Last Updated: January 14, 2022
Effective Date: July 13, 2017

TeleCommunication Systems, Inc. (“TCS”, “we”, “our” or “us”), a wholly-owned subsidiary of Comtech Telecommunications Corp. with corporate offices at 68 South Service Road, Melville, New York 11747 USA, has developed CyberStronger, a premium, performance-based cyber skills training and assessment provider that quantifies a user’s ability (the “Services”). Whether capitalized or not, “you” and “your” means and refers to the person(s) or legal entity (whether the company, organization, educational institution, or governmental agency, instrumentality, or department) that has agreed to and accepted the terms of this privacy policy (“Privacy Policy”).

TCS is committed to protecting and respecting your privacy. This Privacy Policy sets out the how we process and retain your information provided to us as part of your use of the Services as well as other information generated or acquired by TCS and the Services. The content of this Privacy Policy is applicable to your use of the Services. We strongly recommend that you read this Privacy Policy carefully to understand our practices regarding your data.

  1. The Services

    The Services include CYBRScore Assessments, CYBRScore Labs, and CYBRScore Training. Leveraging the NICE framework, the Services create a complete end-to-end experience, delivering targeted, outcome-oriented cyber security training experiences that provide End Users with confidence to get the job done.

    In a world of recognized certifications and written knowledge-based exams, our solutions stand out by providing real insight into actual on-ground cyber security skills, and the capability to support your knowledge base with demonstrated skills. The Services’ offerings include turnkey and custom training, hands-on labs, and performance assessment for individual skill set and defined job-role competencies.

  2. Our Commitment to Privacy

    We take the responsibility of managing data and your trust in us very seriously. The physical security of our servers, networks, and equipment is equally as important as data security. We will not reduce your rights under this Privacy Policy without your explicit consent. We will post any Privacy Policy changes to our website located here on this page (https://www.cyberstronger.com/privacy-policy).

  3. Types of Users Who Access the Services

    The Services may be accessed and used by a number of different type of participants. Each participant type is defined by the role they play. The type of information that may be accessed by each type of participants varies depending upon their role. The access rights for each participant type is described in more detail in Section 6 (The Way the Collected Information is Used) of this Privacy Policy. The types of participants who may access the Services are:

    • The corporate, individual, government or other types of organizations who contract with TCS or its Channel Partners to use the Services (“End-Customers”).
    • Individuals who access and use the Services (“End Users”). End Users are employees or other agents of End-Customers who are authorized by an End Customer to use the Services.
    • Instructors hired or employed by TCS or its Channel Partners who provide training to End Users using the Services (“Trainers”).
    • Employees and other authorized agents of TCS.
    • Resellers, distributors and other channel partners of TCS who resell and/or promote sales of the Services under express contractual relationships with TCS (“Channel Partners”).
    • Third-party vendors who provide underlying components, training content, hosting services, payment and voucher systems, and/or other products and services to TCS in support of the Services (“Vendors”).
  4. Information We Do Collect

    This notice applies to all information collected by the Services (the “Collected Information”). For purposes of this Privacy Policy, all the information described in this section is considered Collected Information. Some Collected Information is provided by the online system that linked you to the Services and that authorized your access and use of the course being taken (“Authorizing System”). In addition, other Collected Information is requested by the Services during your installation and configuration process. Other Collected Information may be created during your use of the Services. All of this Collected Information is explained below in detail.

    TCS’ system administrators have access to the Collected Information although it is against TCS’ policy for TCS system administrators to access this information unless they are required to do so as a part of supporting the Services.

    1. Collected Information from the Services

      The Collected Information from the Services contains information passed to and generated and recorded by the Services for certain information for End Users of the Services including a unique identifier for each End User (“Student ID”), a course identification number for each course taken, the start time and end time of each course taken, the duration of each course taken, a submission status, and scoring data for the course.

      The Student ID of an End User is linked to a payment token (“Voucher ID”) that is provided by Authorizing System. Authorizing Systems may be operated and controlled by third parties other than TCS such as payment and voucher processing service Vendors, End-Customers, and other third parties. TCS does partner with certain Vendors who do operate Authorizing Systems. While the Collected Information does include the Voucher ID for each course taken by an End User, the Voucher ID does not contain any personally identifiable information for any End User or End-Customer. The Voucher ID is only an identifier provided by the Authorizing System for a particular End User. The Voucher ID itself does not contain any personally identifiable information. Please see Section 5 (Information We DO NOT Collect) for information that may be collected by Authorizing Systems.

      In addition, the Services may collect information provided by End Users and as such the Collected Information may include the following information for each End User:

      • Name
      • Email Address
      • Zip Code
      • Most Recent Job Title
      • Certifications Held (for example: CISSP, CEH, CISM, CISA, GSLC, Sec+, Net+, A+, MCP, CCNA)
      • Years of IT Experience
      • Highest Degree Attained
      • Government/Non-Government
      • Industry
      • Assessment Scoring Data
    2. Collected Information from Technical Support

      TCS may collect personally identifiable information from you when communicating with you as part of a technical support call or email conversation (“Support Information”). Such Support Information may be requested verbally over the phone or in the email conversation.

  5. Information We DO NOT Collect

    The Services do not collect, store or retain any information provided to or generated by any Authorizing Systems such as payment or credit card information. Authorizing System providers do not have access to Collected Information.

  6. The Way the Collected Information is Used

    1. Use of Collected Information from the Services

      TCS uses the Collected Information for operating the Services. TCS may disclose the results of your CYBRScore Assessments to the Authorizing System and to the End-Customer that authorized or paid for your CYBRScore Assessment (e.g., your employer). Except as set forth in this Section 6.1, no Collected Information from the Services are ever disclosed to any third parties.

      Collected Information (excluding Name and Email Addresses) may be De-identified and aggregated, stored, and used by TCS (“De-identified Aggregated Information”). “De-identified” means information that does not identify any individual or entity and with respect to which there is no reasonable basis from which the information can be used to identify an individual or entity. De-identified Aggregated Information may be used by TCS for purposes of improving the Services or creating other products and services which may include the De-identified Aggregated Information. TCS may license or sell the De-identified Aggregated Information to its Channel Partners or other third parties

    2. Use of Collected Information from Technical Support

      TCS does not make any Support Information available to any third party for any purposes except for any Support Information that may be provided to Channel Partners, Trainers or Vendors who are performing services for TCS in support of the Services.

    3. Use of Collected Information by Authorizing Systems, Channel Partners, Trainers or Vendors

      All Authorizing Systems, Channel Partners, Trainers, and Vendors are contractually required by TCS to maintain all Collected Information in strictest confidence and may only use Collected Information in support of the Services, consistent with the uses set forth in this Privacy Policy, and not for any other purposes, including disclosure to any third parties.

    4. Required Disclosure Under Law

      We will ONLY disclose Collected Information maintained or generated by the Services to a regulatory body or law enforcement agency, and then only in circumstances where required by law or regulation or where a legitimate court order has been obtained from a court of competent jurisdiction.

  7. How Is Data Entered Into the Services and How Is It Corrected?

    Except for the Voucher ID, your name and email address that is electronically provided to TCS by the Authorizing Systems, all other Collected Information is either entered into the Services by End Users, or is generated by the Services including Student IDs, course identification numbers, start time and end time of courses taken, the duration of each course taken, submission status, and scoring data for CYBRScore Assessments, CYBRScore Labs, and CYBRScore Training.

    Once a training class, lab, or assessment has been completed by an End User, the Collected Information passed to or generated by such event may not be corrected or altered.

    Any information that you provided to the Authorizing System must be corrected with the Authorizing System. Except as set forth in this Privacy Policy, TCS does not share data with Authorizing Systems.

  8. How Do I Dispute the Results of My Assessments?

    If you object to scoring data or results generated by the Services, you should send an email to CYBRScoreSupport@comtechtel.com requesting more information on how your results were prepared.

  9. How to “Opt-Out” from Having Your Collected Information included in De-identified Aggregated Information

    You may “opt-out” from having your Collected Information included in TCS’s De-identified Aggregated Information by sending an email to CYBRScoreSupport@comtechtel.com requesting that it be removed. Before doing so, please understand that none of your personally identifiable information is included in our De-identified Aggregated Information, only demographic information that is not unique to you and scoring results. If you have any additional questions or concerns, feel free to send an email to the above address.

  10. Our Commitment to Data Security

    To prevent unauthorized access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the Collected Information as part of the Services.

  11. How to Contact Us

    If you feel your privacy has been violated by your use of the Services, you may register your complaint with us and we will respond to your requests. To do so, please email us at CYBRScoreSupport@comtechtel.com. Please contact us if you have any questions and comments regarding this Privacy Policy.