Employee-Only Access Notice

This system is exclusively for authorized OpenMysteria employees and contains intentional security vulnerabilities for training purposes. Unauthorized access by non-employees is strictly prohibited and may result in legal action.

Effective Date: September 18, 2025

Last Updated: September 18, 2025

1. Employee Information We Collect

When you use the OpenMysteria Employee Portal as an authorized employee, we may collect the following types of information:

• Employee Account Information: Username, employee ID, name, department, job title, telephone number, and business address
• Training Support Tickets: Practice issue descriptions, urgency levels, and training correspondence
• Internal Vulnerability Reports: Security findings submitted by employees, contact information, and technical details
• System Access Logs: Employee access logs, IP addresses, browser information, and training session usage patterns
• Authentication Data: Login timestamps, session information, and access control records
• Training Progress: Completion status, assessment scores, and learning module interactions

2. How We Use Employee Information

We use the collected employee information for the following internal purposes:

• Providing and maintaining internal training portal services for employees
• Processing and managing training support tickets and exercises
• Managing employee accounts and training access permissions
• Investigating and addressing internal security training scenarios
• Improving our employee training programs and security awareness initiatives
• Complying with company policies, legal obligations, and security requirements
• Monitoring employee training progress and competency development
• Ensuring appropriate access controls and preventing unauthorized usage

3. Internal Information Sharing and Disclosure

We do not sell, trade, or rent employee information to external parties. Employee information may be shared internally in the following circumstances:

• Internal Training Teams: With authorized HR, IT, and Security personnel for training administration and support
• Management Reporting: Aggregated training progress and completion reports to department managers
• Legal and Compliance Requirements: When required by law, regulation, or legal process
• Security Incident Response: To investigate and respond to internal security threats or policy violations
• Employee Relations: For disciplinary actions or performance management related to training compliance
• Business Continuity: In connection with internal reorganizations or department transfers

External Disclosure: Employee training information will only be shared with external parties when legally required or with explicit employee consent.

4. Data Security

Educational Limitation: This system intentionally contains security vulnerabilities for training purposes. In a production environment, we would implement:

• Encryption of data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication mechanisms
• Monitoring and incident response procedures
• Regular security updates and patch management

5. Employee Data Retention

We retain employee training information for as long as necessary to:

• Provide ongoing training services and employee development support
• Comply with company policies, legal and regulatory requirements
• Maintain training records for compliance and audit purposes
• Resolve employee relations issues and enforce company policies
• Maintain security and fraud prevention records

Training tickets and exercise data are typically retained for 7 years for compliance purposes. Employee account information is maintained during active employment and for 3 years post-termination as required by company policy.

6. Employee Rights and Access

As an OpenMysteria employee, you have the following rights regarding your training information:

• Access: Request copies of your training records and portal activity
• Rectification: Request correction of inaccurate employee information
• Training History: Access your training completion records and progress reports
• Account Management: Update your employee profile information
• Data Concerns: Raise concerns about data handling with HR or IT Security

Note: Some rights may be limited by employment obligations, company policies, and legal requirements for record retention.

7. Cookies and Tracking

Our portal uses the following types of cookies:

• Essential Cookies: Required for authentication and security
• Functional Cookies: Remember your preferences and settings
• Analytics Cookies: Help us understand usage patterns

You can manage cookie preferences through your browser settings.

8. Third-Party Services

Our portal may integrate with third-party services for:

• Cloud hosting and infrastructure (AWS)
• Database management and backup services
• Monitoring and analytics tools
• Security scanning and vulnerability assessment

9. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for such transfers in accordance with applicable data protection laws.

10. Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children.

11. Changes to This Privacy Statement

We may update this privacy statement periodically. We will notify users of material changes through:

• Email notifications to registered users
• Prominent notices on the portal
• Updated effective dates on this page

12. Contact Information

For questions about this privacy statement or our data practices, please contact: