Privacy Policy

Your privacy is important to us. Our goal is to provide you with a personalized online experience that provides you with the information, resources, and services that are most relevant and helpful to you.

This Privacy Policy (the “Privacy Policy”) has been written to describe the privacy-related terms and conditions under which CyberUSA (“CyberUSA”, “we”, “us” or “our”) makes its web sites, web pages, domains, portals, registries, mobile apps, other events and online resources, and corresponding materials (collectively, the “Web Site”) available to you, including but not limited to resources used to provide or in connection with our online meetings, events and other services.

The Privacy Policy discusses, among other things, how data obtained in connection with your use of the Web Site may be collected and used. We strongly recommend that you read the Privacy Policy carefully. By using the Web Site, you agree to be bound by the terms of the Privacy Policy (including its appendices, which are hereby incorporated into the Privacy Policy). If you do not accept the terms of the Privacy Policy, you are directed to discontinue accessing or otherwise using the Web site. If you are dissatisfied with the Web Site, please feel free to contact us at privacy@cyberusa.us.

The process of maintaining the Web Site is an evolving one, and we may modify the terms of this Privacy Policy without notice. Your continued use of the Web Site after such change indicates your assent to the modified terms as of the effective date of the change. The effective Privacy Policy will be posted on the Web Site, and you should check upon every visit for any changes.

1. Sites and Resources Covered by this Privacy Policy

This Privacy Policy applies to all CyberUSA web sites, web pages, domains, portals, registries, mobile apps, and other online resources, including but not limited to resources used to provide or in connection with our online meetings and events.  Notwithstanding the foregoing, we may from time to time require users of specific web pages, portals, or resources to agree to corresponding additional terms and conditions (“Additional Terms”), and such Additional Terms shall govern to the extent necessary to resolve any express conflicts with this Privacy Policy.

2. Children’s Privacy

We are committed to protecting the privacy needs of children, and we encourage parents and guardians to take an active role in their children’s online activities and interests. We do not intentionally collect information from children under the age of 13, and do not target the Web Site to children.

3. Links to Non-CyberUSA Security Standards Council Web Sites

The Web Site may provide links to third-party web sites or mobile apps for the convenience of our users. If you access those links or apps, you will leave our Web Site. We do not control these third-party web sites and apps and cannot represent that their policies and practices will be consistent with this Privacy Policy. For example, other web sites or mobile apps may collect or use personal information about you in a manner different from that described in this document. Therefore, you should use other web sites and mobile apps with caution, and you do so at your own risk. We encourage you to review the privacy policy of any web site or mobile app before submitting personal information.

4. Types of Information We Collect

Non-Personal Information

Non-personal information is data about usage and service operation that is not directly associated with a specific personal identity. We may collect and analyze non-personal information to evaluate how users use the Web Site.

Aggregate Information

We may gather aggregate information, which refers to information your computer automatically provides to us and which cannot be tied back to you as a specific individual. Examples include referral data (the web sites you visited just before our Web Site), the pages viewed, and time spent at our Web Site.

Logs

Every time you request or download a file from the Web Site, we may store data about these events and your IP address in a log. We may use this information to analyze trends, administer the Web Site, track users’ movements, and gather broad demographic information for aggregate use or for other business purposes.

Cookies

Our Web Site may use a feature of your browser to set a “cookie” on your computer. Cookies are small packets of information that a Web Site’s computer stores on your computer. The Web Site can then read the cookies whenever you visit. We may use cookies in a number of ways, such as to save information so you don’t have to re-enter it each time you visit our site, to deliver content specific to your interests and to track the pages you’ve visited. These cookies allow us to use the information we collect to customize your Web Site experience so that your visit to our site is as relevant and as valuable to you as possible.

Personal Data

“Personal Data” is information that is associated with your personal identity and may include your name or other personal information that can be used to uniquely identify you as an individual.

In general, we use Personal Data to better understand your needs and interests and to provide you with better service. The specific uses for Personal Data that we collect are described when or on the pages where such data is collected.  The types of Personal Data you provide to us through the Web Site may include name, address, phone number, email address, user IDs, passwords, IP address, and billing information.

Providing this information may be required or requested in order to enable you to request and/or download information or materials, subscribe to mailing lists, participate in corresponding online or in person discussions or events, collaborate on documents, provide feedback, submit information into registries, register for or participate in programs, meetings or events, apply for participation or membership, or join technical committees, working groups or initiatives.  We collect this information so we can contact you or send you requested materials (such as with requested documents or subscriptions to mailing lists), enable participation in corresponding events and activities, and to identify you to us or others (such as in applications to register for or participate in meetings or events or join committees, to participate in programs or online discussions, or to download materials from the Website and execute corresponding licenses), and to bill you for requested services or materials.

You may always elect not to provide your Personal Data to us, but that will limit your ability to participate in these activities or benefit from these services.

Personal Data will not be kept for longer than is necessary for the purpose (s) for which it was collected, and in general, we will retain Personal Data for a period of 3 years, or if you have any qualification or contractual relationship with us, for a period of 3 years after cessation of that qualification or relationship.  In some cases it is not possible for us to specify in advance the periods for which your Personal Data will be retained.

Notwithstanding this, we may retain, process and use your Personal Data where such is necessary for compliance with a legal or contractual obligation to which we are subject, in order to protect your vital interests or the vital interests of another person, or for other applicable legitimate interests.

5. Restricted Web Sites and Portals

Information you provide in connection with applying for participation or membership may be used to create a corresponding participant or member profile, or enable participation in corresponding activities, and may be shared with other CyberUSA member or participant representatives and organizations. Such information may be provided to other participants or members securely to encourage and facilitate collaboration, online discussion, research, and the free exchange of information. CyberUSA participants and members automatically are added to applicable CyberUSA mailing lists.

From time to time, participant and member information may be shared with event organizers and/or other organizations that provide additional benefits to our participants or members. When you provide us with your personal information in connection with events CyberUSA is organizing or hosting, we use that data to comply with our contractual obligations to event organizers and other parties in connection with those events. Where appropriate, we also expressly obtain your consent at the time of its collection.

6. Meetings and Events

Information you provide in connection with events or initiatives or registering for events or initiatives, such as our Community Meetings, Town Halls, Work Groups, Task Forces, Special Interest Groups, requests for comments, and similar events and initiatives, whether held in person or online, may include name, email address, company name, and company type.

This information is used to comply with our contractual obligations to the event or initiative organizers or operators and other parties in connection with those events and initiatives, including to operate such events and facilitate your participation, and may be used and shared with our contractors or other event participants for such purpose and as described under “Restricted Web Sites and Portals” above.

Additionally, at the time you provide us with such information, we will where appropriate request your consent to our storing, processing, distributing, and use of such data for the purposes for which it is being provided.  In connection with such events, we may also request additional information such as address, company affiliate, number of company employees, and other company information, which may be used for marketing purposes, and may be distributed to event sponsors.

Consent to such use of such additional information is requested at the time the information is collected.  All information collected in connection with such events is retained in accordance with the applicable provisions of this Privacy Policy.

7. Company Information

Company information is information that is associated with the name and address of our participant, member and other stakeholder or user organizations and may include data about usage and service operation. The primary representative of any such organization may request limited usage reports to gauge the extent of their employees’ involvement in our activities. You should be aware that information regarding your participation in technical committees, working groups, and online discussions and events, for example, may be made available to your company’s primary representative and to CyberUSA staff members.

8. How We Use Your Information

We may use non-personal data that is aggregated for reporting about the Web Site activity, usability, performance, effectiveness, or participation. It may be used to improve the experience, usability, and content of the Web Site or future activities.

We may use personal information to offer or provide services that support our activities or those of our participants, members, stakeholders or other users, and their collaboration with us, or to provide you with electronic newsletters, announcements, surveys or other information. When accessing restricted CyberUSA Web pages, portals or activities, your personal user information may be used or tracked in order to support collaboration, ensure authorized access, and enable communication among participants or members.

9. Information Sharing

We do not sell, rent, or lease any individual’s personal information or lists of email addresses to any third parties for marketing purposes, and we take commercially reasonable steps to maintain the security of this information. We will not do any of the foregoing in the future without providing you with notice and an opportunity to opt-out or opt-in, as required by law.

Similarly, we do not offer financial incentives associated with our collection, use, or disclosure of your personal information.  However, we reserve the right to supply any such information to any organization into which CyberUSA may merge in the future or to which it may make any transfer in order to enable a third party to continue part or all of our mission or activities. We also reserve the right to release personal information to protect our systems or business, if we reasonably believe you to be in violation of applicable terms of use, or if we reasonably believe you to have initiated or participated in any illegal activity. In addition, please be aware that in certain circumstances, we may be obligated to release your personal information pursuant to judicial or other government subpoenas, warrants, or other orders.

In keeping with our open process, we may maintain publicly accessible archives for the vast majority of our activities. For example, posting an email message to any CyberUSA-hosted mail list or discussion forum, providing request for comment feedback, or registering for one of our public or other meetings may result in your personal information becoming part of corresponding publicly accessible archives.

If you are a CyberUSA participant or member, you should be aware that some items of your personal information may be visible to other such participants and members, and to the public. Our participant and member databases may retain information about your name, email address, company affiliation and such other personal address, identifying data, and any previously-supplied such data, as you choose to supply. That data may be generally visible to other such participants or members, and to the public. Your name, email address, and other information you may supply also may be included in publicly accessible records of our various committees, working groups, online events and discussions, and similar activities that you join, in various places, including: (i) the permanently-posted attendance and other records of those activities; (ii) documents generated by the activity, which may be permanently archived; and, (iii) along with message content, in the permanent archives of our email lists, which also may be public.
Please remember that any information (including personal information) that you disclose in public areas of the Web Site or in connection with public or broad participation activities, such as forums (in person or online), message boards, news groups, and other activities, may become publicly or broadly available information that others may collect, circulate, and use. Because we cannot and do not control the acts of others, you should exercise caution when deciding to disclose information about yourself or others in forums or other activities such as these.

Given the national scope of the CyberUSA, personal information may be visible to persons outside your country of residence, including to persons in countries that your own country’s privacy laws and regulations deem deficient in ensuring an adequate level of protection for such information. If you are unsure whether this Privacy Policy is in conflict with applicable local rules, you should not submit your information.

Your Personal Data will never be used for direct marketing purposes, although we may contact you to follow up on a request you made for information about a service, event or activity we provide

If you do not want your personal information collected and used by the CyberUSA, please do not visit or use our Web Site, apply for participant or member status, or engage in CyberUSA activities.

10. Access to and Accuracy of Information

We are committed to keeping the personal information of our participating and member organizations and other Web Site users accurate. All the information you have submitted to us can be verified, changed and deleted (consistent with legal data retention requirements).

In order to do this, please email us a request at privacy@cyberusa.us. We may provide participants, members and/or others with online access to their own personal profiles, enabling them to update or delete information at any time. To protect your privacy and security, we also may take reasonable steps to verify identity, such as requiring a user ID and password, before access to modify personal profile data. Certain areas of the Web Site may limit access to specific individuals through the use of passwords or other personal identifiers; a password prompt is your indication that a restricted resource is being accessed.

11. Security

We use a variety of means to protect personal information provided by users of the Web Site, including using firewalls and other security measures on its servers. No server, however, is 100% secure, and you should take this into account when submitting personal or confidential information about yourself or others on the Web Site or elsewhere. Much of the personal information we collect is used in conjunction with participation and/or member-level services such as collaboration and discussion, so some types of personal information such as your name, company affiliation, and email address will be visible to other CyberUSA participants or members, and to the public. We assume no liability for the interception, alteration, use or misuse of the information you provide. You alone are responsible for maintaining the secrecy of your personal information. Please use care when you access the Web Site and otherwise provide personal information.

12. Opting Out

From time to time we may email you electronic newsletters, announcements, surveys or other information. If you prefer not to receive any or all of these communications, you may opt out by following the directions provided within the electronic newsletters and announcements.

13. California Privacy Rights  

Under the California Consumer Privacy Act of 2018 (“CCPA”), the California Privacy Rights and Enforcement Act (“CPRA”), and other California privacy laws, California residents have certain rights relating to collection, use, and sharing of their personal information for companies that meet applicable requirements.

For example, if you are a resident of California, you have the right to request to know what personal information we have collected about you, and to access that information. You also have the right to request deletion of your personal information, though exceptions under the law may allow us to retain and use certain personal information notwithstanding your deletion request.

14. Data Privacy Laws

Depending on the state, country or region where you are located or reside (your “Jurisdiction”), you may have certain rights under the General Data Protection Regulation (“GDPR”) or other laws of your Jurisdiction relating to the privacy and protection of Personal Data, in addition to those described in this Privacy Policy.  Personal Data you provide on or through the Web Site or otherwise in connection with our activities is only collected with your consent or to comply with our contractual obligations, and may be transmitted outside of the your Jurisdiction to the CyberUSA (or computer servers maintained for the benefit of the CyberUSA) pursuant to that consent.

In general, under the GDPR, if you live in the European Economic Area (“EEA”) or the United Kingdom, you may:

• Request access to your Personal Data.
• Have incomplete or incorrect Personal Data corrected.
• Have your Personal Data deleted.
• Suspend or restrict our use of your Personal Data, or withdraw your consent, and if that request is not respected, then to object.
• Request a copy of your Personal Data.
• Complain to a supervisory authority if you believe your rights under the GDPR are not being respected.
• Request to refuse automated decision-making of your personal data to make decisions about you, if such decision-making significantly affects you or produces legal effects.

Should you request a copy of your Personal Data, we will provide you a copy. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.  Should you request the deletion of your Personal Data, CyberUSA will generally do so as soon as practicable, although your right to have your Personal Data deleted is subject to exceptions, such as, for example, compliance with a legal obligation or for the establishment, exercise or defense of legal claims.

If you consider that our processing of your Personal Data infringes applicable data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the UK or EEA member state of your habitual residence, your place of work or the place of the alleged infringement.

You should note that our servers are located in the United States, which is deemed by the European Union to have inadequate data protection.  Accordingly, when you provide information to us through the Web Site, you are providing that information to us in the United States.  You should also note that, if you are in a country outside the United States (including but not limited to in the UK or EEA), your Personal Data may be transferred to and/or collected, stored, processed, and/or used outside of your country, including in the United States.  By way of example, this may happen if Personal Data of an individual in the UK or EEA is transferred to our servers located in the United States or in another country outside of the UK or EEA. Such countries may not have similar data protection laws to the UK or EEA or your country. If we transfer your information outside of the UK or EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy, including the following:

• Data sent to our Website or Portal is protected by TLS and strong cryptographic algorithms when transmitted across open, public networks.
• Data at rest on our Web Site or Portal is protected by full disk encryption and strong access controls. In addition, sensitive customer files uploaded to our portal are separately encrypted using unique encryption keys per file. All encryption keys use strong cryptography and are protected using role-based access controls.
• We run vulnerability scans against our infrastructure (including our Web Site and Portal), at a minimum at least quarterly and after any significant change.
• We conduct penetration tests against our infrastructure (including our Web Site and Portal), at least annually and after any significant change.

15. Contacting Us

If you have any questions or concerns regarding this policy or your Personal Data, or wish to exercise any of the above rights, please contact the CyberUSA at:

CyberUSA
8850 Stanford Blvd
Suite 1900
Columbia, MD 21045

privacy@cyberusa.us
(301) 206-2940

‍