1. Introduction
Oxcyber (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share personal data you provide through our website (oxcyber.org). We adhere to applicable data protection laws and recommend that you read this policy carefully.
2. Scope and Governing Law
This policy applies to visitors, members, and event registrants (“you”, “your”) interacting with our website and services. If you reside within the European Economic Area (“EEA”), we act as the data controller under the UK GDPR/Data Protection Act 2018 and analogous EU laws.
3. Data We Collect
We collect personal data only when you choose to register, which may include:
- Contact Details: Name, email address, phone number, organisation/affiliation.
- Professional Information: Job title, organisation type.
- Event Preferences: Event types, interests relevant to OxCyber’s scope.
No Cookies
Our website does not use cookies, tracking technologies, or third-party analytics.
4. Lawful Basis for Processing
We process your personal data based on:
- Consent: When you register or subscribe, you give explicit consent for the data you submit.
- Legitimate Interests: To provide membership services, event notifications, and news deemed relevant to you, where our interests do not override your data protection rights.
5. Purpose of Processing
Your data is used to:
- Administer your membership or event registration.
- Send event invitations, updates, or news we believe will interest you.
- Provide customer and support services.
- Comply with legal obligations (e.g., record-keeping).
6. Data Retention
We retain personal data only as long as necessary to fulfil the purposes outlined, or as required by law. For example:
- Membership or event records: kept for up to 3 years after your last interaction, unless you request deletion earlier.
- Communication logs: retained for audit and support, typically 1 year.
7. Data Sharing and Disclosure
We do not share your personal data with third parties except:
- With your consent.
- For service provision (e.g., organisers, IT providers)—only to the extent needed and under confidentiality agreements.
- Where required by law or to protect our legal rights.
8. International Transfers
Data is not transferred outside the UK/EEA (e.g., to cloud services). If this were to ever change, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions are in place.
9. Your Rights
Depending on your jurisdiction, you have rights to:
- Access your personal data.
- Rectify inaccuracies.
- Erase data (“right to be forgotten”).
- Restrict processing.
- Object to processing.
- Data portability.
- Withdraw consent at any time (without affecting lawfulness of prior processing).
To exercise these, contact us (see section 12). We will respond promptly and within applicable legal timeframes.
10. Security Measures
We implement technical and organizational safeguards to protect your data, including:
- Encryption of data in transit and at rest where appropriate.
- Secure storage systems and access controls.
- Staff training and confidentiality obligations.
- Incident response procedures.
11. Children’s Privacy
Our services are not intended for individuals under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us.
12. Contact Us
For privacy inquiries, to exercise your rights, or to lodge a complaint:
Data Protection Officer
Email: [privacy@oxcyber.org]
Postal Address: OxCyber, Kings Head House, 15 London End, Beaconsfield, Buckinghamshire, HP9 2HN, United Kingdom.
If you’re unhappy with our response, you may escalate to the Information Commissioner’s Office (ICO) in the UK or equivalent supervisory authority.
13. Changes to This Privacy Policy
We may update this policy occasionally. Changes will be posted here with the effective date. For any material updates, we may notify you directly if you’ve registered with us.
