(ISC)² Privacy Policy

The International Information System Security Certification Consortium, Inc. "(ISC)²" has created this privacy statement in order to demonstrate our firm commitment to privacy. The following discloses our information gathering and dissemination practices for this website: www.isc2.org.

(ISC)² reserves the right to change this policy at any time by notifying users of the existence of a new privacy statement.

The International Information System Security Certification Consortium, Inc. "(ISC)²" respects your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the type of information we may collect from you or that you may provide when you visit the website www.isc2.org (our “Website”) and our practices for collecting, using, maintaining, protecting and disclosing that information.  Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website.  By accessing or using Website, you agree to this policy.

This policy applies to information we collect:

• On this Website
• In email, text, and other electronic messages between you and this Website.
• From your registration for an (ISC)² examination through Pearson VUE
• When you interact with our advertising and applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

• Us offline or through any other means, including on any other website operated by (ISC)² or any third party; or
• Any third party (including affiliates) including through any application or content (including advertising) that may link to or be accessible from the Website.

This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Collection of Data

"Personal Information" means information associated with or used to identify or contact a specific person. Personal Information includes (1) contact data (such as email address, telephone number and employers); (2) demographic data (such as gender, date of birth, or zip code) and (3) certain Usage Data (defined below), such as IP address, user generated content or purchases.

"Usage Information" or "Usage Data" is information about an individual’s online activity that, by itself, does not identify the individual, such as browser type, operating system,  top viewed and visited pages and links on our web site, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our website, information collected via cookies, and other device event information such as system activity, crashes, and hardware settings.

Generally, we do not consider Usage Data as Personal Information because Usage Data by itself usually does not identify an individual. Personal Information and Usage Data may be linked together. Different types of Usage Information also may be linked together and, once linked, may identify an individual person. Also, some Usage Data may be Personal Information under applicable law.

(ISC)² collects information that you provide to us and from your use of the Website and the services.  The information that we collect and how we process it depends on how you use and access the Website.  Some information is collected automatically through the use of cookies and similar data collection tools. Click here for more information on (ISC)²'s use of cookies.

We collect information from you when you

1. Use the Website: We collect Personal Information and Usage Data from you when you create an account to use one of the services, post material, contact us for help or information or otherwise provide your Personal Information, or request other services.We collect the information and content that you submit to us when you download an Ultimate Study Guide, input your information in a form on our website, request additional information on a service, and when you enter comments or submit a review or complaint.In certain limited circumstances (for instance in our Examination Registration Form), we may ask you to provide information regarding your prior criminal convictions to assess your suitability to become an (ISC)² member, or information regarding your disability or health condition so that we can make suitable arrangements to accommodate you at examinations, seminars, and other events. This information is characterized as sensitive and subject to stricter regulation than other personal information.Before providing it to us, we urge you to carefully consider whether to disclose your sensitive Personal Information to us. If you do provide sensitive Personal information to us, you consent to its use and disclosure for the limited purposes for which it was collected.

    

2. Connect with Social Media though the Website: The Website may offer you the ability to use Facebook Connect or other social media services (collectively, “Social Media”) in conjunction with certain services. When you access the services through your Facebook or other Social Media account, the services may, depending on your privacy settings, have access to information that you have provided to the Social Media platform. We may use this information for the purposes described in this Privacy Policy or at the time the information was collected.

    

3. From our Business Partners and Service Providers: Third parties that assist us with our business operations also collect information (including Personal Information and Usage Data) about you through the services and share it with us. For example, our vendors collect and share information with us to help us detect and prevent fraud and collect information regarding your registration for an (ISC)² certification exam.

    

4. Usage Data: We also automatically collect Usage Data when you interact with the Website, participate in a sweepstakes or contest, when you complete a customer satisfaction or market research survey, make a purchase/complete a transaction. Whenever you use the Website or the services, we use the location information from your mobile device or browser to tailor the services and website experience to your location.

Information We Collect Through Automatic Data Collection Technologies.

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

• Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
• Information about your computer and internet connection, including your IP address, operating system, and browser type.

We also may use these technologies to collect information about your online activities over time and across third-party websites or other online services (behavioral tracking). Click here for information on how you can opt out of behavioral tracking on this website and how we respond to web browser signals and other mechanisms that enable consumers to exercise choice about behavioral tracking.

The information we collect automatically is statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.
• Store information about your preferences, allowing us to customize our Website according to your individual interests.
• Speed up your searches.
• Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

• Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website.
• Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
• Web Beacons. Pages of our the Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We do not collect personal information automatically, but we may tie this information to personal information about you that we collect from other sources or you provide to us.

Third Party Use of Cookies and Other Tracking Technologies

On (ISC)² operated sites and unaffiliated sites, (ISC)² displays interest based advertising using information you make available to use when you interact with our site, content, or services.  Interest-based ads, are displayed to you based on information from activities such as purchasing on our sites, visiting sites that contain (ISC)² content or ads.  To opt out of these ads, please disable the cookies through your browser settings. Click here to learn more about (ISC)²'s use of cookies.

Some content or applications, including advertisements, on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our website. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly.

How Your Information is Used

We use the Personal Information that we collect to operate, improve, and personalize the Website and services including to provide customer service, customize our advertising and marketing, to detect, prevent and mitigate fraudulent or illegal activities. You agree that we may use your Personal Information as follows:

• to provide the services to you;
• to fulfil any other purpose for which you provided it;
• to operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us;
• for customer service, security, to detect fraud or illegal activities, or and for archival and backup purposes in connection with the provision of the Services;
• to verify your certification status with (ISC)²
• to communicate with you, either via email, telephone, text (SMS) messages (if applicable based on your consent), postal mail, or otherwise as authorized by you to inform you about the Services, special offers, etc.. Message and data rates may apply.
• to better understand how users access and use the website and services, for the purposes of trying to improve the Website and services and to respond to user preferences, including language and location customization, personalized help and instructions, or other responses to users' usage of the services;
• to help us develop our new products and services and improve our existing products and services;
• to provide users with advertising and direct marketing that is more relevant to you;
• to enforce our Website Access Policy or other applicable policies; and
• to assess the effectiveness of and improve advertising and other marketing and promotional activities on or in connection with the Services.
• for any other purpose with your consent.

Disclosure of Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

• To our subsidiaries and affiliates.
• To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To third parties to market their products or services to you if you have consented to these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
• To fulfill the purpose for which you provide it.
• For any other purpose disclosed by us when you provide the information.
• With your consent.
• For legal purposes: We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose Personal Information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share Personal Information as required to pursue available remedies or limit damages we may sustain.
• Corporate Changes. We may transfer information, including your Personal Information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

Please note that for the purposes of seeking to provide our users with a better experience and to improve the Website and services, information collected through the website and services may, subject to user privacy controls, be used in an aggregated or individualized manner. For example, personal information collected during use of one of the website or other services may be used to suggest particular content that can be made available to the user on another of the services or be used to try to present more relevant advertising in another of part of the Website or Services.

Where We Store Your Personal Data

The data we collect from you will be transferred to, and stored in, the United States. It will also be processed by staff operating within the United States who work for us or for one of our suppliers. This includes staff engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. (ISC)² will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. All information you provide to (ISC)² is stored on secure servers. Any payment transactions will be encrypted using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Biometric Data

Where permitted by law, (ISC)²'s examination vendor uses biometric data to authenticate those taking its exams.  (ISC)² does not collect or store this data.  While neither (ISC)² nor its examination vendor retain raw biometric data, the examination vendor does retain, for a period of five years following the person's last contact with the vendor, data based upon an algorithm of the palm scan received when accessing an examination site.  This assists (ISC)² in assuring the identify of those taking its exams and preventing fraud in the exam process. This data is destroyed after the five-year period and is used for no other purpose. For more information on (ISC)²’s use of palm vein pattern recognition please click here.

Your Rights

(ISC)² is a certification organization and maintains information on those who possess its certifications or have expressed an interest in them.  If you would like to see the information (ISC)² retains about you, please see our Privacy Page for information on how to request the information.

You have the right to ask us not to process your personal data for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at membersupport@isc2.org or by updating your marketing preferences.

Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Accessing and Correcting Your Information. Opt-Out

(ISC)² is a membership organization and, as such, must maintain contact information on its members to communicate relational or transactional information.  (ISC)² also sends promotional material promoting its conferences, training opportunities, or other offerings.  From time to time, (ISC)² collaborates with other security organizations and companies to promote other programs that may be of interest to information security professionals and (ISC)² constituents.  We will always obtain your prior "opt-in" before sending you marketing communications.  If, at any time, you do not wish to receive marketing material, every marketing e-mail will include an opt-out link at the bottom or you may notify (ISC)² in writing at the address below.  This does not include opting-out of (ISC)² relational (constituent meetings, newsletters, AMF/CPE notices, (ISC)² functions) or transactional notices.  Be aware that if you possess any (ISC)² certification, you may not opt-out of any (ISC)² relational or transactional notice.

To opt-out of Interest-Based Ads, please disable cookies through your browser settings. Click here to learn more about (ISC)²'s use of cookies.

You can review and change your personal information by logging into the Website and visiting your account profile page. You may also send us an email at membersupport@isc2.org to request access to, correct or delete any personal information that you have provided to us.

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website users. Proper access and use of information provided on the Website, including User Contributions, is governed by our Website Access Policy

Children Under the Age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any Personal Information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features/register on the Website, make any purchases through the Website, use any of the interactive or public comment features of this Website or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use]. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at:

(ISC)²
Member Support
1650 King Street, Suite 200
Alexandria, VA 22314
memberservices@isc2.org.
1-866-331-4722

(ISC)² Certification Verification 

As an organization that certifies individuals in information security, (ISC)² is frequently requested to verify whether an individual's assertion that they possess our certification is accurate.  It is an implied duty that (ISC)² identify and attest to the certified status of those individuals who do possess our certification. As such, (ISC)² will verify whether an individual is certified by (ISC)² or not upon receiving sufficient identifying information regarding the subject of the inquiry.  (ISC)² also provides a verification process on its public website which lists members based on last name.  This listing provides the name, city/state/country, and certification title held by the member.  However, under no circumstances is any contact or other information disclosed.

URL Links

This site contains links to other sites; (ISC)² is not responsible for any actions or policies of such third parties. Users should check the applicable privacy policy of such a party when providing personally identifiable information. In any event, users should be aware that when they voluntarily disclose personal data (e.g. user name, email address) on the CISSP or SSCP Directory for the (ISC)² sites, that such information, along with any substantive information disclosed in the directory, can be collected and correlated and used by third parties and may result in unsolicited messages from other posters or third parties. Such activities are beyond the control of (ISC)²

Lists for Employers

Periodically, (ISC)² is asked by an employer to identify those employed by their organization who hold (ISC)² credentials. To that end, we provide names of those (ISC)² members who list the requester as their employer. No information, other than name, is revealed, and it is provided only to the employer upon written request.  If you are an (ISC)² member and do not wish to be identified as such to your employer, do not list your employer in your contact information, as this is the information used to identify you for inclusion to such a list.

Contact Us

If you have any comments on this Privacy Policy or wish to contact (ISC)²

1.	You can send an email to legal@isc2.org
2.	You can send mail to the following postal address: (ISC)² Legal 1650 King Street, Suite 200 Alexandria, VA 22314