Privacy Policy

EC-Council recognizes the importance of maintaining your privacy and is committed to protecting it and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to current and former visitors to all our EC-Council websites and governs data collection and usage. By using the EC-Council website, you consent to the data practices described in this statement. At EC-Council, the privacy and security of our customers, respondents, and visitors are of paramount importance. We value your privacy and appreciate your trust in us.

1. What type of personal information do we gather?

EC-Council collects certain personal information about you during your relationship with us. EC-Council, through various web-platforms that help our members to register, reset passwords, get training, partner with us, etc. collects personally identifiable information/personal information that may include:

a. Contact information. We might collect your name, e-mail, home or work addresses, telephone numbers, organization names, etc.

Payment and billing information.We might collect your billing name, billing address, the legal age as permitted by your country of origin/residency and as per the payment method used by you. We NEVER collect your credit card number or credit card expiry date or other details pertaining to your credit card on our website. We will not be storing any Bank related information on our records and none of our employees will hold or be exposed to this information.

Information you post. We collect information you post in a public space on our website or on a third-party social media page of EC-Council.

Demographic information. We may collect anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests, favorites, or any other information provided by you during the use of our website. We might collect this as a part of a survey also.

Other information. If you use our website, we may collect information about your IP address and the browser you’re using. This may also include interactions through our website, training centers, meetings with our representatives and representatives from our authorized partners and other third parties or the duration of time spent on our website.

EC-Council does not collect, use, or disclose sensitive personal information, such as race, religion, health information or political affiliations without your explicit consent.

2. Minor’s Online Privacy

Protecting the privacy of young children is especially important. We do not automatically process or profile any information belonging to minors unless a parent or guardian gives us express permission for it. Any person under the age of majority can only use our services under the supervision of their parents or legal guardians as per our Terms of Use, located here. If we learn that we have collected personal information from a minor who was not authorized by their parents, then we will use reasonable efforts to identify that information and delete it. If you believe that we might have any personal information from or about a person under the age of majority, please contact us on [email protected]

3. Where do we collect Personal Information about you?

We collect information in different ways.

We collect information directly from you. We collect information directly from you when you register or partner with us. You may choose to apply for specific information or services on topics such as products, training, white papers, brochures, etc. which may require you to fill out forms and share your personal information. This information is irrespective of your membership. EC-Council asks you to allow representatives of EC-Council to contact you for the purpose asked.

EC-Council may collect different data from or about you depending on how you use EC-Council Services. When you create an account and use our Services, including through a third-party platform, we collect any data you provide directly, including, but not limited to data about your accounts on other Services.
 

We collect information from you passively. We receive and store certain types of information whenever you interact with us. We use browser cookies and web beacons, for collecting information about your usage of our website or any of our subdomains, advertisements, and other content served by or on behalf of EC-Council on other websites. We may use this information for internal analysis and to provide you with location-based services, such as advertising, search results, and other personalized content.

To help us make our emails communication more useful and interesting, we often receive a confirmation when you open email from EC-Council, if your computer supports such capabilities. If you do not want to receive e-mail or other mail from us, please edit your customer communication preferences.
 

We get information about you from third parties. If you access or use our Services through a third-party platform or service, or if you use an integrated social media feature on our websites, or click on any third-party links, the collection, use, and sharing of your data will also be subject to the privacy policies and other agreements of that third party.

We may obtain certain information through your social media or other online accounts if they are connected to your EC-Council account. If you login to EC-Council via social media platforms e.g., Facebook or join EC-Council sponsored WhatsApp Group, or any other third-party platform or service, we ask for your permission to access certain information about that other account. The third-party social media site may give us certain information about you. For example, depending on the platform or service we may collect your name, profile picture, membership account ID, login email address, location, physical location of your access devices, gender, birthday, and list of friends or contacts. Those platforms and services make information available to us through their APIs. The information we receive depends on what information you (via your privacy settings) or the platform or service decide to give us.
 

We get information about you from other sources. We might receive information about you from other sources and add it to our account information.

4. How and why do we use your personal information?

We use information to provide you our Services: Certain EC-Council services require you to provide your personal information, so as to enable us to provide you the whole range of that Service.

We use information to contact/respond to your requests or questions: We might use the information you provide to contact you to deliver the services you have requested or administering and processing your certification exams.

We use information to improve our products and services: We might use your information to analyze and customize our products, websites, newsletters, and other communications to support and improve your online experience with us.

We use information to look at site trends and customer interests: We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties. EC-Council may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.

We use information for security purposes: We may use information to protect our company, our customers, or our websites.

We use information for marketing purposes: We may use your information for sending communications to you, including for marketing and promotional or customer satisfaction purposes to inform you of other products or services available from EC-Council and its affiliates.

We use information to send you transactional communications: We might send you emails or SMS about your account or a product or service purchase.

We use information as otherwise permitted by law: To comply with our obligations under the law, including record-keeping, reporting, accounting, tax, etc.

5. Who do we share your personal information with?

EC-Council does not sell, rent, or lease your personal information to third parties without your explicit consent.
 
EC-Council shares personal information in the following ways:
  1. We will share your personal information with our Group companies for internal reasons, primarily for business and operational purposes.
  2. We will share information with our authorised Vendors. We share information with vendors who help us to manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of the country where you reside in.
  3. We will share information with our business partners/ third parties who perform services on our behalf. EC-Council may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique, personal information (for instance your e-mail, name, address, telephone number) is not transferred to the third party. However, EC-Council may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such partners are prohibited from using your personal information except to provide these services to EC-Council, and they are required to maintain the confidentiality of your information.
  4. We may share information if we think we must comply with the law or to protect ourselves. EC-Council websites will disclose your personal information, without consent, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on EC-Council or the site; (b) protect and defend the rights or property of EC-Council; and, (c) act under exigent circumstances to protect the personal safety of users of EC-Council or the public.
  5. We may share your information for reasons not described in this policy.We will tell you before we do this. EC-Council does not transfer any sensitive personal information. By using or continuing to use the site you agree to our use of your information (including sensitive personal information) in accordance with this Privacy Notice, as may be amended from time to time by EC-Council at its discretion. You also agree and consent to us collecting, storing, processing, transferring, and sharing information (including sensitive personal information) related to you with third parties or service providers for the purposes as set out in this Privacy Notice.
We may be required to share the aforementioned information with government authorities and agencies for the purposes of verification of identity or for the prevention, detection, investigation, prosecution, or punishment of cyber incidents or any other legal offenses. You agree and consent to EC-Council, at its sole discretion, disclosing the required information with government authorities and agencies in such cases.
 
EC-Council encourages you to review the privacy statements of websites you choose to link to from EC-Council’s website so that you can understand how those websites collect, use, and share your information. EC-Council is not responsible for the privacy statements or content on websites outside of the EC-Council’s family of websites.

6. How EC-Council stores the personal information it collects?

EC-Council stores your personally identifiable information such as name, contact number, email address, etc. on a secure server which is encrypted and is accessible only to EC-Council’s applications. EC Council may be required to share personal information with its affiliates, advisors, and auditors in other countries where it may be processed. If we or our affiliates or our service providers transfer personal information outside of the country of origin, we always require that appropriate safeguards are in place to protect the information when it is processed.

7. How EC-Council secures your personal information?

We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction.
 
EC-Council uses secure servers to store your information and only shares and provides access to your information to the minimum extent necessary, subjected to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible. We also verify the identity of any individual who requests access to information prior to granting them access to requested information.
 
EC-Council also uses Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website. EC-Council also adopts comprehensive standards such as ISO/IEC 27001:2013 for selected Services.

8. How long do we keep your personal information?

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
 
We determine standard retention periods for different categories of personal information in our possession. Where it isn’t possible to determine standard retention periods, we do so, based on the following criteria:
  • our relationship with you
  • the legal obligations we are subject to.
  • the legal basis we have for processing your data (consent, performance of contract, etc.).
  • the purposes and uses of your data (this include present and future uses).
  • the level of risk with retaining or using your data.
  • your rights under the GDPR and other relevant laws.
  • any other relevant circumstances.
As EC-Council is a certification body, we store users’ information relevant to the upgrading or renewing their certification which includes submission of ECE Credits in line with the certification ECE policy.

9. What legal basis do we have for using your personal information?

We process your personal information on the following legal bases:

• Consent
 
We use consent to process your data for certain purposes such as when you consent to receive marketing communication, when you express interest in associating with us or to know more about us, etc. You can withdraw your consent at any time by writing to us at the e-mail addresses provided below
 
• Performance of Contract
 
To perform the contract between us, we process various types of contact/financial/service-related information. This also enables us to provide you with our products and/or services in line with the contractual obligations of our contract along with our Terms of Use via the EC-Council websites.
 
• Legitimate Interests
 
Provided that such processing shall not outweigh your rights and freedoms, we may use your personal information for our legitimate interests which include legal obligations, direct marketing, market research, web analytics/profiling, compliance abidance, customer service, record-keeping, review, research, and analysis, to fulfil our legal obligations under applicable laws, security, storage, etc. You’ve the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right and on how to exercise it, is set out below under “Right to Object” clause of this Privacy Statement.

10. EC-Council Cookie Policy

A cookie is a small text file which is placed onto your computer or electronic device when you access our website. Cookies are used to track users’ actions and activities, and to store specific information about your preferences, location, session details, etc. about them. We use these cookies and/or similar technologies on this website for the only purpose of ensuring that you get the best experience. You can go to the preference or content setting of your web browser to delete the cookies pertaining to any website at any time.

11. Website Visitors

EC-Council collects, records, and may analyze information from visitors to our websites. We may record your IP address and use cookies. Furthermore, EC-Council collects and processes any personal data that you volunteer to share with us via our website forms, such as when you register for events or sign up for information and newsletters. This data is used to deliver customized content and advertising within EC-Council to customers whose behavior indicates that they are interested in a subject area. If you provide EC-Council with your social media details, EC-Council will retrieve publicly available information about you from social media.

12. Consent for Cookies

In most cases we will need your consent to use cookies on this website. The exceptions are where the cookie is essential for us to provide you with service you have requested, or essential to the inherent functionality of the website. Where we wish to use cookies that require your consent you will be asked to consent through a checkbox pop-upon the website homepage that you will have to answer to gain full access to the website.

13. Turn Off or Opt-Out of Cookies

Rejecting cookies may restrict your browsing experience on EC-Council websites related to important features such as login, location-specific data, and other demographic dependent information.
 
However, you will be provided with an opportunity to opt-out of the use of cookies while consenting by controlling the collection of cookies in the cookie settings provided on the cookie banner.
 

14. Third-Party Cookies

EC-Council does not share cookie information with any other website, nor do we sell this data to any third party. We work with third party suppliers who may also set cookies on our website. By consenting to the use of cookies on our site you will be consenting to the use of these cookies.

15. What rights do you have in relation to the personal information we hold on you, in compliance to GDPR?

The General Data Protection Regulation (GDPR) provides you the benefit of several rights when it comes to your personal information.
 
a. The Right to be Informed.
 
EC-Council is publishing this Privacy Policy Statement to keep our users informed as to what we do with their personal information and what are their rights, in a clear, transparent, and easily understandable manner.
 
b. The Right of Access
 
You have the right to obtain access to your information that we are processing and certain other information, in accordance with data protection law. Contact EC-Council if you wish to access the personal information EC-Council holds about users/data subjects.
 

c. The Right to Rectification

 

You are entitled to have your information corrected if it’s inaccurate or incomplete.
 
d. The Right to Erasure
 

This is also known as ‘the right to be forgotten’. If users want EC-Council to erase all personal data and we do not have a legal reason to continue to process and hold it, please contact us at [email protected] or [email protected]. This is not a general right to erasure; there are exceptions. If however, you do not fall within the ambit of exceptions, we will delete your data within a period of thirty (30) days.

e. The Right to Restrict Processing
 
You have rights to ‘block’ or suppress further use of your information. Users have the right to ask EC-Council to restrict how we process user data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect our users request in the future.
 
f. The Right to Data Portability
 
EC-Council allows to obtain and reuse personal data for purposes across services in a safe and secure way without this effecting the usability of user data.
 
g. The Right to Withdraw Consent
 
If users have given us their consent to process their data but change their mind later, they have the right to withdraw their consent at any time, and EC-Council stop processing their data. Users can write to [email protected] or www.eccouncil.org/unsubscribe.
 
h. The Right to Object to Processing and Automated Processing
 
You have right to object to the processing and automated profiling of your personal information as per applicable data protection laws. If you wish to object to the processing or automated processing of your personal information, please contact us at [email protected].
 
Further information and advice about your rights can be obtained from the data protection regulator in your country.

16. Data Protection Officer

In accordance with the applicable data privacy laws and rules of the jurisdictions in which EC-Council operates, including General Data Protection Regulation (EU) 2016/679 (GDPR), the contact details of the appointed Data Protection Officer are provided below:
 
If you have any questions about this Policy or other privacy concerns, you can also email us at the abovementioned details.

17. What is our Opt-Out Policy?

  • Users may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, and by sending us email at [email protected] or www.eccouncil.org/unsubscribe. Customers cannot opt out of receiving automated emails related to their account with us or our Services, like aspen emails, certification renewal emails.
  • If you would like to opt-out of sharing of your personally identifiable information/personal information submitted on our website with third parties or otherwise, contact us at [email protected] and indicate your unwillingness to share such information with third parties or otherwise. However, this shall restrict your access to certain services as our services are linked internally to various platforms.
  • However, under the following circumstances, we may still be required to share your personal information:
  1. If we are responding to court orders or legal process, or if we need to establish or exercise our legal rights or defend against legal claims.
  2. If we believe it is necessary to share information to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use or as otherwise required by law.
  3. If we believe it is necessary to restrict or inhibit any user from using any of our websites, including, without limitation, by means of “hacking” or defacing any portion thereof.

18. Third Party sites

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites.

19. Breach of Privacy Policy

EC-Council reserves the right to terminate or suspend any account or delete certain contents from any profile or public domain within the ambit of this website if the said account or content is found to be in violation of our Privacy Policy Statement. We request you to respect privacy and secrecy concerns of others. The jurisdiction of any breach or dispute shall be determined in accordance with the terms of use of the website.

20. No Reservations

EC-Council does not accept any reservation or any type of limited acceptance of our Privacy Policy Statement. You expressly agree to each, and every term and condition as stipulated in this Policy Statement without any exception whatsoever.

21. No Conflict

This Privacy Policy Statement constitutes a part of Terms of Use and Terms of Service appearing on EC-Council’s family of websites. We have taken utmost care to avoid any inconsistency or conflict of this policy with any other terms, agreements, or guidelines available on our family of websites. In case there exists a conflict, we request you to kindly contact us at [email protected] for the final provision and interpretation.

22. How can you contact us?

EC-Council welcomes your comments regarding this Privacy Policy Statement. If you believe that EC-Council has not adhered to this Privacy Policy Statement, please contact EC-Council at [email protected]. We will use commercially reasonable efforts to promptly determine and remedy the problem. We usually act on requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for, baseless or excessive/repeated requests, or further copies of the same information. Alternatively, the law may allow us to refuse to act on the request.

Updates to this EC-Council Privacy Policy Statement

This Privacy Policy was last updated on 7th August 2024. EC-Council will occasionally update Privacy Policy Statement to reflect company and customer feedback. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. EC-Council encourages you to periodically review this Policy Statement to be informed of how EC-Council is protecting your information.
 
All rights reserved by EC-Council.
 
Last updated: 07th August 2024