BalticSec - Cyber Security Awareness

1. Introduction

BalticSec ("we", "our", or "us") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our cyber security awareness training platform.

This policy complies with the EU General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

BalticSec

Email: privacy@balticsec.com

Website: www.balticsec.com

3. Information We Collect

3.1 Personal Data

Account Information: Username, email address, password (encrypted)
Profile Data: Name, role (admin/user), join date
Learning Progress: Completed lessons, quiz scores, points earned, badges
Feedback: Ratings and comments you provide

3.2 Technical Data

IP address
Browser type and version
Device information
Session data
Cookies (see Cookie Policy)

3.3 Google Sign-In Data

If you use Google Sign-In, we receive:

Google account email
Name
Profile picture URL

4. Legal Basis for Processing (GDPR)

We process your personal data based on:

Consent: You provide consent when creating an account
Contract: Processing necessary to provide our services
Legitimate Interest: Improving our platform and security
Legal Obligation: Compliance with applicable laws

5. How We Use Your Information

Provide and maintain our training platform
Track your learning progress and achievements
Personalize your learning experience
Send important updates about your account
Improve our content and services
Ensure platform security and prevent fraud
Comply with legal obligations

6. Your Rights Under GDPR

You have the following rights:

Right to Access: Request a copy of your personal data

Right to Rectification: Correct inaccurate or incomplete data

Right to Erasure ("Right to be Forgotten"): Request deletion of your data

Right to Restriction: Limit how we use your data

Right to Data Portability: Receive your data in a machine-readable format

Right to Object: Object to processing based on legitimate interests

Right to Withdraw Consent: Withdraw consent at any time

Right to Lodge a Complaint: File a complaint with your data protection authority

To exercise these rights, contact us at: privacy@balticsec.com

7. Data Retention

We retain your personal data:

Active accounts: As long as your account is active
Deleted accounts: 30 days after deletion (for recovery)
Legal requirements: As required by law (typically 6 years)
Anonymized data: May be retained indefinitely for analytics

8. Data Security

We implement appropriate security measures:

Password encryption using bcrypt
Secure HTTPS connections
Regular security audits
Access controls and authentication
Data backup and recovery procedures

9. Data Sharing and Transfers

We do not sell your personal data. We may share data with:

Service Providers: Hosting, analytics (with data processing agreements)
Legal Requirements: When required by law or legal process
Business Transfers: In case of merger or acquisition

International Transfers: If data is transferred outside the EU, we ensure adequate protection through Standard Contractual Clauses or other approved mechanisms.

10. Cookies

We use cookies and similar technologies. See our Cookie Policy for details.

11. Children's Privacy

Our platform is not intended for children under 16. We do not knowingly collect data from children under 16. If you believe we have collected such data, contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy. We will notify you of significant changes via email or platform notification. Continued use after changes constitutes acceptance.

13. Contact Us

For privacy-related questions or to exercise your rights:

Email: privacy@balticsec.com

Data Protection Officer: dpo@balticsec.com

Website: www.balticsec.com

14. Supervisory Authority

You have the right to lodge a complaint with your local data protection authority. For EU residents, find your authority at:EDPB Members