Cyber Rookie Privacy Statement

Effective Date: 10 July 2025

Cyber Rookie is a division of Hyplon Pty Ltd (ABN 45 668 305 075) (Hyplon), operating under Australian law. We are committed to protecting your privacy and handling your personal information in accordance with the Australian Privacy Principles (APPs) under the Privacy Act 1988 (Cth) and the General Data Protection Regulation (GDPR).

This Privacy Policy outlines how Cyber Rookie collects, uses, stores, and discloses your personal information when you visit our website, register for programs, or engage with our services.

For purposes of this Privacy Statement, the terms "users", "customer", "you" and "your" are meant to refer to the individuals about whom we may collect personal information, and at times may be used within the Statement interchangeably.

1. Who We Are

Cyber Rookie provides hands-on cyber security learning experiences, coaching, and GRC (Governance, Risk, and Compliance) practice environments to help individuals build confidence and practical cyber security skills. Our services are delivered virtually under Hyplon Pty Ltd.

2. What Personal Information We Collect

We may collect personal information including but not limited to:

  • Name and contact details (email address, phone number)

  • Residential address

  • Professional background and educational history

  • User-submitted content (e.g. feedback, questions, assessments)

  • Website usage data (via cookies or analytics tools)

  • Payment and billing information

  • Communications and correspondence

We do not routinely collect sensitive information (such as racial or ethnic origin, health information, or criminal history). If we do, we will only do so with your consent or where permitted by law.

3. How We Collect Information

We collect personal information when you:

  • Register on our website or sign up for a program

  • Join our waitlist or complete an intake form

  • Participate in coaching sessions, Q&As, or learning modules

  • Contact us via email, forms, in-person conferences or virtual live chat

  • Interact with our website or marketing materials

By signing up for our services or engaging with our platform, you consent to the collection, use, and disclosure of your personal information as outlined in this Privacy Policy.

Some information may be collected automatically via cookies, session tracking, and third-party analytics tools (e.g., Google Analytics).

4. Why We Collect and Use Your Information

We collect and use your information to:

  • Deliver our coaching services

  • Communicate with you about your program, support, and updates

  • Improve our platform, user experience, and service quality

  • Tailor content, recommendations, and offers to your needs

  • Process payments and manage subscriptions

  • Comply with legal and regulatory obligations

We may also use de-identified or aggregated data to analyse trends, improve our services, and support product development. This information does not identify individuals and is not treated as personal information under the Privacy Act.

We do not make decisions based solely on automated processing or profiling that have legal or similarly significant effects on individuals.

5. Disclosure of Information

We do not sell your personal information. We may share your data with trusted third parties, including:

  • Internal team members, coaches, and administrators

  • Technology providers (e.g., cloud storage, CRM, learning platforms)

  • Payment processors and email marketing platforms

  • Legal or regulatory authorities, when required by law

We ensure that all third-party service providers handle your data securely and in compliance with this policy.

6. Data Security

We implement reasonable technical and organisational safeguards to protect your personal information from misuse, interference, loss, and unauthorised access, modification, or disclosure. Data is stored on secure servers, and access is limited to authorised personnel.

We have internal policies and staff training in place to ensure personal information is handled in accordance with applicable privacy laws.

6A. Data Retention

We retain personal information only as long as necessary to deliver our services or meet legal and regulatory requirements. When no longer needed, we securely destroy or de-identify personal information.

6B. Data Breach Notification

In the unlikely event of a data breach that is likely to result in serious harm, we will notify affected individuals and report the breach to the Office of the Australian Information Commissioner (OAIC), in accordance with the Notifiable Data Breaches (NDB) scheme.

7. International Transfers

Some of our tools and service providers may operate outside Australia, including in the United States, Europe, or Asia. Where we transfer personal information overseas, we take reasonable steps to ensure that those recipients comply with the Australian Privacy Principles or are subject to laws or contractual safeguards that offer comparable protection.

For EU/EEA residents, such transfers may involve the use of Standard Contractual Clauses (SCCs) or other GDPR-approved safeguards.

8. Your Rights

You have the right to:

  • Access your personal information we hold about you

  • Request corrections if your information is inaccurate, incomplete, or outdated

  • Withdraw your consent (where applicable)

  • Request deletion of your personal information, subject to legal obligations

  • Opt out of direct marketing communications

We will respond to access or correction requests within a reasonable timeframe (usually 30 days). Access and corrections will be provided free of charge, unless an administrative fee is necessary to cover costs such as printing or postage (not for processing the request). If we are unable to provide access or make a correction, we will provide you with a written explanation and advise you of your options. To make a request, please contact us at info@cyberrookie.ai.

8A. For EU/EEA Residents – GDPR Notice

If you are located in the European Union (EU) or European Economic Area (EEA), we process your personal data in accordance with the General Data Protection Regulation (GDPR).

Legal Bases for Processing:

  • Your consent

  • Performance of a contract

  • Our legitimate interests (e.g. service improvement, fraud prevention)

  • Legal obligations

You have the rights to:

  • Access, correct, or erase your personal data

  • Object to or restrict processing

  • Withdraw consent at any time

  • Request data portability

  • Lodge a complaint with your local Data Protection Authority (DPA)

Where required under the GDPR, consent is obtained during the signup process through clear and affirmation action.

To exercise these rights or for GDPR-specific queries, contact us at info@cyberrookie.ai.

9. Cookies and Analytics

Cyber Rookie uses cookies and similar tracking tools to enhance your browsing experience and analyse website traffic. You can modify your browser settings to reject cookies; however, some site features may not function as intended.

EU/EEA visitors may see a cookie consent banner in accordance with GDPR requirements.

10. Third-Party Links

Our website may contain links to other websites or services. We are not responsible for the privacy practices or content of third-party sites. We recommend reviewing their privacy policies before providing personal information.

11. Recordings of Sessions

Cyber Rookie may record mentoring sessions, Q&A calls, and masterclasses to support participants who are unable to attend live. These recordings may include audio, video, screen sharing, and chat interactions, and may contain personal information shared during the session.

Recordings are made available only to current program participants for learning purposes. They are stored securely and are not used for marketing or made publicly accessible.

By participating in live sessions, you consent to being recorded and to the internal sharing of these recordings with other enrolled participants. If you do not wish to be recorded, you may choose to keep your camera/microphone off or contact us for alternatives where available.

12. Privacy Policy Updates

We may update this Privacy Policy from time to time to reflect changes in the law, technology, or our services. The most current version will always be published on our website. We encourage you to review this page regularly.

13. Contact Us

If you have any questions, concerns, or privacy complaints, please contact us:

Cyber Rookie by Hyplon Pty Ltd
Email: info@cyberrookie.ai
Website: www.cyberrookie.ai
Location: Melbourne, VIC, Australia

If you are not satisfied with our handling of your privacy concern, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.