Privacy Policy This privacy policy explains how Lantern Cyber (“we”, “us”, “our”) collects, uses, and protects the personal data of our customers and visitors (“you”, “your”) when you access our website HTTPS://Lanterncyber.com (“the website”) or purchase our training courses (“the services”). This privacy policy complies with the EU General Data Protection Regulation (GDPR). Who we are Lantern Cyber is a company that provides Information Security Training and Consulting Services. Our registered address is 606 Boarded Hall Green, Boarded Hall, Barbados, BB19163. You can contact us by email at info@lanterncyber.com, by phone at +13474740078, or by mail at our registered address. If you have any questions or concerns about how we handle your personal data, you can contact our Data Protection Officer (DPO) at dpo@lanterncyber.com. What personal data do we collect, and why We collect and process the following categories of personal data for the purposes and legal bases described below: Contact information: We collect your name, email address, phone number, and postal address when you register for an account on our website, purchase our services, or contact us for any reason. We use this information to provide services, communicate with you, respond to your inquiries, and send you marketing communications (with your consent). The legal basis for this processing is the performance of a contract or the legitimate interest of our business. Payment information: When you purchase our services, we collect your credit card details or other payment methods. We use this information to process your payments and prevent fraud. The legal basis for this processing is the performance of a contract or the legal obligation of our business. Course information: When you use our services, we collect your course preferences, progress, feedback, and certificates. We use this information to deliver the services, monitor your performance, improve our courses, and issue certificates. The legal basis for this processing is the performance of a contract or the legitimate interest of our business. Technical information: We collect your IP address, browser type, device type, operating system, and other technical information when you access our website. We use this information to ensure the website's proper functioning, analyze the website usage, improve the website performance, and prevent or detect security issues. The legal basis for this processing is the legitimate interest of our business or the legal obligation of our business. Cookie information: We use cookies and similar technologies to collect information about your preferences, behaviour, and interactions on our website. We use this information to personalise the website content, remember your login details, and provide you with relevant advertisements (with your consent). The legal basis for this processing is your consent or the legitimate interest of our business. You can manage your cookie preferences or disable cookies anytime by visiting our Cookie Policy. We do not collect special categories of personal data, such as race, ethnicity, religion, health, or biometric data, or personal data from children under 16. We obtain your personal data directly from you when you provide them to us or indirectly from third parties, such as payment processors, social media platforms, or analytics providers when you use their services on our website. We do not use your personal data for any automated decision-making or profiling that could significantly or legally affect you. How long we keep your personal data We retain your personal data for as long as necessary to fulfil the purposes we collected them, or to comply with any legal, accounting, or reporting requirements. The retention period may vary depending on the type and category of personal data, but we generally follow these criteria: We keep your contact information, payment information, and course information for the duration of our contractual relationship with you and for up to six years after the termination of the contract to comply with tax and accounting obligations and to resolve any disputes or claims. We keep your technical information and cookie information for up to one year after your last visit to our website to ensure its proper functioning and analyse website usage. We keep your marketing communications preferences for as long as you consent to receive such communications from us or until you unsubscribe or opt out. We may anonymise or aggregate your personal data for statistical or research purposes, in which case we may use this information indefinitely without further notice. How we protect your personal data We take appropriate technical and organisational measures to protect your personal data from unauthorised or unlawful access, use, disclosure, alteration, or destruction. These measures include: Encrypting your personal data in transit and at rest Restricting access to your personal data to only those employees, contractors, and partners who need to know them for the purposes of processing Training our staff on data protection and security best practices Implementing regular backups, audits, and testing of our systems and procedures Updating and patching our software and hardware to prevent vulnerabilities and attacks However, no method of transmission or storage is completely secure, and we cannot guarantee the absolute security of your personal data. In the event of a data breach that could pose a high risk to your rights and freedoms, we will notify you and the relevant authorities as soon as possible, per the GDPR. Who do we share your personal data with We may share your personal data with the following categories of recipients for the purposes and legal bases described above: Service providers: We may use third-party service providers to perform certain functions on our behalf, such as hosting, payment processing, analytics, email delivery, or customer support. We only share your personal data with these service providers to the extent necessary for them to provide their services to us, and we require them to comply with the GDPR and our data protection and security policies. Affiliates and partners: We may share your personal data with our affiliates and partners, such as other companies in our group or our course providers, instructors, or sponsors. We only share your personal data with these affiliates and partners to provide you with the services, or for marketing purposes (with your consent). We require them to comply with the GDPR and our data protection and security policies. Authorities and regulators: We may disclose your personal data to any competent authority, regulator, government agency, or law enforcement body if required by law or if necessary to protect our rights, property, or safety, or the rights, property, or safety of our customers, visitors, or others. Other parties: We may transfer your personal data to a third party in the event of a merger, acquisition, reorganization, sale of assets, or bankruptcy, or as part of a legal proceeding, in which case we will notify you and obtain your consent if required by law. Some of your personal data recipients may be located outside the European Economic Area (EEA), such as the United States, where the data protection laws may not provide the same level of protection as those in the EEA. In such cases, we will ensure that adequate safeguards are in place to protect your personal data, such as the EU-US Privacy Shield framework, the EU Standard Contractual Clauses, or the consent of the data subject. What rights you have over your personal data Under the GDPR, you have the following rights over your personal data: Right of access: You have the right to request a copy of the personal data we hold about you, along with information on how and why we process it. Right of rectification: You have the right to request that we correct or update any inaccurate or incomplete personal data we hold about you. Right of erasure: You have the right to request that we delete or remove any personal data we hold about you unless we have a legal obligation or a legitimate interest to keep it. Right of restriction: You have the right to request that we limit or suspend the processing of your personal data under certain conditions, such as if you contest its accuracy or object to its processing. Right of data portability: You can request that we transfer your personal data to another organisation or to you in a structured, commonly used, and machine-readable format where technically feasible. Right to object: You have the right to object to the processing of your personal data and may request we stop at any time.