This page explains how personal data is processed when users interact with the Cyber Awareness Platform designed and created by SERMA Safety & Security. This privacy notice complies with the General Data Protection Regulation (EU Regulation 2016/679, hereinafter referred to as GDPR). It applies to users accessing our platform via:

https://cybercoach360.eu/

This Privacy Policy does not cover external websites that may be linked within the platform. SERMA Safety & Security is not responsible for the privacy practices of these external sites, and users are encouraged to review their policies.

Data Controller

Under Article 4(7) of the GDPR, the Data Controller is SERMA Safety & Security, with its registered office at 14, rue Galilée, CS10055, 33615 Pessac. For inquiries, please contact us at:

• Email: privacy@serma.com

• Phone: +33 5 57 26 08 38

Data Protection Officer (DPO)

In compliance with Article 37 of the GDPR, we have appointed a Data Protection Officer (DPO). The DPO serves as the primary contact for all privacy-related issues and ensures compliance with applicable laws. For any questions or concerns regarding your data privacy, contact the DPO at:

privacy@serma.com

Types of Data Processed

1. Browsing Data

The platform collects standard internet log data, including:

• IP addresses.

• Browser types and versions.

• Operating systems.

• URLs of pages visited and timestamps.

This data is collected for the purpose of monitoring site functionality and ensuring security. It is anonymized where possible and deleted within 30 days unless required for investigating cybersecurity incidents.

2. Data Provided Voluntarily by Users

Users may voluntarily provide data when:

• Registering for an account.

• Participating in training courses.

• Completing assessments or surveys.

• Submitting inquiries via the contact form.

Data collected may include:

• Name.

• Email address.

• Job title or organization (if applicable).

Purpose, Legal Basis, and Nature of Data Processing

Personal data collected is processed for the following purposes:

1. Account Creation and Management

   • To enable users to access courses and track progress.

   • Legal Basis: GDPR Article 6(1)(b) – Performance of a contract.

2. Providing Training and Certification

   • To deliver eLearning modules, track user performance, and issue certifications.

   • Legal Basis: GDPR Article 6(1)(b).

3. Improving Platform Functionality

   • To analyze anonymous, aggregated data to enhance the platform.

   • Legal Basis: GDPR Article 6(1)(f) – Legitimate interests.

4. Compliance with Legal Obligations

   • For purposes such as responding to regulatory requests.

   • Legal Basis: GDPR Article 6(1)(c).

5. Marketing (if applicable)

   • If users opt in to receive updates or newsletters.

   • Legal Basis: GDPR Article 6(1)(a) – Consent.

Data Sharing and Transfer

Personal data may be shared with the following entities:

• Hosting providers and IT infrastructure partners.

• Third-party service providers involved in analytics, support, or maintenance.

• Regulatory authorities if required by law.

If data is transferred outside the European Economic Area (EEA), it will be done in compliance with GDPR Chapter V, ensuring adequate levels of protection through Standard Contractual Clauses or other mechanisms.

Data Retention

Data will be retained only as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required by law. Specific retention periods include:

• Browsing data: 30 days.

• Account data: Duration of the user’s activity on the platform + 1 year for backup purposes.

• Training records: Retained until the user requests deletion or per contractual obligations.

Security Measures

The platform employs advanced technical and organizational measures to safeguard personal data against unauthorized access, loss, or misuse. These include encryption, secure storage, and regular vulnerability assessments.

User Rights

Under GDPR Articles 15–22, users have the following rights:

1. Access: Request access to the personal data we hold.

2. Rectification: Correct inaccurate or incomplete data.

3. Erasure: Request deletion of data under certain conditions.

4. Restriction: Limit how we process your data in specific scenarios.

5. Data Portability: Receive a copy of your data in a structured, machine-readable format.

6. Objection: Object to processing for legitimate interests or direct marketing.

7. Withdraw Consent: If consent was provided, it can be withdrawn at any time.

To exercise these rights, please contact privacy@serma.com.

Cookies

The platform uses cookies to enhance user experience. These include:

1. Operational Cookies: Required for the proper functioning of the website.

2. Analytics Cookies: Used to track usage and improve platform performance.

3. Marketing Cookies: For tailored advertising and communication (only with user consent).

Users can manage cookie preferences through their browser settings or our consent banner.

Minors

The platform is not intended for individuals under 18. If data from a minor is inadvertently collected, it will be deleted immediately upon identification unless retention is required by law.

Updates to this Policy

This Privacy Policy is effective as of January 30th 2025 and will be reviewed periodically. Updates will be published on this page, and users will be notified of significant changes.

Contact Us

For any questions or concerns about this Privacy Policy or how your data is handled, please contact:

• Email: privacy@serma.com

• Phone: +33 5 57 26 08 38

• Address: 14, rue Galilée, CS10055, 33615 Pessac