Last revised: Feb 2021


  1. Privacy Summary

This privacy statement applies to Red Goat Cyber Security LLP with registered office address at 470 Bath Road, Bristol, BS4 3AP, (“Red Goat”, “Red Goat Cyber”, “Red Goat Cyber Security”, “we”, “us” or “our”).

Red Goat is committed to protecting your information by handling it responsibly and safeguarding it using appropriate security measures.

The privacy notice below details what information we gather about you, what we use it for, how we use is and who we share it with. It also sets out your rights and who you can contact for more information or queries.


Information about you that we process

We may process information about you that:

  • You provide to us;
  • That we obtain from third parties; and /or
  • That is publicly available.


This information may include your name, age, gender, date of birth and contact details. It may also include ‘sensitive’ or ‘special categories’ of personal data, such as dietary requirements or mobility information if you book onto a face to face workshop, training course or event.

How we use information about you

We collect and process this information about you and/or your business to enable us to:

  • Provide our services to you or our clients; and
  • To enable us to provide you with information that we think may be of interest to you.

If we send you information we think you might be interested in, you have the right to unsubscribe at any time by following the unsubscribe instructions in our communications.


  1. Sharing and transferring your information

We may share or transfer information about you with some third parties to enable the provision of our services. We use Thinkific for our online training platform that will hold data of attendees as described in the online training section below. For more information see below.

We may transfer some information about you to countries outside the European Economic Area that have less stringent data protection laws. When we do this, we will make sure your information remains adequately protected. We currently use some services based in the United States of America

  1. Your rights

Your rights under data protection laws include the right to:

  • request copies of your data;
  • request correction of your data;
  • request erasure of your data;
  • object to us processing your data; and
  • ask us to restrict the processing.

If you have a concern about the way we are collecting or using your personal data, if we do not address your request, or fail to provide you with a valid reason why we have been unable to do so, please get in touch at [email protected]

You also have the right to contact the Information Commissioner’s Office to make a complaint. They can be contacted via their website or by telephone 0303 123 1113.


In this statement:

Data Protection Legislation” means the EU General Data Protection Regulation 2016/679; together with all other applicable legislation relating to privacy or data protection (including the UK Data Protection Act 2018).

Process” means any operation performed on information about you including but not limited to collection, alteration, transfer and destruction.

  1. Who this privacy statement applies to and what it covers

This privacy statement applies to Red Goat Cyber Security LLP with registered office address at 470 Bath Road, Bristol, BS4 3AP, (“Red Goat”, “Red Goat Cyber”, “Red Goat Cyber Security”, “we”, “us” or “our”).


This privacy statement explains how we will collect, handle, store and protect information about you when:

  • providing services to you or our clients;
  • you use our Website; or
  • performing any other activities that form part of the operation of our business.

When we refer to “our Website” or “this Website”, we mean the specific webpages of


  1. What personal data we collect

We may collect, record and use your personal data in physical and electronic form, and will hold, use and otherwise process that data in line with the Data Protection Legislation and as set out in this statement.

When we provide services to you or our clients we will process personal data about you. We may also collect personal data from you when you use this Website.

We may process your data because:

  • you give it to us (for example, in the contact us form or when you sign up to a course);
  • other people give it to us (for example, your employer); or
  • it is publicly available.

We may process personal data from you to allow us to improve your experience of this Website for example. We may use cookies (small text files stored in a user’s browser) or Web beacons to collect personal data.
More information on how we use these can be found in our cookie notice here


The personal data we process may include your:

  • name;
  • contact information, such as address, email, and phone number;
  • country of residence;
  • employment details (for example, the organisation you work for, your job title);
  • IP address, browser type and language, your access times;
  • information in any complaints you make;
  • details of how you use our products and services; and
  • details of how you like to interact with us, and other similar information relevant to our relationship.

The personal data we collect may also include so called ‘sensitive’ or ‘special categories’ of personal data, such as details about your:

  • dietary requirements (for example, when we organise face to face events and would be providing food or refreshments); and
  • health (for example, when we organise face to face events and want to ensure the accessibility meets your needs).

We will typically seek separate permission from you in writing to process these special categories of personal data.

If you choose not to provide, or object to us processing, the information we collect we may not be able to provide some or all of our services to you or our client.


  1. How we use your personal data

Use of personal data to provide services to our clients

We will use your personal data to provide you or our clients with services, and this includes using your personal data in correspondence relating to those services.

We may use your personal data to:

  • provide products and services;
  • satisfy any legal or regulatory requirements;
  • satisfy requests and communications from competent authorities including law enforcement;
  • conduct account opening and other administrative tasks;
  • training completion reporting; and
  • some relationship management, such as:
  • sending you thought leadership or details of our products and services;
  • contacting you for feedback on services;
  • sending you event invitations; and

other marketing or research purposes;

  • recruitment and business development, which may involve
  • the use of testimonials (with permission)
  • Information provided to use for recruitment purposes used for that process and to notify you of other relevant positions you may be interested in.

Use of personal data collected via our Website

In addition to the above, we may also use your personal data collected via our Website:

  • to manage and improve our Website;
  • to tailor the content of our Website;
  • to draw your attention to information about our products and services; or
  • to manage and respond to any request you submit through our Website.


  1. The legal grounds we use for processing personal data

We are required by law to set out the legal grounds on which process your personal data. These include:

  • you have explicitly agreed to us processing your information for a specific reason;
  • the processing is necessary to perform the agreement we have with you or to take steps to enter into an agreement with you;
  • the processing is necessary for compliance with a legal obligation we have such as keeping records for tax purposes or providing information to a public body or law enforcement agency; or
  • the processing is necessary for the purposes of a legitimate interest pursued by us or a third party, which might be:
  • to provide our services to you or our clients;
  • to protect our business interests;
  • to ensure that complaints are investigated;
  • to evaluate, develop or improve our services or products; or
  • to keep you or our clients informed about relevant products and services unless you have indicated at any time that you do not wish us to do so.

To the extent that we process any special categories of data relating to you for any of the purposes outlined above, we will do so because:

  • you have given us your explicit consent to process that data;
  • we are required by law to process that data;
  • the processing is necessary to carry out our obligations under employment, social security or social protection law; or
  • you have made the data manifestly public.


  1. Sharing your personal data

In connection with any of the purposes outlined in the “How we use your personal data?” section above, we may disclose details about you to:

  • competent authorities (including courts and law enforcement agencies);
  • your employer; and
  • other third parties that reasonably require access to personal data relating to you.


  1. Transferring your personal data outside the UK

Information we hold about you may be transferred to other countries (which may include countries outside the UK or the European Economic Area (“EEA”)):

  • where we do business;
  • which are linked to your engagement with us;
  • from which you regularly receive or transmit information; or
  • where our third parties conduct their activities.


These countries may have less stringent privacy laws than we do, so any information they hold can become subject to their laws and disclosure requirements, including disclosure to governmental bodies, regulatory agencies and private persons.

We currently transfer data within the EEA, the UK and the USA only.


  1. Protecting your personal data

We use a range of measures to ensure we keep your personal data secure and accurate. These include:

  • education and training to all our relevant staff;
  • controls to restrict access to personal data to a ‘need to know’ basis; and
  • technological security measures, including fire walls, encryption and anti- virus software.

The transmission of data over the internet (including by e-mail) is never completely secure. So although we use appropriate measures to try to protect personal data, we cannot guarantee the security of data transmitted to us or by us.


  1. How long we keep your personal data for

We seek to ensure that we only keep your personal data for the longest of:

  • the period necessary for the relevant activity or services; or
  • any retention period that is required by law.

For all our online training and face to face training we keep student data for the duration of the certificate lifespan (24 months) in order to validate course certificates and provide duplicate certificates to students when needed.


  1. Your rights

You have various rights in relation to your personal data. In particular, you have a right to:

  • confirm what personal information, if any, we may hold about you and for what purposes
  • change or withdraw the consent you’ve given in relation to how we can use your personal information
  • Stop processing your data in our Legitimate Interest
  • correct any inaccurate or incomplete personal information we may hold about you
  • provide you with access to any personal data you’ve provided by consent or by a contract with us, for you to move somewhere else
  • stop the processing of your personal information, whilst any objection from you is being resolved
  • permanently erase all your personal information promptly, and confirm to you that this has been done
  • object to profiling or to any decisions being taken by us by automated means

If you would like to access or see a copy of your personal data, you must ask us in writing. We will endeavour to respond within a reasonable period, and in any event within one month in line with Data Protection Legislation.

To help us ensure that your information is up to date, let us know if any of your personal details change.


  1. Sending you marketing information

We may use your information from time to time to inform you by letter, telephone, email and other electronic methods about products and that may be of interest to you.

You may, at any time, ask us not to send this information to you by following the unsubscribe instructions in communications from us.

  1. Right to complain

If you wish to raise a complaint about how we are using your information, exercise any of the rights set out above, or if you have any questions or comments about privacy issues, you can contact us by:

You can also complain to the Information Commissioner’s Office, which regulates and supervises the use of personal data in the UK, on 0303 123 1113.

  1. Changes to this privacy statement

We may modify or amend this privacy statement from time to time.

When we make changes to this privacy statement, we will amend the revision date at the top of this page. The modified or amended privacy statement will apply from that date.

Online Training Platform Privacy Policy

What information do we collect and what do we do with it?

When you enroll as a student or subscriber (“learner”) on our site or related courses, as part of the enrolling process, we collect the personal information you give us such as your name and email address.

Email marketing: we may send you emails about our site and related course(s), registration, course content, your course progress or other updates. We may also use your email to inform you about changes to the course, survey you about your usage, or collect your opinion.

How do you get my consent? How long will you keep my data?

When you provide us with personal information to become a learner on our site, make a purchase, or participate in the course, you imply that you consent to our collecting it and using it for that specific reason only.

If we ask for your personal information for a secondary reason, like marketing, we will either ask you directly for your expressed consent, or provide you with an opportunity to say no.

For all our online training and face to face training we keep student data for the duration of the certificate lifespan (24 months) in order to validate course certificates and provide duplicate certificates to students when needed.

How do I withdraw my consent?

If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at [email protected] or mailing us at: Red Goat Cyber Security, [HERE], 470 Bath Road, Bristol, BS4 3AP or following the unsubscribe instructions in any of our communications.


We may disclose your personal information if we are required to do so by law or your employer is the client we will disclose information to them as required and agreed.


Our course and site is hosted by Thinkific Labs Inc. (“Thinkific”). They provide us with the online course creation platform that allow us to sell our product/services to you.

Your data is stored through Thinkific’s data storage, databases and the general Thinkific application. They store your data on a secure server behind a firewall.


If you make a purchase on our site, we use a third party payment processor such as Stripe or Paypal. Payments are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction.

All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover.

PCI-DSS requirements help ensure the secure handling of credit card information by our site and related courses and its service providers.

For more insight, you may also want to read Thinkific’s Terms of Service here or Privacy Statement here .

Third Party Services

In general, the third-party providers used by us will only collect, use and disclose your information to the extent necessary to allow them to perform the services they provide to us.

However, certain third-party service providers, such as payment gateways and other payment transaction processors, have their own privacy policies in respect to the information we are required to provide to them for your purchase-related transactions.

For these providers, we recommend that you read their privacy policies so you can understand the manner in which your personal information will be handled by these providers.

Certain providers may be located in or have facilities that are located in a different jurisdiction than either you or us. If you elect to proceed with a transaction that involves the services of a third-party service provider, then your information may become subject to the laws of the jurisdiction(s) in which that service provider or its facilities are located.

As an example, if you are located in Canada and your transaction is processed by a payment gateway located in the United States, then your personal information used in completing that transaction may be subject to disclosure under United States legislation, including the Patriot Act.

Once you leave our course website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website’s Terms of Service.


When you click on links on our course site, they may direct you away from our site. We are not responsible for the privacy practices of other sites and encourage you to read their privacy statements.


To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

Age of Consent

By using this site, you represent that you are at least the age of majority in your state or province of residence, or that you are the age of majority in your state or province of residence.

Changes to this Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

If our site or course is acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you.


If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information email [email protected] or by mail at Red Goat Cyber Security, [HERE], 470 Bath Road, Bristol, BS4 3AP.


Amended 02/2021