Privacy Policy

IFO4 collects information that you provide directly to us, information we collect automatically when you use the Platform, and information we obtain from third-party sources. The types of personal information we collect depend on how you interact with our Platform and the services you use.

Information you provide directly includes: account registration data (name, email address, professional title, organization, country of residence); certification and examination enrollment information; payment and billing information processed through our secure payment providers; profile information such as biography, professional experience, and areas of expertise; communications with IFO4 support teams; forum posts, comments, and community contributions; survey responses and feedback.

Information collected automatically includes: device information (browser type, operating system, device identifiers); log data (IP address, access times, pages viewed, referring URL); usage analytics (features used, learning progress, session duration); cookies and similar tracking technologies as described in Section 04.

Information from third parties may include: professional verification data from employers or educational institutions; payment confirmation from third-party payment processors; identity verification data for examination proctoring; single sign-on (SSO) authentication data from identity providers.

IFO4 uses the information we collect for the following purposes: to provide, maintain, and improve the Platform and our services; to process certification enrollments, examination registrations, and credential management; to personalize your learning experience and recommend relevant content; to process payments and manage your account billing; to communicate with you about your account, certifications, and Platform updates.

We also use your information to: ensure the integrity and security of our certification examinations; conduct research and analysis to improve our programs and services; comply with legal obligations and enforce our Terms of Service; detect, prevent, and address technical issues, fraud, and security threats; send you marketing communications (where you have opted in) about new programs, events, and resources.

IFO4 processes your personal data on the following legal bases under the GDPR: performance of a contract (providing services you have requested); legitimate interests (improving our Platform, ensuring examination integrity, fraud prevention); consent (marketing communications, AI proctoring data collection); compliance with legal obligations (tax reporting, regulatory requirements).

IFO4 utilizes advanced AI-powered proctoring technology to maintain the integrity of its certification examinations. This section provides detailed information about the data collected during proctored examinations and how it is processed.

IFO4 uses cookies, web beacons, pixels, and similar tracking technologies to collect information about your browsing activities on the Platform. Cookies are small text files stored on your device that help us provide and improve our services.

We use the following categories of cookies: Essential Cookies, which are required for the Platform to function and cannot be disabled (authentication, security, session management); Performance Cookies, which collect anonymized data about how you use the Platform to help us improve performance and user experience; Functional Cookies, which remember your preferences and settings to provide a personalized experience; Analytics Cookies, which help us understand usage patterns and measure the effectiveness of our content and features; Marketing Cookies, which may be set by our advertising partners to build a profile of your interests and show relevant advertisements on other sites.

You can manage your cookie preferences through your browser settings or through our Cookie Preference Center accessible from the Platform footer. Please note that disabling certain cookies may affect the functionality of the Platform. For more information about how to manage cookies, please visit your browser's help documentation.

IFO4 does not sell your personal information to third parties. We may share your information in the following circumstances:

Service Providers: We share data with trusted third-party service providers who perform services on our behalf, including cloud hosting (AWS, Azure), payment processing (Stripe), email communications, analytics, and examination proctoring. These providers are contractually obligated to use your data only for the purposes of providing services to IFO4 and in accordance with this Privacy Policy.

Certification Verification: With your consent, we may confirm your certification status to employers, clients, or other third parties who request verification through our official verification portal. Only your name, certification type, credential status, and issuance date are shared.

Legal Requirements: We may disclose your information if required to do so by law, in response to valid legal process (such as a subpoena, court order, or government request), or to protect the rights, property, or safety of IFO4, our users, or the public.

Business Transfers: In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of the transaction. We will notify you via email or prominent notice on the Platform before your information is transferred and becomes subject to a different privacy policy.

IFO4 implements industry-standard technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security measures include:

Encryption of data in transit (TLS 1.3) and at rest (AES-256); multi-factor authentication for administrative access; regular security assessments, penetration testing, and vulnerability scanning; access controls based on the principle of least privilege; intrusion detection and monitoring systems; SOC 2 Type II compliance for our core infrastructure; regular employee security training and awareness programs.

While we strive to protect your personal information, no method of transmission over the Internet or method of electronic storage is 100% secure. We cannot guarantee the absolute security of your information. If you become aware of any unauthorized access to your account, please contact us immediately at security@ifo4.org.

IFO4 retains your personal information for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, resolve disputes, and enforce our agreements. Specific retention periods are as follows:

Account information: retained for the duration of your account and for five (5) years following account closure for legal and regulatory compliance. Certification records: retained permanently as part of the official credential registry, as certification history is a matter of professional record. Examination data (scores, responses): retained for seven (7) years from the date of the examination. AI proctoring recordings: video and audio recordings are retained for ninety (90) days following the examination, after which they are permanently deleted unless flagged for integrity review. Payment records: retained for seven (7) years in compliance with tax and financial regulations. Marketing and communication preferences: retained until you update or withdraw your consent. Website analytics data: retained in anonymized form for up to twenty-four (24) months.

When personal information is no longer required, it is securely deleted or anonymized in accordance with our data destruction procedures.

Depending on your location and applicable data protection laws, you may have the following rights regarding your personal information:

Under the General Data Protection Regulation (GDPR) for residents of the European Economic Area (EEA) and United Kingdom: Right of Access — request a copy of the personal data we hold about you; Right to Rectification — request correction of inaccurate or incomplete personal data; Right to Erasure — request deletion of your personal data under certain circumstances; Right to Restriction of Processing — request that we restrict processing of your data under certain conditions; Right to Data Portability — receive your personal data in a structured, commonly used, machine-readable format; Right to Object — object to processing of your personal data for certain purposes, including direct marketing; Right to Withdraw Consent — withdraw your consent at any time where processing is based on consent.

Under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) for California residents: Right to Know — request information about the categories and specific pieces of personal information collected; Right to Delete — request deletion of your personal information, subject to certain exceptions; Right to Opt-Out — opt out of the sale or sharing of your personal information (IFO4 does not sell personal information); Right to Non-Discrimination — exercise your rights without discriminatory treatment.

To exercise any of these rights, please contact our Data Protection Officer at dpo@ifo4.org or submit a request through our Privacy Rights Portal. We will respond to verified requests within thirty (30) days for GDPR requests and forty-five (45) days for CCPA requests.

IFO4 operates globally, and your personal information may be transferred to, stored, and processed in countries other than your country of residence, including the United States. These countries may have data protection laws that differ from those in your jurisdiction.

For transfers of personal data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, IFO4 relies on: Standard Contractual Clauses (SCCs) approved by the European Commission; the UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs; supplementary measures where necessary, including encryption and access controls.

By using the Platform and providing your information, you acknowledge that your data may be processed in jurisdictions with different data protection standards. IFO4 takes appropriate safeguards to ensure that your personal information remains protected in accordance with this Privacy Policy regardless of where it is processed.

The IFO4 Platform is not directed to individuals under the age of sixteen (16). We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information without your consent, please contact us at dpo@ifo4.org.

If we become aware that we have collected personal information from a child under 16 without parental consent, we will take steps to promptly delete such information from our records. In jurisdictions where the age of digital consent is higher than 16, we comply with the applicable local requirements.

IFO4 may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: update the "Last Updated" date at the top of this Privacy Policy; provide prominent notice on the Platform; send email notification to registered users for significant changes.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Platform following the posting of changes constitutes your acceptance of such changes.

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer:

Data Protection Officer International Financial Operations Standards Organization (IFO4) Email: dpo@ifo4.org Phone: +1 (800) 555-IFO4

If you are located in the European Economic Area and believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with your local supervisory authority. However, we encourage you to contact us first so we can attempt to resolve your concern.

For general privacy inquiries: privacy@ifo4.org For security incident reports: security@ifo4.org For certification verification requests: verification@ifo4.org