Privacy Policy

Introduction

This Privacy Policy describes how Simple Security Awareness ("we", "our", or "us") collects, uses, and protects personal information when you use our website and purchase our security awareness training services. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable privacy laws.

This policy applies to individuals and organizations who visit our website and purchase subscriptions to our security awareness training platform. For information about how we process data of training recipients, please refer to our in-app privacy policy available after login.

Last updated: March 8, 2025

Data Controller

Simple Security Awareness acts as the data controller for personal data collected through our website and services. You can contact us at privacy@simple-security-awareness.com.

Information We Collect

We collect and process the following categories of personal data:

  • Contact information (name, email address, phone number)
  • Company name, size, and industry
  • Billing and payment information
  • Account credentials and activity logs
  • Communications with our team
  • IP addresses and device information
  • Cookies and similar technologies

Legal Basis for Processing

We process personal data on the following legal grounds:

  • Contract fulfillment: Processing necessary to deliver our services and fulfill our contractual obligations
  • Legitimate interests: Improving our services, ensuring security, and business development
  • Consent: Where you have explicitly agreed to specific processing activities
  • Legal obligation: When required to comply with applicable laws

How We Use Your Information

  • To create and manage your account
  • To process payments and maintain your subscription
  • To provide administrative tools for managing users
  • To generate reports on training effectiveness and completion
  • To communicate important updates and service information
  • To provide customer support
  • To improve our services and develop new features
  • To comply with legal obligations
  • To protect our legitimate business interests and legal rights

Data Sharing

We share personal data in the following ways:

  • With service providers who help us deliver our services
  • With payment processors to complete transactions
  • With legal authorities when required by law

We do not sell personal data to third parties.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements. When determining retention periods, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure, and whether we can achieve the purposes through other means.

International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA). When we do, we ensure a similar degree of protection by implementing appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission, or by relying on adequacy decisions.

Data Protection

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption, access controls, regular security assessments, and staff training on data protection.

Your Rights Under GDPR

Under the GDPR, you have the following rights:

  • Right to access: You can request copies of your personal data
  • Right to rectification: You can request that we correct inaccurate information
  • Right to erasure: You can request deletion of your information in certain circumstances
  • Right to restrict processing: You can request we limit the processing of your data
  • Right to data portability: You can request transfer of your data to you or a third party
  • Right to object: You can object to our processing of your personal data
  • Rights related to automated decision-making: You can request human intervention for decisions based solely on automated processing

To exercise any of these rights, please contact us at privacy@simple-security-awareness.com. We will respond to your request within 30 days. You will not be charged a fee for accessing your personal data (or exercising any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive.

Cookies and Tracking

Our website uses cookies and similar tracking technologies to enhance your experience. You can manage your cookie preferences through your browser settings. For more information, please see our Cookie Policy.

Third-Party Processors

We may use third-party service providers to process personal data on our behalf. These providers are carefully selected and required to maintain appropriate security measures in compliance with the GDPR and our data protection standards.

Data Breach Procedures

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

Complaints

If you have concerns about our handling of your personal data, please contact us first at privacy@simple-security-awareness.com. You also have the right to lodge a complaint with your local data protection authority.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a new effective date.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@simple-security-awareness.com
Address: naepflin.com Software, Amstutzweg 7, 6010 Kriens, Switzerland