how our members are verifying those certifications.

Cookies and first party tracking

We use cookies. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed.

We have a legitimate interest in making our website operate efficiently.

Cookies and Third Party Tracking

We participate in behaviour-based advertising, this means that a third party uses technology (e.g., a cookie) to collect information about your use of our website so that they can provide advertising about products and services tailored to your interests on our website, or on other websites.

We have a legitimate interest in engaging in behaviour-based advertising and capturing website analytics.

Demographic Information

We collect personal information, such as your age, gender, or location.

We have a legitimate interest in understanding our users and providing tailored services.

Email Interconnectivity

If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains and make purchases.

We have a legitimate interest in understanding how you interact with our communications to you.


If you provide us feedback or contact us for support we will collect your name and e-mail address, as well as any other content that you send to us, in order to reply.

We have a legitimate interest in receiving, and acting upon, your feedback or issues.

Mailing List

When you sign up for one of our mailing lists we collect your email address or postal address.

We share information about our products and services with individuals that consent to receive such information. We also have a legitimate interest in sharing information about our products or services.

Mobile Devices

We collect information from your mobile device such as unique identifying information broadcast from your device and location when visiting our website or using our application.

We have a legitimate interest in identifying unique visitors, and in understanding how users interact with us on their mobile devices.

Partner Promotion

We collect information that you provide as part of a co-branded promotion with another company. We may also have service providers collect information on our or our partners’ behalf.

We have a legitimate interest in fulfilling our promotions.


When you participate in a survey we collect information that you provide through the survey. If the survey is provided by a third party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.

We have a legitimate interest in understanding your opinions, and collecting information relevant to our organization.

Website interactions

We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.

We have a legitimate interest in understanding how you interact with our website to better improve it, and to understand your preferences and interests in order to select offerings that you might find most useful. We also have a legitimate interest in detecting and preventing fraud or other security incidents.

Web logs

We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.

We have a legitimate interest in monitoring our networks and the visitors to our websites. Among other things, it helps us understand which of our services is the most popular.

In addition to the information that we collect from you directly, we may also receive information about you from other sources, including third parties, our affiliates, or publicly available sources. For example, we may receive information on graduates from a university or an employer.

12- Terms and Conditions

12.1.Please also visit our Terms and Conditions section establishing the use, disclaimers, and limitations of liability governing the use of our website.

13- Compliance with Law

13.1.Our Privacy Policy has been compiled so as to comply with the law of every country or legal jurisdiction in which we aim to do business. If you think it fails to satisfy the law of your jurisdiction, we would like to hear from you.

bottom of page