2. Privacy Notice
This Privacy Notice sets out how we may use, process and store your personally identifiable information (PII) such as name, email, address, mobile no., country etc.. We may get that information from you or our partners, through contracts or other legal arrangements you have with us or our partners on behalf of us, in order to deliver contractual/legal obligations. In other cases, we will get that information from you with your permission and consent, or we may receive your personal information from third parties who you have given consent to pass this information on to us.
We may collect information from you because we have valid reason (allowed by law or under contract) to collect the information, or because you have consented for us to do so for a specific purpose.
3. Information Provided
You may give us information about you with your consent, for example:
- Through Contractual agreements
- By filling in a form or sending us an e-mail
- Marketing responses
This information may be personal, financial, business or related to your contractual history with us. You may give us information for legal reasons, such as to enter into a contract with us, when you are buying goods or services from us, or when you are considering these options.
Information we collect about you
If you visit our website or member communities, support forums we may automatically collect information about you, for example:
- Technical information
- IP addresses
- Information about what type of device you use to connect to our website
- How you interact with our website.
Information we receive from other sources
We may receive information about you if you use any of the other websites we operate, any other services we provide, or from our business partners instructed to collect information on our behalf.
We also work with third parties, including, for example, business partners, sub-contractors in technical, payment and may receive information about you from them as part of the service we provide you, to fulfill the requirements of such services.
4. How We Use Information We Collect
We never sell personal information
We will never sell your Personal Information to any third party without your prior consent.
Use of personal information
We will also use the information collected through our Service by our customers for the following purposes: (a) to provide the Service (which may include the detection, prevention and resolution of security and technical issues); (b) to respond to customer support requests; and (c) otherwise to fulfil the obligations under the EC-Council Terms of Service.
Customer testimonials and comments
We post customer testimonials and comments on our Websites, which may contain Personal Information. We obtain each customer's consent prior to posting the customer's name and testimonial.
Use of credit card information
If you give us credit card information, we use it solely to check your financial qualifications and collect payment from you. We use a third-party service provider to manage credit card processing. This service provider is not permitted to store, retain, or use information you provide except for the sole purpose of credit card processing on our behalf.
We employ other companies and people to provide services to visitors to our Website, our customers, and users of the Service and may need to share your information with them to provide information, products or services to you. Examples may include removing repetitive information from prospect lists, analyzing data, providing marketing assistance, processing credit card payments, supplementing the information you provide us in order to provide you with better service, and providing customer service. In all cases where we share your information with such agents, we explicitly require the agent to acknowledge and adhere to our privacy and customer data handling policies.
Security of your personal information
We use a variety of security technologies and procedures to help protect your Personal Information from unauthorized access, use or disclosure. We secure the Personal Information you provide on computer servers in a controlled, secure environment, protected from unauthorized access, use or disclosure. When sensitive Personal Information (such as a credit card number and/or geo-location data) is collected on our Websites and/or transmitted to other websites, it is protected through the use of encryption, such as the Secure Socket Layer (SSL) protocol.
If you have any questions about the security of your Personal Information, you can contact us at [email protected]
Social media features
We offer publicly accessible message boards, blogs, and community forums. Please keep in mind that if you directly disclose any information through our public message boards, blogs, or forums, this information may be collected and used by others. We will correct or delete any information you have posted on the Websites if you so request, as described in "Opting Out and Unsubscribing" below.
Retention of personal information
We retain personal information that you provide us as long as we consider it potentially useful in contacting you about our services, or as needed to comply with our legal obligations, resolve disputes and enforce our agreements, and then we securely delete the information. We will delete this information from the servers at an earlier date if you so request, as described in "Opting Out and Unsubscribing" below. If you provide information to our customers as part of their use of the Service, our customers decide how long to retain the personal information they collect from you. After termination of the Service, we may, unless legally prohibited and/or otherwise required, delete all customer information, including your Personal Information, from the Service.
We reserve the right to use or disclose your personal information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with court order, or legal or administrative process.
5. Navigational Information
We use "cookies" to help you personalize your online experience. A cookie is a text file that is placed on your hard disk by a Web server. Cookies are not used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by a Web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the Web server that you have returned to a specific page. For example, if you personalize pages on our Websites, or register for the Service, a cookie helps us to recall your specific information on subsequent visits. When you return to the same Website, the information you previously provided can be retrieved, so you can easily use the customized features.
You have the ability to accept or decline cookies. Most Web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. If you choose to decline cookies, you may not be able to fully experience the interactive features of the Website you visit. We keep track of the Websites and pages you visit within Website, in order to determine what portion of the Website is the most popular or most used. This data is used to deliver customized content and promotions within the Website and Service Portal to customers whose behavior indicates that they are interested in a particular subject area.
We may collect demographic information, such as your post code, age, gender, preferences, interests and favorites using log files that are not associated with your name or other personal information.
There is also information about your computer hardware and software that is automatically collected by us. This information can include: your IP address, browser type, domain names, internet service provider (ISP), the files viewed on our site (e.g., HTML pages, graphics, etc.), operating system, clickstream data, access times and referring website addresses. This information is used by us to maintain the quality of the Service, and to provide general statistics regarding use of the Website. For these purposes, we do link this automatically collected data to Personal Information such as name, email address, address, and phone number.
6. Information We Collect
When you visit our websites
You are free to explore the Websites without providing any Personal Information about yourself. When you visit the Websites or register for the email Subscription Service, we request that you provide Personal Information about yourself, and we collect Navigational Information.
When you use our mobile application
We use website analytics software to allow us to better understand the functionality of our website. This software may record information such as how often you use the site, the events that occur within the website, aggregated usage, performance data, and where the website was visited from. Additional information we may collect on our Website includes your city location, device model and version, your device identifier (or “UDID”) and OS version. We may link information we store within the analytics software to Personal Information you submit within the service portal or website. We do this to improve services we offer you and improve our marketing, analytics and site functionality.
This refers to any information that you voluntarily submit to us and that identifies you personally, including contact information, such as your name, e-mail address, company name, address, phone number, and other information about yourself or your business. Personal Information can also include information about any transactions, both free and paid, that you enter into on the Websites, and information about you that is available on the internet, such as from Facebook, LinkedIn, Twitter and Google, or publicly available information that we acquire from service providers.
We collect and process payment information from you when you subscribe to or purchase any of our services, including credit cards numbers and billing information, using third party PCI-compliant service providers. Except for this, we do not collect Sensitive Information from you.
Information about children
The Websites are not intended for or targeted at children under 13, and we do not knowingly or intentionally collect information about children under 13. If you believe that we have collected information about a child under 13, please contact us at [email protected] , so that we may delete the information.
Why do we collect Personal Identifiable Information (PII)?
We collect PII for some or all of following reasons:
- To provide services and support to you after you have entered into a contract
- To provide information about products or services you have shown interest in, if you are already an existing EC-Council and/or its Affiliates’ customer
- To provide information to you about products or services you have purchased from us, or related products or services
- To provide goods or services to you under contract
- For legal reasons, for example, if you have entered into a contract with us
- To provide information to you about our products and services if you have consented to receive it.
What legal basis does we have for processing PII?
We may process your information because:
- We have a contract with you
- You have given us permission to do so
- We must provide services to you after you have purchased something from us
- To comply with the law.
Who might we share PII information with?
We may share your personal information with third parties, either because you have consented to allow us to do so or for fulfilling the service or internally with our Affiliates and/or subsidiaries. For example, we may share your personal information with:
- Sub-contractors and third parties for the purpose of providing or continuing to provide the products and services we are contracted to
- With third parties because you have given consent
- We must comply with a legal obligation
- To protect the rights, property, or safety of our and, our customers or others
- We will exchange information with other companies or organizations to prevent fraud or to reduce our credit risks.
You may receive emails from us including our Affiliates and subsidiaries for the purpose of promotion of our products and/or services or for certification exercises such as Exam Beta Testing, Item Writing exercise, Job task analysis surveys etc.
Transmission and storage of personal data
We primarily store and process PII data electronically. Our employees follow strict protocols in terms of handling and processing data.
How long is PII retained?
We will not retain PII for longer than required and we will keep this:
- For as long as required by law
- Until we no longer have a valid reason for keeping it
- Until you request us to stop using it i.e. Right to Erasure
The company has an information retention procedure and schedule, which is monitored and complied with.
7. Your Rights
We will respect individual’s legal rights to their data. These covers:
- The right to be informed - We are publishing this Privacy Notice to keep you informed as to what we do with your personal information. We strive to be transparent about how we use PII.
- The right to access - the right to access your information. Contact us if you wish to access the personal information that we hold for you.
- The right to rectification - if the information we hold about you is inaccurate or not complete, you have the right to ask us to rectify it. If that data has been passed to a third party with your consent or for legal reasons, then we must also ask them to rectify the data.
- The right to erasure - sometimes referred to as ‘the right to be forgotten’. If you want us to erase all your personal data and we do not have a legal reason to continue to process and hold it, please contact us.
- The right to restrict processing - you have the right to ask us to restrict how we process your data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect your request in the future.
- The right to data portability - we must allow you to obtain and reuse your personal data for your own purposes across services in a safe and secure way without this effecting the usability of your data. The data must be held by us by consent or for the performance of a contract.
- The right to object – Data Subjects have the right to object to our processing their data even if it is based on our legitimate interests.
- The right to withdraw consent - If you have given us your consent to process your data but change your mind later, you have the right to withdraw your consent at any time, and we will stop processing your data.
- The right to complain to a higher body - data subjects have the right to complain to our Data Privacy Officer if they feel that we are not meeting its obligations in terms of GDPR or has not responded to their requests to solve a problem. Contact details here: [email protected]
8. Opting Out and Unsubscribing
Reviewing, correcting and removing your Personal Information
Upon request, we will provide you with information about whether we hold any of your Personal Information. If you provide us with your Personal Information, you have the following rights with respect to that information:
- To review the user information that you have supplied to us
- To request that we correct any errors, outdated information, or omissions in user information that you have supplied to us
- To request that your user information not be used to contact you
- To request that your user information be removed from any solicitation list that we use
- To request that your user information be deleted from our records
- To opt out of being solicited by us or third parties
To unsubscribe from our communications
You may unsubscribe from our marketing communications by clicking on the "unsubscribe" link located on the bottom of our e-mails, or by sending us email us at [email protected], Customers cannot opt out of receiving transactional emails related to their account with us or our Services.
9. Links to Other Websites
From time to time, our website may contain links to and from websites of our partner networks, advertisers, social media sites etc. If you follow a link to any of these websites, please note that these websites may have their own privacy notices and that we do not accept any responsibility or liability for any such notices. Please check these notices, where available, before you submit any personal data to these websites.
10. Retention and Destruction Policy
This Document Retention and Destruction Policy (Policy) provides for the systematic review, retention and destruction of documents received or created by us in connection with the transaction of its business. This Policy covers all records and documents, regardless of physical form (including electronic documents), contains guidelines for how long certain documents should be kept and how records should be destroyed. The Policy is designed to ensure compliance with federal and state laws and regulations, to eliminate accidental or innocent destruction of records and to facilitate our operations by promoting efficiency and freeing up valuable storage space.
II. Document Retention
We follow the document retention procedures outlined below. Documents that are not listed but are substantially similar to those listed in the schedule will be retained for the appropriate length of time.
III. Customer Records
We retain customer records for the purpose of certification record and/or otherwise as long as it is legally required or due to business requirement. We follow document retention policy as long as we retain your PII for above-mentioned purpose.
IV. Electronic Documents and Records
Electronic documents will be retained as if they were paper documents. Therefore, any electronic files, including records of donations made online, that fall into one of the document types on the above schedule will be maintained for the appropriate amount of time. If a user has sufficient reason to keep an email message, it should be kept in the appropriate file or moved to an “archive” computer file folder. Backup and recovery methods will be tested on a regular basis.
V. Emergency Planning
The Organization’s records will be stored in a safe, secure and accessible manner. Documents and financial files that are essential to keeping the Organization operating in an emergency will be duplicated or backed up at least every week and maintained off site.
VI. Document Destruction
EC-Council is responsible for the ongoing process of identifying its records, which have met the required retention period and overseeing their destruction. Destruction of financial and personnel-related documents will be accomplished by shredding if such information are held on physical files.
EC-Council also performs periodic destruction process for financial and personnel-related documents when such information is stored in electronic media. We may destroy in any of the following manners based on the kind of device used to store such data:
- 1. Physical Destruction
- 2. Overwriting
- 3. File deletion
- 4. Media formatting
Document destruction will be suspended immediately, upon any indication of an official investigation orhen a lawsuit is filed or appears imminent. Destruction will be reinstated upon conclusion of the investigation.
Failure on the part of employees or contract staff to follow this policy can result in possible civil and criminal sanctions against the Organization and its employees or contract staff and possible disciplinary action against responsible individuals. The Treasurer will periodically review these procedures with legal counsel or the organization’s certified public accountant to ensure that they are in compliance with new or revised regulations.
11. Changes to Our Privacy Notice