course starting at
Take Penetration Testing with Kali Linux to gain invaluable penetration testing skills and earn your OSCP.
This is our Privacy Notice. Please scroll down or click on the headings to the left to discover more.
We only process your Personal Data if we have a legal basis to do so – this may be consent or another legal basis; we collect only the information necessary to fulfill your relationship with us; we don’t sell it to third parties; and we only use it as this Privacy Notice says we do. We strive to provide a high standard of privacy protection for you.
Full the full version please continue reading.
The entity responsible for processing your Personal data is OffSec Services Limited, of 5 Secretary’s Lane, Gibraltar along with its affiliates and individual contractors (“Offensive Security”). It provides the products and services as advertised on Offensive Security’s Sites (as defined below) to individual students (“Students”) and customers who are organizations (“Customers”).
This Privacy Notice explains what Personal Data (as defined below) we collect on our Sites, which include offensive-security.com, kali.org, kali.training, and exploit-db.com (“Sites”), and through the offering of our Services to Site visitors, Students and Customers and the provision of services to us by third parties (“Suppliers”).
This Privacy Notice explains how we use and share that Personal Data, and your choices about our data practices. Please read this Privacy Notice before using the Sites.
What this Privacy Notice does not apply to
This Privacy Notice does not apply to:
We want to make sure the Personal Data we hold on you is up to date and relevant. You are also legally entitled to know what Personal Data we hold on you. If you’d like a copy of some or all of your Personal Data or you think your Personal Data is inaccurate, you can ask us to correct or remove it. Please contact us at privacy @ offensive-security.com.
Please be aware that if you do not want to provide your Personal Data to us or you ask us to delete it, we may no longer be able to provide the Services to you.
When you interact with us, our Sites or Services, we collect Personal Data that, alone or combined with other Personal Data, could identify you (“Personal Data”).
Automatically Collected Data
When you access the Sites or use the Services, the following Personal Data is created and automatically logged in our systems:
We use various technologies to collect and store information, including cookies, pixel tags, local storage such as browser web storage or application data caches, databases and server logs.
Personal Data You Give Us.
When you access the Sites, we may collect additional Personal Data from you through web forms such as names, phone numbers, postal addresses, email addresses, or other Personal Data you provide to us.
When you ask about, sign up for or use the Services, you may voluntarily give us certain Personal Data, including your location, name, company, gender, age range, and contact information. We also may collect from you billing information (i.e., country and credit card details). We may further collect from you a scanned government ID, scanned utility bill(s), scanned bank statement(s), and scanned income statement(s), parent name(s), IDs, and consent letters.
We also collect Personal Data you provide to us when you complete any “free text” boxes in our forms or provide us with any emails (for example, support request or survey submission). In addition, we may collect Personal Data disclosed by you on our blogs and forums and our other areas of the Services to which you can post Personal Data and materials.
Personal Data we create or collect
When you register to use our Services, our systems will generate unique identifiers including your main Offensive Security ID (“OSID”), Purchase ID, Lab ID, Certificate ID, Video ID, system username and password. These identifiers are known as “pseudonymized” personal data and cannot alone identify you but can identify you when combined with other Personal Data we hold.
We may also gather nicknames or handles you operate under in public blogs, forums, chat rooms or other channels.
We keep a record of your purchase history and examination history. We may also keep administrative notes on your file.
Copy of emails between us will be kept in our systems.
As noted under the heading “How we use your Personal Data” we create and keep videos of Students during the proctoring of examinations.
Personal Data We Get From Third Parties
We may receive identification and contact Personal Data about you from our Customers if they are paying for you to use our Services, our Suppliers and business partners if you are working with us on their behalf, data brokers providing non-public lists and publicly available sources like LinkedIn and other directories.
In addition, we may verify your identification using third party service providers who may provide additional identification data to us.
We store and process this Personal Data on servers in the United States, Israel and the Philippines, and we use this information for our internal purposes and to provide you with information, support, and Services.
We use the Personal Data we collect, described above
For Students under the age of 18, we collect name(s) and IDs of and consent to process your Personal Data and provide you with Services from, the person who has parental responsibility for you.
We will use your Personal Data for our legitimate interests if we have assessed we have a legitimate business interest in doing so to operate our business.
How do we assess we have a legitimate business interest?
We may share your Personal Data and other information with certain third parties in these circumstances:
Where we use another organisation to provide services or products to us, we still control and are responsible for your Personal Data and for ensuring there are controls in place to make sure it’s adequately protected.
If we need to transfer your Personal Data to another organisation for processing in countries outside the EEA and not listed as ‘adequate’ by the European Commission, we’ll only do so if we have model clauses or other appropriate safeguards (protection) in place. Generally we will rely on model clauses.
We will keep your Personal Data for as long as reasonably necessary for the purposes described in this Privacy Notice, while we have a legitimate business need to do so in connection with your account, or as required by law (e.g., for tax, legal, accounting or other purposes), whichever is the longer.
We do have additional specific data retention policies for certain categories of data.
The Personal Data that we collect is stored and processed on servers in the United States, Israel and the Philippines. We take steps to ensure that your Personal Data is protected from unauthorized disclosure.
Cookies are a standard feature of Sites that allow us to store small amounts of data on your computer about your visit to the Site. They are widely used to help make Sites work or work in a better, more efficient way, such as by recognizing you and remembering information that will make your use of the Site more convenient (such as by remembering your preference settings). Cookies also help us to learn which areas of the Site are useful and which areas need improvement, and to track your usage of the Site to provide you with targeted advertisements.
This section provides information on your rights under EU law (for these purposes, reference to the EU also includes the European Economic Area countries of Iceland, Liechtenstein and Norway).
Data Controller. Offensive Security is the data controller for your Personal Data.
Your Rights. Subject to EU law, you have the following rights in relation to your Personal Data:
You may contact us at privacy @ offensive-security.com to exercise your rights.
We will notify you of changes to the data processing activities described in this Privacy Notice by updating the Privacy Notice or as otherwise required by law.
For Students under the age of 18, we collect name(s) and IDs of and consent to process your personal data and provide you with Services from, the person who has parental responsibility for you.
If you believe we are processing the Personal Data of a Student under the age of 18 without consent from the person who has parental responsibility for them, please contact us at email@example.com and we will endeavor to delete that Personal Data from our databases.
We try to protect the Personal Data from loss, misuse and unauthorized access, disclosure, alteration, or destruction. However, no method of transmission over the internet is 100% secure.
We may change this Privacy Notice at any time and when we do we will post an updated version on this page.
If you want to make a complaint about how we have handled your Personal Data please contact us at firstname.lastname@example.org and we will investigate and report back to you. If you are still not satisfied after our response or believe we are not using your Personal Data in line with the law, you also have the right to complain to the data-protection regulator, the Information Commissioner – https://ico.org.uk/.
If you have questions about our Privacy Notice or our data practices, please contact us at email@example.com.