ControlCase

IT Certifications, Continuous Compliance and Cybersecurity Services Provider

You are here: Home / Privacy Statement (UK)

This privacy statement was last updated on July 10, 2025 and applies to citizens and legal permanent residents of the United Kingdom.

In this privacy statement, we explain what we do with the data we obtain about you via https://www.controlcase.com. We recommend you carefully read this statement. In our processing we comply with the requirements of privacy legislation. That means, among other things, that:

  • we clearly state the purposes for which we process personal data. We do this by means of this privacy statement;
  • we aim to limit our collection of personal data to only the personal data required for legitimate purposes;
  • we first request your explicit consent to process your personal data in cases requiring your consent;
  • we take appropriate security measures to protect your personal data and also require this from parties that process personal data on our behalf;
  • we respect your right to access your personal data or have it corrected or deleted, at your request.

If you have any questions, or want to know exactly what data we keep of you, please contact us.

1. Purpose, data and retention period

We may collect or receive personal information for a number of purposes connected with our business operations which may include the following: (click to expand)

1.1 Contact - Through phone, mail, email and/or webforms

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

1.2 Newsletters

For this purpose we use the following data:

  • Account name or alias
  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • A telephone number
  • An email address
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

1.3 To support services or products that a customer wants to buy or has purchased

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

1.4 Registering an account

For this purpose we use the following data:

  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • A first and last name
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

1.5 Compiling and analyzing statistics for website improvement.

For this purpose we use the following data:

  • A first and last name
  • A home or other physical address, including street name and name of a city or town
  • Account name or alias
  • An email address
  • A telephone number
  • IP Address
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • Geolocation data

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

1.6 To be able to offer personalized products and services

For this purpose we use the following data:

  • A first and last name
  • Account name or alias
  • A home or other physical address, including street name and name of a city or town
  • An email address
  • A telephone number
  • Internet activity information, including, but not limited to, browsing history, search history, and information regarding a consumer's interaction with an Internet Web site, application, or advertisement
  • IP Address

The basis on which we may process these data is:

Upon the provision of consent.

Retention period

We determine the retention period according to fixed objective criteria: As per the data retention requirements specific to each country.

2. Cookies

Our website uses cookies. For more information about cookies, please refer to our Cookie Policy

3. Disclosure practices

We disclose personal information if we are required by law or by a court order, in response to a law enforcement agency, to the extent permitted under other provisions of law, to provide information, or for an investigation on a matter related to public safety.

If our website or organisation is taken over, sold, or involved in a merger or acquisition, your details may be disclosed to our advisers and any prospective purchasers and will be passed on to the new owners.

We have concluded a data processing agreement with Google.

Google may not use the data for any other Google services.

The inclusion of full IP addresses is blocked by us.

4. Security

We are committed to the security of personal data. We take appropriate security measures to limit abuse of and unauthorised access to personal data. This ensures that only the necessary persons have access to your data, that access to the data is protected, and that our security measures are regularly reviewed.

5. Third-party websites

This privacy statement does not apply to third-party websites connected by links on our website. We cannot guarantee that these third parties handle your personal data in a reliable or secure manner. We recommend you read the privacy statements of these websites prior to making use of these websites.

6. Amendments to this privacy statement

We reserve the right to make amendments to this privacy statement. It is recommended that you consult this privacy statement regularly in order to be aware of any changes. In addition, we will actively inform you wherever possible.

7. Accessing and modifying your data

If you have any questions or want to know which personal data we have about you, please contact us. You can contact us by using the information below. You have the following rights:

  • You have the right to know why your personal data is needed, what will happen to it, and how long it will be retained for.
  • Right of access: You have the right to access your personal data that is known to us.
  • Right to rectification: you have the right to supplement, correct, have deleted or blocked your personal data whenever you wish.
  • If you give us your consent to process your data, you have the right to revoke that consent and to have your personal data deleted.
  • Right to transfer your data: you have the right to request all your personal data from the controller and transfer it in its entirety to another controller.
  • Right to object: you may object to the processing of your data. We comply with this, unless there are justified grounds for processing.

Please make sure to always clearly state who you are, so that we can be certain that we do not modify or delete any data of the wrong person.

8. Submitting a complaint

If you are not satisfied with the way in which we handle (a complaint about) the processing of your personal data, you have the right to submit a complaint to the Information Commissioner's Office:


Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF


Jersey Office of The Information Commissioner
2nd Floor 5 Castle Street
St. Helier
Jersey
JE2 3BT


St Martin’s House
Le Bordage
St. Peter Port
Guernsey
GY1 1BR

9. Children

Our website is not designed to attract children and it is not our intent to collect personal data from children under the age of consent in their country of residence. We therefore request that children under the age of consent do not submit any personal data to us.

10. Contact details

ControlCase
Fifty West Corporate Center, 3975 Fair Ridge Drive, Suite D T25s, Fairfax, VA 22033
United States
Website: https://www.controlcase.com
Email: privacy@controlcase.com
Phone number: +1-703-483-6383

We have appointed a representative within the United Kingdom. If you have any questions or requests with respect to this privacy statement or for our representative, you may contact Ashish Kirtikar, via akirtikar@controlcase.com, or by telephone on .

Annex

WPML

WPML uses cookies to identify the visitor’s current language, the last visited language and the language of users who have logged in.

While you use the plugin, WPML will share data regarding the site through Installer. No data from the user itself will be shared.

Solid Security

What personal data we collect and why we collect it

Cookies

Suggested text: A cookie named “itsec_interstitial_browser” is created to track a user’s login process to implement enhanced security features.

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: This site is scanned for potential malware and vulnerabilities by the SolidWP Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

How long we retain your data

Suggested text: Backups of security log details are retained for 30 days.

Database backups are sent via email. You may need to note what the retention policy is of those emails.

Note that you may be required by some regulations to ensure that past personal data erasure requests are respected even in the event of restoring a backup of the site. You may need to set up an internal policy to ensure that previous personal data erasure requests are respected after restoring a database backup.

Suggested text: Security logs are retained for 60 days.

Where we send your data

Database backups are sent via email. Depending on who hosts your email and your site's compliance needs, you may need to note that this information is sent to that host and link to their privacy policy.

LearnDash LMS

This sample language includes the basics around what personal data your LMS may be collecting, storing and sharing, as well as who may have access to that data. Depending on what settings are enabled and which additional plugins are used, the specific information shared by your site will vary. We recommend consulting with a lawyer when deciding what information to disclose on your privacy policy.
We collect information about you during the course purchase process (PayPal, Stripe, and/or 2Checkout), as well as information relating to your course progression and quiz performance.

What we collect and store

When you purchase from us, we’ll ask you to provide email address. We’ll use this information for purposes, such as, to:

--Send you information about your account and order

--Create your account for our LMS

If you register a free account then we will store your email address.

We store information about you for as long as your account exists.

We store course progress, including completion status, quiz scores, assignments and/or essay submissions (if applicable).

We will also store comments on courses, lessons, topics, assignments, and essays if you choose to leave them.

Who on our team has access

Members of our team have access to the information you provide us. For example, both Administrators and Group Leaders can access:

--Order information such as your enrolled courses, course progress and username / email address.

Any additional information added in your WordPress User Profile can also be visible to the administrator(s).

What we share with others

In this section you should list who you’re sharing data with, and for what purpose. This could include, but may not be limited to, analytics/reporting tools, marketing services (such as email services like MailChimp), payment gateways, gamification programs, and third party embeds.

We share information with third parties who help us provide our orders and store services to you; for example – [insert third party platforms and short description of their purpose]

Payments

In this subsection you should list which third party payment processors you’re using to take payments on your store since these may handle customer data. We’ve included PayPal below as an example, but you should remove any of these if they are not in use on your site.

We accept payments through PayPal. When processing payments, some of your data will be passed to PayPal, including information required to process or support the payment, such as the purchase total and billing information.

Please see the PayPal Privacy Policy for more details.

WPML Media Translation

WPML Media Translation will send the email address and name of each manager and assigned translator as well as the content itself to Advanced Translation Editor and to the translation services which are used.

WPML Translation Management

WPML Translation Management will send the email address and name of each manager and assigned translator as well as the content itself to Advanced Translation Editor and to the translation services which are used.

WPML String Translation

WPML String Translation will send all strings to WPML’s Advanced Translation Editor and to the translation services which are used.

WPML

WPML uses cookies to identify the visitor’s current language, the last visited language and the language of users who have logged in.

While you use the plugin, WPML will share data regarding the site through Installer. No data from the user itself will be shared.

Solid Security

What personal data we collect and why we collect it

Cookies

Suggested text: A cookie named “itsec_interstitial_browser” is created to track a user’s login process to implement enhanced security features.

Security Logs

Suggested text: The IP address of visitors, user ID of logged in users, and username of login attempts are conditionally logged to check for malicious activity and to protect the site from specific kinds of attacks. Examples of conditions when logging occurs include login attempts, log out requests, requests for suspicious URLs, changes to site content, and password updates. This information is retained for 60 days.

Who we share your data with

Suggested text: This site is scanned for potential malware and vulnerabilities by the SolidWP Site Scanner. We do not send personal information to the scanner; however, the scanner could find personal information posted publicly (such as in comments) during the scan.

How long we retain your data

Suggested text: Backups of security log details are retained for 30 days.

Database backups are sent via email. You may need to note what the retention policy is of those emails.

Note that you may be required by some regulations to ensure that past personal data erasure requests are respected even in the event of restoring a backup of the site. You may need to set up an internal policy to ensure that previous personal data erasure requests are respected after restoring a database backup.

Suggested text: Security logs are retained for 60 days.

Where we send your data

Database backups are sent via email. Depending on who hosts your email and your site's compliance needs, you may need to note that this information is sent to that host and link to their privacy policy.