OhPhish recognizes the importance of maintaining your privacy and is committed to protecting it and developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to current and former visitors to all our OhPhish websites and governs data collection and usage. By using the OhPhish website, you consent to the data practices described in this statement. At OhPhish, the privacy and security of our customers, respondents, and visitors are of paramount importance. We value your privacy and appreciate your trust in us.
1. What type of personal information do we gather?
OhPhish collects certain personal information about you during your relationship with us. OhPhish, through various web-platforms that help our members to register, reset passwords, get training, partner with us, etc. collects personally identifiable information/personal information that may include:
a. Contact information. We might collect your name, e-mail, telephone numbers, organization names, etc.
b. Payment and billing information. We might collect your billing name, billing address, the legal age as permitted by your country of origin/residency and as per the payment method used by you. We NEVER collect your credit card number or credit card expiry date or other details pertaining to your credit card on our website. We will not be storing any Bank related information on our records and none of our employees will hold or be exposed to this information.
c. Other information. If you use our website, we may collect information about your IP address and the browser you’re using..
OhPhish does not collect, use, or disclose sensitive personal information, such as race, religion, health information or political affiliations without your explicit consent.
2. Minor’s Online Privacy
We do not collect or process or profile any information belonging to minor. Users who do not fulfill the minimum age requirement as per the jurisdiction in which they are residing, please inform us on [email protected].
3. Where do we collect Personal Information about you?
We collect information in different ways.
a. We collect information directly from you. We collect information directly from you when you register or partner with us. You may choose to apply for specific information or services on topics such as products, training, white papers, brochures, etc. which may require you to fill out forms and share your personal information. This information is irrespective of your membership. OhPhish asks you to allow representatives of OhPhish to contact you for the purpose asked.
OhPhish may collect different data from or about you depending on how you use OhPhish Services. When you create an account and use our Services, including through a third-party platform, we collect any data you provide directly, including, but not limited to data about your accounts on other Services.
b. We collect information from you passively. We receive and store certain types of information whenever you interact with us. We use browser cookies and web beacons, for collecting information about your usage of our website or any of our subdomains, advertisements, and other content served by or on behalf of OhPhish on other websites. We may use this information for internal analysis and to provide you with location-based services, such as advertising, search results, and other personalized content.
To help us make our emails communication more useful and interesting, we often receive a confirmation when you open email from OhPhish, if your computer supports such capabilities. If you do not want to receive e-mail or other mail from us, please edit your customer communication preferences.
c. We get information about you from third parties. We may share your information with third parties subject to an agreement between you and OhPhish. Your information will be processed by such third parties on the basis of their respective Privacy Notices.
d. We get information about you from other sources. We might receive information about you from other sources and add it to our account information.
4. How and why do we use your personal information?
a. We use information to provide you our Services: Certain OhPhish services require you to provide your personal information, so as to enable us to provide you the whole range of that Service.
b. We use information to contact/respond to your requests or questions: We might use the information you provide to contact you to deliver the services you have requested or administering and processing your certification exams.
c. We use information to improve our products and services. We might use your information to analyze and customize our products, websites, newsletters, and other communications to support and improve your online experience with us.
d. We use information to look at site trends and customer interests. We may use your information to make our website and products better. We may combine information we get from you with information about you we get from third parties. OhPhish may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
e. We use information for security purposes. We may use information to protect our company, our customers, or our websites.
f. We use information for marketing purposes. We may use your information for sending communications to you, including for marketing and promotional or customer satisfaction purposes to inform you of other products or services available from OhPhish and its affiliates.
g. We use information to send you transactional communications. We might send you emails or SMS about your account or a product or service purchase.
h. We use information as otherwise permitted by law. To comply with our obligations under the law, including record-keeping, reporting, accounting, tax, etc.
5. Who do we share your personal information with?
OhPhish does not sell, rent, or lease your personal information to third parties without your explicit consent.
OhPhish shares personal information in the following ways:
a. We will, at times share your personal information with our Group companies for internal reasons, primarily for business and operational purposes. However, when personal information is shared with our group companies, same level of protection as set out it in this Privacy notice, along with an appropriate level of confidentiality will be maintained for your personal information
b. We will share information with our authorised Vendors. We share information with vendors who help us to manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of the country where you reside in. .
c. We will share information with our business partners/ third parties who perform services on our behalf. OhPhish may, from time to time, contact you on behalf of external business partners about a particular offering that may be of interest to you. In those cases, your unique, personal information (for instance your e-mail, name, address, telephone number) is not transferred to the third party. However, OhPhish may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such partners are prohibited from using your personal information except to provide these services to OhPhish, and they are required to maintain the confidentiality of your information.
d. We may share information if we think we must comply with the law or to protect ourselves.
OhPhish websites will disclose your personal information, without consent, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on OhPhish or the site; (b) protect and defend the rights or property of OhPhish; and, (c) act under exigent circumstances to protect the personal safety of users of OhPhish or the public.
e. We may share your information for reasons not described in this policy.
We will tell you before we do this. OhPhish does not transfer any sensitive personal information. By using or continuing to use the site you agree to our use of your information (including sensitive personal information) in accordance with this Privacy Notice, as may be amended from time to time by OhPhish at its discretion. You also agree and consent to us collecting, storing, processing, transferring, and sharing information (including sensitive personal information) related to you with third parties or service providers for the purposes as set out in this Privacy Notice.
We may be required to share the aforementioned information with government authorities and agencies for the purposes of verification of identity or for the prevention, detection, investigation, prosecution, or punishment of cyber incidents or any other legal offenses. You agree and consent to OhPhish, at its sole discretion, disclosing the required information with government authorities and agencies in such cases.
OhPhish encourages you to review the privacy statements of websites you choose to link to from OhPhish’s website so that you can understand how those websites collect, use, and share your information. OhPhish is not responsible for the privacy statements or content on websites outside of the OhPhish’s family of websites.
6. How OhPhish stores the personal information it collects?
OhPhish stores your personally identifiable information such as name, contact number, email address, etc. on a secure server which is encrypted and is accessible only to OhPhish’s applications. OhPhish may be required to share personal information with its affiliates, advisors, and auditors in other countries where it may be processed. If we or our affiliates or our service providers transfer personal information outside of the country of origin, we always require that appropriate safeguards are in place to protect the information when it is processed
7. How OhPhish secures your personal information?
We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction.
OhPhish uses secure servers to store your information and only shares and provides access to your information to the minimum extent necessary, subjected to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible. We also verify the identity of any individual who requests access to information prior to granting them access to requested information.
OhPhish also uses Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website. OhPhish also adopts comprehensive standards such as ISO/IEC 27001:2013 for selected Services.
8. How long do we keep your personal information?
We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements and as long as may be requested in writing to us for deletion of such data.
We determine standard retention periods for different categories of personal information in our possession. Where it isn’t possible to determine standard retention periods, we do so, based on the following criteria:
9. What legal basis do we have for using your personal information?
We process your personal information on the following legal bases:
We use consent to process your data for certain purposes such as when you consent to receive marketing communication, when you express interest in associating with us or to know more about us, etc. You can withdraw your consent at any time by writing to us at the e-mail addresses provided below
· Performance of Contract
· Legitimate Interests
Provided that such processing shall not outweigh your rights and freedoms, we may use your personal information for our legitimate interests which include legal obligations, direct marketing, market research, web analytics/profiling, compliance abidance, customer service, record-keeping, review, research, and analysis, to fulfil our legal obligations under applicable laws, security, storage, etc. You’ve the right to object, on grounds relating to your situation, at any time to processing of personal data concerning you which is based on legitimate interests. More information on this right and on how to exercise it, is set out below under “Right to Object” clause of this Privacy Statement.
A cookie is a small text file which is placed onto your computer or electronic device when you access our website. Cookies are used to track users’ actions and activities, and to store specific information about your preferences, location, session details, etc. about them. We use these cookies and/or similar technologies on this website for the only purpose of ensuring that you get the best experience. You can go to the preference or content setting of your web browser to delete the cookies pertaining to any website at any time.
11. Website Visitors
12. Consent for Cookies
13. Turn Off or Opt-Out of Cookies
14. Third-Party Cookies
15. What rights do you have in relation to the personal information we hold on you, in compliance to GDPR?
The General Data Protection Regulation (GDPR) provides you the benefit of several rights when it comes to your personal information.
a. The Right to be Informed.
b. The Right of Access
You have the right to obtain access to your information that we are processing and certain other information, in accordance with data protection law. Contact OhPhish if you wish to access the personal information OhPhish holds about users/data subjects.
c. The Right to Rectification
You are entitled to have your information corrected if it’s inaccurate or incomplete.
d. The Right to Erasure
This is also known as ‘the right to be forgotten’. If users want OhPhish to erase all personal data and we do not have a legal reason to continue to process and hold it, please contact us at [email protected] or [email protected]. This is not a general right to erasure; there are exceptions. If however, you do not fall within the ambit of exceptions, we will delete your data within a period of thirty (30) days.
e. The Right to Restrict Processing
You have rights to ‘block’ or suppress further use of your information. Users have the right to ask OhPhish to restrict how we process user data. This means we are permitted to store the data but not further process it. We keep just enough data to make sure we respect our users request in the future.
f. The Right to Data Portability
OhPhish allows to obtain and reuse personal data for purposes across services in a safe and secure way without this effecting the usability of user data.
g. The Right to Withdraw Consent
If users have given us their consent to process their data but change their mind later, they have the right to withdraw their consent at any time, and OhPhish stop processing their data. Users can write to [email protected] or [email protected] or www.eccouncil.org/unsubscribe.
h. The Right to Object to Processing and Automated Processing
You have right to object to the processing and automated profiling of your personal information as per applicable data protection laws. If you wish to object to the processing or automated processing of your personal information, please contact us at [email protected] or [email protected]. .
Further information and advice about your rights can be obtained from the data protection regulator in your country.
16. Data Protection Officer
In accordance with the applicable data privacy laws and rules of the jurisdictions in which OhPhish operates, including General Data Protection Regulation (EU) 2016/679 (GDPR), the contact details of the appointed Data Protection Officer are provided below:
Email: [email protected]
If you have any questions about this Policy or other privacy concerns, you can also email us at the abovementioned details.
17. What is our Opt-Out Policy?
· Users may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, and by sending us email at [email protected] or [email protected] and www.eccouncil.org/unsubscribe. Customers cannot opt out of receiving automated emails related to their account with us or our Services, like aspen emails, certification renewal emails.
· If you would like to opt-out of sharing of your personally identifiable information/personal information submitted on our website with third parties or otherwise, contact us at [email protected] and indicate your unwillingness to share such information with third parties or otherwise. However, this shall restrict your access to certain services as our services are linked internally to various platforms.
· However, under the following circumstances, we may still be required to share your personal information:
i. If we are responding to court orders or legal process, or if we need to establish or exercise our legal rights or defend against legal claims.
iii. If we believe it is necessary to restrict or inhibit any user from using any of our websites, including, without limitation, by means of "hacking" or defacing any portion thereof.
18. Third Party sites
20. No Reservations
21. No Conflict
22. How can you contact us?
All rights reserved by OhPhish.