Skip to main content

Privacy Notice

CompTIA (“we”, “us”, or “our”) recognizes that privacy, security, and data protection are paramount to our customers and employees. This Privacy Notice (sometimes known as a Privacy Policy or Privacy Statement under varying data protection regimes) informs you of how we collect, use, and share personal information. This Privacy Notice also describes your choices about the collection and use of your information. You can jump to particular topics by going to the headings below:

Please read this Privacy Notice carefully before you start to use our Services, as defined in the Agreement. By using the Services, you agree to be bound and abide by our posted Terms of Use (the “Agreement”) and this Privacy Notice. If you do not agree to the Agreement and this Privacy Notice, or if you violate them in any way, your right to access or use the Services is terminated. PLEASE REVIEW THE “DISPUTES; ARBITRATION” SECTION IN OUR AGREEMENT, WHICH GOVERNS THE RESOLUTION OF DISPUTES BETWEEN YOU AND COMPTIA, INCLUDING AN ARBITRATION AGREEMENT, CLASS ACTION WAIVER, AND JURY TRIAL WAIVER THAT AFFECT YOUR RIGHTS.

1. How we collect information

We may collect information about you by various means, including: (i) directly from you, both online (e.g., website, email) and offline (e.g., phone, events); (ii) through your use of our Services; (iii) from affiliates, third party sources and social media platforms that you may use to engage with us; (iv) from your employer, educational institution or a similar organization that may introduce you to, or provide you with, our Services; and (v) by combining information from these different sources.

2. Types of information we collect

The following chart lists the types of information that we may collect from you and how we use that information.

Context Types of Data
Account Registration, Membership Application, User Profile, and/or Student ID Number We collect your name, contact information, username and password, profile preferences and professional information such as your company or industry upon account creation. We also collect information relating to the actions that you perform while logged into your account.
Creation of Single Sign On (SSO) Account We collect your name and contact information as needed and as relevant to enable the automatic creation of an SSO account during completion of the check-out process so that you are able to access purchased products.
Transactional Information We collect transactional information through your purchases or other use of our Services (including through our e-commerce store), such as purchase history, geo-location information, technical support and/or sales requests.
We collect, use and disclose payment information (e.g., credit card or banking information) only as necessary to process transactions.
Certification and Learning We collect attendance records and learning information, as well as the information you enter on exams (which may include video of you and your surroundings if you select the online testing option), customer service interactions, and any certification verification requests that you have made. For more information, please see the Candidate Agreement.
Online User Activity through first party tracking We use cookies. “Cookies” are small pieces of information that a website sends to a computer’s hard drive while a web site is viewed.
Online User Activity through third-party tracking We participate in behavior-based advertising, which means that a third party uses technology (e.g., a cookie) to collect information about your use of our websites so that it can provide advertising about products and services tailored to your interests on our websites or on other websites.
Demographic Information We sometimes collect demographic information.
Email and other communications We may collect communications between you and us, such as via email, mail, phone, text, chat transcripts, or other channels.
If you receive email from us, we use certain tools to capture data related to when you open our message, click on any links or banners it contains, and make purchases.
Feedback/Support If you provide us feedback or contact us for support, we will collect your name and e-mail address, as well as any other content that you send, so that we can reply.
Mailing List When you register for one of our email lists, we collect your email address and/or postal address.
Mobile Devices We collect information from your mobile device such as unique identifying information broadcast from your device and location when visiting our websites or using our application.
Partner Promotion We collect information that you provide as part of a co-branded promotion with another company. We may also have service providers collect information on our or our partners’ behalf.
Surveys and Portals When you participate in a survey or contribute within portals, we collect information that you provide through the survey or portal post. If the survey or portal is provided by a third-party service provider, the third party’s privacy policy applies to the collection, use, and disclosure of your information.
Online User Activity through website interactions We use technology to monitor how you interact with our website. This may include which links you click on, or information that you type into our online forms. This may also include information about your device or browser.
Online User Activity through web logs We collect information, including your browser type, operating system, Internet Protocol (IP) address (a number that is automatically assigned to a computer when the Internet is used), domain name, click-activity, referring website, and/or a date/time stamp for visitors.
Offline interactions We may collect information from you during offline interactions, such as at conferences, educational institutions and at other events.

 

If you provide us with information regarding another individual (such as an employee, student, child, colleague, or family member), you represent that you have that person’s consent to give us their information and to permit us to use the information in accordance with this Privacy Notice.

3. Online user activity

Cookies are a commonly used web technology that allow websites to store and retrieve certain information on a user’s system, and track users’ online activities. We, together with vendors we use, may collect information about your use of our Services by such automated means, including but not limited to cookies, pixels, SDKs and other similar technologies.

Cookies and similar technologies can help us automatically identify you when you return to our Services. Cookies help us review website traffic patterns, improve the Services, and determine which Services are popular. We can also use such information to deliver customized content and advertising to users of the Services whose behavior indicates that they are interested in a particular subject area.

When you use the Services, the information we may collect by automated means includes, for example:

  • Usage Details about your interaction with our Services (such as the date, time, and length of visits, and specific pages or content accessed during the visits, search terms, frequency of the visits, referring website addresses);
  • Device Information including the IP address and other details of a device that you use to connect with our Services (such as device type and unique device identifier, operating system, browser type, mobile network information, and the device's telephone number); and
  • Location information where you choose to provide the Services with access to information about your device’s location.

We may also ask advertisers or other partners to serve ads or services to you, which may use cookies or similar technologies placed by us or the third party. If a user does not want information collected through the use of cookies, most browsers allow the visitor to reject cookies, but if you choose to decline cookies, you may not be able to fully experience the interactive features our Services provide. We may share non-personal information obtained via cookies with our advertisers and affiliates. Because there is not yet a consensus on how companies should respond to web browser-based do-not-track (“DNT”) mechanisms, we do not respond to web browser-based DNT signals at this time.

If we implement third party targeted advertising cookies or other tools that require an opt-out right under applicable privacy laws, we will provide an opt-out option, and endeavor to process “Global Privacy Control” (GPC) signals from web browsers by automatically opting-out such visitors from such third party tools, although GPC technology is not fully developed and it is not yet supported by all browsers. Where required by law, we may provide a cookie banner and opt-in consent functionality for certain cookies and other tools.

4. Use and processing of information

In addition to the purposes and uses described above, we use information in the following ways:

  • To provide our Services to you, including to identify you when you visit our Services, manage any transactions and refunds/returns, provide important notices, respond to your requests, questions and comments, and provide customer support.
  • To fulfill any obligation arising from a contract entered into between you and us.
  • To track your progress through our training and certification programs.
  • To provide and verify your training and certifications when requested by you or a third party in accordance with our Candidate Agreement.
  • To operate, evaluate and improve our Services and product offerings (including developing new Services), and diagnose or fix technology and other problems.
  • To monitor the performance of our Services, including metrics such as total number of visitors, traffic, and demographic patterns, and to conduct other such analytics.
  • To respond to inquiries related to support, sales, or other requests.
  • To send marketing and promotional materials, including information relating to our products, Services, sales, or promotions.
  • For internal administrative purposes, as well as to manage our relationships.
  • To comply with and enforce applicable legal requirements, industry standards, our policies and our contractual rights, as needed for security purposes, and to investigate and respond to possible fraud or safety issues.

As a data processor:

To provide Services to you on behalf of your school or employer. Your school or employer is the Data Controller in this instance, and we act as the Data Processor in using the information provided by your school/employer (including but not limited to first name, last name, email address, and/or student ID) to provide Services.

Although the sections above describe our primary purposes in collecting your information, in many situations we have more than one purpose. If you register for membership, for example, we may collect your information to perform our contract with you. We also collect your information because we have a legitimate interest in maintaining your information after your membership concludes so that we can quickly and easily respond to any questions about your history with the organization. As a result, our collection and processing of your information is based in different contexts, upon your consent, our need to perform a contract, our obligations under law, and/or our legitimate interest in maintaining our programs.

We may also use or share information in an anonymized or aggregate manner for many purposes without restriction, such as for research, analysis, modeling, marketing, and improvement of our Services.

5. Sharing of information

In addition to the specific situations discussed elsewhere in this policy, we disclose information in the following situations:

  1. Affiliates and Acquisitions. We may share information with our corporate affiliates (e.g., parent company, sister companies, subsidiaries, joint ventures, or other companies under common control). If another company acquires, or plans to acquire, our company, business, or our assets, we will also share information with that company, including at the negotiation stage.
  2. Online User Activity. As discussed above, certain Online User Activity may be shared through third party targeted advertising cookies or other tools, but subject to opt-out or opt-in functionality that we provide.
  3. Other Disclosures with Your Consent or Direction. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this policy. We may share your information when you direct us do so, such as to a current or prospective employer, a third party organization, or other unaffiliated third party.
  4. Other Disclosures without Your Consent. We may disclose information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to or the provision of services by a third-party intermediary.
  5. Public. Some of our websites may provide the opportunity to post comments, or reviews, in a public forum. If you decide to submit information on these pages, that information may be publicly available. You are solely responsible for information you choose to make public. Any information you post publicly will no longer be considered private information.
  6. Partner Promotion. We may offer contests, sweepstakes, or other promotions with third party partners (collectively, “contest” or “contests”). If you decide to enter a contest that is sponsored or administered by a third party partner, the information you provide in connection with that contest will be shared with us and with them.  Their use of your information is not governed by this Privacy Policy.
  7. Service Providers. We may share your information with our service providers. Among other things, service providers may help us to administer our Services (including IT services, maintenance and hosting), conduct advertising, conduct surveys, provide technical support, process payments, assist in fulfilling orders, and in delivering content, examinations and other materials.
  8. Workforce Partnerships or Exam Sponsors. We may share your information, such as attendance data, course completion, certification results or other performance related information with any governmental entity, including without limitation any federal, state, local, or municipal governmental entity or private entities which may include, without limitation, any for-profit or non-profit entity, with which CompTIA or any of its affiliates may have a contractual relationship relating to pre-apprenticeship programs, apprenticeship programs, workforce training, skills development, job placement, and any other professional development (“Workforce Related Programming”). Among other things, workforce partners or exam sponsors may require your information to determine interest, eligibility, and/or success of Workforce Related Programming, or to otherwise assist with providing Workforce Related Programming. Please refer to the CompTIA Candidate Agreement for more information.

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided to us and consistent with applicable law.

6. Your privacy choices

You have the following choices regarding your personal information. You may also be entitled to certain privacy rights based on your jurisdiction, as provided in the next section.

  1. Access To Your Personal Information. You may request access to your personal information by logging into your account (if you have one) or by contacting us at the address provided below. We will respond within 45 days of your request, or, if reasonably necessary, we may inform you that an additional 45 days is required, in which case we will give you access to your personal data within 90 days from your initial request.
  2. Changes To Your Personal Information. We rely on you to update and correct your personal information. Most of our Services allow you to modify or delete your account profile. Note that we may keep historical information in our backup files as permitted by law. If our Services do not permit you to update or correct certain information, contact us at the address provided below.
  3. Deletion Of Your Personal Information. Typically, we retain personal information for the period necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law. You may ask us to stop using all or some of your personal information, to limit our use of it, or to erase or delete all or some of it under certain circumstances. If you hold a CompTIA certification or if you engaged with our Services through an account established by your school or employer, we may be unable to comply with your request. We may take steps to verify your identity before acting on your request. You may submit a request under this subsection by contacting us at the address provided below.
  4. Promotional Emails and/or SMS/Text. You may provide us with your email address and/or phone number for the purpose of allowing us to send free newsletters, surveys, offers, and other promotional materials to you, as well as targeted offers from third parties. You can unsubscribe from promotional emails by following the instructions in e-mails that you receive.  If you decide not to receive promotional emails, we may still send you service-related communications. You may also be able to opt-out of such emails from your account profile. If you would like to unsubscribe from SMS messages, email privacy@comptia.org.
  5. Cookies and similar tools: Web browsers may offer users the ability to disable receiving certain types of cookies; however, if cookies are disabled, some features or functionality of our Services may not function correctly. We also provide certain opt-out and/or opt-in functionality as described above.
  6. Device settings. Your device may enable you to disable certain permissions or functionality in our Services (e.g., location); however, when necessary permissions or functionality are disabled, some features or functionality of our website may not function correctly. You can also disable pop-up notifications in device settings.

7. Jurisdiction-specific privacy notices and rights

a. State-specific notices and rights

In addition to the disclosures provided in this Privacy Notice, if you are a resident of California, Colorado, Connecticut, Utah, Virginia or any other state with a comprehensive state privacy law in effect, you can exercise certain additional rights regarding your personal information to the extent provided by relevant state law. In particular:

  1. You may request a copy of the following: (1) the categories of personal information we collected about you; (2) the categories of sources from which the personal information is collected; (3) the business or commercial purpose for collecting or selling (if applicable) the personal information; (4) the categories of third parties with whom we shared personal information, and the categories of personal information shared; and (5) the specific pieces of your personal information that we have collected, used, disclosed, or sold.
  2. You may request that we (and our service providers) correct your personal information if it is inaccurate or delete your personal information. Note that deletion requests are subject to certain limitations. For example, we may retain personal information as permitted by law, such as for tax or other record keeping purposes, to maintain an active account, to process transactions and facilitate customer requests, and for certain other internal business purposes described here.


If you have an account with us, you may access certain personal information (such as profile and transaction information) directly through your account after logging in to the Services, and may update and correct certain profile information as well. Otherwise, to request a copy of personal information we have collected about you, to request a correction of your information, or to request that your information be deleted, visit our Data Subject Request Form or contact us as directed below. You may authorize another person (your “agent”) to submit a request on your behalf the same way. After you (or your agent) submit a request, we will check our records for matching information and contact you (typically via email at the email address provided during submission of your request) with instructions on how to verify the request before we fulfill it. We will aim to complete your requests as soon as reasonably practicable and consistent with any applicable laws. Note that you can close an account or opt out of email or marketing lists as provided above.

You may also have the right at any time to opt out of (i) selling or sharing of your personal information to third parties, and (ii) targeted advertising through third parties. We may provide certain personal information to advertising businesses and other third parties, such as to provide targeted advertising, customer analytics, a more personalized experience and special offers to you. Specifically, identifying information, Online User Activity (as described above) and/or transaction information may be shared through targeting cookies and data extracts, and we may benefit from these activities. You can opt-out of such sharing (which may be referred to as a “Do Not Sell or Share” right). For cookies and other online tools subject to these requirements, we will provide an opt-out mechanism on our Services and endeavor to process GPC signals as described above.  You can opt-out of third party data extracts by contacting us as directed below.

Privacy laws may provide you with other opt-out rights which are inapplicable to us. In particular, we do not engage in impactful profiling activities with respect to Users, and we do not collect, use or disclose sensitive personal information (such as government identification number, precise geolocation, financial account information, etc.) except for the specific purpose(s) that you provide it. 

We may not, and will not, discriminate against any customer for exercising their privacy rights, including those provided by the applicable privacy laws. Please note that we may otherwise continue to share your personal information with our affiliates and service providers, and as otherwise directed by you, for the purposes described here.

If we deny a privacy request, you may appeal the decision to us at the contact information provided below. To the extent possible, please describe the basis for your appeal and if there is any specific personal information that concerns you. We will endeavor to provide a prompt response.

Additional notice for California residents:

    • Financial Incentives. We do not generally provide a loyalty program or other financial incentive in return for the collection or use of personal information. On some occasions we may engage in a limited-time marketing event, promotional offer or discount that includes a registration or other collection of personal information, and we will disclose the benefits and terms of that promotion at the time of collection.
    • Privacy rights requests for non-Users. California privacy rights apply to all individuals (not just Users), including job applicants, current and former employees, contractors and business partners. Due to the nature of these relationships, the collection and use of personal information can vary, as described above. All such individuals who are California residents can request additional information about our privacy practices with respect to their information, as well as make the access, deletion, correction and opt-out requests described above, by contacting us as directed below. Please provide sufficient information that we can identify you, and be aware that we may employ a more extensive authentication process to verify your identity before responding to your request.
    • California Privacy Rights - Direct Marketing. California Civil Code 1798.115(c), 1798.130(a)(5)(c), 1798.130(c), and 1798.140 indicate that organizations should disclose whether certain categories of information are “sold” or transferred for an organization’s “business purpose” as those terms are defined under California law. You can find a list of the categories of information that we share here. Please note that because this list is comprehensive it may refer to types of information that we share about people other than yourself. If you would like more information concerning the categories of personal information (if any) we share with third parties or their affiliates to use for direct marketing, please submit a written request to us using the information in the "Contact Information" section below.

Additional notice for Nevada residents:

Please note that we do not sell personal information as defined by Nevada law (Nevada Revised Statutes, Chapter 603A, Section 1.6), but you can submit a request to us as directed below regarding the sale of such information.

b. International notices and rights

This section is specifically intended for individuals residing outside of the United States (“US”). This includes residents of the European Economic Area ("EEA") including the European Union ("EU"), the United Kingdom ("UK"), Switzerland and other relevant jurisdictions with respect to privacy and data protection laws applicable to us. CompTIA is a US-owned and operated organization, and is not generally subject to foreign laws, even for foreign individuals who visit our website or otherwise use our Services, but to the extent helpful or where specifically required by law, please note as follows:

A. Legitimate Bases for Processing: Where required by law, all processing of personal information is justified by a legally recognized basis for processing. In the majority of cases, processing will be justified on one or more of the following bases for processing: (i) The processing is necessary to perform a contract with you (such as if you purchase certain products or services, or subscribe to email marketing); (ii) The processing is necessary for us to comply with a relevant legal obligation, such as keeping accounting records; (iii) The processing is in our legitimate interests, which are not overridden by your interests and fundamental rights. Our legitimate interests are to use user information and other available data to reasonably and responsibly conduct and develop our business activities without abusing any privacy interests or rights of such individuals; and (iv) In some instances, we rely on your consent to our processing (at times as a secondary basis for processing in an abundance of caution). Additional information about our legitimate bases for processing are provided in Section 2 above.

B. Transfer of Personal Information: If you are in the EEA/EU, the UK, Switzerland or another jurisdiction that has imposed similar legal requirements regarding the lawful transfer of personal information from that jurisdiction to another country (e.g., the US), to the extent that we engage in such a transfer of your personal information (a “Cross-Border Transfer”) we will take steps to ensure that such Cross-Border Transfer satisfies known legal requirements. In particular: If we transfer personal information to a jurisdiction deemed by relevant regulatory authorities to provide adequate protection for personal information, we will rely on such adequacy decision, as applicable, and will otherwise take steps to conduct the Cross-Border Transfer using other legally-valid mechanisms, such as by entering into data transfer agreements with standard contractual clauses ("SCCs") among our affiliates and with relevant service providers, in any necessary supplementary safeguards. We currently rely on SCCs for Cross-Border Transfers to the US, and are monitoring evolving laws and regulatory developments to assess if and when alternative or supplemental measures are available or necessary.

C. Exercising You Privacy Rights: Residents of certain jurisdictions are entitled to exercise certain rights under privacy laws applicable to their personal information. The rights described below are, for example, applicable to residents of the EEA/EU, Switzerland and UK. This includes the right to (a) request access to your personal information; (b) request that we correct inaccurate personal information we hold about you; (c) request that we delete any personal information we hold about you; (d) restrict or object (i.e., withdraw consent) to the processing of personal information we hold about you in some circumstances; and/or (e) receive any personal information we hold about you in a structured and commonly used format.  You also have the right to lodge a complaint with your supervisory authority if the processing of your personal information infringes applicable law. Please contact us as provided below if you wish to exercise any of your rights, or if you have any inquiries or complaints regarding the processing of your personal information.

8. How we retain and protect personal information

We apply a general rule of keeping personal information only for as long as required to fulfill the purposes for which it was collected including (i) to provide you with our products and services, such as to maintain account records while active and after termination for the purposes described above, and (ii) as reasonably as necessary for legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

No method of transmission over the Internet, or method of electronic storage, is fully secure. While we use commercially reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot absolutely guarantee the security of your personal information. If legally required and/or permitted by law to inform you of a breach to your personal information we may notify you electronically, in writing, or by telephone.

Some of our Services permit you to create an account. When you do, you will be prompted to create a password. You are responsible for maintaining the confidentiality of your password, and you are responsible for any access to or use of your account by someone else that has obtained your password, whether such access or use has been authorized by you. You should notify us of any unauthorized use of your password or account.

9. Links to other online sites and services

Our Services may contain links to other websites or online services, including social media. Please be aware that we are not responsible for the content or privacy practices of such other websites or online services, and we encourage you to be aware when you leave our Services and to read the privacy statements of any other website or online service that collects personal information.

You may see us promoted by other businesses on various websites, web pages, social media and other platforms. Please note that we do not always have complete information about where our brand may be displayed or promoted, and if you believe that we are featured in venues that are inappropriate or offensive, please contact us.

10. Children’s privacy

Please see our COPPA Statement regarding our handling of any personal information from children under the age of 13. To the extent that we collect any personal information of children under the age of 13 in connection with their use of our Services through their school, we rely on the school or school district to obtain parental consent as part of their providing the child’s personal information to us.

11. Updates to our privacy policy

We may change our privacy policy and practices over time.  To the extent that our policy materially changes, the policy that was in place at the time that you submitted personal information to us will generally govern that information unless we receive your consent to the new privacy policy.  

12. International considerations

As a multi-national non-profit, we may transmit information between and among our affiliates. Therefore, your information may be processed in a foreign country where privacy laws may be less stringent than the laws in your country. Nonetheless, where possible, we take steps to treat personal information using the same privacy principles applicable to the law of the country where we first received your information. By submitting your personal information to us you agree to the transfer, storage, and processing of your information in a country other than your country of residence including, but not necessarily limited to, the United States. If you would like more information concerning our attempts to apply the privacy principles applicable of the jurisdiction where data originates to that of another, you can contact us using the contact information below.

13. Contact information

If you have any questions, comments, or complaints concerning our privacy practices please contact us at the appropriate address below. We will attempt to respond to your requests and to provide you with additional privacy-related information.

privacy@comptia.org
1-(866)-835-8020

If you are dissatisfied with our response, and are in the European Union, you may have a right to lodge a complaint with your local supervisory authority. EU data subjects may also inquire about our privacy practices by contacting us as set forth below:

CompTIA UK Ltd.
1 Ropemaker Street
London, England EC2Y 9AW
privacy@comptia.org

Last Revised: November 13, 2024