What type of personal information do we gather?
EC-Council collects certain personal information about you during your relationship with us. EC-Council, through various web-platforms that help our members to register, reset passwords, get training, partner with us, etc. collects personally identifiable information/personal information that may include:
Contact information. We might collect your name, e-mail, home or work addresses, telephone numbers, organization names, etc.
Payment and billing information. We might collect your billing name, billing address, the legal age as permitted by your country of origin/residency and as per the payment method used by you. We NEVER collect your credit card number or credit card expiry date or other details pertaining to your credit card on our website. We will not be storing any Bank related information on our records and none of our employees will hold or be exposed to this information.
Information you post. We collect information you post in a public space on our website or on a third-party social media page of EC-Council.
Demographic information. We may collect anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests, favorites, or any other information provided by you during the use of our website. We might collect this as a part of a survey also.
Other information. . If you use our website, we may collect information about your IP address and the browser you’re using. This may also include interactions through our website, training centers, meetings with our representatives and representatives from our authorized partners and other third parties or the duration of time spent on our website.
EC-Council does not collect, use, or disclose sensitive personal information, such as race, religion, health information or political affiliations without your explicit consent.
Minor’s Online Privacy
Where do we collect Personal Information about you?
We collect information in different ways.
We collect information directly from you. We collect information directly from you when you register or partner with us. You may choose to apply for specific information or services on topics such as products, training, white papers, brochures, etc. which may require you to fill out forms and share your personal information. This information is irrespective of your membership. EC-Council asks you to allow representatives of EC-Council to contact you for the purpose asked.
EC-Council may collect different data from or about you depending on how you use EC-Council Services. When you create an account and use our Services, including through a third-party platform, we collect any data you provide directly, including, but not limited to data about your accounts on other Services.
We collect information from you passively. We receive and store certain types of information whenever you interact with us. We use browser cookies and web beacons, for collecting information about your usage of our website or any of our subdomains, advertisements, and other content served by or on behalf of EC-Council on other websites. We may use this information for internal analysis and to provide you with location-based services, such as advertising, search results, and other personalized content.
To help us make our emails communication more useful and interesting, we often receive a confirmation when you open email from EC-Council, if your computer supports such capabilities. If you do not want to receive e-mail or other mail from us, please edit your customer communication preferences.
We get information about you from third parties. If you access or use our Services through a third-party platform or service, or if you use an integrated social media feature on our websites, or click on any third-party links, the collection, use, and sharing of your data will also be subject to the privacy policies and other agreements of that third party.
We may obtain certain information through your social media or other online accounts if they are connected to your EC-Council account. If you login to EC-Council via social media platforms e.g., Facebook or join EC-Council sponsored WhatsApp Group, or any other third-party platform or service, we ask for your permission to access certain information about that other account. The third-party social media site may give us certain information about you. For example, depending on the platform or service we may collect your name, profile picture, membership account ID, login email address, location, physical location of your access devices, gender, birthday, and list of friends or contacts. Those platforms and services make information available to us through their APIs. The information we receive depends on what information you (via your privacy settings) or the platform or service decide to give us.
We get information about you from other sources. We might receive information about you from other sources and add it to our account information.
How and why do we use your personal information?
We use information to provide you our Services: Certain EC-Council services require you to provide your personal information, so as to enable us to provide you the whole range of that Service.
We use information to contact/respond to your requests or questions: We might use the information you provide to contact you to deliver the services you have requested or administering and processing your certification exams.
We use information to improve our products and services: We might use your information to analyze and customize our products, websites, newsletters, and other communications to support and improve your online experience with us.
We use information to look at site trends and customer interests: We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties. EC-Council may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
We use information for security purposes: We may use information to protect our company, our customers, or our websites.
We use information for marketing purposes: We may use your information for sending communications to you, including for marketing and promotional or customer satisfaction purposes to inform you of other products or services available from EC-Council and its affiliates.
We use information to send you transactional communications: We might send you emails or SMS about your account or a product or service purchase.
We use information as otherwise permitted by law: To comply with our obligations under the law, including record-keeping, reporting, accounting, tax, etc.
Who do we share your personal information with?
EC-Council does not sell, rent, or lease your personal information to third parties without your explicit consent.
EC-Council shares personal information in the following ways:
- We will share your personal information with our Group companies for internal reasons, primarily for business and operational purposes.
- We will share information with our authorised Vendors. We share information with vendors who help us to manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of the country where you reside in.
- We will share information with our business partners/ third parties who perform services on our behalf. EC-Council may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique, personal information (for instance your e-mail, name, address, telephone number) is not transferred to the third party. However, EC-Council may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such partners are prohibited from using your personal information except to provide these services to EC-Council, and they are required to maintain the confidentiality of your information.
- We may share information if we think we must comply with the law or to protect ourselves. EC-Council websites will disclose your personal information, without consent, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on EC-Council or the site; (b) protect and defend the rights or property of EC-Council; and, (c) act under exigent circumstances to protect the personal safety of users of EC-Council or the public.
- We may share your information for reasons not described in this policy. We will tell you before we do this. EC-Council does not transfer any sensitive personal information. By using or continuing to use the site you agree to our use of your information (including sensitive personal information) in accordance with this Privacy Notice, as may be amended from time to time by EC-Council at its discretion. You also agree and consent to us collecting, storing, processing, transferring, and sharing information (including sensitive personal information) related to you with third parties or service providers for the purposes as set out in this Privacy Notice.
We may be required to share the aforementioned information with government authorities and agencies for the purposes of verification of identity or for the prevention, detection, investigation, prosecution, or punishment of cyber incidents or any other legal offenses. You agree and consent to EC-Council, at its sole discretion, disclosing the required information with government authorities and agencies in such cases.
EC-Council encourages you to review the privacy statements of websites you choose to link to from EC-Council’s website so that you can understand how those websites collect, use, and share your information. EC-Council is not responsible for the privacy statements or content on websites outside of the EC-Council’s family of websites.
How EC-Council stores the personal information it collects?
EC-Council stores your personally identifiable information such as name, contact number, email address, etc. on a secure server which is encrypted and is accessible only to EC-Council’s applications. EC Council may be required to share personal information with its affiliates, advisors, and auditors in other countries where it may be processed. If we or our affiliates or our service providers transfer personal information outside of the country of origin, we always require that appropriate safeguards are in place to protect the information when it is processed.
How EC-Council secures your personal information?
We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction.
EC- Council uses secure servers to store your information and only shares and provides access to your information to the minimum extent necessary, subjected to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible. We also verify the identity of any individual who requests access to information prior to granting them access to requested information.
EC-Council also uses Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website. EC-Council also adopts comprehensive standards such as ISO/IEC 27001:2013 for selected Services.
How long do we keep your personal information?
We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
We determine standard retention periods for different categories of personal information in our possession. Where it isn’t possible to determine standard retention periods, we do so, based on the following criteria: –
– our relationship with you
– the legal obligations we are subject to.
– the legal basis we have for processing your data (consent, performance of contract, etc.).
– the purposes and uses of your data (this include present and future uses).
– the level of risk with retaining or using your data.
– your rights under the GDPR and other relevant laws.
– any other relevant circumstances.
As EC-Council is a certification body, we store users’ information relevant to the upgrading or renewing their certification which includes submission of ECE Credits in line with the certification ECE policy.
What legal basis do we have for using your personal information?
We process your personal information on the following legal bases:
We use consent to process your data for certain purposes such as when you consent to receive marketing communication, when you express interest in associating with us or to know more about us, etc. You can withdraw your consent at any time by writing to us at the e-mail addresses provided below.
Performance of Contract
Provided that such processing shall not outweigh your rights and freedoms, we may use your personal information for our legitimate interests which include legal obligations, direct marketing, market research, web analytics/profiling, compliance abidance, customer service, record-keeping, review, research, and analysis, to fulfil our legal obligations under applicable laws, security, storage, etc. You’ve the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right and on how to exercise it, is set out below under “Right to Object” clause of this Privacy Statement
Consent for Cookies
Turn Off or Opt-Out of Cookies
What rights do you have in relation to the personal information we hold on you, in compliance to GDPR?
The General Data Protection Regulation (GDPR) provides you the benefit of several rights when it comes to your personal information.
The Right to be Informed.
The Right of Access
You have the right to obtain access to your information that we are processing and certain other information, in accordance with data protection law. Contact EC-Council if you wish to access the personal information EC-Council holds about users/data subjects.
The Right to Rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
The Right to Erasure
This is also known as ‘the right to be forgotten’. If users want EC-Council to erase all personal data and we do not have a legal reason to continue to process and hold it, please contact us at [email protected] or [email protected]. This is not a general right to erasure; there are exceptions. If however, you do not fall within the ambit of exceptions, we will delete your data within a period of thirty (30) days.
The Right to Restrict Processing
You have rights to ‘block’ or suppress further use of your information. Users have the right to ask EC-Council to restrict how we process user data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect our users request in the future.
The Right to Data Portability
EC-Council allows to obtain and reuse personal data for purposes across services in a safe and secure way without this effecting the usability of user data.
The Right to Withdraw Consent
If users have given us their consent to process their data but change their mind later, they have the right to withdraw their consent at any time, and EC-Council stop processing their data. Users can write to [email protected] or [email protected] or www.eccouncil.org/unsubscribe.
The Right to Object to Processing and Automated Processing
You have right to object to the processing and automated profiling of your personal information as per applicable data protection laws. If you wish to object to the processing or automated processing of your personal information, please contact us at [email protected] or [email protected].
Further information and advice about your rights can be obtained from the data protection regulator in your country.
Data Protection Officer
In accordance with the applicable data privacy laws and rules of the jurisdictions in which EC-Council operates, including General Data Protection Regulation (EU) 2016/679 (GDPR), the contact details of the appointed Data Protection Officer are provided below:
Email: [email protected]
If you have any questions about this Policy or other privacy concerns, you can also email us at the abovementioned details.
What is our Opt-Out Policy?
- Users may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, and by sending us email at [email protected]or [email protected] or eccouncil.org/unsubscribe. Customers cannot opt out of receiving automated emails related to their account with us or our Services, like aspen emails, certification renewal emails.
- If you would like to opt-out of sharing of your personally identifiable information/personal information submitted on our website with third parties or otherwise, contact us at [email protected] and indicate your unwillingness to share such information with third parties or otherwise. However, this shall restrict your access to certain services as our services are linked internally to various platforms.
- However, under the following circumstances, we may still be required to share your personal information:
- If we are responding to court orders or legal process, or if we need to establish or exercise our legal rights or defend against legal claims.
- If we believe it is necessary to restrict or inhibit any user from using any of our websites, including, without limitation, by means of “hacking” or defacing any portion thereof.
Third Party sites
How can you contact us?
All rights reserved by EC-Council.