Privacy Policy Certification

The CryptoCurrency Certification Consortium (C4) understands that privacy is an extremely important right granted to all, and is not a privilege earned by some. To that end, C4 has taken care to ensure that the collection, dissemination, and use of all personally identifiable information is clearly understood. This document outlines what information is collected, when and how it is collected, how it is used once collected, with whom the information is shared and under what circumstances.


Collection of Information

Personal Information

C4 collects personal information such as names, addresses, email addresses, phone numbers, employment history, affiliations, skills/knowledge, and links to social networking sites (i.e. LinkedIn™). This personal information is only collected with a person’s explicit knowledge and is never collected without their consent or without their knowledge.

Personal information is collected through the use of online web forms that ask users to enter their information into text boxes and submit it to C4 via a submit button, or via file upload buttons designed to submit resumes, curriculums vitae, or similar documents. These forms make it clear that this information is being collected and submitted to C4.

Names, email addresses, and technical data related to electronic mail may be additionally collected by C4 as a result of emails being sent to any email address associated with the @cryptoconsortium.org domain name.

Government-issued identification documents (such as drivers licenses and/or passports) may be reviewed by C4 staff, affiliates, partners, or subsidiaries for the purpose of identifying candidates writing exams at testing facilities.

Other Information

Non-personal information is also collected from time to time without explicit consent from users. C4’s web servers may collect technical information related to a socket connection such as Internet Protocol (IP) addresses, dates/times of website access(es), and logging, tracing, and debug information related to a user’s web browser connection to C4’s web servers.

Furthermore, information regarding payments made to C4 via cryptocurrency networks (i.e. Bitcoin) are implicitly collected by the cryptocurrency networks themselves and is available to the public, including C4. This information includes cryptocurrency addresses from which payments originated, and the public keys associated with the payer’s cryptocurrency keys.


Use of Information

C4, its affiliates, subsidiaries, and/or partners use the personal information that is collected for the purpose of personnel certification and related activities. Example usage includes adding a successfully certified individual to a list of certified individuals, verifying whether or not an individual’s name is present on a list of certified individuals, and informing individuals when their name is due for removal from a list of certified individuals.

C4 may use this information to contact an individual regarding their certification or their pursuit of certification. C4 may, from time to time, use this information to ensure the accuracy of other associated information (i.e. use an email address to confirm the accuracy of a mailing address).

Opting In

C4 provides information controls that allow individuals to choose the capacities in which their information is used. These controls allow individuals to “opt-in” or “opt-out” of particular uses of their information, such as being sent newsletters, being listed in directories of certified professionals, or being contacted for employment or contract opportunities with companies who seek certified cryptocurrency professionals. C4 respects the privacy of individuals and will make every reasonable effort to respect the choices made by individuals who make use of C4’s resources.

In the event an email is sent to an address associated with the @cryptoconsortium.org domain, C4 will assume the sender consents to the use of the email address and name information associated with the email for the purposes of receiving a reply from C4 staff. C4 will also assume that the contents of the email were intended as private, and that no consent has been given to C4 to reproduce or share the content with any 3rd party.


Sharing of Information

C4 respects the privacy of the users of its services and will take reasonable action to prevent the collected information from being given to other parties without consent.

Despite this, C4 will, from time to time, share some or all of the collected information with other parties in select cases in accordance with the choices selected by users or in accordance with local, national, or international laws.

C4 will cooperate with law enforcement personnel who present valid warrants for investigations that involve C4’s collected data. C4 will refuse to cooperate with law enforcement who do not positively identify themselves, their organizations, or present a valid warrant issued by a judge, justice of peace, or other authoritative judiciary personnel.

C4 will also share aggregate information (such as the number of certified professionals who match specific criteria) with recruitment firms, headhunters, human resource departments, and other interested parties who meet C4’s standards. C4 may share additional information with these parties provided this sharing respects the choices made by individuals in their user profile regarding the use of their personal information.


Protection of Personal Information

C4 maintains backup systems which will, from time to time, create copies of information collected by C4. C4 will take reasonable measures to limit the accessibility of this information by making use of techniques such as passwords, encryption, and physical security.

Furthermore, C4 will employ encryption such as SSL or TLS encryption where appropriate to protect the personal information during transit to and from C4’s servers.


Removal of Personal Information

C4 believes that every individual has the right to control how their information is used. As a result, C4 will respect the request for removal of personal information from its active servers.

While it is possible to remove active data from databases, C4 acknowledges that even after removal it is possible that removed information can still exist in backups or archives of old data that is maintained for the purposes of disaster recovery efforts. These copies may be retained until the copy has been replaced by a more recent backup that no longer contains the personal information. Furthermore, C4 acknowledges that this information, in some cases, can be reconstructed through various digital forensic techniques which are beyond the control of C4. C4 will make every reasonable effort to remove personal information from its active systems where requested and to no longer use the information actively. However, C4 also acknowledges that in many cases it may be impossible to completely remove all traces of this information.


Children

Although C4’s services are not directed at children, C4 makes no attempt to prevent access to its services by children. As such, it is possible for children or minors to submit information to C4. If you feel a child or minor has submitted personal information to C4 without consent of their parent or guardian, please do not hesitate to contact C4 to have the situation addressed in a timely fashion.

The CryptoCurrency Security Standard (CCSS) has been updated to version 9.0. See the updated CCSS here.

Systems certified under 8.1 are still valid.