Last Updated: 28 April 2020
There are a few documents and policies you will need to agree to prior to being able to register and participate in the Cyber Discovery Virtual Cyber School programme. We have created a useful overview which outlines the documents, policies and conditions that must be met prior to your participation.
You will be asked to enter into the CyberStart End User License Agreement and agree to our Privacy and Cookies Policies.
The End User Licence Agreement, sometimes called a EULA for short is a standard document that sets out rules that must be adhered to when using our software. Our document is written in as plain English as is possible. In addition to this document you will be asked to agree to our privacy, cookies and safeguarding policy.
The CyberStart EULA and policies can be found by clicking here, please take your time to read through and ask a parent or guardian should you not understand anything.
Once successfully registered we will provide you with access to the CyberStart online service which contains training material, challenges and games.
Please note: All licences are issued at our sole discretion. We have a limited amount of licences which are granted on a first come first serve basis and subject to you fulfilling the eligibility criteria.
By registering an account, using the site and ultimately joining the programme you are agreeing to the CyberStart End User Licence Agreement and all associated policies referred to above. If you break the rules, we may suspend your access to the service and in severe cases refer information to the relevant legal authorities.
To participate in the Cyber Discovery Virtual Cyber School programme, you must:
Our Software provides educational material and security related puzzles and challenges. As part of these challenges you may be required to apply unusual tools or use patterns to services to uncover logic flaws or issues.
The skills acquired through the use of this Software must only be used in an ethical way and always in compliance with all cybercrime laws and regulations throughout the world. It is possible for the materials and tools that make this Software to be applied un-ethically or unintentionally, and could result in violation of (amongst others) the Computer Misuse Act 1990 of the United Kingdom or the Computer Fraud and Abuse Act of the United States. By using this Software you agree that you will not use any of the information provided, tools, or techniques against other individuals or organisations without consent to do so.
When you enter the End User Licence Agreement you will be provided permission to undertake the activities covered in each of the "briefings" against the defined targets. It is not acceptable to attempt denial of service attacks, or to purposefully attempt to cause damage to the infrastructure or data. It will be deemed a violation of this acceptable use to identify flaws and to purposefully attempt to damage or disrupt other platform users, or their data.
Uncovering security flaws and learning about cyber security vulnerabilities will require use of certain tools that can only be used in a context where permission has been given by a target party, as is provided by CyberStart within the challenge briefings.
We take no responsibility for any wrongdoing by you. In the unlikely event we are advised of any wrongdoing we will immediately terminate your account and report you to the relevant authority. We may also pursue you for any losses or expenses that arise from your wrongdoing. If you are unsure of the activity you are undertaking at any time please contact support.
Last Updated: 28 April 2020
Your information is being collected by 'Cyber Discovery' Virtual Cyber School to help run and deliver the UK Government’s Virtual Cyber School programme. The UK Government tell us how they want your information to be used. They are what’s called the 'data controller'.
Cyber Discovery Virtual Cyber School is delivered by the Escal Institute of Advanced Technologies (SANS Institute) as part of the CyberFirst initiative - we 'process' your data.
This means doing things to your data such as storing and analysing it or even deleting it.
We will ask your permission before we pass your information to any other organisation but on occasion we may send your information to other related Cyber First initiatives or to Ecorys who are appointed by HM Government to evaluate the success of Cyber Discovery and its associated programmes.
We get your information from your registration form, from your use of our website, and from details of your progress within CyberStart.
For us to process your data we need to get your consent or permission to use your information on behalf of all those involved.
We can’t enrol you in the programme and keep you up to date without your registration information, and we also need to monitor your progress.
Whether you choose to join or leave Cyber Discovery’s Virtual Cyber School is entirely up to you. The only effect of asking us to delete your information would be that you are no longer able to be a member of the program.
You must be at least 13 to consent to us holding your data as you need to understand what is happening to your data and any risks there are with us holding it. You must be at least 13 years of age to join the program. We ask you to give us your date of birth to verify this.
We've tried to make this notice easy to read, but you can always contact the Data Protection Officer via firstname.lastname@example.org who will help explain things further and will answer your questions.
We hold information which you provided on registration and information gathered as you progress through the the CyberStart platform including:
Your name, email address, access credentials, subscription preferences, your IP address and cookie data, gender, school, date of birth, your ethnic group, the date of enrolment onto the programme, details of how you have progressed on the programme, the scores that you have achieved via the challenges, and how you are using the web sites that make up the Cyber Discovery Virtual Cyber School programme and the CyberStart product.
We use your information to monitor progress and to report on the success of the programme. Sometimes we may send you marketing messages relating to Cyber Discovery, CyberFirst or other related DCMS programmes. We will not send you any other marketing messages. We will also send you essential information on the running of the program through our partner SendGrid, or our partner Campaign Monitor. In order to do this we have to pass your details to SendGrid and Campaign Monitor.
We also have to report to the UK Government on the success of the programme. This is on a wide scale and we try not to provide your individual identifying details.
The UK Government typically receives general figures such as how many females or males have made progress within CyberStart Game.
We also collect data to monitor our site and make sure it stays safe for everyone to use. For example, we may check for misuse of the platform or try to detect if abusive language is being used. This is against Cyber Discovery rules and the CyberStart product Terms and Policies.
If you change your mind about allowing us to use your information you simply need to tell us by emailing email@example.com. We will then take you through a couple of quick steps to confirm you want to delete your information and leave the Virtual Cyber School programme.
We'll update you when this has been done or in exceptional circumstances if we can’t do this.
We need it to run the Virtual Cyber School for the UK Government, and to report on the progress of young people who have joined up.
The information is used to see how successful the programme is and to make sure we are meeting targets for diversity and inclusivity.
If you don't want us to hold your information you will no longer be able to participate in the programme, and we will delete your records from the system.
The UK Government and SANS will have access to your information if they need it. In most cases the UK Government will only see general figures such as percentages. The Virtual Cyber School programme uses two companies called SendGrid and Campaign Monitor to send you essential email communication. On occasion we may pass your details to Cyber First so that they can update you on other initiatives within their programme or to Ecorys who evaluate Cyber Discovery for the UK Government. We make sure that all the companies we work with comply with the law and protect your data. We do not make automated decisions based on your data however we may use the information to assess your progress on the programme.
As cyber security experts we are very aware of the risks around data security. We carry out regular security assessments to make sure your information is secure. We follow all the standard industry practises to make sure we hold your information as securely as possible.
We keep your information for five years or until you ask us to delete it if this is sooner and you wish to leave the programme. If the circumstances arise where we need to keep the data longer we will tell you and explain why. If you have asked us to delete your data we will do this as quickly as possible however there may be some minimal details that we have to keep for audit or safeguarding purposes.
If the information we have about you is incorrect, tell us and we will correct it. We’ll do this as quickly as possible, or at the latest within 30 days.
If you want your information deleted or 'erased' that's not a problem: however, it would mean that you have to leave the programme as we need the data to provide you access to the programme websites, assess your progress, and report to Government.
You have a right to have a copy of the information which we hold on you or to transfer your information. You can make a request for a copy of your data through the support channel and any data that is available to transfer will be made clear to you as you use the platform. You can action this through the CyberStart platform.
If at any time you want further information, or you need help understanding what you can and cannot request, or if you want to make a complaint, the Data Protection Officer can help you with this.
Our Data Protection Officer can be contacted via the support channel. Please email firstname.lastname@example.org and ask to be put in contact with the Data Protection Officer.
If you still aren't happy with our response you can complain to the Information Commissioners Office.
Last Updated: 28 April 2020
Cyber Discovery’s Virtual Cyber School programme engages with children between the ages of 13-18 through an online platform. We also engage with younger children for the purposes of promotion of the Cyber Discovery Programme for future registrations.
The welfare of our students is paramount to us and we acknowledge that all children regardless of their age, culture, disability, gender, language, racial origin, religious beliefs and/or sexual identity have the right to be protected from harm and abuse.
The Cyber Discovery Schools programme acknowledges it has a duty of care to safeguard and promote the welfare of children we engage with and we work closely with the NSPCC to ensure safeguarding practices reflect statutory responsibilities, guidance and best practice. Our events and activities are created and led by staff with extensive background checks and safeguarding training.
We want to ensure that all the children we engage with have a positive and enjoyable experience of our programmes and that they are protected from harm and abuse whilst participating. We are also fully committed to ensuring that the personal data of the children that we engage with never falls into the wrong hands.
All suspicions and allegations of abuse and poor practice will be taken seriously and responded to swiftly and appropriately.