PCI Security Standards Council Online Privacy Statement
Your privacy is important to the PCI Security Standards Council. Our goal is to provide you with a personalized online experience that provides you with the information, resources, and services that are most relevant and helpful to you. This PCI Security Standards Council Online Privacy Statement (the "Privacy Statement") has been written to describe the conditions under which this web site and other online PCI Security Standards Council resources (the "Web site") are being made available to you. The Privacy Statement discusses, among other things, how data obtained during your visit to this Web site may be collected and used. We strongly recommend that you read the Privacy Statement carefully. By using this Web site, you agree to be bound by the terms of this Privacy Statement. If you do not accept the terms of the Privacy Statement, you are directed to discontinue accessing or otherwise using the Web site or any materials obtained from it. If you are dissatisfied with the Web site, by all means contact us at firstname.lastname@example.org; otherwise, your only recourse is to disconnect from this site and refrain from visiting the site in the future.
The process of maintaining a Web site is an evolving one, and the PCI Security Standards Council may decide at some point in the future, without advance notice, to modify the terms of this Privacy Statement. Your use of the Web site, or materials obtained from the Web site, indicates your assent to the Privacy Statement at the time of such use. The effective Privacy Statement will be posted on the Web site, and you should check upon every visit for any changes.
Sites Covered by this Privacy Statement
This Privacy Statement applies to all PCI Security Standards Council-maintained Web sites, domains, information portals, registries and other online resources, and PCI Security Standards Council may from time to time require users of specific portals or other resources to agree to corresponding additional terms and conditions. If the terms of this Privacy Statement conflict with such other terms and conditions, such other terms and conditions shall govern to the extent necessary to resolve such conflicts.
The PCI Security Standards Council is committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children's online activities and interests. The PCI Security Standards Council does not intentionally collect information from children under the age of 13, and the PCI Security Standards Council does not target its Web site to children.
Links to Non-PCI Security Standards Council Web Sites
TYPES OF INFORMATION WE COLLECT
Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity. The PCI Security Standards Council may collect and analyze non-personal information to evaluate how visitors use the PCI Security Standards Council Web site.
The PCI Security Standards Council may gather aggregate information, which refers to information your computer automatically provides to us and which cannot be tied back to you as a specific individual. Examples include referral data (the Web sites you visited just before and just after our site), the pages viewed, time spent at our Web site, and Internet Protocol (IP) addresses. An IP address is a number that is automatically assigned to your computer whenever you access the Internet. For example, when you request a page from one of our sites, our servers log your IP address to create aggregate reports on user demographics and traffic patterns and for purposes of system administration.
Every time you request or download a file from the Web site, the PCI Security Standards Council may store data about these events and your IP address in a log file. The PCI Security Standards Council may use this information to analyze trends, administer the Web site, track users' movements, and gather broad demographic information for aggregate use or for other business purposes.
Most browser software can be set up to deal with cookies. You may modify your browser preference to provide you with choices relating to cookies. You have the choice to accept all cookies, to be notified when a cookie is set or to reject all cookies. If you choose to reject cookies, certain of the functions and conveniences of our Web site may not work properly, and you may be unable to use those PCI Security Standards Council services that require registration in order to participate, or you will have to re-register each time you visit our site. Most browsers offer instructions on how to reset the browser to reject cookies in the "Help" section of the toolbar. We do not link non-personal information from cookies to personally identifiable information without your permission.
The PCI Security Standards Council's Web site also may use Web beacons to collect non-personal information about your use of our Web site and the Web sites of selected sponsors and advertisers, your use of special promotions or newsletters, and other activities. The information collected by Web beacons allows us to statistically monitor how many people are using our Web site and selected sponsors' sites; how many people open our emails; and for what purposes these actions are being taken. Our Web beacons are not used to track your activity outside of our Web site or those of our sponsors. The PCI Security Standards Council does not link non-personal information from Web beacons to personally identifiable information without your permission.
Personal information is information that is associated with your name or personal identity. The PCI Security Standards Council uses personal information to better understand your needs and interests and to provide you with better service. On some PCI Security Standards Council Web pages, you may be able to request and/or download information or materials, subscribe to mailing lists, participate in online discussions, collaborate on documents, provide feedback, submit information into registries, register for events, apply for participation or membership, or join technical committees or working groups. The types of personal information you provide to us on these pages may include name, address, phone number, email address, user IDs, passwords, billing information, or other information.
Restricted Web Sites and Portals
Information you provide in connection with applying for participation or membership is used to create a corresponding participating organization or member profile, and may be shared with other PCI Security Standards Council member or participant representatives and organizations. Such information may be provided to other participants or members on a secure Web site to encourage and facilitate collaboration, research, and the free exchange of information. PCI Security Standards Council participants and members automatically are added to applicable PCI Security Standards Council mailing lists. From time to time, participant and member information may be shared with event organizers and/or other organizations that provide additional benefits to PCI Security Standards Council participants or members. By providing us with your personal information, you expressly consent to our storing, processing, and distributing such information for these purposes.
Company information is information that is associated with the name and address of PCI Security Standards Council participant or member organizations and may include data about usage and service operation. The primary representative of any such organization may request usage reports to gauge the extent of their employees' involvement in consortium activities. You should be aware that information regarding your participation in technical committees or working groups, for example, may be made available to your company's primary representative and to PCI Security Standards Council staff members.
HOW WE USE YOUR INFORMATION
The PCI Security Standards Council may use non-personal data that is aggregated for reporting about PCI Security Standards Council Web site usability, performance, and effectiveness. It may be used to improve the experience, usability, and content of the site.
The PCI Security Standards Council may use personal information to offer or provide services that support its activities or those of PCI Security Standards Council participants or members, and their collaboration with PCI Security Standards Council, or to provide you with electronic newsletters, announcements, surveys or other information. When accessing restricted PCI Security Standards Council Web pages and portals, your personal user information may be tracked in order to support collaboration, ensure authorized access, and enable communication among participants or members.
In keeping with our open process, the PCI Security Standards Council may maintain publicly accessible archives for the vast majority of our activities. For example, posting an email message to any PCI Security Standards Council-hosted mail list or discussion forum, subscribing to any PCI Security Standards Council newsletter or registering for one of our public meetings may result in your email address becoming part of the publicly accessible archives.
If you are a PCI Security Standards Council participant or member, you should be aware that some items of your personal information may be visible to other PCI Security Standards Council participants and members, and to the public. The PCI Security Standards Council participant and member databases may retain information about your name, email address, company affiliation and such other personal address and identifying data as you choose to supply. That data may be generally visible to other PCI Security Standards Council participants or members, and to the public. Your name, email address, and other information you may supply also may be associated in the PCI Security Standards Council's publicly accessible records with the PCI Security Standards Council's various committees, working groups, and similar activities that you join, in various places, including: (i) the permanently-posted attendance and other records of those activities; (ii) documents generated by the activity, which may be permanently archived; and, (iii) along with message content, in the permanent archives of the PCI Security Standards Council's email lists, which also may be public.
Please remember that any information (including personal information) that you disclose in public areas of our Web site, such as forums, message boards, and news groups, becomes public information that others may collect, circulate, and use. Because we cannot and do not control the acts of others, you should exercise caution when deciding to disclose information about yourself or others in public forums such as these.
Given the international scope of the PCI Security Standards Council, personal information may be visible to persons outside your country of residence, including to persons in countries that your own country's privacy laws and regulations deem deficient in ensuring an adequate level of protection for such information. If you are unsure whether this privacy statement is in conflict with applicable local rules, you should not submit your information. If you are located within the European Union, you should note that your information will be transferred to the United States, which is deemed by the European Union to have inadequate data protection. Nevertheless, in accordance with local laws implementing European Union Directive 95/46/EC of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data ("EU Privacy Directive"), individuals located in countries outside of the United States of America who submit personal information do thereby consent to the general use of such information as provided in this Privacy Statement and to its transfer to and/or storage in the United States of America.
If you do not want your personal information collected and used by the PCI Security Standards Council, please do not visit the PCI Security Standards Council's Web site or apply for participation status.
Access to and Accuracy of Information
The PCI Security Standards Council is committed to keeping the personal information of our participating and member organizations accurate. All the information you have submitted to us can be verified and changed. In order to do this, please email us a request at email@example.com. We may provide participants and/or members with online access to their own personal profiles, enabling them to update or delete information at any time. To protect your privacy and security, we also may take reasonable steps to verify identity, such as requiring a user ID and password, before granting access to modify personal profile data. Certain areas of the PCI Security Standards Council's Web sites may limit access to specific individuals through the use of passwords or other personal identifiers; a password prompt is your indication that a restricted resource is being accessed.
The PCI Security Standards Council uses a variety of means to protect personal information provided by users of the Web site, including using firewalls and other security measures on its servers. No server, however, is 100% secure, and you should take this into account when submitting personal or confidential information about yourself on any Web site, including this one. Much of the personal information is used in conjunction with participation and/or member-level services such as collaboration and discussion, so some types of personal information such as your name, company affiliation, and email address will be visible to other the PCI Security Standards Council participants or members, and to the public. The PCI Security Standards Council assumes no liability for the interception, alteration, use or misuse of the information you provide. You alone are responsible for maintaining the secrecy of your personal information. Please use care when you access this Web site and provide personal information.
From time to time the PCI Security Standards Council may email you electronic newsletters, announcements, surveys or other information. If you prefer not to receive any or all of these communications, you may opt out by following the directions provided within the electronic newsletters and announcements.
Questions about this Privacy Statement can be directed to firstname.lastname@example.org