Privacy Policy
This Privacy Policy was last updated in April 2025.
This Privacy Policy describes how ICDTA® collects, uses, and discloses information associated with an identified or identifiable individual (referred to in this Privacy Policy as “Personal Information”). This policy applies to all users of ICDTA®’s services and offerings.
Your privacy is important to us. If you have any questions, please do not hesitate to contact us.
Definitions
Personal Information
“Personal Information” refers to information about an identifiable individual and includes employee or volunteer personal information, subject to applicable exceptions. Personal information does not include business contact information or work product information.
Collection
“Collection” means the act of gathering, acquiring, or obtaining personal information from any source, by any means.
Consent
“Consent” involves a voluntary agreement with what is being done or proposed. Consent may be express or implied.
Express Consent
“Express Consent” signifies that an individual, knowing what personal information is being collected and for what purposes, willingly agrees to the information being collected, used, and disclosed as notified. It may be given in writing or verbally.
Implied Consent
“Implied Consent” exists when an individual is “deemed” to consent to the collection, use, or disclosure of personal information if the individual voluntarily provides it for a purpose that would, at the time, be considered obvious to a reasonable person.
Accountability
Confidentiality
ICDTA® is responsible for the confidentiality of personal information in its custody or under its control in compliance with the applicable privacy legislation.
Privacy Officer
ICDTA® has appointed a Privacy Officer, who is responsible for implementing the privacy program.
Compliance by All
All ICDTA® directors, officers and employees are responsible for day-to-day compliance with our Privacy Policy.
Consent
Collection, Use, or Disclosure
ICDTA® will collect, use, or disclose personal information only with knowledge and consent, except where required or permitted by law.
Applicable Privacy Laws
Knowledge and consent to the collection, use, and disclosure may not be required under applicable privacy laws where the collection, use, and disclosure of personal information is in relation to a law enforcement matter or where compelling safety issues exist.
Implied & Explicit Consent
Consent may be implied in some situations while express consent is required for the collection, use, and sharing of confidential and sensitive information. ICDTA® reserves the right to disclose information where required or permitted by law.
Consent Withdrawn
Consent may be withdrawn at any time, on reasonable notice, subject to legal or contractual restrictions.
Identifying Purposes
Communication
ICDTA® will always endeavor to communicate the purposes for which personal information is collected at or before the time the information is collected, except as otherwise permitted under applicable privacy laws.
Common Collection
Generally, ICDTA® collects personal information for the following reasons:
- To develop, manage, and deliver services to its clients, including by conducting online student threat assessments within the education sector;
- To meet regulatory and reporting requirements of governmental authorities;
- To hire, manage, and terminate staff.
Limiting Collection, Use, Disclosure and Retention
Limited Collection
ICDTA® will limit the collection of personal information to what is necessary for the purposes for which it is collected.
Collection Methods
ICDTA® collects personal information by fair and lawful methods.
Usage
Personal information will only be used or disclosed for the purpose for which it was collected, except with the individual’s consent or as required or permitted by law.
Retention
Personal information will be retained only as long as necessary for fulfillment of the purposes for which it was collected, or as required or permitted by law.
Safeguards
ICDTA® protects personal information by ensuring security safeguards appropriate to the sensitivity of the information are in place, including through the use of the following measures:
Physical
Examples:
- Locked filing cabinets,
- Restricted access,
- Appropriate security measures when disposing of personal information.
Organizational
Examples:
- Security clearances,
- Access only on a “need to
know” basis.
Technological
Examples:
- Passwords,
- Firewalls,
- Data encryption,
- Data disconnection from the Internet,
- Regular backups
- Training of employees and contractors.
Accuracy
Complete Information
ICDTA® will make reasonable efforts to ensure that personal information is as accurate, complete, and current as required for the purposes for which it was collected. In some cases, ICDTA® relies on individuals to ensure that certain information, such as an individual’s home telephone number, is current, complete, and accurate.
Communication
From time to time, ICDTA® may contact the individual to ensure that the information collected is or remains accurate and up-to-date.
Right Of Access
Transparency
ICDTA® is open about the policies and procedures it uses to protect personal information. Any inquiries may be made to our Privacy Officer.
Personal Information Requests
Upon written request, ICDTA® will, within a reasonable time period, tell the individual what personal information it has, for what purposes it is being used, and to whom it has been disclosed, if applicable, and within the time period for which records are available.
Accuracy
Individuals may challenge the accuracy and completeness of their information and have it amended if it is inaccurate, incomplete, or out-of-date.
Disclosure
In certain circumstances, ICDTA® may refuse to disclose personal information, including:
- where required by law, certain personal information may not be disclosed;
- where the information contains personal information about another individual;
- where the information is of such a nature that its disclosure could reasonably be expected to prejudice the mental or physical health of the individual;
- where the information was gathered in the course of a formal dispute resolution process;
- where the information is subject to solicitor-client communication, attorney work product, or litigation privilege.
General Data Protection Regulation (GDPR)
At ICDTA®, we are committed to protecting the privacy and security of our users’ personal data. This section explains how we collect, use, and protect personal data in accordance with the General Data Protection Regulation (GDPR).
Data Controller
ICDTA® is the data controller responsible for your personal data.
Personal Data We Collect
We collect the following types of personal data:
- Contact information (name, email address, phone number)
- Login credentials (username, password)
- Payment information (credit card details, billing address)
- Course enrollment and completion data
- Browser and device information (IP address, browser type, operating system)
Purposes of Processing
We process personal data for the following purposes:
- To provide access to our online trainings and courses
- To process payments and manage subscriptions
- To communicate with users about their course enrollment and completion
- To improve our website and services
- To comply with legal obligations
Lawful Basis for Processing
We rely on the following lawful bases for processing personal data:
- Consent: We obtain consent from users before collecting and processing their personal data.
- Contract: We process personal data to fulfill our contractual obligations to provide access to our online trainings and courses.
- Legitimate Interest: We process personal data to improve our website and services, and to communicate with users about their course enrollment and completion.
Data Protection Rights
Users have the following data protection rights:
- Right to Access: Users have the right to access their personal data and receive a copy of their data upon request.
- Right to Rectification: Users have the right to correct inaccurate or incomplete personal data.
- Right to Erasure: Users have the right to request deletion of their personal data.
- Right to Restrict Processing: Users have the right to restrict processing of their personal data.
- Right to Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format.
- Right to Object: Users have the right to object to processing of their personal data.
Data Security
We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk of processing personal data. These measures include:
- Encryption of personal data
- Secure authentication and access controls
- Regular security testing and vulnerability assessments
- Incident response plan
Data Retention
We retain personal data for as long as necessary to fulfill the purposes for which it was collected, or as required by law
Third-Party Processing
We may share personal data with third-party service providers who assist us in providing our services. These third-party service providers are contractually obligated to maintain the confidentiality and security of personal data.
International Data Transfers
We may transfer personal data to countries outside the European Economic Area (EEA) that have not been deemed to provide an adequate level of data protection. We will implement appropriate safeguards to ensure the protection of personal data, including standard contractual clauses.
Changes to This Policy
We reserve the right to modify this Privacy Policy at any time. We will notify users of any changes by posting the updated policy on our website.
By using our website and services, you acknowledge that you have read and understood this Privacy Policy.
Cookie Policy
We use cookies to improve our website and services. Cookies are small text files that are stored on your device when you visit our website. We use cookies to:
- Authenticate users and maintain session state
- Analyze website usage and improve performance
- Personalize content and advertising
You can control cookies by adjusting your browser settings. However, disabling cookies may affect the functionality of our website and services.
Acceptance of Terms
By using our website and services, you acknowledge that you have read and understood this Privacy Policy and Cookie Policy, and you agree to be bound by the terms and conditions outlined herein.
Compliance and Contact Information
Requests for access to information, issues, or complaints about SST’s compliance with this Policy regarding the handling of personal information, and questions or comments about this Policy may be addressed to the ICDTA®’s Privacy Officer:
Theresa Campbell, President / Chief Executive Officer
[email protected]
GET IN TOUCH
Have any questions? Get in touch with the ICDTA® Team – we are happy to help!
