SPIDAC Technology LTD
Last Updated: 10/09/2025
SPIDAC Technology LTD ("we", "us", "our", "SPIDAC") is committed to protecting and respecting your privacy. This Privacy Notice describes how we handle and protect your personal data when we collect it through our websites, applications, and digital assets and through our externally facing business activities, such as consultancy services, training programs, events, surveys, and communications, when we interact with you and collect data from you for use by and on behalf of SPIDAC.
We are the data controller for the personal data we process about you. This means we are responsible for deciding how we hold and use personal data about you. You are not required to share your personal data with us, but failing to do so may result in SPIDAC being unable to properly provide you with our full range of consultancy and training services.
Data Controller: SPIDAC Technology LTD, United Kingdom
Data Protection Enquiries: Email: privacy@spidac.com
General Contact: Email: contact@spidac.com
SPIDAC collects personal data in the course of our business activities directly from you and from third parties. We collect personal data about you in the course of our routine business activities when you interact with our websites, when you create or log into a user profile, when you register to receive SPIDAC newsletters and updates, when you sign up for and participate in SPIDAC training programs and events, when you engage our consultancy services, when you participate in surveys or discussions conducted by SPIDAC, and when you interact with SPIDAC or its employees by email or telephone to ask a question, request information, or otherwise seek a response from SPIDAC.
We may also receive personal data about you from third parties, including service providers and data vendors in the course of our business activities. When we collect personal information from third parties, the data consists primarily of publicly available personal information compiled from business websites, public-facing social media platforms, and other widely used public sources. In each instance, we do our best to confirm that the third party has lawfully collected the data from appropriate sources and is authorized to share the data with SPIDAC.
We may collect sensitive personal data directly from you, for instance when you respond to a survey or discussion conducted by SPIDAC and provide us with demographic or other personal data, or when you provide information to permit us to accommodate your specific request at a training program or event. We use sensitive personal data only with your consent unless another legal basis exists. We may combine personal data that we receive directly from you with personal data that we receive from third parties, to the extent that all such collection and use is consistent with this Privacy Notice.
SPIDAC uses your personal data for different purposes and may combine data from multiple sources to accomplish those purposes. We process your personal data for the following business purposes:
Managing our business relationship with you. As a client or prospective client, you receive information regarding our consultancy services and training programs, including proposals, invoices, and service-related communications. We process your name, email address, location, and professional information such as job title and employer based on our legitimate interest for the provision of services.
Consultancy and training services. We provide privacy technology consultancy and training services tailored to your organization's needs, deliver training materials and certifications, manage projects and communications, and maintain records of your engagement with our services. This processing is based on contract performance and our legitimate interest in providing our services.
Client account management. If you create an account on our website, you receive access to resources, personalized content, and service materials. We process your user credentials and profile information based on your consent when creating an account.
Marketing communications and events. If you register for SPIDAC newsletters, alerts, events, or training programs, you receive business and industry-specific information. We process your contact information and preferences based on our legitimate interest in providing information about our services and, where legally required, your consent when signing up for events and communications.
Research and analytics. We conduct research and data analytics activities related to privacy technology trends, industry benchmarking, and service improvement. This processing is based on our legitimate interest in developing and improving our services and, when needed, your consent.
Legal compliance and business operations. We comply with all applicable regulations, exercise legal actions and defense, prevent fraud, enforce our agreements, and fulfill corporate reporting obligations. The personal data processed depends upon the specific legal requirement, and this processing is based on compliance with applicable laws and regulations.
Website and system security. We collect data from your use of our websites and systems to analyze user activity, fix errors, monitor usage, and improve security and performance. This includes aggregated data on browsing patterns and system usage. This processing is based on our legitimate interest to improve functionality and ensure security.
Whenever the legal ground is our legitimate interest, SPIDAC only processes your personal data after assessing the adequacy, proportionality, and legitimacy of the data-processing activity. If consent has been relied upon and you withdraw it, we may not be able to properly provide you with our full range of services.
Personal data collected in the course of SPIDAC business activities may be transferred and made available to SPIDAC service providers and third parties as necessary to accomplish the specific business purposes for which the personal data were collected and to support our interactions with you. We may provide access to your data to our service providers including cloud hosting and IT service providers, payment processors, professional advisors, and training platform providers. We also share data with business partners such as subcontractors delivering services on our behalf and training partners, and with regulatory authorities, law enforcement agencies, and courts when required by law.
We ensure all third parties are bound by appropriate data protection agreements and only process your data as instructed by us. To protect personal data that is transferred internationally, SPIDAC complies with all applicable data transfer laws, including incorporating required data transfer terms into our agreements with service providers and third parties.
Your personal data may be transferred outside the European Economic Area to cloud service providers with global infrastructure, international business partners, and group companies. When we transfer data internationally, we ensure appropriate safeguards are in place through adequacy decisions by the European Commission, Standard Contractual Clauses, Binding Corporate Rules, or other approved transfer mechanisms under applicable data protection laws.
SPIDAC protects and safeguards your personal data in accordance with applicable law, our privacy and data security policies, and this Privacy Notice. We use generally accepted standards of technical and operational security to protect your personal data against accidental or unlawful loss, misuse, alteration, or destruction, and we require the same level of protection from our service providers and third parties. Only authorized personnel are permitted to access personal data, and these individuals are required to treat this information as confidential. Despite these precautions, SPIDAC cannot guarantee that unauthorized persons will not obtain access to your personal data.
SPIDAC keeps your personal data only as long as necessary to accomplish the business purposes for which it was collected, to meet our legal or contractual obligations, and in compliance with our data retention policies. We retain client data during the engagement period plus seven years for accounting and legal purposes, training records for ten years to support ongoing certification and professional development, marketing data until consent is withdrawn, and website analytics for a maximum of 26 months. We will securely delete your personal data promptly after these purposes cease to apply in accordance with prevailing industry practice.
Subject to applicable law, you have rights regarding the personal data we hold about you. You may request information about the personal data that we hold about you and how we use it, request a copy of your personal data, request portability of your data in a structured format, request correction of inaccurate or incomplete personal data, request deletion of your personal data, request that we cease or restrict processing of your personal data, withdraw your consent where processing is based on consent, and seek legal remedies regarding our response to your requests.
To exercise these rights, you can contact us at privacy@spidac.com or using the contact information provided above. Upon receipt of your request, we will acknowledge it within the time period required by applicable law and provide information about next steps and timing. We may take reasonable steps to verify your identity before acting on certain requests. Please note that applicable laws include exceptions to data protection rights that may prevent us from providing access to your personal data or fully complying with your request.
If you receive SPIDAC newsletters, alerts, or invitations to events and would prefer not to receive future communications from us, you may unsubscribe by clicking the link in emails you receive from us, updating your communication preferences if you have an account with us, or emailing us at unsubscribe@spidac.com.
SPIDAC may use first-party and third-party cookies and other tracking technologies to manage our websites and services and to collect analytics about how you use them. We may collect information about whether you open or click links in communications we send you. Please refer to our Cookie Policy for more details about the types of cookies we use and how to manage your preferences.
SPIDAC does not intentionally collect or maintain personal data from individuals under the age of 16. To the extent that any of our business activities may involve collecting personal data from individuals under 16, we would do so only with required legal consent from the parent or guardian and in accordance with applicable law.
We may update this Privacy Notice from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes via email or website notice and update the "Last Updated" date at the top of this notice.
If you have concerns about how we handle your personal data, you can contact us directly using the information above or lodge a complaint with the relevant supervisory authority. For UK residents, this is the Information Commissioner's Office (ico.org.uk). For EU residents, contact your local Data Protection Authority.