The Laws and Regulations
In the US, there is no single, comprehensive federal (national) law regulating the collection and use of personal data. However, each Congressional term brings proposals to standardise laws at a federal level. Instead, the US has a patchwork system of federal and state laws and regulations that can sometimes overlap, dovetail and contradict one another. In addition, there are many guidelines, developed by governmental agencies and industry groups that do not have the force of law, but are part of self-regulatory guidelines and frameworks that are considered “best practices”. These self-regulatory frameworks have accountability and enforcement components that are increasingly being used as a tool for enforcement by regulators.
There are already a panoply of federal privacy-related laws that regulate the collection and use of personal data. Some apply to particular categories of information, such as financial or health information, or electronic communications. Others apply to activities that use personal information, such as telemarketing and commercial e-mail. In addition, there are broad consumer protection laws that are not privacy laws per se, but have been used to prohibit unfair or deceptive practices involving the disclosure of, and security procedures for protecting, personal information.
Some of the most prominent federal privacy laws include, without limitation, the following:
- The Federal Trade Commission Act (15 U.S.C. §§41-58) (FTC Act) is a federal consumer protection law that prohibits unfair or deceptive practices and has been applied to offline and online privacy and data security policies. The FTC has brought many enforcement actions against companies failing to comply with posted privacy policies and for the unauthorised disclosure of personal data. The FTC is also the primary enforcer of the Children’s Online Privacy Protection Act (COPPA) (15 U.S.C. §§6501-6506), which applies to the online collection of information from children, and the Self-Regulatory Principles for Behavioural Advertising.
- General Data Protection Regulation (GDPR) is a regulation in EU law (2016/679) on data protection and privacy for all individuals within the European Union. It also addresses the exportation of personal data outside the EU.
Personal identification information
We may collect personal identification information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the site, place an order, fill out a form, respond to a survey, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name, email address, mailing address, phone number, social security number. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site related activities.
In order to make use of our services or to be accredited by us, you must be registered with us. We will ask you to provide personal data, including your name, job title, home address, e-mail address and other contact information. The information we ask you to provide depends on the service. The provision of specific data can be required to use our products and services. This will be shown when the information is requested. If your employer or Accredited Training Organization or Accredited Exam Organization creates an account on your behalf, we will also register the name of that employer or Accredited Training Organization or Accredited Exam Organization. The same applies if you subscribe to an examination through one of our partners, such as an Online Proctoring or Computer Based Test Agency.
We use your personal data for internal administration purposes, such as record keeping and to comply with our legal and fiscal obligations.
Non-personal identification information
We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.
If you take an examination with us, we will use your data to:
- Administer and assess examinations;
- Issue personal examination results, certificates and digital badges
- Save your examination results to our examination database and manage that database;
- Meet all requirements applicable to administering and assessing examinations;
- Establish if any fraudulent acts have been committed during the examination;
- Take measures if fraud or other infringements of the rules and regulations for examinations were detected; measures taken either to prevent further fraud or infringement in the future, or to enforce the rules and regulations for examinations;
- Verify the authenticity of certificates and/or digital badges and give requests or information about them;
Results of statistical analyses will not be used for marketing activities targeted especially at you, unless with your prior consent
Web browser cookies
Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.
|__cfduid||bufferapp.com||Used by the content network, Cloudflare, to identify trusted web traffic.||1 year||HTTP|
|PHPSESSID [x2]||certiprof.com||Preserves user session state across page requests.||Session||HTTP|
|CookieConsent||certiprof.com||Stores the user’s cookie consent state for the current domain||1 year||HTTP|
|ASPSESSIONID#||mythemelogin.certiprof.nl||Preserves users states across page requests.|
Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.
How we use collected information
CertiProf®, LLC may collect and use Users personal information for the following purposes:
- To run and operate our Site
We may need your information display content on the Site correctly.
- To improve customer service
Information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalize user experience
We may use information in the aggregate to understand how our Users as a group use the services and resources provided on our Site.
- To improve our Site
We may use feedback you provide to improve our products and services.
- To process payments
We may use the information Users provide about themselves when placing an order only to provide service to that order. We do not share this information with outside parties except to the extent necessary to provide the service.
- To run a promotion, contest, survey or other Site feature
To send Users information they agreed to receive about topics we think will be of interest to them.
- To send periodic emails
We may use the email address to send User information and updates pertaining to their order. It may also be used to respond to their inquiries, questions, and/or other requests.
How we protect your information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site. Certiprof has an Information Security Management System based on ISO / IE 27001. Certiprof retains your personal data as long as necessary in view of the purposes set out above, or as long as prescribed by law. Based on these purposes, EXIN has determined three separate retention periods for different sorts of personal data consisting of 6 months, 7 years and 30 years. +
Sharing your personal information
We may share or sell information with third parties for marketing or other purposes. We have an authorization policy for our systems, so that persons and organizations only have access to your data in so far as this is necessary for the performance of their tasks and within the framework of the purposes mentioned. All these individuals and organizations have agreed to treat your data confidentially and with the greatest care.
If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc. If at any time the User would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email or User may contact us via our Site.
Third party websites
Compliance with children’s online privacy protection act
Protecting the privacy of the very young is especially important. For that reason, we never collect or maintain information at our Site from those we actually know are under 13, and no part of our website is structured to attract anyone under 13.
Your acceptance of these terms
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.
You may contact our Privacy Office (please see below) to exercise any of the rights you are granted under applicable data protection laws, which includes (1) the right to access your data, (2) to rectify them, (3) to erase them, (4) to restrict the processing of your data, (5) the right to data portability and (6) the right to object to processing. +
- Right to access
You may ask us whether or not we process any of your personal data and, if so, receive access to that data in the form of a copy. When complying with an access request, we will also provide you with additional information, such as the purposes of the processing, the categories of personal data concerned as well as any other information necessary for you to exercise the essence of this right.
- Right to data portability
Your right to data portability entails that you may request us to provide you with your personal data in a structured, commonly used and machine-readable format and to have such data transmitted directly to another controller, where technically feasible. Upon request and where this is technically feasible we will transmit your personal data directly to the other controller.
- Right to erasure
You also have the right to have your personal data erased, which means the deletion of your data by us and, where possible, any other controller to whom your data has previously been made public by us. Erasure of your personal data only finds place in certain cases, prescribed by law and listed under article 17 of the General Data Protection Regulation (GDPR). This includes situations where your personal data are no longer necessary in relation to the initial purposes for which they were processed as well as situations where they were processed unlawfully. Due to the way we maintain certain services, it may take some time before backup copies are erased.
- Right to restriction of processing
You have the right to obtain the restriction of the processing of your personal data, which means that we suspend the processing of your data for a certain period of time. Circumstances which may give rise to this right include situations where the accuracy of your personal data was contested but some time is needed for us to verify their (in)accuracy. This right does not prevent us from continue storing your personal data. We will inform you before the restriction is lifted.
- Right to rectification
You have the right to have your data rectified in case of inaccuracy or incompleteness. Upon request, we will correct inaccurate personal data about you and, taking into account the purposes of the processing, complete incomplete personal data, which may include the provision of a supplementary statement.
This document was last updated on March 11, 2016