Updated: July 8, 2016
This privacy statement applies to information collected by the websites associated with GIAC, including giac.org, sans.org, sans.edu, and other domains owned and operated by SANS, GIAC, and the ESCAL Institute.
How We Gather/Share Information
To save you time and make our web services easy to use, you may create a dashboard account using your personal information. You may do this by visiting https://www.sans.org/account/. The account dashboard system saves your information and references it to your email address and password. The next time you visit the GIAC website, you can simply enter your email address and password. If you purchase a certification or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date). We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you. We also use the mailing address to send you GIAC brochures and other items of interest.
When you register online for a certification, we collect the information you provide us, including your name, contact information, affiliation and the name of the certification. We use this information to ensure that you are properly registered for the certification you have selected, and to notify you about other certifications that may be of interest to you. We also use this information in the course of fulfilling our obligations to provide the certification to you, including providing you materials, if opted for a certification renewal, and contacting you with respect to the certification itself.
Many employers have purchasing arrangements with GIAC/SANS that may be used by their employees to pay for GIAC products. GIAC candidate data, including contact information and exam-related data may be shared with the purchasing organization's designated contact. As such, GIAC may share your certification status, and/or the results of GIAC certification attempts with the entity that GIAC determines, using commercially reasonable practices, directly or ultimately paid for your certification exam or other related GIAC product or service. GIAC may release to such organization only appropriately limited information, including your progress, exam appointment date, exam deadline, and the results of the test, subject to the commitment by that entity to keep GIAC data confidential and not to further disclose it to any third party without your express written consent.
GIAC may occasionally provide you the opportunity to participate in contests or surveys on our site. If you participate, we may request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact and demographic information such as name and address. We may share aggregated demographic information about our user base with our partners and advertisers. This information does not identify individual users.
When you contact GIAC, we may keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.
GIAC may use Twitter, Facebook or other social media outlets to market and promote its offerings and services. Any communications you make with GIAC using these media may be used by GIAC in accordance with this policy.
Vendors, Suppliers, or Other Access to Your Information
Legal Access to Your Information
We may share personal information with companies, organizations or individuals outside of GIAC if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, investigate or otherwise address fraud, security or technical issues.
- protect against harm to the rights, property or safety of GIAC, our users or the public as required or permitted by law.
Merger, Acquisition, Sale or Forced Sale
GIAC Certified Professional Information
GIAC Certified Professionals are listed on the GIAC website and is considered public information. Published data includes Analyst Number, Certificate Holder's Name, Gold Paper Title (if applicable) and Certification Expiration Date. No personal contact information is published.
As is true of most Web sites, we gather certain information automatically and store it in log files. This information may include IP addresses, browser type, referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information to analyze trends, to administer the site, to track how visitors interact with the site.
When you log into your GIAC portal account you may select the "Remember me" check box to set a persistent cookie to store your password, so you don't have to enter it more than once. You can remove the portal login cookie by clicking the "Logout" link.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as the portal, contests or surveys, will be limited and you may need to reenter personal information when you register for events.
How We Protect Your Personal Information
GIAC safeguards the security of the data you send us with physical, electronic, and managerial procedures. Likewise, we urge you to take every precaution to protect your personal data when you are on the Internet. These precautions include changing your password often, using a combination of letters, numbers and symbols, and using a secure browser.
The GIAC website uses SSL v3 and TLS v1 encryption on all web pages where personal information is submitted. This protects the confidentiality of your personal and credit card information as it is transmitted over the Internet.
GIAC does not store credit card numbers on our servers. Credit card numbers are submitted to a credit card authorization service. This service provides GIAC with credit card validation information only. We do not have access to your personal financial data.
GIAC may employ independent contractors to help manage data services, and such contractors may have access to data, similar to the access we give our employees. Also, GIAC may store sales account data, including personally identifiable information, with a third party application service provider.
Access To Your Personal Information
You always have access to the information we have about you. To review and update your personal contact information, simply click https://www.sans.org/account/login and log in with your email address and password, then click Update Your Account. We encourage you to review your preferences regularly to keep the information current. You may also write firstname.lastname@example.org to have the information changed or removed.
Newsletters And Promotional Email
If you no longer wish to receive our newsletters and promotional communications from GIAC, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by accessing your preferences by logging into https://www.sans.org/account/login as described in the previous paragraph.
Links To Other Sites
The GIAC web site contains links to other sites that are not owned or controlled by GIAC. Please be aware that GIAC is not responsible for the privacy practices of such other sites. We encourage you to be aware when you leave our site and to read the privacy statements of each and every web site that collects personally identifiable information.
Information Obtained From Third Parties
GIAC does not sell or trade your personal information. We may at times receive contact lists from other organizations. We may send mailings such as brochures to these addresses. Typically, these are one-time mailings, and the data is not entered into our database. If you want to remove yourself from the third party's database, you must contact them directly. These mailings have a brochure code printed on the mailing label. By providing this code, we will be able to tell you from what provider we received your contact info.
Changes To This Privacy Statement