Privacy Policy

1. Introduction

Scenario Lab Ltd ("Scenario Lab", "ScenarioLab", "we", "our", "us") is committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains how we collect, use, store, and protect personal information when individuals interact with our website, our gamified training products, and our related services.

We recognise the importance of safeguarding personal information and comply fully with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By using our services, you agree to the practices described in this policy.

2. Information We Collect

We may collect personal data in the following categories:

2.1 Identity & Contact Information

• Full name
• Email address
• Organisation or employer (if applicable)
• Job role (if applicable)

2.2 Account & Authentication Data

If users are granted access via a registered profile:

• Login credentials
• Account activity
• User settings and preferences

2.3 Training Usage & Performance Data

As part of our interactive training products, we capture information that helps us deliver, analyse, and improve the learning experience, such as:

• Time spent on training scenes or modules
• Number of hints used
• Completion outcomes and scores
• Attempts, retries, or interactions
• Progression paths

This data may be anonymised or pseudonymised for analytics purposes.

2.4 Technical Data

Collected automatically when accessing our website or training platform:

• IP address
• Browser type and version
• Device information
• Log files and diagnostic data
• Interaction events

2.5 Communication Data

Including:

• Emails
• Enquiries
• Support requests
• Feedback forms

2.6 Cookies & Tracking

We use cookies to:

• Improve experience
• Understand platform usage
• Support performance analytics

Cookie settings can be adjusted in your browser.

3. How We Use Personal Data

We use information for the following purposes:

3.1 Delivery of Services

• Providing access to training products
• Recording learning outcomes
• Supporting certification or proof-of-completion
• Managing user accounts and credentials

3.2 Service Improvement

• Analysing usage patterns
• Optimising game flow and content
• Error diagnosis and platform stability

3.3 Communications

• Responding to enquiries
• Providing updates or service notifications
• Sending important changes to policies or platform features

3.4 Legal & Compliance Requirements

• Maintaining records for audit or certification
• Meeting obligations under UK GDPR or other legislation

We do not sell your personal data.

3.5 Training Certificates and Completion Records

When you participate in a ScenarioLab training experience, we collect your name and email address solely for the purpose of issuing your completion certificate and maintaining training records. This processing is necessary for the performance of the service you have requested and is carried out under the lawful bases of contract and legitimate interests. Your name will appear on your certificate exactly as provided, and you may request corrections at any time. We do not use this information for marketing unless you have explicitly opted in. Certificate-related personal data is stored securely and retained only for as long as reasonably necessary to meet certification, regulatory, or CPD record-keeping requirements, after which it will be deleted or anonymised. You have the right to access, rectify, or request deletion of your personal data. You may also lodge a complaint with the UK Information Commissioner's Office (ICO).

4. Legal Basis for Processing

Under UK GDPR, Scenario Lab Ltd processes personal data on the following lawful grounds:

• Contract: To deliver training or services users have access to.
• Legitimate Interests: Analytics, performance tracking, platform improvements.
• Legal Obligation: Compliance with regulatory requirements.
• Consent: For optional communications or marketing (only when explicitly given).

5. Sharing Personal Data

We may share data with:

• Cloud hosting providers
• Security, analytics, or monitoring platforms
• Professional advisers (e.g., legal consultants)
• Certification or compliance partners (if applicable)

We ensure that all third parties:

• Meet UK GDPR obligations
• Follow appropriate security practices
• Are only given the minimum data necessary to perform their function

We never sell or licence personal data to advertisers or unrelated third parties.

6. International Transfers

If data is transferred outside the UK (e.g., cloud hosting), this is done using approved mechanisms such as:

• Adequacy regulations
• Standard Contractual Clauses (SCCs)
• Appropriate additional safeguards

7. Data Security

Scenario Lab Ltd implements strong security measures including:

• Encryption at rest and in transit
• Access control restrictions
• Secure authentication
• Activity logging
• Regular internal reviews

Only authorised personnel have access to personal data.

8. Retention Periods

We retain personal data for only as long as necessary for:

• Providing the service
• Supporting certification
• Fulfilling legal obligations
• Internal reporting and analysis

After this period, data is anonymised or securely erased.

Specific retention periods can be provided on request.

9. Your Rights

You have the right to:

• Access your data
• Rectify inaccurate information
• Erase data in certain circumstances
• Restrict processing
• Object to certain processing
• Request portability of data you provided
• Withdraw consent (where applicable)

To exercise these rights, contact us using the details below.

10. Children's Data

Scenario Lab Ltd does not knowingly collect data from children under 16. If we learn that such data has been collected, it will be deleted promptly.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes to legislation, our services, or operational practices. The latest version will always be available on our website.