Our commitment
Cyber Security Challenge UK Ltd is committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognise our obligations to update and expand our existing protection program to meet the demands of the General Data Protection Regulation (‘GDPR’) and the UK’s Data Protection Act. We are Cyber Essentials Certified through The IASME Consortium, with our Certificate available for inspection at the Blockmark Registry here: https://registry.blockmarktech.com/certificates/73159f80-fae1-463a-9059-b4a8286cf5b1/
Data protection: our main policy and procedure documents for data protection have been overhauled to meet the standard and requirements of GDPR. Accountability and governance measures have been improved to ensure that we understand and adequately evidence our obligations and responsibilities. We focus on privacy by design and the rights of individuals.
Data retention and erasure: we have updated our retention policy and schedule to ensure that we meet the ‘data minimisation’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically and in accordance with the data subjects rights.
Under the General Data Protection Regulation (GDPR), we are required to inform you about how long we will retain your personal data. We will retain your personal data for as long as is necessary to fulfil the purposes for which it was collected but never longer than 7 years after you have signed up as a contestant in one of our games or competitions. In some cases, we may be required to retain your data for longer periods of time to comply with legal or regulatory obligations. When your personal data is no longer required, we will securely delete or anonymise it. You have the right to request access to, correction of, or erasure of your personal data at any time. If you have any questions about our data retention practices or wish to exercise your rights under the GDPR, please contact us.
Data breaches: our breach procedures have been updated to ensure we have safeguards and measures to identify, assess, investigate and report any personal data breach at the earliest possible time.
Obtaining consent: we have reviewed and updated our consent mechanism for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. Evidence of an affirmative opt-in, along with time and date records is an important part of this process, and supports the individuals ability to understand their right to withdraw consent at any time.
Processor agreements: where we use any third party to process personal information on our behalf we are drafting compliant processor agreements and due diligence procedures to ensure that they meet and understand their GDPR obligations.
You can read more in the sections below.
Privacy Statement
Privacy Policy
Last modified: July 20 2023
Introduction:
Cyber Security Challenge UK Ltd (“The Challenge”) respects the privacy of its customers, suppliers, partners and employees. We have therefore formulated and implemented a policy on complete transparency regarding the processing of personal data, its purpose(s) and the possibilities to exercise your legal rights in the best possible way. If you require any additional information about the protection of personal data, please visit https://ico.org.uk/.
Definitions:
Party responsible for processing personal data (the “Controller”):
○ Cyber Security Challenge UK Ltd, with registered address at Audley House, Northbridge Road, Berkhamsted, England, HP4 1EH, 07202469.
Data Protection Authority:
○ Information Commissioner.
Data Protection laws:
○ The UK Data Protection Act 2018 and the UK GDPR 2020;
○ The UK e-privacy regulation;
○ The EU GDPR 2018;
○ The EU e-privacy directive 2002 (soon to be replaced by the EU e-privacy regulation).
Collection of data:
Your personal data will be collected by Cyber Security Challenge UK Ltd and its data processors.
Personal data means any information relating to an identified or identifiable natural person (‘data subject’).
An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Your personal information will be:
… processed fairly, lawfully and you will be informed as to the nature of that processing;
… collected for specified, explicit and legitimate purposes and not processed in a manner which is incompatible with those purposes;
… adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
… adequate and where necessary kept up to date;
… kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
… processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
The Challenge will only capture and process personal information for legitimate business purposes, for the marketing, management and administration of competitions and events and for the purposes of fulfilling contractual obligations with our partners and sponsors.
Under no circumstances will we sell or make commercial use of personal information provided to us in good faith without prior, written, specific and explicit consent.
The information we collect:
● information that you provide for the purpose of registering for Challenge competitions and events;
● demographic information (e.g. age, gender, residence locale) for anonymised analysis and reporting purposes;
● information about transactions carried out through our web channels (including web site and social media).
Data collection as described above is based on your consent. Anonymised data is processed based on our legitimate interest.
Storage and protection of data:
Your data is protected by Cyber Security Challenge UK Ltd and its processors in pursuance to all legal requirements set by the relevant data processing laws. Cyber Security Challenge UK Ltd has taken technical and organizational security measures to protect your data and requires its data processors to meet the same requirements. Cyber Security Challenge UK Ltd has signed processing agreements with its processors to ensure an adequate level of data protection.
Who we share your data with:
We may share your data with our suppliers to ensure that we can provide the service that you have requested from us. This includes cloud-service providers.
We may also share your data with suppliers that enable The Challenge to carry out day-to-day business activities such as our accountants and bookkeeping software.
Upon request, we will share a list of our (sub)processors.
International data transfers:
Where there is an international data transfer, we rely on adequacy decisions or Standard Contractual clauses to ensure that the personal data is handled in accordance with the relevant data protection legislation.
Your rights regarding information:
Pursuant to Article 13 paragraph 2 sub b GDPR each data subject has the right to information on and access to, and rectification, erasure and restriction of processing of his personal data, as well as the right to object to the processing and the right to data portability.
You can exercise these rights by contacting us at the following email address: admin@cybersecuritychallenge.org.uk and put “GDPR request” in the subject line of your email.
Each request must be accompanied by a copy of a valid ID, on which you put your signature and state the address where we can contact you.
Within one month of the submitted request, you will receive an answer from us. We will not charge you for submitting your request unless the request is manifestly unfounded or otherwise unreasonable in its nature.
Depending on the complexity and the number of the requests this period may be extended to two months.
Marketing:
You may receive commercial offers from The Challenge. If you do not wish to receive them (anymore), please send us an email to the following address: admin@cybersecuritychallenge.org.uk
Your personal data will not be used by our partners for commercial purposes.
If you encounter any personal data from other data subjects while visiting our website, you are to refrain from collection, any unauthorized use or any other act that constitutes an infringement of the privacy of the data subject(s) in question. The collector is not responsible in these circumstances.
Data retention:
The collected data are used and retained for the duration determined by law. You may, at any time, request your data to be deleted from any Cyber Security Challenge account, system or other data processing medium in accordance with the process described above.
Applicable law:
These conditions are governed by the laws of England and Wales. The court in the district where the controller has its place of business has the sole jurisdiction if any dispute regarding these conditions may arise, save when a legal exception applies.
Terms of Use
Terms & conditions and acceptance
a) These terms and conditions (“Terms”) govern the use of the Cyber Security Challenge UK Ltd website OR any part of it (“the Site”). Cyber Security Challenge UK Ltd may modify the Terms from time to time and you are advised to keep up to date with any changes by regularly reviewing the Terms. By using the Site you agree to be bound by the Terms.
b) For information on our Privacy Policy, and obtain consent, please click here
Use of the site
a) The Site may contain links to other sites or to third party sites which may be subject to separate terms and conditions.
b) Any links to third party websites from the Site do not amount to any endorsement of that site by Cyber Security Challenge UK Ltd and any use of that site by you is at your own risk.
Registration
a) Some pages are only available if you register first, ie competitions but you do not have to register to access most of the pages on the Site. If you do NOT register, you cannot play our competitions.
b) You are responsible for the proper use and security of any passwords as issued. Cyber Security Challenge UK Ltd does not guarantee the security of your own equipment against unauthorised or unlawful access or use.
c) Cyber Security Challenge UK Ltd may delete a registration (and any associated information or data) without notice if it has not been used for more than 12 months.
Availability
a) It is technically impracticable to provide a fault-free Site and Cyber Security Challenge UK Ltd does not undertake to do so. In the event of a fault, Cyber Security Challenge UK Ltd will attempt to restore the Site as soon as is reasonably practicable.
b) Access to the Site may occasionally be suspended or restricted for operational reasons such as maintenance or the introduction of new facilities or products.
c) Cyber Security Challenge UK Ltd reserves the right at any time and without notice to modify, edit, delete, suspend, discontinue, temporarily or permanently, any content, including any products available through the Site, or the Site or any part of it.
Content and copyright
a) Content provided by Cyber Security Challenge UK Ltd including information, data, material, text, designs, graphics, pictures, video, photographs, applications, software, audio and other files, and their selection and presentation, is owned by Cyber Security Challenge UK Ltd or licensed to Cyber Security Challenge UK Ltd by third parties. It is protected by copyright, trademark and other intellectual property rights as applicable and provided solely for your own use. Republication or redistribution of the content, including by framing or similar means, is prohibited UNLESS PERMISSION HAS BEEN OBTAINED FROM CYBER SECURITY CHALLENGE UK LTD.
b) Inaccuracies: If Cyber Security Challenge UK Ltd is informed of any inaccuracies in the content, Cyber Security Challenge UK Ltd will use reasonable endeavours to correct the inaccuracies as soon as reasonably practicable.
Advertising and sponsorship
a) Advertisers and sponsors are responsible for ensuring that material submitted for inclusion on the Site complies with relevant laws and codes of practice. Cyber Security Challenge UK Ltd is not responsible for any error or inaccuracy in advertising and sponsorship material.
Data protection
a) Cyber Security Challenge UK Ltd will comply with its obligations under applicable data protection legislation and maintain all relevant registrations and notifications, for the purposes of operating the Site.
Child Protection Policy
Cyber Security Challenge engages with children between the age of 16-18 through its competitions and other activities including our Face-to-Face, Masterclass and Cyber Camp events.
We may also engage with Year 7 and over (11-17 year-olds) in Secondary Schools and other Youth organisations through our Schools Programme and events held in conjunction with The Cyber Trust.
The welfare of children is paramount to us, and we acknowledge that all children, regardless of their age, culture, disability, gender, language, racial origin, religious beliefs and/or sexual identity have the right to be protected from harm and abuse. Cyber Security Challenge acknowledges it has a duty of care to safeguard and promote the welfare of the children we engage with and is committed to ensuring safeguarding practices reflect statutory responsibilities, guidance and best practice.
We want to ensure that all the children we engage with have a positive and enjoyable experience of our competitions and other activities, and that they are protected from harm and abuse whilst participating. We are also fully committed to ensuring that the personal data of the children we engage with never falls into the wrong hands.
All suspicions and allegations of abuse and poor practice will be taken seriously and responded to swiftly and appropriately.
Cookie Policy
A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about the use of cookies on www.allaboutcookies.org We may in the future use cookies to identify you when you visit this website and to keep track of your browsing patterns and build up a demographic profile.
Use of cookies allows registered users to be presented with a personalised version of the site, carry out transactions and have access to information about their account.
Most browsers allow you to turn off cookies or to receive a warning before a cookie is stored on your hard drive. Please refer to your browser instructions or help screen to learn more about how to do this. However, should you decide to disable any cookies we place on your computer you may not be able to use certain services or facilities on the website.
Our policy
No personal information is stored in these cookies, but if you wish to ensure that no cookies are created on your computer, then you are free to use your web browser’s settings to turn off cookies.
This site makes use of cookies in order to function correctly and to provide the best user experience for you, the visitor.
If you continue to use this site, you are giving consent for the site to use cookies on this computer. This method of implied consent is in accordance with the Information Commissioner’s directives.
Rules and Eligibility
Main competitions programmes when running (for example, Face-to-Face competitions)
The eligibility rules below must be accepted in order for you to register for, and participate in, any of the Challenge hosted competitions:
Age and Eligibility
Face-to-Face qualifiers: You must be 16 or over to compete in these competitions. Exceptions may be made for exceptional talent under 16 – this is at the discretion of the organisers. Contestants under 18 will need to be accompanied by an adult when attending any physical competitions. If you currently work in the Cyber Security Profession you cannot attend a Face-to-Face Competition or win a Career enabling prize.
Nationality
We no longer have Nationality requirements though sometimes and depending upon the source of funding for the event, UK nationals may be prioritised when places are allocated. If you are not a UK national please do apply and we will facilitate places where possible.
Media & publicity
If you wish to take part in our competitions, you MUST be open to being photographed and for those images to be used for the purposes of marketing and promotion (both internally and externally of the Challenge). By competing in our competitions you agree that you are happy for at least your first name to be used throughout publicity and if you become a winner you will support the Challenge’s mission by taking part in interviews following your win.
Frequency
On a case-by-case basis you may not be eligible to compete in any further Face-to-Face competitions if you have competed in Face-to-Face competitions for more than 3 consecutive years, though you may continue to take part in university, school or careers events if you are eligible to attend those.
University Competitions – when running
The material is most likely to be suited to those aged 18 and above.
Schools Competitions – when running
Our schools programme is open to a range of ages, from Year 6 (10/11 years old) upwards. Each event or competition may have its own criteria for entry, so please visit the specific pages of the website for more information.
Cyber Security professionals
If you are currently working in Cyber Security then you can play our university competitions. However, you will not be entitled to participate in any Face-to-Face Competitions.
If you are unsure as to whether your employment counts as working in the cyber profession please get in touch. If you participate and gain a place at a Face-to-Face event and then are found to be already employed in Cyber Security you will be disqualified.
The exception to this is the European Cyber Security Challenge competition and its associated qualifiers, which are open to industry professionals under 25 years of age.
Disclosure
When playing our competitions you must not do anything to contravene any UK Law or do anything to bring Cyber Security Challenge UK or any of its sponsors into ill repute.