CSFI Privacy Notice
Version 1.0 | Effective date: 30 January 2026
The Cyber Security Forum Initiative (CSFI) respects your privacy and is committed to protecting personal data in a responsible, transparent, and proportionate manner.
This Privacy Notice explains how CSFI collects, uses, stores, and protects data.
Who We Are
CSFI is a non-profit organization headquartered in the United States, focused on cybersecurity education, workforce development, and research initiatives.
CSFI maintains a limited operational presence in the European Union for paid employees only. Volunteer and internship programs are administered from the United States.
Contact: [email protected]
What Personal Data We Collect
CSFI collects only personal data necessary to operate its programs and communications, which may include:
- Name
- Email address
- Educational background
- Resume or CV
- Application responses
- Communications sent to CSFI
CSFI does not collect dates of birth, government-issued identification numbers, financial information, or sensitive personal data unless explicitly required and disclosed.
Purpose of Collection
Personal data is collected and processed solely for legitimate organizational purposes, including program administration, applicant and participant review, communications, coordination, recordkeeping, and reporting.
Legal Basis for Processing
Where applicable, CSFI processes personal data based on informed consent, legitimate organizational interest in administering non-profit programs, or legal and regulatory obligations.
Application data is processed on the basis of consent; program coordination and recordkeeping are processed on the basis of legitimate interest; and compliance-related processing is carried out on the basis of legal obligation.
Processing Location and International Transfers
Personal data is primarily processed and stored in the United States. Wherever personal data originates from, CSFI applies appropriate safeguards for international transfers, including Standard Contractual Clauses (SCCs) or equivalent mechanisms.
Data Retention
CSFI retains personal data only for as long as necessary:
- Application data: up to 90 days
- Program participation records: for the duration of the program and up to 5 years thereafter, as necessary for operational, reporting, and compliance purposes
Earlier deletion is available upon request unless retention is required by law.
Access and Sharing
Access to personal data is limited to authorized CSFI personnel with a legitimate need-to-know. CSFI does not sell personal data and does not share personal data with third parties except where required to operate programs, comply with law, or ensure security.
This may include service providers such as cloud storage providers, email delivery platforms, and program coordination tools. CSFI does not authorize any third-party processor to use personal data beyond the specific purpose for which it was shared.
Your Data Rights
Depending on your location, you may have the right to:
- Request access to your personal data
- Request correction of inaccurate data
- Request deletion of your data
- Withdraw consent where applicable
- Request data portability, allowing you to receive your personal data in a structured, commonly used, and machine-readable format
- Object to the processing of your personal data where processing is based on legitimate interests
- Lodge a complaint with a relevant supervisory authority if you believe your data has been processed unlawfully
Requests may be submitted to [email protected] and are handled within 30 days.
Security Measures
CSFI implements reasonable technical and organizational safeguards to protect personal data, including access controls, limited data access, encryption where feasible, and secure storage practices.
Children's Privacy
CSFI activities and programs are intended for adults and are not directed to children or minors. Participation in CSFI activities is limited to individuals who are 18 years of age or older. CSFI does not knowingly collect personal data from children under the age of 13 or from minors for participation purposes. If CSFI becomes aware that it has collected such information, it will take reasonable steps to delete it.
Changes to This Privacy Notice
CSFI may update this Privacy Notice periodically to reflect changes in practices or legal requirements. Updates will be posted with a revised date.
Contact Us
For questions, concerns, or requests related to privacy or data protection, contact: [email protected]
CSFI does not use automated decision-making, including profiling, in the evaluation of applications or participation in its programs.
Optional Transparency Notice for California Residents (CCPA/CPRA)
This section is provided for transparency purposes only.
CSFI is a non-profit organization and is generally exempt from the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
CSFI does not sell or share personal information as defined under the CCPA or CPRA.
California residents may nonetheless request access to or deletion of their personal information by contacting [email protected]. CSFI will respond to verified requests within a reasonable timeframe.
