Identitrain Privacy Policy

Effective Date: May 11, 2026

Last Updated: May 11, 2026

Identitrain, Inc. (“Identitrain,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you use our websites, training platforms, applications, and related services (collectively, the “Services”).

This Privacy Policy is intended to comply with applicable privacy and data protection laws, including the European Union General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”), the United Kingdom General Data Protection Regulation (“UK GDPR”), the California Consumer Privacy Act (“CCPA”), the California Privacy Rights Act (“CPRA”), and similar privacy regulations worldwide.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Identitrain, Inc. 5450 Bruce B Downs Blvd #314 Wesley Chapel, FL 33544 USA Email: privacy@identitrain.com Website: https://www.identitrain.com

2. Data Protection Officer

Identitrain has designated a Data Protection Officer (DPO) in accordance with Article 37 of the GDPR. The DPO may be contacted regarding any matters related to the processing of your personal data or the exercise of your rights under applicable data protection law.

Identitrain Data Protection Officer Email: privacy@identitrain.com

The Data Protection Officer is responsible for overseeing Identitrain’s data protection strategy and compliance, serving as the point of contact for data subjects and supervisory authorities, advising on Data Protection Impact Assessments, and monitoring compliance with the GDPR, UK GDPR, and other applicable data protection laws.

3. EU and UK Representative

As Identitrain is established outside the European Union and the United Kingdom, we have designated a representative in accordance with Article 27 of the GDPR and Article 27 of the UK GDPR.

EU Representative

Identitrain EU Data Protection Representative Email: privacy@identitrain.com

Our EU Data Protection Representative serves as the local point of contact for data subjects located in the European Economic Area (EEA) and for EU supervisory authorities regarding all matters related to the processing of personal data.

UK Representative

Identitrain UK Data Protection Representative Email: privacy@identitrain.com

Our UK Data Protection Representative serves as the local point of contact for data subjects located in the United Kingdom and for the UK Information Commissioner’s Office (ICO) regarding all matters related to the processing of personal data.

4. Information We Collect

We may collect the following categories of personal information:

First name and last name
Email address
User-selected screen name or username
Passwords (stored only in encrypted and hashed form)
Course enrollment, progress, and completion information
Assessment results and grades
Communications submitted through support requests or contact forms
Technical information such as IP address, browser type, device type, operating system, and log information
Cookie and analytics information
Payment and billing information processed through authorized third-party payment processors

We do not intentionally collect sensitive personal information (as defined in Article 9 of the GDPR) unless specifically required for a legitimate business or legal purpose, and only with your explicit consent where required by law.

4.1 Mandatory vs. Optional Data

Required data: Certain personal data is necessary to enter into and perform our contract with you. This includes your name, email address, and payment information. Without this data, we cannot create your account, enroll you in courses, or deliver our Services.

Optional data: Other personal data is provided voluntarily, such as participation in forums, webinars, or community discussions, profile customization, and subscription to marketing communications. Choosing not to provide optional data will not affect your ability to access core training services.

5. How We Collect Information

We collect information directly from you when you:

Register for an account
Enroll in training or events
Contact us via support requests or contact forms
Subscribe to marketing or promotional communications
Participate in forums, labs, webinars, or virtual classes
Use our website or learning management systems

We may also collect limited technical information automatically through cookies and analytics technologies (see Section 8 below).

Where the GDPR or UK GDPR applies, we process your personal information only where we have a valid legal basis to do so. The table below maps each processing activity to its corresponding legal basis:

Processing Activity	Legal Basis	GDPR Article
Account creation and management	Performance of a contract	Art. 6(1)(b)
Delivery of training and educational services	Performance of a contract	Art. 6(1)(b)
Processing enrollments and payments	Performance of a contract	Art. 6(1)(b)
Customer support communications	Performance of a contract	Art. 6(1)(b)
Course schedule and service update notifications	Performance of a contract	Art. 6(1)(b)
Marketing and promotional communications	Consent	Art. 6(1)(a)
Website analytics and service improvement	Legitimate interests	Art. 6(1)(f)
Platform security and fraud detection	Legitimate interests	Art. 6(1)(f)
Automated grading, adaptive learning, and course recommendations	Legitimate interests	Art. 6(1)(f)
Compliance with legal obligations	Legal obligation	Art. 6(1)(c)
Cookie and tracking technologies (non-essential)	Consent	Art. 6(1)(a)

6.1 Legitimate Interests

Where we rely on legitimate interests as our legal basis under Article 6(1)(f), the specific interests we pursue are:

Service improvement: Analyzing usage patterns, course completion rates, and user feedback to improve training content, platform functionality, and user experience.
Platform security: Detecting, preventing, and responding to fraud, unauthorized access, and other security threats to protect our users and systems.
Personalization: Providing automated course recommendations and adaptive learning paths to enhance educational outcomes for students.

Before relying on legitimate interests, we conduct a balancing assessment to ensure our interests do not override your fundamental rights and freedoms. You have the right to object to processing based on legitimate interests at any time (see Section 13).

Where processing is based on your consent, you may withdraw consent at any time by contacting us at privacy@identitrain.com, using the unsubscribe link in any marketing email, or adjusting your cookie preferences through our cookie consent tool. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.

7. How We Use Personal Information

We use personal information for the following purposes:

Create and manage user accounts
Deliver training and educational services, including adaptive learning features
Process enrollments and payments
Provide customer support
Communicate course schedules, updates, and service-related notifications
Send marketing and promotional communications (with your consent)
Improve our website, training content, and Services
Generate automated course recommendations and adaptive learning paths
Automatically grade assessments and track learning progress
Maintain platform security
Detect fraud, abuse, or unauthorized access
Comply with legal obligations

We do not sell personal information.

8. Cookies and Tracking Technologies

Our websites may use cookies and similar technologies to improve user experience, maintain sessions, analyze website usage, and enhance security.

Prior consent required: Non-essential cookies (including analytics, marketing, and preference cookies) will not be placed on your device until you have provided affirmative, informed consent through our cookie consent tool. Pre-ticked boxes or continued browsing do not constitute valid consent.

Through our cookie consent tool, you may:

Accept or reject non-essential cookies before they are placed
Review the specific cookies used and their purposes
Manage and update your cookie preferences at any time
Withdraw consent at any time

Essential cookies: Cookies that are strictly necessary for the operation of our platform (such as session management, authentication, and security cookies) do not require consent and will remain enabled. These cookies are limited to what is technically necessary to provide the Services you have requested.

We may share personal information with the following categories of recipients:

Cloud hosting providers: Infrastructure services that store and process data on our behalf
Learning management system providers: Technology partners that power our training platform
Payment processors: Authorized third-party providers that process billing and payment transactions
Email and communication service providers: Services used to deliver transactional and marketing communications
Video conferencing providers: Platforms used to deliver live virtual training sessions
Analytics providers: Services used to analyze website usage and improve our Services
Legal or regulatory authorities: When disclosure is required by applicable law, regulation, legal process, or enforceable governmental request

All third-party service providers are contractually required to process personal data only on our instructions and to maintain appropriate technical and organizational security safeguards in accordance with Article 28 of the GDPR.

10. International Data Transfers

Identitrain is based in the United States and operates globally. Personal data collected from users in the European Economic Area (EEA), United Kingdom, or other jurisdictions may be transferred to and processed in the United States or other countries that may not have been deemed to provide an adequate level of data protection by the European Commission.

Where personal data is transferred outside the EEA or UK to a country that has not received an adequacy decision from the European Commission or UK Secretary of State, we implement appropriate safeguards, including:

Standard Contractual Clauses (SCCs): We use the European Commission’s Standard Contractual Clauses (adopted under Commission Implementing Decision (EU) 2021/914) as the primary transfer mechanism for EEA data transfers.
UK International Data Transfer Addendum: For transfers of UK personal data, we supplement SCCs with the UK International Data Transfer Addendum issued by the UK Information Commissioner’s Office.
Supplementary measures: We assess and implement supplementary technical and organizational measures where necessary, in line with the EDPB’s Recommendations 01/2020.

You may request a copy of the applicable Standard Contractual Clauses or other safeguards by contacting us at privacy@identitrain.com.

11. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including legal, regulatory, operational, and contractual requirements.

Typical retention periods include:

Active user accounts: Duration of account activity, plus a reasonable period to allow reactivation
Training and certification records: Up to 7 years, to support verification and regulatory requirements
Billing and financial records: Up to 7 years, in accordance with tax and financial regulations
Marketing preferences: Until consent is withdrawn
Security and audit logs: Typically 12 months

When information is no longer required, it is securely deleted or anonymized in accordance with our data retention procedures.

12. Security Measures

Identitrain implements reasonable technical, organizational, and administrative safeguards designed to protect personal information against unauthorized access, alteration, disclosure, or destruction.

Security measures include:

TLS/HTTPS encryption for data in transit
Encrypted password hashing (e.g., bcrypt or equivalent)
Role-based access controls
Security logging and monitoring
Limited personnel access on a need-to-know basis
Secure cloud hosting with industry-standard certifications
Vulnerability management and patching procedures
Regular security assessments

No system can be guaranteed to be completely secure. However, we take commercially reasonable steps to protect personal information and continuously evaluate and improve our security posture.

13. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

Right of access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of your data.
Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to erasure (Art. 17): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain situations, for example while we verify the accuracy of contested data.
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to object (Art. 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Absolute right to object to direct marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. Upon receiving such an objection, we will promptly cease all marketing processing.
Right to withdraw consent (Art. 7): Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Right not to be subject to automated decisions (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you. See Section 15 for details on our automated processing practices.

13.2 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data infringes applicable data protection law.

EU data subjects: You may file a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
UK data subjects: You may file a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/ or by calling +44 (0)303 123 1113.

13.3 How to Exercise Your Rights

To exercise any of the above rights, please submit a request to:

Email: privacy@identitrain.com

We will respond to your request without undue delay and in any event within one month of receipt. This period may be extended by two further months where necessary, taking into account the complexity and number of requests. We will inform you of any such extension within one month of receipt, together with the reasons for the delay.

We may require identity verification before fulfilling requests, to protect the security of your personal data.

14. California Privacy Rights

California residents may have additional rights under the CCPA and CPRA, including the right to:

Know what categories and specific pieces of personal information are collected about them
Request deletion of personal information
Correct inaccurate personal information
Opt out of the sale or sharing of personal information for cross-context behavioral advertising
Limit the use and disclosure of sensitive personal information
Non-discrimination for exercising their privacy rights

Identitrain does not sell personal information or share personal information for cross-context behavioral advertising.

California residents may submit requests by contacting us at privacy@identitrain.com.

15. Automated Decision-Making and Profiling

Identitrain uses certain automated processing features within our learning management platform. We are committed to transparency about how these systems work and how they may affect you.

15.1 Automated Grading and Scoring

Certain assessments, quizzes, and examinations within our platform are graded automatically based on predefined correct answers and scoring criteria. Automated grading evaluates your submitted responses against established answer keys and rubrics to produce scores and pass/fail determinations. These scores may affect your course completion status and certification eligibility.

Your rights: You have the right to request human review of any automated grading decision that significantly affects your certification or course completion status. To request a review, contact us at privacy@identitrain.com.

15.2 Adaptive Learning Paths

Our platform may adjust the sequence, difficulty, or focus of training materials based on your course progress, assessment performance, and learning patterns. This is designed to personalize your learning experience and improve educational outcomes. Adaptive learning does not produce decisions with legal effects but may influence the content and pacing of your training.

15.3 Course Recommendations

We may recommend courses or training programs based on your enrollment history, completion records, and areas of study. These recommendations are suggestions only and do not restrict your access to any available course or program.

None of these automated features produce decisions with legal effects or similarly significant effects on you as contemplated by Article 22(1) of the GDPR. However, if you believe an automated decision has significantly affected you, you may contact us at privacy@identitrain.com to request human intervention, express your point of view, and contest the decision.

16. Children’s Privacy

Identitrain Services are not directed toward children under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate verifiable parental consent.

We recognize that some EU Member States have set lower age thresholds for digital consent under GDPR Article 8 (ranging from 13 to 16 depending on the jurisdiction). Where a lower age threshold applies under local law, we will comply with that threshold.

If we become aware that personal information has been collected from a child without appropriate consent, we will take reasonable steps to delete it promptly. If you believe a child under the applicable age has provided us with personal information, please contact us at privacy@identitrain.com.

17. Data Breach Notification

Identitrain maintains incident response procedures designed to detect, investigate, and respond to personal data breaches.

In the event of a personal data breach:

Notification to supervisory authorities: Where a breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, in accordance with Article 33 of the GDPR.
Notification to affected individuals: Where a breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify affected individuals without undue delay, in accordance with Article 34 of the GDPR, describing the nature of the breach, likely consequences, and measures taken or proposed to address it.
Documentation: All breaches, regardless of severity, are documented internally, including the facts of the breach, its effects, and the remedial action taken.

18. Third-Party Websites

Our Services may contain links to third-party websites or services. Identitrain is not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review the privacy policies of any third-party websites you visit.

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, technology, or business operations.

Material changes: Where we make material changes that affect the way we process your personal data, we will notify you directly (for example, by email to the address associated with your account) in advance of the changes taking effect. Where a material change requires a new legal basis or fresh consent, we will obtain your consent before proceeding with the new processing.

Non-material changes: Minor updates (such as formatting, clarifications, or contact information updates) will be posted on our website with the updated effective date.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

20. Contact Information

Questions, requests, or concerns regarding this Privacy Policy or our privacy practices may be directed to:

General Privacy Inquiries: privacy@identitrain.com

Identitrain, Inc. 5450 Bruce B Downs Blvd #314 Wesley Chapel, FL 33544 USA

EU Data Protection Representative: privacy@identitrain.com

UK Data Protection Representative: privacy@identitrain.com

This Privacy Policy supersedes all prior privacy policy versions and applies to all users of Identitrain websites, applications, training platforms, and related Services.

Last updated: May 11, 2026

privacy

policy

legal

Identitrain Privacy Policy

Effective Date: May 11, 2026

Last Updated: May 11, 2026

1. Data Controller

The data controller responsible for the processing of your personal data is:

Identitrain, Inc. 5450 Bruce B Downs Blvd #314 Wesley Chapel, FL 33544 USA Email: privacy@identitrain.com Website: https://www.identitrain.com

2. Data Protection Officer

Identitrain Data Protection Officer Email: privacy@identitrain.com

3. EU and UK Representative

As Identitrain is established outside the European Union and the United Kingdom, we have designated a representative in accordance with Article 27 of the GDPR and Article 27 of the UK GDPR.

EU Representative

Identitrain EU Data Protection Representative Email: privacy@identitrain.com

UK Representative

Identitrain UK Data Protection Representative Email: privacy@identitrain.com

4. Information We Collect

We may collect the following categories of personal information:

First name and last name
Email address
User-selected screen name or username
Passwords (stored only in encrypted and hashed form)
Course enrollment, progress, and completion information
Assessment results and grades
Communications submitted through support requests or contact forms
Technical information such as IP address, browser type, device type, operating system, and log information
Cookie and analytics information
Payment and billing information processed through authorized third-party payment processors

4.1 Mandatory vs. Optional Data

5. How We Collect Information

We collect information directly from you when you:

Register for an account
Enroll in training or events
Contact us via support requests or contact forms
Subscribe to marketing or promotional communications
Participate in forums, labs, webinars, or virtual classes
Use our website or learning management systems

We may also collect limited technical information automatically through cookies and analytics technologies (see Section 8 below).

Processing Activity	Legal Basis	GDPR Article
Account creation and management	Performance of a contract	Art. 6(1)(b)
Delivery of training and educational services	Performance of a contract	Art. 6(1)(b)
Processing enrollments and payments	Performance of a contract	Art. 6(1)(b)
Customer support communications	Performance of a contract	Art. 6(1)(b)
Course schedule and service update notifications	Performance of a contract	Art. 6(1)(b)
Marketing and promotional communications	Consent	Art. 6(1)(a)
Website analytics and service improvement	Legitimate interests	Art. 6(1)(f)
Platform security and fraud detection	Legitimate interests	Art. 6(1)(f)
Automated grading, adaptive learning, and course recommendations	Legitimate interests	Art. 6(1)(f)
Compliance with legal obligations	Legal obligation	Art. 6(1)(c)
Cookie and tracking technologies (non-essential)	Consent	Art. 6(1)(a)

6.1 Legitimate Interests

Where we rely on legitimate interests as our legal basis under Article 6(1)(f), the specific interests we pursue are:

Service improvement: Analyzing usage patterns, course completion rates, and user feedback to improve training content, platform functionality, and user experience.
Platform security: Detecting, preventing, and responding to fraud, unauthorized access, and other security threats to protect our users and systems.
Personalization: Providing automated course recommendations and adaptive learning paths to enhance educational outcomes for students.

7. How We Use Personal Information

We use personal information for the following purposes:

Create and manage user accounts
Deliver training and educational services, including adaptive learning features
Process enrollments and payments
Provide customer support
Communicate course schedules, updates, and service-related notifications
Send marketing and promotional communications (with your consent)
Improve our website, training content, and Services
Generate automated course recommendations and adaptive learning paths
Automatically grade assessments and track learning progress
Maintain platform security
Detect fraud, abuse, or unauthorized access
Comply with legal obligations

We do not sell personal information.

8. Cookies and Tracking Technologies

Our websites may use cookies and similar technologies to improve user experience, maintain sessions, analyze website usage, and enhance security.

Through our cookie consent tool, you may:

Accept or reject non-essential cookies before they are placed
Review the specific cookies used and their purposes
Manage and update your cookie preferences at any time
Withdraw consent at any time

We may share personal information with the following categories of recipients:

Cloud hosting providers: Infrastructure services that store and process data on our behalf
Learning management system providers: Technology partners that power our training platform
Payment processors: Authorized third-party providers that process billing and payment transactions
Email and communication service providers: Services used to deliver transactional and marketing communications
Video conferencing providers: Platforms used to deliver live virtual training sessions
Analytics providers: Services used to analyze website usage and improve our Services
Legal or regulatory authorities: When disclosure is required by applicable law, regulation, legal process, or enforceable governmental request

10. International Data Transfers

Standard Contractual Clauses (SCCs): We use the European Commission’s Standard Contractual Clauses (adopted under Commission Implementing Decision (EU) 2021/914) as the primary transfer mechanism for EEA data transfers.
UK International Data Transfer Addendum: For transfers of UK personal data, we supplement SCCs with the UK International Data Transfer Addendum issued by the UK Information Commissioner’s Office.
Supplementary measures: We assess and implement supplementary technical and organizational measures where necessary, in line with the EDPB’s Recommendations 01/2020.

You may request a copy of the applicable Standard Contractual Clauses or other safeguards by contacting us at privacy@identitrain.com.

11. Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, including legal, regulatory, operational, and contractual requirements.

Typical retention periods include:

Active user accounts: Duration of account activity, plus a reasonable period to allow reactivation
Training and certification records: Up to 7 years, to support verification and regulatory requirements
Billing and financial records: Up to 7 years, in accordance with tax and financial regulations
Marketing preferences: Until consent is withdrawn
Security and audit logs: Typically 12 months

When information is no longer required, it is securely deleted or anonymized in accordance with our data retention procedures.

12. Security Measures

Security measures include:

TLS/HTTPS encryption for data in transit
Encrypted password hashing (e.g., bcrypt or equivalent)
Role-based access controls
Security logging and monitoring
Limited personnel access on a need-to-know basis
Secure cloud hosting with industry-standard certifications
Vulnerability management and patching procedures
Regular security assessments

No system can be guaranteed to be completely secure. However, we take commercially reasonable steps to protect personal information and continuously evaluate and improve our security posture.

13. Your Privacy Rights

Depending on your location and applicable law, you may have the following rights regarding your personal data:

Right of access (Art. 15): You have the right to obtain confirmation of whether we process your personal data and to request a copy of your data.
Right to rectification (Art. 16): You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to erasure (Art. 17): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.
Right to restriction of processing (Art. 18): You have the right to request that we restrict the processing of your personal data in certain situations, for example while we verify the accuracy of contested data.
Right to data portability (Art. 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller.
Right to object (Art. 21): You have the right to object to the processing of your personal data where we rely on legitimate interests as the legal basis. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, and freedoms.
Absolute right to object to direct marketing: You have an absolute right to object to the processing of your personal data for direct marketing purposes at any time. Upon receiving such an objection, we will promptly cease all marketing processing.
Right to withdraw consent (Art. 7): Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
Right not to be subject to automated decisions (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects you. See Section 15 for details on our automated processing practices.

13.2 Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority if you believe our processing of your personal data infringes applicable data protection law.

EU data subjects: You may file a complaint with the supervisory authority in your country of habitual residence, place of work, or place of the alleged infringement. A list of EU supervisory authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
UK data subjects: You may file a complaint with the UK Information Commissioner’s Office (ICO) at https://ico.org.uk/make-a-complaint/ or by calling +44 (0)303 123 1113.

13.3 How to Exercise Your Rights

To exercise any of the above rights, please submit a request to:

Email: privacy@identitrain.com

We may require identity verification before fulfilling requests, to protect the security of your personal data.

14. California Privacy Rights

California residents may have additional rights under the CCPA and CPRA, including the right to:

Know what categories and specific pieces of personal information are collected about them
Request deletion of personal information
Correct inaccurate personal information
Opt out of the sale or sharing of personal information for cross-context behavioral advertising
Limit the use and disclosure of sensitive personal information
Non-discrimination for exercising their privacy rights

Identitrain does not sell personal information or share personal information for cross-context behavioral advertising.

California residents may submit requests by contacting us at privacy@identitrain.com.

15. Automated Decision-Making and Profiling

Identitrain uses certain automated processing features within our learning management platform. We are committed to transparency about how these systems work and how they may affect you.

15.1 Automated Grading and Scoring

15.2 Adaptive Learning Paths

15.3 Course Recommendations

16. Children’s Privacy

Identitrain Services are not directed toward children under the age of 16. We do not knowingly collect personal information from children under 16 without appropriate verifiable parental consent.

17. Data Breach Notification

Identitrain maintains incident response procedures designed to detect, investigate, and respond to personal data breaches.

In the event of a personal data breach:

Notification to supervisory authorities: Where a breach is likely to result in a risk to the rights and freedoms of natural persons, we will notify the relevant supervisory authority without undue delay and, where feasible, no later than 72 hours after becoming aware of the breach, in accordance with Article 33 of the GDPR.
Notification to affected individuals: Where a breach is likely to result in a high risk to the rights and freedoms of natural persons, we will notify affected individuals without undue delay, in accordance with Article 34 of the GDPR, describing the nature of the breach, likely consequences, and measures taken or proposed to address it.
Documentation: All breaches, regardless of severity, are documented internally, including the facts of the breach, its effects, and the remedial action taken.

18. Third-Party Websites

19. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, technology, or business operations.

Non-material changes: Minor updates (such as formatting, clarifications, or contact information updates) will be posted on our website with the updated effective date.

We encourage you to review this Privacy Policy periodically to stay informed about our data practices.

20. Contact Information

Questions, requests, or concerns regarding this Privacy Policy or our privacy practices may be directed to:

General Privacy Inquiries: privacy@identitrain.com

Identitrain, Inc. 5450 Bruce B Downs Blvd #314 Wesley Chapel, FL 33544 USA

EU Data Protection Representative: privacy@identitrain.com

UK Data Protection Representative: privacy@identitrain.com

This Privacy Policy supersedes all prior privacy policy versions and applies to all users of Identitrain websites, applications, training platforms, and related Services.

Last updated: May 11, 2026

privacy

policy

legal

Identitrain Privacy Policy

1. Data Controller

2. Data Protection Officer

3. EU and UK Representative

EU Representative

UK Representative

4. Information We Collect

4.1 Mandatory vs. Optional Data

5. How We Collect Information

6. Legal Basis for Processing (GDPR)

6.1 Legitimate Interests

6.2 Withdrawal of Consent

7. How We Use Personal Information

8. Cookies and Tracking Technologies

9. Sharing of Information

10. International Data Transfers

11. Data Retention

12. Security Measures

13. Your Privacy Rights

13.1 Rights Under GDPR and UK GDPR

13.2 Right to Lodge a Complaint

13.3 How to Exercise Your Rights

14. California Privacy Rights

15. Automated Decision-Making and Profiling

15.1 Automated Grading and Scoring

15.2 Adaptive Learning Paths

15.3 Course Recommendations

16. Children’s Privacy

17. Data Breach Notification

18. Third-Party Websites

19. Changes to This Privacy Policy

20. Contact Information

Identitrain Privacy Policy

1. Data Controller

2. Data Protection Officer

3. EU and UK Representative

EU Representative

UK Representative

4. Information We Collect

4.1 Mandatory vs. Optional Data

5. How We Collect Information

6. Legal Basis for Processing (GDPR)

6.1 Legitimate Interests

6.2 Withdrawal of Consent

7. How We Use Personal Information

8. Cookies and Tracking Technologies

9. Sharing of Information

10. International Data Transfers

11. Data Retention

12. Security Measures

13. Your Privacy Rights

13.1 Rights Under GDPR and UK GDPR

13.2 Right to Lodge a Complaint

13.3 How to Exercise Your Rights

14. California Privacy Rights

15. Automated Decision-Making and Profiling

15.1 Automated Grading and Scoring

15.2 Adaptive Learning Paths

15.3 Course Recommendations

16. Children’s Privacy

17. Data Breach Notification

18. Third-Party Websites

19. Changes to This Privacy Policy

20. Contact Information