Privacy Policy

Last updated: December 11, 2024

1. Introduction

Jellybean Commercial (trading as "Jellybean Cyber") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Jellybean Academy cybersecurity training platform.

This policy complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data Controller Information

Data Controller: Jellybean Commercial (trading as Jellybean Cyber)
Registered Office: [Company Address]
Company Registration Number: [Registration Number]
Data Protection Officer: [email protected]
Contact Email: [email protected]

3. Information We Collect

3.1 Personal Information You Provide

  • Account Information: Full name, email address, company affiliation
  • Training Data: Activity completion records, scores, progress tracking
  • Communication Data: Messages, feedback, and support requests

3.2 Information Automatically Collected

  • Usage Data: Pages visited, time spent on activities, click patterns
  • Device Information: Browser type, operating system, IP address
  • Performance Data: Response times, error logs, system performance metrics

3.3 Cookies and Tracking Technologies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies without your explicit consent.

4. Legal Basis for Processing

Under UK GDPR, we process your personal data based on the following legal grounds:

  • Contractual Necessity: To provide our training services as agreed with your organization
  • Legitimate Interests: To improve our services, ensure security, and provide customer support
  • Consent: For optional features like marketing communications (where applicable)
  • Legal Obligation: To comply with applicable laws and regulations

5. How We Use Your Information

We use your personal data for the following purposes:

  • Providing and maintaining our cybersecurity training platform
  • Tracking your training progress and generating reports
  • Personalizing your learning experience
  • Communicating with you about your account and our services
  • Providing customer support and technical assistance
  • Improving our platform and developing new features
  • Ensuring platform security and preventing fraud
  • Complying with legal obligations and regulatory requirements

6. Data Sharing and Disclosure

6.1 With Your Organization

We share training progress, completion status, and performance data with your organization's designated administrators and managers for training oversight purposes.

6.2 Service Providers

We may share data with trusted third-party service providers who assist us in operating our platform, including:

  • Cloud hosting providers (with data processing agreements)
  • Authentication and security services
  • Customer support platforms

6.3 Legal Requirements

We may disclose your information if required by law, court order, or to protect our rights, property, or safety, or that of others.

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to appropriate safeguards.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this policy:

  • Account Data: Retained while your account is active and for 3 years after account closure
  • Training Records: Retained for 7 years for compliance and audit purposes
  • Support Communications: Retained for 2 years after resolution
  • System Logs: Retained for 12 months for security and performance monitoring

8. Data Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Regular security assessments and penetration testing
  • Access controls and authentication mechanisms
  • Employee training on data protection
  • Incident response procedures
  • Regular backups and disaster recovery plans

9. International Data Transfers

Your data is primarily processed within the UK and European Economic Area (EEA). If we transfer data outside the UK/EEA, we ensure appropriate safeguards are in place, including:

  • Adequacy decisions by the UK government
  • Standard contractual clauses approved by the UK authorities
  • Binding corporate rules or certification schemes

10. Your Rights Under UK GDPR

You have the following rights regarding your personal data:

  • Right of Access: Request copies of your personal data
  • Right to Rectification: Request correction of inaccurate data
  • Right to Erasure: Request deletion of your data (subject to legal obligations)
  • Right to Restrict Processing: Request limitation of data processing
  • Right to Data Portability: Request transfer of your data
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at [email protected]. We will respond within one month of receiving your request.

11. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete such information.

12. Cookies Policy

We use the following types of cookies:

  • Essential Cookies: Required for authentication and basic platform functionality
  • Performance Cookies: Help us understand how users interact with our platform
  • Functional Cookies: Remember your preferences and settings

You can control cookies through your browser settings, but disabling essential cookies may affect platform functionality.

13. Data Breach Notification

In the event of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the Information Commissioner's Office (ICO) within 72 hours
  • Inform affected individuals without undue delay if the risk is high
  • Provide clear information about the nature of the breach and steps being taken

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the updated policy on our website
  • Sending email notifications to registered users
  • Providing in-platform notifications

Changes become effective 30 days after posting unless otherwise specified.

15. Contact Information and Complaints

For privacy-related questions, concerns, or to exercise your rights, contact us at:

Email: [email protected]
Data Protection Officer: [email protected]
Address: [Company Address]
Phone: [Contact Number]

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

ICO Website: ico.org.uk
ICO Helpline: 0303 123 1113
ICO Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF