We take Data Protection seriously

Operated by SudoCyber Limited, the aims of SudoRange are:-

* To create an easy to use, all inclusive competition and learning environment for Cyber Security Skills.
* To ensure that best practice and core skills can be learned in a safe and robust environment with real-world applications.

In order to achieve these aims we need to gather, process and store some of your personal data as defined in the General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.

We will take all reasonable measures to handle that information with respect, process and store it securely and be open and honest when we communicate with you about how we protect your rights to data protection.

What information do we collect about you?

We collect information about you when you join or use the SudoRange system, including:-

• Name
• Chosen Nickname
• Email Address
• Date of Birth
• Employer/Educational Institute
• Phone Number

What do we use the information for?

We use the information for the following purposes:-

• Administration of competitions
• Distribution of email information (related to your use of our platform)
• Co-ordination of events
• System functions, such as email validation

Given that members of SudoRange and participants at SudoCyber hosted events will have provided their personal data for the purpose of participating in the platform, we believe that we have the right to process the personal data previously provided to satisfy those purposes and will rely on this “legitimate interest” as the legal basis for processing personal data until you ask us to stop. We will not process the personal data for any other purpose and we further believe that members reasonably expect us to process their data and communicate with them in this way.

We may share information about you with:-

• Staff at the venues we use (for security, dietary requirements, audio visual requirements etc.)
• Partners who may be co-organising an event
• Partner organisations who may be responisble for an individuals membership

Staff from these organisations may be in the UK or abroad. It is not possible to confirm who these 3rd parties will be in advance of collecting your data, however we will endeavor to inform you of all data sharing with service providers as soon as possible.

Your data may be processed by the following 3rd party Data Processors:-

• Amazon Web Services – All processing takes place in the UK
• Microsoft 365 – All processing takes place in the UK

We will not knowingly share your information with anyone else or any other organisations unless of course we are required to do so by law.

How will we handle your data?

Unless otherwise stated, we will be what’s known as the ‘Controller’ of the personal data you provide to us, this means we control what happens to the data in our possession.

We will treat your information with the same care and attention as we would expect our own personal data to be treated. This will include taking appropriate organisational and technical measures to protect your information while we are holding and processing it.

We will continue to hold and process your information until (unless we are legally required to continue):-

• You cancel your membership
• You ask us to stop processing your data
• You ask us to delete your data

We will protect your rights which, depending on the legal basis for the processing of the information, may include:-

• Your right to access your information – to ask what data we hold about you and provide you with a copy of that data
• Your right to object to the processing your some or all of your data for some or all of our purposes
• Your right to withdraw your consent to processing easily at any time
• Your right to have the your information deleted
• Your right to rectification of inaccuracies in the information we process
• Your right to be told about any automated decision making using your data
• Your right to have a human intervention in automated decision making
• Your right to complain to the ICO

Who should you talk to about the way we protect your information?

The person within SudoCyber who is responsible for co-ordinating our data protection efforts and communicating with you and other organisations about data protection is:-

Marc Del-Velle
marc@sudocyber.net

What functionality on our platform may also process your personal data?

Cookies

The type of cookies used on most platforms including sudocyber.net and sudorange.online and can generally be put into 1 of 4 categories, based on the International Chamber of Commerce guide to cookie categories;

Strictly Necessary Cookies

These cookies are essential, as they enable you to move around the website and use its features, such as accessing secure areas. Without these cookies, services you’ve asked for can’t be provided. These cookies don’t gather information about you that is used for marketing or remembering where you’ve been on the internet.

Performance Cookies

These cookies collect information about how you use a website, for example which pages you go to most often and if you get error messages from certain pages. These cookies don’t gather information that identifies you. All information these cookies collect is anonymous and is only used to improve how a website works. These cookies are not used to target you with online marketing. Without these cookies we can’t learn how our website is performing and make relevant improvements that could better your browsing experience.

Functionality Cookies

These cookies allow a website to remember choices you make (such as your user name, language or the region you’re in) and tailor the website to provide enhanced features and content for you. For instance, a website may be able to provide you with local weather reports or traffic news. These cookies can also be used to remember changes you’ve made to text size, font and other parts of pages that you can customise. They may also be used to provide services you’ve asked for such as watching a video or commenting on a blog. The information these cookies collect may be anonymous and they cannot track your browsing activity on other platform. Without these cookies, a website cannot remember choices you’ve previously made or personalise your browsing experience.

Targeting Cookies

These cookies are used to tailor marketing to you and your interests. They are also used to limit the number of times you see an advertisement as well as help measure the effectiveness of the advertising campaign. They remember that you have visited a website and this information may be shared with other organisations such as advertisers. Although these cookies can track your visits to other platform, they don’t usually know who you are. Without these cookies, online advertisements you encounter will be less relevant to you and your interests. SudoCyber does not use targeting cookies within our platforms.

Log Files

When you visit our platform, we collect web statistics concerning your visit which are stored in a log file. Log files allow us to record visitors’ use of the site as well as monitor site performance and address any errors. The web teams use analytics to record visitors’ use of the site and use this information to make changes to the layout of the website and to the information provided on the website. Log files do not contain any personal information and they are not used to identify any individual patterns of use of the site.

This statement only covers platform and data maintained by SudoCyber and does not cover other data or platform linked to or associated with our platform.

CHANGES TO OUR PRIVACY STATEMENT

We may change our Privacy Statement from time to time in line with legislation and industry standards. We will not be explicitly notifying all website users about these changes and therefore recommend that you check this statement occasionally for any policy changes. Below is a change log of all revisions made.

14/05/2022 – Privacy Statement Created
14/05/2022 – Privacy Statement Reviewed
17/11/2022 – Privacy Statement Updated
14/05/2024 – Privacy Statement Reviewed