SecureTrain
Last updated 15 May 2026

Privacy Policy

Version 1.0 Effective 15 May 2026 Website + platform

This Privacy Policy explains which personal data SecureTrain B.V. collects, why we process it, how long we keep it, with whom we may share it, and which rights data subjects have in relation to that processing.

Introduction

SecureTrain respects the privacy of everyone whose personal data we receive. We apply technical and organizational measures intended to protect customer, employee, and business data against unauthorized access, loss, misuse, or unlawful processing.

For personal data collected through our website, demo forms, and direct commercial contact, SecureTrain B.V. is the controller. Where we process customer data inside the SecureTrain platform on behalf of a customer organization, SecureTrain acts as processor and the customer acts as controller.

Personal data we process

Depending on the relationship and the Services used, we may process the following categories of data:

  • identification and contact data such as first name, last name, business email address, company name, role, and phone number;
  • account and service data such as usernames, user status, role assignments, learning-path progress, quiz results, phishing simulation outcomes, and audit logs;
  • support and communication data such as messages sent through contact forms, support requests, and onboarding notes;
  • technical data such as IP address, browser information, timestamps, and security logs necessary for service security and reliability;
  • limited website analytics data used only in aggregated or anonymous form to understand website performance and usage trends.

Purposes and legal bases

SecureTrain processes personal data only where there is a lawful basis to do so. We may process personal data for the following purposes:

  • Performance of a contract: to provide the platform, training content, reporting, onboarding, and support.
  • Legitimate interests: to secure our systems, improve our Services, answer business inquiries, and maintain reliable operations.
  • Legal obligation: to comply with tax, accounting, regulatory, and legal record-keeping duties.
  • Consent: where consent is required under applicable law for a specific processing activity.

Website analytics and cookies

At this stage, the SecureTrain marketing website uses anonymous analytics only. We do not use advertising trackers, cross-site profiling tools, social media pixels, or other non-essential integrations that require a consent banner under the current setup.

If our website setup changes in the future and we introduce consent-based tracking technologies, we will update this Privacy Policy and implement an appropriate consent mechanism before enabling those tools.

i
No marketing-cookie consent flow today. Because the public website currently relies on anonymous analytics only and does not perform advertising or behavioral profiling, a separate cookie accept flow is not required at this time.

Sharing with third parties

We do not sell personal data. We may share personal data with carefully selected subprocessors and service providers where that is necessary to provide the Services, such as hosting providers, email providers, customer support tools, or infrastructure and security vendors.

Where third parties process personal data on our behalf, we require them to follow our instructions and to apply appropriate confidentiality and security safeguards. We may also disclose data where required by law, court order, or binding governmental request.

Retention periods

We do not keep personal data longer than necessary for the purpose for which it was collected, unless a longer retention period is required or permitted by law. Website inquiries are retained only for as long as needed to handle the request and maintain an appropriate business record. Customer platform data is retained according to the applicable agreement and any data-processing arrangements.

Security of processing

SecureTrain maintains an internal information security approach designed to protect confidentiality, integrity, and availability. Measures include access management, monitoring, audit logging, encryption in transit, role-based access restrictions, and vendor review processes.

International transfers

Our default approach is to process and host data within the European Union where reasonably possible. If a transfer outside the European Economic Area is necessary, we use an appropriate legal transfer mechanism, such as the European Commission’s Standard Contractual Clauses, together with supplementary safeguards where appropriate.

Your rights

Subject to applicable law, data subjects may have the right to request access to personal data, correction of inaccurate data, deletion, restriction of processing, objection to processing, and data portability. Where SecureTrain acts as processor, such requests should generally be addressed first to the relevant customer organization acting as controller.

If we process data based on consent, consent can be withdrawn at any time for future processing. Withdrawal does not affect the lawfulness of processing carried out before that withdrawal.

Questions or complaints

If you have questions about this Privacy Policy, suspect misuse of personal data, or want to exercise your rights, contact us at info@securetrain.nl. If you believe your data has been processed unlawfully, you may also lodge a complaint with the Dutch Data Protection Authority or another competent supervisory authority.

SecureTrain B.V.
Keizersgracht 123 · 1015 CJ Amsterdam · The Netherlands
KvK 89231445 · VAT NL864123456B01
Privacy questions? Email info@securetrain.nl.