Login

Privacy Notice

PolicyWizard.io promises to take care of the security of your data and will never sell it to another 3rd party.

Privacy Notice

PolicyWizard promises to take care of the security of your data and will never sell it to another 3rd party.

Title: Privacy Notice

Reference: ISP-02

Status: Approved

Version: 3.0

Date: 06/Jul/2025

Review Date: 06/Jul/2026

Classification: Public


Our Contact Details


Organisation Name: PolicyWizard


Websites:
https://www.policywizard.io
https://www.techsecscot.com


ICO Registration Redacted Registration Certificate - ZB458042.pdf 86.46 KB

Data Protection Officer
email: DPO@policywizard.io

Address:  PolicyWizard.io Office 101096, PO Box 26965, Glasgow, G1 9BW 

Telephone: Provided on request


1. What type of personal information do we collect?


We currently collect and process the following PII (Personal Identifiable Information). For GDPR we are the Data Controller of Newsletter and Client information:


    1.1 Newsletter Subscription

  •  First Name 

  •  Last Name 

  •  Email Address

    1.2 Client Information

  •  First Name 

  •  Last Name

  •  Email Address

  •  Telephone Number 

  •  Billing / Invoice Address

    1.3 Hosting Provider

The following is collected by our web hosting provider Podia (for GDPR the hosting provider is the Data Processor):

  • IP address

  • Device identifiers

  • Web browser information

  • Page view statistics

  • Browsing history

  • Usage information and click tracking

  • Transaction information (e.g. transaction amount, date and time such transaction occurred)

  • Cookies and other tracking technologies (see below for more information)

  • Log data (e.g. access times, hardware and software information)


    1.4 Payment Services

The following information is collected by our Payment Services Provider, either Stripe or PayPal (for GDPR, the service provider is the Data Sub Processor):

  •  First Name 

  •  Last Name 

  •  Email Address 

  •  Billing / Invoice Address 

  •  Payment Card Details

    1.5 Google Analytics

The Site uses Google Analytics, a service provided by Google. Like many services, Google Analytics utilises first-party cookies to track visitor interactions. These cookies store non-personally identifiable information, such as browser type, operating system, the date and time of a visit, the source of visitors, the pages visited, the time spent viewing the site, the frequency of return visits, and other anonymous metrics. This data is transmitted to Google and then used to compile statistical reports on User activity for the Site. We collect this non-personally identifiable information to better understand how visitors use the Site and to help manage and maintain it.

If you wish to opt out of Analytics, please visit the Google Analytics opt-out page and follow the on-page instructions. 

For GDPR, Google is the Data Processor of the data processed for Google Analytics.

You can generally opt out of cookies from third-party advertisers and ad networks by visiting their Sites (if the advertiser or ad network offers this capability). It is also possible to opt out of some, but not all, of these cookies in one location at the Network Advertising Initiative (NAI), or Digital Advertising Alliance (DAA) opt-out web pages.

If you wish to disable cookies, you may do so through individual Internet browser options. For more detailed information on cookie management with specific web browsers, please visit www.aboutcookies.org or the respective websites of the browsers.

    1.6 Certifier

PolicyWizard uses Certifier's services to host the certificates and digital badges of clients who complete the course and request that their details be used to process and host their course credentials. If you do not want to host your certificate on the Certifier website publicly, please email info@policywizard.io once you have completed the course, and we will email your certificate to the email address associated with your account. Before requesting that we process your certificate with Certifier, please review their privacy policy: https://certifier.io/privacy.  

    1.7 Discord Community

PolicyWizard utilises Discord to host a community server for interaction, collaboration, and networking with our customers. Before joining the server, please review and agree to the Discord privacy policy: https://discord.com/privacy

    1.8 ScoreApp (Quiz)

PolicyWizard utilises ScoreApp to create quizzes for our prospective customers, helping them identify areas where their skills require improvement. Quiz answers are recorded and stored to segment the audience. Contact details are recorded to ensure we can contact the prospect. https://www.scoreapp.com/privacy-policy/

    1.9 Zapier (Automation)

PolicyWizard uses Zapier to integrate ScoreApp with our CRM (Podia). Zapier pulls data from ScoreApp and pushes it to Podia, subscribing the prospect to the relevant audience list based on their scores.


2.0 How do we collect this data?


    2.1 Newsletter

You provide data with your double consent. You can withdraw your consent anytime by clicking the Unsubscribe button on any of the Newsletters. Podia operate our Mailing List. They are the data processors for the PII. PolicyWizard is the Data Controller.


    2.2 Client Details

Provided by you with your consent (or sourced from Companies House if required for invoiced contract work, when the client has not provided the details). PolicyWizard.io is the Data Controller. 


    2.3 Payment Services

Provided by you to our provider with your consent as part of a contract of sale between you and PolicyWizard.io. Service provided by Stripe and PayPal at the time of writing. Data is only used to collect payment information.


    2.4 Web Services

Data is not collected or processed by PolicyWizard.io. The hosting provider is responsible for processing PII concerning Cookies or Analytical data. In the case of policywizard.io, the processor at the time of writing is Podia.

    2.5 Quiz

Provided by you to our provider, ScoreApp, with your implied consent. You can withdraw your consent anytime by clicking the Unsubscribe button on any email.


3.0 How do we use this data?


    3.1 Newsletter

We may use this data to understand our followers better, enabling us to provide more efficient and relevant information or services. We will also send you updates on information available to the Cyber Security community and the services we provide.


    3.2 Client Details

As part of a contract with you to provide a service following our terms of sale, PolicyWizard will use the details to complete the required contract and invoice for payment.


    3.3 Payment Services 

PolicyWizard.io cannot access or know the Payment Card Information details you provide to the Payment Services Provider. However, we do see the customer's name, email address, payment total, and any product information they have purchased.


    3.4 Web Services

Our hosting provider uses data entered into its systems to provide the services used by PolicyWizard. To view Podia's Privacy Policy, please visit: https://www.podia.com/privacy.


4.0 Do we share your data?


PolicyWizard do not share data with any organisation, company or individual outside of PolicyWizard.io

Podia do share information with subcontractors. They do so for several reasons, including collecting payment information and providing customer services. The following 4th Parties are authorised subcontractors of Podia and, as such, may act as Sub-Processors of any Personal Data entered into the policywizard.io website: 

  • Amazon, Inc.

  • Amazon Web Services, Inc.

  • Dropbox, Inc.

  • Google, Inc.

  • Heap, Inc.

  • Intercom, Inc. and Intercom R&D Unlimited Company Logentries.com, Inc.

  • Message Systems, Inc. d/b/a SparkPost

  • Rollbar, Inc.

  • Segment.io, Inc.

  • Salesforce.com, Inc.

  • Slack Technologies, Inc., Slack Technologies Limited, Trello, Inc.

  • Wildbit, LLC

  • Wistia Inc.

  • Zapier Inc. 


To view Podia's Privacy Policy, please visit: https://www.podia.com/privacy.


     4.1 Data Transfers outside of the EU

A signed Data Processing Addendum (DPA) is in place between PolicyWizard.io and Podia. Under the DPA, PolicyWizard.io serves as the "Data Exporter," while Podia acts as the "Data Importer."

Data may be exported to the United States to fulfil the contract between PolicyWizard and Podia. The transfer outside the EU does not affect your rights. All data is protected in transit and at rest.

Please do not purchase any product or service, download any free resources, or sign up for the Newsletter if you do not wish your data to be transferred to the USA. Currently, there is no option to host the Podia service in the EU.

5.0 Lawful Reason


Under EU General Data Protection Regulations (GDPR), PolicyWizard collect PII under the following principles:


    a. Your Consent. Consent may be withdrawn at any time by unsubscribing or contacting the controller via email: DPO@policywizard.io.


    b. We have a contractual obligation to hold the data.


6.0 How do we store your data?


    6.1 Newsletter Subscriber Data

The service provider holds this data on secure remote servers. Strict access requirements are in force for the security of subscribers. The data will be held for as long as consent is given or the service is withdrawn.


    6.2 Client Data

PolicyWizard.io stores client data. It is held in secure premises, with restricted access and encrypted for your security. Data is retained for 5 years after the contract is completed, as required by UK legislation.


    6.3 Payment Card Information

PolicyWizard.io do not store this data.


    6.4 Website Cookies 

PolicyWizard.io do not store this data.



7.0 How is your data destroyed?


If PolicyWizard.io no longer requires your PII or a Lawful Reason is no longer applicable, PolicyWizard will remove all traces of your data from its systems. This is done by digital file shredding. The data is not recoverable in any form after this is completed. When no longer in use, the hard drives used in processing PII will be completely wiped, i.e., destroyed.


8.0 Your data protection rights


Under data protection law, you have rights including:


Your right of access - You have the right to ask us for copies of your personal information.


Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.


Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.


Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.


Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.


Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, in certain circumstances.


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond.


Please don't hesitate to contact us at DPO@policywizard.io if you would like to submit a request.



9.0 How to complain


If you have any concerns about how we use your personal information, you can contact us at DPO@policywizard.io.


You can also complain to the ICO if you are unhappy with how we have used your data.


The ICO’s address:


Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk