Skip to content

Privacy Policy

This Privacy Policy explains how Atreo collects, uses, stores, and protects personal data when you visit our website, apply for the Practical Cybersecurity Academy, request information, book a consultation, or communicate with us.

Last updated: June 26, 2026
This policy is intended to provide clear information about how your personal data is processed in accordance with the General Data Protection Regulation, which requires personal data to be processed lawfully, fairly, transparently, and for specified purposes.
 

1. Who we are

The company responsible for processing your personal data is:

Atreo
26 Red Arches Park
The Coast
Dublin
D13Y394
Ireland

Website: nordcyberacademy.com

For privacy-related questions, you can contact us at:

Email: gdpr@nordcyberacademy.com

Atreo is the data controller for the personal data described in this Privacy Policy, unless stated otherwise.

2. What personal data we collect

We may collect and process the following categories of personal data:

Information you provide directly

When you complete a form, apply for the academy, request a consultation, contact us, or communicate with our team, we may collect:

  • Full name
  • Email address
  • Phone number
  • Country or location
  • Company name, if applicable
  • Professional background
  • Education or experience level
  • Career goals and motivation for joining the academy
  • Information submitted through application forms, contact forms, or consultation booking forms
  • Messages, questions, or other communication you send to us

Information collected automatically

When you visit our website, we may collect certain technical and usage information, such as:

  • IP address
  • Browser type and version
  • Device information
  • Pages visited
  • Date and time of visit
  • Website interaction data
  • Referral source
  • Cookie and tracking preferences

This information may be collected through cookies, analytics tools, and similar technologies. See the Cookies and Tracking Technologies section below.

Payment-related information

If you purchase or reserve a place in the academy, payment may be processed by a third-party payment provider. We do not intentionally store full payment card details on our systems unless explicitly stated by the relevant payment processor.

We may receive payment-related information such as:

  • Payment confirmation
  • Billing name and contact details
  • Invoice details
  • Transaction reference
  • Payment status

3. Why we use your personal data

We process your personal data for the following purposes:

To manage academy applications

We use your information to review your application, assess suitability for the academy, contact you about your application, arrange interviews or consultations, and guide you through the next steps.

To provide information about the academy

We may use your contact details to respond to enquiries, send programme information, explain pricing, share cohort details, and answer questions about the Practical Cybersecurity Academy.

To provide the academy services

If you enrol, we use your personal data to manage your participation, provide access to learning materials, communicate about classes, issue certificates where applicable, and provide student support.

To process payments and invoices

We process necessary information to manage payments, instalment plans, invoices, refunds where applicable, and accounting records.

To communicate with you

We may contact you by email, phone, or other communication channels about your application, consultation, enrolment, payment, programme access, or support requests.

To send marketing communications

Where permitted by law, we may send information about academy updates, upcoming cohorts, educational content, offers, or related services. You can unsubscribe from marketing communications at any time.

To improve our website and services

We may use website analytics and interaction data to understand how visitors use our website, improve content, measure campaign performance, and improve the user experience.

To comply with legal obligations

We may process and retain certain personal data where required for tax, accounting, regulatory, legal, or compliance purposes.

5. Cookies and tracking technologies

Our website may use cookies and similar technologies to make the website work, improve performance, analyse traffic, and support marketing activities.

Cookies may include:

  • Strictly necessary cookies required for website functionality
  • Analytics cookies used to understand website performance and visitor behaviour
  • Marketing cookies used to measure campaigns and show relevant advertising
  • Preference cookies used to remember user choices

Where required, we will ask for your consent before placing non-essential cookies on your device. You can manage or withdraw your cookie preferences through the cookie banner or browser settings.

A separate Cookie Policy may be used to provide more detailed information about the cookies and tools used on the website.

6. Who we share personal data with

We may share personal data with trusted third parties where necessary for the purposes described in this Privacy Policy.

These may include:

  • Website hosting providers
  • CRM and marketing automation platforms
  • Email service providers
  • Analytics providers
  • Advertising platforms
  • Payment processors
  • Accounting and invoicing providers
  • Learning platform providers
  • Communication and scheduling tools
  • IT support and security providers
  • Legal, tax, accounting, or professional advisers
  • Regulatory authorities, where legally required

We only share personal data where there is a valid purpose and appropriate safeguards are in place.

7. International transfers

Some service providers may process personal data outside the European Economic Area.

Where personal data is transferred outside the EEA, we will use appropriate safeguards as required by GDPR. These may include adequacy decisions, Standard Contractual Clauses, or other legally recognised transfer mechanisms.

8. How long we keep your personal data

We keep personal data only for as long as necessary for the purposes described in this Privacy Policy, including to meet legal, accounting, tax, reporting, and contractual obligations.

Typical retention periods may include:

Data type Retention period
Enquiry and contact form data [Insert period, e.g. 12–24 months]
Academy application data [Insert period, e.g. 24 months]
Student enrolment records [Insert period, e.g. duration of programme plus 6 years]
Payment, invoice, and accounting records [Insert period required under Irish tax/accounting law]
Marketing contact data Until you unsubscribe or object, unless another lawful basis applies
Website analytics data [Insert period based on analytics provider settings]

When personal data is no longer needed, we will delete it or anonymise it where appropriate.

9. How we protect your personal data

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration, disclosure, or destruction.

These measures may include:

  • Access controls
  • Secure systems and hosting
  • Password protection
  • Staff confidentiality obligations
  • Data minimisation
  • Secure communication tools
  • Regular review of data processing practices
  • Vendor and processor controls where applicable

No website, system, or online transmission can be guaranteed to be completely secure. However, we take reasonable steps to protect personal data.

10. Your GDPR rights

Under the GDPR, individuals have several rights in relation to their personal data, including the right to be informed, access personal data, request correction, request erasure, restrict processing, data portability, object to processing, and rights related to automated decision-making where applicable.

You may have the right to:

  • Request access to the personal data we hold about you
  • Request correction of inaccurate or incomplete personal data
  • Request deletion of your personal data in certain circumstances
  • Request restriction of processing in certain circumstances
  • Object to processing based on legitimate interests
  • Object to direct marketing at any time
  • Request data portability in certain circumstances
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

Withdrawing consent does not affect the lawfulness of processing carried out before consent was withdrawn.

11. Marketing communications

You can opt out of marketing emails at any time by clicking the unsubscribe link in our emails or by contacting us directly.

Even if you unsubscribe from marketing communications, we may still send essential service-related messages, such as information about your application, enrolment, payment, academy access, or contractual relationship with us.

12. Automated decision-making

We do not use personal data for automated decision-making that produces legal or similarly significant effects on you.

If this changes, we will update this Privacy Policy and provide information required by applicable data protection law.

13. Children’s data

The Practical Cybersecurity Academy is not intended for children. We do not knowingly collect personal data from children.

If you believe that a child has provided us with personal data, please contact us so we can take appropriate action.

15. Complaints

If you have concerns about how we process your personal data, please contact us first so we can try to resolve the issue.

As Atreo is based in Ireland, you may also have the right to lodge a complaint with the Irish Data Protection Commission. The European Commission explains that GDPR rights are supervised by independent data protection authorities.

Irish Data Protection Commission
Website: dataprotection.ie

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the “Last updated” date at the top of this page.

Material changes may be communicated through the website or by other appropriate means.

```