Privacy Policy
Privacy Policy
Effective Date: 2 July 2026
1. Introduction
Fortify Institute Limited ("Fortify Institute", "we", "our" or "us") is committed to protecting your privacy and handling your personal data responsibly, securely and transparently.
This Privacy Policy explains how we collect, use, store and protect your personal data when you:
- visit our website;
- contact us;
- register for a course, event or webinar;
- purchase products or services;
- subscribe to our newsletter;
- interact with us on social media; or
- otherwise engage with Fortify Institute.
We process personal data in accordance with the General Data Protection Regulation (GDPR), the Irish Data Protection Act 2018 and other applicable data protection laws.
2. Who We Are
Fortify Institute Limited is the data controller responsible for your personal data.
If you have any questions about this Privacy Policy or how we process your personal data, please contact:
Email: [email protected]
Further contact details are available on our website.
3. What Information We Collect
Depending on how you interact with us, we may collect:
Contact Information
- Name
- Email address
- Telephone number
- Company
- Job title
- Postal address
Course and Training Information
- Course registrations
- Attendance records
- Assessment submissions
- Certification information
- Examination results
- Learning progress
- Feedback and evaluations
Customer Information
- Purchase history
- Invoices
- Payment records
- Customer support enquiries
- Communications with us
Website Information
When you visit our website we may automatically collect:
- IP address
- Browser type
- Device information
- Operating system
- Pages visited
- Time spent on pages
- Website usage statistics
- Cookies and similar technologies
Please see our Cookie Policy for further information.
4. How We Use Your Personal Data
We only process personal data where we have a lawful basis to do so.
Responding to Enquiries
When you contact us by email, telephone or through our website, we use your information to respond to your enquiry and provide support.
Lawful basis: Legitimate Interests
Delivering Training and Services
If you enrol on a course or purchase our services, we process your information to:
- administer registrations
- provide learning materials
- manage online learning platforms
- issue certificates
- communicate with you
- provide customer support
- fulfil our contractual obligations
Lawful basis: Performance of a Contract
Marketing Communications
If you subscribe to our newsletter or request information from us, we may send you updates about:
- new courses
- webinars
- events
- resources
- industry news
- promotions
You can unsubscribe at any time using the link in our emails.
Lawful basis: Consent
Business Administration
We process personal information to:
- maintain customer records
- manage accounts
- issue invoices
- comply with tax obligations
- protect our business
- manage legal claims
Lawful basis: Legal Obligation and Legitimate Interests
5. Our Use of Artificial Intelligence
Fortify Institute uses Artificial Intelligence (AI) technologies responsibly to improve productivity, customer service and learning experiences.
AI may be used to assist with:
- drafting educational content;
- developing training materials;
- summarising documents;
- improving customer communications;
- analysing feedback;
- researching technical topics; and
- supporting internal business processes.
We do not use AI to make solely automated decisions that produce legal or similarly significant effects on individuals.
Where AI is used to assist our work:
- human oversight remains in place;
- important decisions are reviewed by appropriately qualified personnel;
- AI-generated content is reviewed before publication or use;
- personal data is only processed using approved AI services where appropriate safeguards have been implemented.
Our use of AI is governed by our internal AI Governance & Responsible Use Policy.
6. AI Service Providers
We may use reputable AI service providers, including OpenAI and Anthropic, to assist with legitimate business activities.
Where personal data is processed through these services:
- we use enterprise or business accounts where appropriate;
- contractual safeguards are in place where required;
- appropriate security controls are implemented;
- data is handled in accordance with applicable data protection legislation.
We do not knowingly use customer personal data to train public AI models.
7. Who We Share Information With
We only share personal data where necessary.
This may include:
- certification bodies and authorised training partners;
- learning management system providers;
- payment providers;
- customer relationship management providers;
- cloud hosting providers;
- accounting providers;
- email and communication platforms;
- professional advisers;
- regulatory authorities where legally required.
Examples of service providers may include:
- Google Workspace
- HubSpot
- Stripe
- Microsoft
- OpenAI
- Anthropic
- Sage
- accredited certification partners such as PECB, EC-Council and the Cloud Security Alliance.
All providers are required to process personal data securely and only in accordance with our instructions.
8. International Transfers
Some of our service providers may process personal data outside the European Economic Area (EEA) or United Kingdom.
Where this occurs we ensure appropriate safeguards are in place, including:
- adequacy decisions;
- Standard Contractual Clauses (SCCs);
- contractual data protection obligations; or
- other lawful transfer mechanisms.
9. How Long We Keep Your Information
We only retain personal data for as long as necessary.
Typical retention periods include:
| Data Type | Retention |
|---|---|
| General enquiries | Up to 12 months |
| Marketing contacts | Until you unsubscribe |
| Training records | 3 years after course completion (unless longer retention is required for certification purposes) |
| Financial records | 7 years (or longer where required by law) |
| Website analytics | In accordance with our Cookie Policy |
Where legal or regulatory obligations require longer retention, we will retain the information for the required period.
10. Keeping Your Information Secure
We implement appropriate technical and organisational measures to protect personal data.
These include, where appropriate:
- multi-factor authentication;
- encryption;
- secure cloud platforms;
- access controls;
- regular software updates;
- staff awareness training;
- security monitoring; and
- documented information security and AI governance policies.
Although no system can be guaranteed to be completely secure, we continually review and improve our security measures.
11. Your Rights
Subject to applicable law, you may have the right to:
- access your personal data;
- correct inaccurate information;
- request deletion of your personal data;
- restrict processing;
- object to processing;
- request data portability;
- withdraw consent where processing is based on consent.
To exercise any of these rights, please contact:
We will respond in accordance with applicable data protection legislation.
12. Complaints
If you are unhappy with how we process your personal data, we encourage you to contact us first so that we can try to resolve your concerns.
You also have the right to lodge a complaint with the Irish Data Protection Commission.
Data Protection Commission
21 Fitzwilliam Square South
Dublin 2
D02 RD28
Ireland
Website: https://www.dataprotection.ie
13. Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in legislation, technology or our business practices.
The latest version will always be published on this website together with the effective date.
Contact Us
If you have any questions about this Privacy Policy or how Fortify Institute processes personal data, please contact:
Fortify Institute Limited
Email: [email protected]
Effective Date: 02/07/2026
