For those planning training sessions or candidates intending to take an online exam during this period, we will be offering online exam sessions on December 27 and 29, as well as January 5, 2024. You can check the link to online exam events here.

PECB Privacy Statement

Last updated on September 16, 2024.

1 Introduction

PECB respects each site visitor’s right to privacy. We collect and use information from our websites only as disclosed in this privacy statement. This privacy statement applies to and discloses the privacy practices of information collected by PECB only. If you disagree with any part of this privacy statement, please do not use our websites.

Hereafter, the terms “PECB” and “we” and its derivatives refer to the owner of the websites (office located in 336-6683 Jean Talon St E Montreal QC H1S 0A5 Canada). The term “you” and its derivatives refers to the user or viewer of our website. The term “statement” refers to this document. The terms “PECB website” or simply “website” refer to the websites https://pecb.com/, https://insights.pecb.com/, https://conference.pecb.com/, https://store.pecb.com/, https://help.pecb.com/, https://mypecb.com/ and/or other domains owned and maintained by PECB.

PECB is the data controller of the information you provide during the process of application, registration, certification, examination, or other purposes as outlined in this privacy statement.

Any details entered in one of our online forms will be stored electronically by us. If you have any questions about the process or the way your information is handled, please contact our data protection officer via email at information.security@pecb.com.

2 Website content

The content of the PECB website is intellectual property protected by law. The information and content provided may not be re-used without our explicit permission, except for private or other personal use within the limitations of the General Data Protection Regulation (GDPR). The press releases and articles from our press service presented on the website are available to the editors of newspapers or periodicals for publication. Should they be published, PECB will request the publisher to provide a proof copy.

This privacy statement does not cover any link within the PECB website that leads to websites not owned or operated by PECB. We have no authority or responsibility over the content or design of other companies’ websites that can be assessable via hyperlinks from our website. Furthermore, we explicitly disassociate from any internet content that might be illegal or offensive. You take full responsibility for using hyperlinks on our website to access other companies’ websites. We recommend that you check the policies concerning data protection and privacy of the PECB partners or other users whose websites can be accesses through our website.

PECB is not responsible for any outcome caused by opening or otherwise engaging with the website(s) of our partners. The partners’ hyperlinks and addresses provided on our website are generated automatically (geographical location and contact) in accordance with the partners’ physical address.

3 Lawful Basis for Processing

We collect personally identifiable information (PII) only with the consent of the natural person (data subject) and ensure that the data collected is used only for the stated purpose.

In addition, when you create an account and become a PECB client, partner, trainer, auditor, invigilator, or distributor, you are required to fill out an electronic form for which we are not held responsible. We ask for your consent to send you information only regarding our training courses, news, newsletters, webinars, or other content related to our services.

4 Types of Collected Information

We only collect the information that you provide to us when you visit our website.

The provision of information to PECB is a voluntary act. Clicking the “Submit” button on any of our web forms on our website means that you are aware of the PECB’s Terms, Conditions, and Policy provisions and voluntarily consent to the conditions outlined therein.

4.1 Registration Forms

When creating a PECB account, you provide information which can personally identify you, such as your full name, year of birth, email address, phone number, country, state, and city. In addition, when you create a PECB partner account, we also collect your company information, including its name, physical address, phone number. Information about leads of partners is also sub-processed in HubSpot. For more information on how data is handled by them, please read HubSpot Privacy Policy.

The information we collect helps us complete your registration process and identify you as a user of our website.

4.2 Registration through the partner

PECB operates globally through its network of partners. PECB helps their partners so they can perform and distribute PECB services to their clients effectively and with high quality. PECB partners are eligible to create training course events and enroll training course participants in them. When using the Enroll Course Participants form, the participant’s PECB account will be created by the partner and only activated after the user clicks the activation link via email.

The partner is fully responsible for creating the account and for using the participant’s PII, including the full name, country, province/state, and email address.

4.3 Marketing emails

PECB Group Inc. is the data controller responsible to handle all marketing communications of PECB services and products including:

  • PECB Inc.;
  • PECB University;
  • PECB Store;
  • PECB Insights Magazine;
  • PECB Conference;

If you previously agreed to receive marketing communications, you will occasionally receive relevant news and offers about our services and products. To improve our services we may contact you for survey and market research purposes.

Personal Information collected for marketing purposes is processed in accordance with your subscription preferences.

4.4 Help and Support Center

Our clients are supported by HubSpot Chat bot support, available at the Help Center on our website. Your name, email address, and chat content will be collected if you use our Chat bot. We will only keep this information for three years and we will not share it with anyone else. We continuously monitor Live Chat logs to improve quality.

If and when you call PECB’s support line, we collect Calling Line Identification information. We use this information to help improve the efficiency and effectiveness of our services. PECB holds the information necessary to fulfill callers’ requests, opening a ticket in the system, and going through processes regarding the ticket until the procedure is completed. The information provided through the ticketing system is reviewed and, if applicable, deleted on an annual basis.

4.5 Persons Who Contact Our Network through the Website

If you use our website to connect with our network of partners and trainers, we collect only the information you provide us with, such as your name, phone number, email address, and residence.

Your composed message is also collected to prevent, detect, and respond to any form of fraud or abuse that could damage our network.

4.6 Job Applicants

When you apply for a job at PECB, we ask for your personal information, contact details, email address, and résumé. Your résumé may contain other data that are considered personal information, such as your education certifications, professional trainings, and previous work experiences.

All the information you provide during your job application is only used to process your application or, if necessary, to fulfill legal and regulatory requirements. We use your contact details to provide you with information related to the processing of your job application. In addition, we use the other information you provide to assess your suitability for the role you have applied for.

We do not collect more information than we need to fulfill our stated purposes and do not retain any information for longer than necessary. We do not share any of the information you provide with any third parties. The information you provide, be it in digital or physical format, will be handled securely.

4.7 PECB Connect

As part of our commitment to maintaining a high standard of integrity and professionalism, individuals applying to join as auditors on the PECB Connect platform will undergo a screening process. This screening, conducted by our trusted partners, Sterling and Triton, will include verification of the applicant's educational background and a criminal background check. After an application is made in the PECB Connect platform, the applicant will receive an email from Sterling and/or Triton to consent to the background check. These measures are implemented to ensure the reliability and credibility of the auditors associated with PECB Connect.

All personal data collected during the screening process will be handled in compliance with our privacy policy and applicable data protection laws. You may find more information on how Sterling and Triton process data here Privacy Basics - Sterling Privacy (sterlingcheck.com), Triton Privacy Policy (tritoncanada.ca).

4.8 Screening and monitoring of International Economic Sanctions

We use ComplyAdvantage to screen and monitor new and existing users, including organizations, against International Economic Sanctions where PECB has a presence or operates, including the UN, Canadian Economic Sanctions, US, EU, and Malaysia, as well as sanctions from countries where accreditation authorities are based. Information such as the name, year of birth and country, are necessary to screen and monitor against sanctions lists.

Upon giving your consent to the processing of the abovementioned data when creating your PECB account, the service will automatically screen and monitor your information against sanctions lists. To know your

Data Subject Rights and learn how ComplyAdvantage processes your information, please refer to CompyAdvantage’s Privacy Notice - ComplyAdvantage.

5 Our Service Providers

5.1 Amazon Web Services

To provide our services and publish our website, we use the cloud computing platform of Amazon Web Services (AWS). Data is transferred to AWS servers located in North Virginia, USA to provide services. To ensure compliance with GDPR for the transfer of data outside of the European Union, AWS participate in the EU-US Data Privacy Framework. We do not grant any permission to AWS to share any personal information that we collect from our website’s account holders. We use AWS because it complies with several information security requirements, including, but not limited to, ISO/IEC 27001, ISO/IEC 27701, and the EU-GDPR. You can read the privacy notice of AWS here.

5.2 Emailing

Microsoft 365 (Outlook) is another service we use for email exchanging and cloud data backup. We use Microsoft 365 because it complies with several information security requirements, including, but not limited to, ISO/IEC 27001, ISO/IEC 27701, and the EU-GDPR. Microsoft 365 offers encryption of data at rest that includes files stored in cloud service and encryption of data in transit that includes exchanged email messages or conversations that are taking place in a meeting.

Microsoft 365 uses several technologies and strong encryption protocols that include Internet Protocol Security (IPSec), Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Advanced Encryption Standard (AES). We do not guarantee encryption to the recipients of our emails. Therefore, ensuring encryption in your end is your sole responsibility.

We also monitor any emails sent to us for viruses or malicious software, including file attachments. Please note that you are responsible for ensuring that any email you send to us is legally compliant.

We use third parties, such as Sendinblue, Amazon SES, Hubspot and Microsoft Outlook, to deliver emails to our network. For more information on how data is handled by them, please read Sendinblue’s privacy policy, Amazon’s privacy notice, HubSpot Privacy Policy and Microsoft’s privacy statement.

5.3 Payments on the PECB website

Payments made from the PECB website are processed by a third-party service called Stripe. The information provided during the payment process is not stored in the PECB system, but it is only passed on to Stripe for the sole purpose of completing the payment process initiated by the user. To find out how Stripe processes and uses your data, please read their privacy policy.

Our website also supports PayPal payment services. PayPal privacy statement is available here.

5.4 Lockstep Collect

We use Lockstep Collect, an automated accounting service to manage our debt collection process. Contact details of our customers (trainees), and at times, invoices are stored in the application. Using an automated process, the application will communicate notifications to customers who have overdue invoices with PECB.

The Privacy Policy of Lockstep Collect is available here.

5.5 Go-To-Webinar

In order for our free webinars to be accessible globally, we use the services of LogMeIn Inc., Go-To-Webinar and GoToMeeting. Go-To-Webinar complies with the EU-US Data Privacy Framework. The LogMeIn Inc. privacy policy can be found here.

Upon interest to participate in a webinar organized by PECB, during the registration on the platform, we collect your full name, email address, and residence for the sole purpose of identifying your participation in the webinar.

5.6 Social Media

We use third-party providers, such as LinkedIn, Facebook, Instagram, Twitter, YouTube, SlideShare, ISSUU, Pinterest, and others to manage our social media interactions.

Social media interaction is maintained via social media accounts listed above. All providers have their own privacy policies and statements that outline the way they collect, process, and store data. To read their policies and statements, please make sure to visit their websites.

If you send us a private or direct message via social media, the message will be stored at LinkedIn and Slideshare as per their privacy policy, Facebook and Instagram as per their data policy, and Twitter as per their privacy policy. Google LLC and its affiliates offer different services, including YouTube, for which they have their own privacy policy.

The subscribers of PECB on LinkedIn will not be shared with another network by PECB, unless requested or asked by them. We do not send any marketing emails to our network subscribers without prior consent. In addition, we may publish a link for subscription to our news and newsletters.

5.7 Digital badges

We use Credly to issue digital badges that are web-enabled versions of your certification credentials. Information such as your name, email address, and certification schemes are necessary to ensure the authentication of badges via Credly.

Upon giving your consent to the processing of the abovementioned data when creating your PECB account, the service will automatically award badges after your certification application is validated, and after creating an account with Credly. To know your Data Subject Rights and learn how Credly processes your information, please refer to Credly’s Privacy Policy.

5.8 Ticketing system

To track issues and manage projects we use management services of Atlassian Jira and HubSpot.

We may store personal details of individuals when necessary to track and manage matters subject to their account or the PECB system. Content could also include a description of the topic, files, and links relevant to the subject matter. To know your Data Subject Rights and learn how Atlassian Jira and HubSpot processes your information, please refer to Atlassian Jira’s Privacy Policy | Atlassian and HubSpot’s HubSpot Privacy Policy.

5.9 Zapier, Inc.

To enlist participant on our webinars and to automate email preferences we use Zapier Inc. Zapier may store personal data necessary to manage webinar participants and to automate the email subscription preferences. This information is transferred to Zapier located in the US. Zapier complies with the EU-US

Data Privacy Framework. For more information on how Zapier processes data, please refer to their Zapier Privacy Policy

6 Cookies and Similar Technologies

When you visit our website, you should be aware that we use third-party services like Google Analytics to collect standard internet log information and details of visitor behavior patterns. This is done with the aim of collecting information with regard to the number of visitors on our website. The processing of this information does not provide any kind of identification of the visitors.

In addition, we use Content Delivery Network to identify the geolocation of our website visitors. The only case when PECB collects personally identifiable information through the website is when a visitor voluntarily creates a user account. We provide full transparency and clear explanation on how we use the information collected in these cases.

You can read more about how we use cookies on in our Cookie Policy.

7 Certification Exam

When entering an online exam, candidates are required to show their governmental or non-governmental ID to the invigilator, who will compare the document with candidate’s face through the live video feed. If the candidate’s camera feed is not clear enough to invigilator, candidates will be required to upload a picture of the ID card in the application. To do so, they need to have a JPEG/PNG or PDF image of the ID ready before entering the online session.

IMPORTANT NOTE: The uploaded document will not be saved and will be erased automatically once the exam is finished”.

Along with the ID document, candidates are required to indicate if they are native speaker of the exam language, add information on an emergency contact, relationship with the emergency contact, and their telephone number, which is crucial for prompt and effective response in case of any health emergencies of the candidate taking an online exam.

Candidates taking a paper-based exam are required to fill out the Candidate Identification Sheet (CISH) before starting the exam. In the CISH, they are required to provide their full name, email address, and additional exam session details, such as exam title, date, and location. The sole purpose of collecting this information is for PECB to identify candidates.

By taking a PECB exam, PECB will use your full name and email address to enroll you in the system of processing exams. In addition, we might also use your full name, and email address to enroll you in the completed training course event, in case the step was not already completed by the PECB Partner.

PECB training courses are offered via PECB-authorized partners. After completing the training course, candidates can take the certification exam on a paper-based exam or through the PECB online examination platform. The date of announcing the exam results depends on various factors, and after the exam results are announced, the training course organizer (PECB partner) and the training course trainer(s) (PECB- certified trainer(s)) will be able to see the exam results in order to fulfill administrative tasks (e.g., complete candidates list, schedule exam retakes). This applies to all training course participants who, after completing the training course, make their first attempt on a paper-based exam, take a retake paper-based exam, take a first attempt exam online, or take a retake exam online.

This applies to all training course formats offered by PECB through its authorized partners. The results are shared with the partners and trainers through their partner account and certified trainer account(s).

If, due to a special need, a candidate needs special accommodation during the exam, they are required to fill out the Examination Special Accommodation Request Form  and provide PECB with documented information before the request is reviewed for approval. Information concerning the candidate’s medical condition is treated with strict confidentiality and is deleted after a 6-month period from the application data.

7.1 PECB Exams

PECB Exams, the application we have developed to offer online certification exams, is also used to provide certification exams for IAS accredited PECB certification schemes.

The application shares the examinee’s webcam feed and computer screen, not simultaneously, with the remote online exam Invigilator at all times during the candidate’s verification process, and online examination. The feed is stopped when the exam time span ends, and the Invigilator can no longer access the feed.

During the online examination process, the application takes automatic screenshots every 20 minutes from the feed selected by the Invigilator.

The remote invigilator compares the candidate’s face from live camera feed with their governmental or non- governmental document showing during the verification process, and when/if suspicious activity/behavior that goes against our examination policy is noticed during the examination process.

Data coming from the exam application is stored on Amazon S3 Simple Storage Service and the buckets are by default encrypted with an AES-256-bit encryption key.

The data can be accessed only when/if access is requested by authorized personnel at PECB and/or IAS, and is not shared with any other parties.

The retention period of screenshots is 3 years.

8 Certification Application

As a certification body, PECB is responsible for developing and maintaining valid and up-to-date certifications, setting the standards to certify individuals and organizations, and issuing certificates.

We collect users’ personal information provided to us from their PECB account. In addition, applying for a PECB certification requires submitting information, such as the résumé, work experience, education, and training certifications.

Depending on the certification scheme, you will also be required to provide the contact information of two references who can validate your professional experience. We will contact your referrals via email or phone and they will be asked to fill out an online form to confirm your experience.

9 Trainer Certifications

Candidates interested in applying for the PECB trainer certification process are required to first submit the PECB Trainer Eligibility form using their PECB account. In addition, they are required to also provide us with a résumé, organization name, and address. After PECB approves the candidate’s eligibility to become a PECB Trainer, the Trainer Certification Application form will become available in the candidate’s PECB account.

During the certification process, candidates are required to electronically send a video of themselves simulating a presentation of a PECB training course session. This recording session is done on PECB’s website using the PECB recording tool. The recorded session will be reviewed during the trainer’s evaluation process.

Upon completing the trainer application process, the information and data of the candidates whose application is rejected are stored for one year and permanently deleted afterward. However, for candidates who become PECB-certified trainers, all the information and data submitted during the application will be stored by PECB. If the trainer status is Freelancer or Open with authorization, the information will be made public in the Trainers’ tab on the PECB website. The data will not be shared with third parties, unless required by law.

The profiles of the PECB-approved trainers are also visible to the PECB Distributor accounts.

10 Invigilator Application

Candidates interested in applying to become PECB invigilators are required to complete their registration by filling out the application form with personal details which include the full name, national identification document, email address, phone number, country, region, and zip code.

The personal data are used for invigilating purposes only, and are only available to the Partner who assigned the person as an Invigilator.

The retention period of invigilator application including ID document is 3 years from the application date.

11 Children

This privacy statement is not intended for children. We understand the importance of protecting children’s information, especially in an online environment, and we do not knowingly collect or maintain information about children.

12 Search Engines

PECB reserves the right to build a search engine within the website to help its visitors find information easily. The search engine serves as a means of searching publicly available information on our website, not personally identifiable information of users.

13 Security and Performance

We take precautions to protect your information and privacy. When you submit information via the form(s) available on our website, your information is protected both online and offline. Only employees who need the information to perform a specific task (for example, customer service managers, certification managers, and examiners) are granted access to personally identifiable information. The computers and servers in which we store personally identifiable information are kept in a secure environment with strictly controlled access.

We use a third-party service to help maintain the security and performance of our website. Considering the data exchanged via internet is not 100% secure, we cannot guarantee that the information you send will not be lost, used unlawfully, or modified in a fraudulent manner. We bear no liability for the use of information by you or any third party.

13.1 Retention of Data

We keep personal data only as long as necessary and only for the reasons set forth in this policy, or until we receive your request to have your personal data erased. Please note that we may retain your data for longer periods, as necessary to comply with our legal obligations.

13.2 Data Protection Policy

PECB has established a Data Protection Policy that ensures its employees, clients, partners, and stakeholders that their data is protected and handled accordingly with absolute caution and confidentiality. Please read our Data Protection Policy here.

14 Complaints

PECB strives to meet the highest standards of data protection when collecting and using personal information. For this reason, we take any complaint seriously. We encourage our website users, visitors, and any interested party to bring to our attention any observation or opinion that they believe can lead to an unfair, misleading, or inappropriate collection and usage of information.

This privacy statement is meant to be brief and clear. It does not provide exhaustive details of all the aspects of PECB’s collection and usage of personal information. However, we are happy to provide any additional information or explanation needed.

If you want to make a complaint about the way we have processed your personal information, you can do so by following the steps described in our Complaint and Appeal Policy.

15 Subject Access Rights under the EU GDPR

If you are part of the European Union (EU) or the European Economic Area (EEA), or are accessing the site from these territories, you have the following rights under the GDPR:

  • Right to access your personal data;
  • Right to correct any inaccurate personal data;
  • Right to erase your personal data;
  • Right to object the processing of your personal data;

To exercise your rights under the GDPR, you can send a request to our data protection officer at information.security@pecb.com for access to personal data. We will always verify the identity of anyone making subject access request before handling over any information. Confirmation will be asked from the data subject using the email they used to create their PECB account.

The first copy of your data will be provided free of charge. However, the data subject will be charged a fee of 30$ should they request other copies. We will aim to provide the relevant data within 14 days.

15.1 Requests for Erasure

When you submit a request for the erasure of your data, we will anonymize all the personal information in a manner that ensures no identification of the data subject. The anonymized data is only used by PECB for analytic purposes, such as the number of participants in a training course event or the number of certified individuals for a certain period of time.

Please keep in mind that we do not erase all of your information because of legal obligations such as financial transactions and accreditation requirements. If you are PECB certified, hold any of the credentials we offer, and request the erasure of your information, a digital copy of the certificate(s) and the financial invoice(s) will be stored and encrypted with limited access.

15.2 Unsubscribe from Marketing Emails

If you decide to unsubscribe from receiving marketing emails, your email address will be removed from the mailing list until next time you decide to update your subscription preferences voluntarily.

Upon unsubscribing, if you still decide to maintain a PECB account, you will still receive emails from the PECB system related to your account setting, training, examination, and certification purposes.

To unsubscribe from marketing emails of the PECB Group, click the “unsubscribe” link placed at the footer in the marketing emails you receive, or contact support@pecb.com to update your subscription preferences.

16 Disclosure of Personal Information

In general and under all circumstances, we will not disclose personal data without consent. However, if requested by the regulatory body, supervisory authority, or other legal authorities, we may disclose your information.

17 Changes to This Privacy Statement

We regularly review this privacy statement. You will not be notified for changes in this privacy statement. You are required to visit this statement on our website.

17.1 How to Contact Us?

If you want to request information about our privacy statement, you can email us at information.security@pecb.com or write to our headquarters:

PECB Headquarters:

336-6683 Jean Talon St E Montreal QC H1S 0A5 CANADA

SUBSCRIBE TO OUR NEWSLETTER