Privacy policy.

How We Gather Information

ExcelCR and its affiliates gather and store information in many ways, including but not limited to the following:

Event or course registration: When you register online for a conference, we collect the information you provide us, including your name, contact information, affiliation, the name and location of the course, and attendance information. We use this information to ensure that you are properly registered for the course you have selected, and to notify you about other courses that may be of interest to you. We also use this information in the course of fulfilling our obligations to provide the course to you, including providing you course materials and contacting you with respect to the course itself. In addition, student evaluation forms, together with the identity of the student completing the evaluation, may be made available to ExcelCR employees responsible for evaluating the quality of the course, including the instructors themselves.

Contracted service-providers: ExcelCR may use outside vendors or third parties to proctor or administer exams for courses we sponsor, or for other certification, accreditation or licensing. The authentication and validation process may include requiring persons to provide identification (or photographing participants). Copies of such authentication information, as well as the identity of those taking the exams may be collected and stored by ExcelCR, but this information will be used by ExcelCR in accordance with this privacy policy, to prevent fraud and to ensure the identity of those taking the examination.

Co-sponsoring organisations: Some ExcelCR training events are co-sponsored by other organizations. Examples include ExcelCR Private Training events that are held in conjunction with private industry, government agencies, or education institutions. When you register for one of these events, the co-sponsoring organisation may have access to your registration data. The co-sponsor may use this information for purposes related to the event but, unless you are specifically notified otherwise, may not share it with others or use the data for marketing purposes. When you attend a conference, whether sponsored by ExcelCR or otherwise, ExcelCR may collect information concerning your participation and feedback. For example, ExcelCR representatives may scan badges of conference participants, and may share the information from such scans with sponsoring vendors. ExcelCR occasionally presents courses in conjunction with events sponsored by other organisations. In these cases, event registration may be handled by the event sponsor. When attempting to register via a link from the ExcelCR web site, you will be presented with a web page informing you that the registration is not being handled by ExcelCR. In these cases, you should familiarize yourself with the privacy policy of the sponsor organization. ExcelCR is not responsible for the privacy or security policies of these third parties.

Your employer: Many organisations purchase vouchers that may be used by their employees to pay for ExcelCR training. By using a voucher, the student understands and agrees that their student data, including contact information and course-related data may be shared with the organisation's designated contact. If your employer has purchased ExcelCR Security Awareness training, your company email address may have also been provided to us by your organisation. This information is used solely for the purposes of deploying purchased training across your organisation.

Contest or surveys: ExcelCR may occasionally provide you the opportunity to participate in contests or surveys on our site. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact and demographic information such as name and address. We may share aggregated demographic information about our user base with our partners and advertisers. This information does not identify individual users.

Normal course of business: When you contact ExcelCR, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

Marketing and communications channels: ExcelCR may use Twitter, Facebook or other social media outlets to market and promote its offerings and services. Any communications you make with ExcelCR using these media may be used by ExcelCR in accordance with this policy.

Vendors, Suppliers, or Other Access to Your Information

We may provide access to your personal information to our affiliates or other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

ExcelCR may be liable, in the event of damages, if we choose a third party to process your personal data when or while we know that the third party processes your data in a manner that is inconsistent with the Privacy Shield Principles and we are responsible for the event.

Legal Access to Your Information

We may share personal information with companies, organisations or individuals outside of ExcelCR if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:

• meet any applicable law, regulation, legal process or enforceable governmental request.

• enforce applicable Terms of Service, Terms of Use, or other potential violation of ExcelCR contracts or rules, including investigation of potential violations.

• detect, prevent, investigate or otherwise address fraud, security or technical issues.

• protect against harm to the rights, property or safety of ExcelCR, our users or the public as required or permitted by law.

Website Activity

Log Files. As is true of most Web sites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data. We may collect device-specific information (such as your hardware model, operating system version, unique device identifiers, and mobile network information including phone number). ExcelCR may associate your device identifiers or phone number with your ExcelCR Account.

We use this information to analyse trends, to administer the site, to track how visitors interact with the site.

Cookies. A cookie is a small file that is stored on a user's computer for record-keeping purposes. ExcelCR typically uses both session ID cookies and persistent cookies. We use session cookies to make it easier for you to navigate our site. A session cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time, and can be used when you return to our site to help identify you or allow you to log in, or on other third-party sites to communicate to you via online-marketing channels. You can remove persistent cookies by following directions provided in your Internet browser's help file.

If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as the account dashboard, contests or surveys, will be limited and you may need to re-enter personal information when you register for events.

Marketing & Advertising, Including on Other Websites

We engage third-party companies, including but not limited to Google, to place and track advertisements on third-party websites. Like most advertisers, we place advertisements where we think they will be most relevant to customers. We place advertisements by developing and using our own marketing segments that may combine online and offline information about our current and prospective customers. In addition, we may use marketing segments provided by online publishers and network advertising companies. You may choose to opt-out of such internet-advertising campaigns by visiting the Network Advertising Initiative's Consumer Opt-Out page at https://www.networkadvertising.org/choices/.

Network advertising companies that provide these services have their own privacy policies and are not subject to our online privacy statement. Many of these companies provide ways to avoid targeted advertising provided by, or through, them. We may base these campaigns on non-personal information collected about you (e.g. we may track site activity and then deliver ads via third-party sites related to cookies associated with these activities), or on personally identifiable information (e.g. we may select a subset of cookies associated with certain courses taken, and customize an informational campaign more relevant to, say, penetration testers than incident responders).

How We Protect Your Personal Information

ExcelCR safeguards the security of the data you send us with physical, electronic, administrative and managerial procedures. Likewise, we urge you to take every precaution to protect your personal data when you are on the Internet. These precautions include storing passwords in a reputable password manager, using unique passwords for every website or application, changing your password often, using a combination of letters, numbers and symbols, and using a secure browser over a secured network.

ExcelCR has designed its system to not store credit card numbers on our servers. Credit card numbers are submitted to a credit card authorization service. This service provides ExcelCR with credit card validation information only. We do not have access to your personal financial data.

ExcelCR may employ independent contractors to help manage data services, and such contractors may have access to data, similar to the access we give our employees. For example, we may choose to use a third-party application service to manage our customer relationship management activities, and ExcelCR may store sales account data, including personally identifiable information, with such a service provider. We endeavor to ensure that these third-party providers are protecting your information, but we are not ultimately responsible for their practices.

Access and Use of Your Personal Information

You may choose to unsubscribe from our marketing communications by following the instructions or unsubscribe mechanism in the message you received.

If at any time after registering for information, your personal data changes, you change your mind about receiving information from us, wish to cancel your account or request that ExcelCR no longer use your information to provide you services, contact us at info@excelcr.net to have the information changed or removed, subject to our need to comply with our legal obligations or contractual agreements.

Newsletters and Promotional Emails

If you no longer wish to receive our newsletters and promotional communications from ExcelCR, you may opt-out of receiving them by following the instructions included in each newsletter or communication.

Links To Other Sites

The ExcelCR web site contains links to other sites that are not owned or controlled by ExcelCR. Please be aware that ExcelCR is not responsible for the privacy or security practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every web site that collects personally identifiable information.

Information Obtained From Third Parties

ExcelCR does not sell or trade your personal information. We may at times receive contact lists from other organisations. We may send mailings such as brochures to these addresses. Typically, these are one-time mailings, and the data is not entered into our database. If you want to remove yourself from the third party's database, you must contact them directly. These mailings have a brochure code printed on the mailing label. By providing this code, we will be able to tell you from what provider we received your contact info.

Statement Regarding Privacy Shield

ExcelCR complies with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework (Privacy Shield) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom and Switzerland to the United States.

You may be aware that a recent court decision has called into question the validity of Privacy Shield. While ExcelCR is waiting for detailed guidance from the relevant Regulators, ExcelCR has taken steps to ensure our processing remains lawful and transparent.

ExcelCR data is processed within the EU, the United Kingdom and other relevant jurisdictions. Data is also securely stored on servers within the United States of America. ExcelCR remains confident that its processing activity is secure and complies with the protections provided within the General Data Protection Regulation 2016. We have taken steps to ensure that all sub processors that we engage have provided us with appropriate assurances in the form of ‘standard contractual clauses’. ExcelCR itself also abides by all the principle requirements of these legal protections. We would however bring to your attention the current issues in relation to Privacy Shield.

By using ExcelCR services and products you are consenting to the processing of your data in the United States of America. You can find further information on Privacy Shield via this link.

https://www.privacyshield.gov/program-overview

ExcelCR has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to the EU Data Protection Authorities (DPAs), or where applicable instead, to the Swiss Federal Data Protection and Information Commissioner. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit the following web site for more information and to file a complaint with the EU DPAs: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.

If you have exhausted all other means to resolve your complaint, you may be able to engage in binding arbitration.

ExcelCR' commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

California Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are residents of the State of California in the United States to annually request and obtain, at no charge, information about the personal information (if any) we have disclosed to third parties for direct marketing purposes in the preceding calendar year. This information would include a list of the categories of personal information that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request to the privacy@ExcelCR.org

Children

Our services are not directed to children under the age of 13. We do not knowingly collect personal information from children under the age of 13, nor do we knowingly distribute such information to third parties. If we become aware that we received personal information from someone under the age of 13, we will take steps to delete such information from our records. If you believe we have personal information from someone under 13, please contact us privacy@ExcelCR.org.

Changes To This Privacy Statement

We reserve the right to modify this privacy statement at any time, so please review it frequently. If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.

Contact Us

If you have any questions or suggestions regarding our privacy policy, please contact us at info@ExcelCR.net