PCI 安全标准委员会(PCI Security Standards Council®)

PCI Security Standards Council Online Privacy Statement

Last Updated: 8 June 2018

您的隐私对 PCI 安全标准委员会非常重要。我们的目标是为您提供有最相关和最有帮助的信息、资源和服务的个性化在线体验。This PCI Security Standards Council Online Privacy Statement (the "Privacy Statement") has been written to describe the conditions under which this web site and other online PCI Security Standards Council resources (the "Web site") are being made available to you. 除其他外,隐私声明讨论了如何收集和使用您访问本网站期间获得的数据。我们强烈建议您仔细阅读隐私声明。使用本网站即表示您同意遵守本隐私声明的条款。如果您不接受隐私声明的条款,则会被指示停止访问或以其他方式使用本网站或从中获取的任何材料。If you are dissatisfied with the Web site, by all means contact us at info@pcisecuritystandards.org; otherwise, you should disconnect from this site and refrain from visiting the site in the future.

维护网站的过程是一个不断发展的过程,PCI 安全标准委员会可能会在未来的某个时候决定修改本隐私声明的条款。您对本网站的使用或从本网站获得的材料表明您在使用本网站时同意隐私声明。有效的隐私声明将发布在网站上,您应该检查每次访问是否有任何变化。


This Privacy Statement applies to all PCI Security Standards Council- maintained Web sites, domains, information portals, registries and other online resources, and PCI Security Standards Council may from time to time require users of specific portals or other resources to agree to corresponding additional terms and conditions. If the terms of this Privacy Statement conflict with such other terms and conditions, such other terms and conditions shall govern to the extent necessary to resolve such conflicts.


PCI 安全标准委员会致力于保护儿童的隐私需求,我们鼓励父母和监护人积极参与孩子的在线活动和兴趣。PCI 安全标准委员会不会故意收集 13 岁以下儿童的信息,PCI 安全标准委员会也不会将其网站导向儿童。

链接到非 PCI 安全标准委员会网站

The PCI Security Standards Council's Web site may provide links to third- party Web sites for the convenience of our users. 如果您访问这些链接,您将离开 PCI 安全标准委员会的网站。PCI 安全标准委员会不控制这些第三方网站,也不能表示其政策和做法与本隐私声明一致。例如,其他网站可能以与本文档中描述的方式不同的方式收集或使用您的个人信息。因此,您应谨慎使用其他网站,并且您需要自担风险。我们建议您在向任何网站提交个人信息之前查看网站的隐私政策。



非个人信息是与特定个人身份无直接关联的使用和服务操作的数据。PCI 安全标准委员会可以收集和分析非个人信息,以评估访问者如何使用 PCI 安全标准委员会网站。


PCI 安全标准委员会可能会收集汇总信息,这些信息是指您的计算机自动提供给我们的信息,且不能将您作为特定个人与您绑定。示例包括推荐数据(您在我们网站之前和之后访问过的网站),查看的页面,在我们网站上花费的时间以及 Internet 协议 (IP) 地址。IP 地址是您访问 Internet 时自动分配给计算机的号码。For example, when you request a page   from one of our sites, our servers log your IP address to create aggregate reports on user demographics and traffic patterns and for purposes of system administration.


每次从网站请求或下载文件时,PCI 安全标准委员会都可以将有关这些事件的数据和您的 IP 地址存储在日志文件中。PCI 安全标准委员会可以使用此信息来分析趋势,管理网站,跟踪用户的移动,并收集广泛的人口统计信息以供总体使用或用于其他业务目的。


我们的网站可能会使用您浏览器的功能在您的计算机上设置“Cookie”。Cookie 是网站计算机存储在您计算机上的小信息包。然后,当您访问我们的网站时,PCI 安全标准委员会的网站就可以读取 Cookie。我们可能会以多种方式使用 Cookie,例如保存您的密码,这样您每次访问我们的网站时都不必重新输入密码,提供符合您兴趣的内容并跟踪您访问过的网页。这些 Cookie 允许我们使用我们收集的信息来定制您的 PCI 安全标准委员会体验,以便您对我们网站的访问尽可能相关且对您有价值。

大多数浏览器软件都可以设置为接受 Cookie。您可以修改浏览器首选项,为您提供与 Cookie 相关的选择。您可以选择接受所有 Cookie,在设置 Cookie 时收到通知或拒绝所有 Cookie。如果您选择拒绝 Cookie,我们网站的某些功能和便利可能无法正常运行,您可能无法使用需要注册才能参与的 PCI 安全标准委员会服务,或者您每次访问我们的网站时都必须重新注册。大多数浏览器提供有关如何重置浏览器以拒绝工具栏“帮助”部分中的 Cookie 的说明。We do not link non-personal information from cookies to personally identifiable information without your permission


PCI 安全标准委员会的网站也可以使用网站信标收集有关您使用我们网站的信息以及选定赞助商和广告商的网站,您使用特别促销或新闻通讯以及其他活动的非个人信息。网站信标收集的信息使我们能够统计监控有多少人使用我们的网站和选定的赞助商网站;有多少人打开我们的电子邮件;以及这些行为的目的。我们的网站信标不会用于跟踪您在我们网站或赞助商网站之外的活动。未经您的许可,PCI 安全标准委员会不会将来自网站信标的非个人信息与个人可识别信息相关联。


Personal information (“Personal Data”) is information that is associated with your name or personal identity. In general, the PCI Security Standards Council uses personal information to better understand your needs and interests and to provide you with better service. The specific uses for Personal Data collected on the site is described on the pages where such data is collected.  The types of personal information you provide to us on these pages may include name, address, phone number, email address, user IDs, passwords, and billing information.  By providing this information, you are able to request and/or download information or materials, subscribe to mailing lists, participate in online discussions, collaborate on documents, provide feedback, submit information into registries, register for events, apply for participation or membership, or join technical committees or working groups.  We collect this information so we can contact you or send you requested materials (such as with requested documents or subscriptions to mailing lists) and to identify you to us or others (such as applications to register for events or join committees, or to participate in online discussions), and to bill you for requested services or materials. You may always elect not to provide your Personal Data to us, but that will limit your ability to participate in these activities or benefit from these services. 

Personal Data will not be kept for longer than is necessary for the purpose (s) for which it was collected, and in general, we will retain Personal Data for a period of 3 years, or if you have any qualification or contractual relationship with us, for a period of 3 years after cessation of that qualification or relationship.  In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. Notwithstanding this, we may retain your Personal Data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another person.

Restricted Web Sites and Portals

Information you provide in connection with applying for participation or membership is used to create a corresponding participating organization or member profile, and may be shared with other PCI Security Standards Council member or participant representatives and organizations. Such information may be provided to other participants or members on a secure Web site to encourage and facilitate collaboration, research, and the free exchange of information. PCI Security Standards Council participants and members automatically are added to applicable PCI Security Standards Council mailing lists. From time to time, participant and member information may be shared with event organizers and/or other organizations that provide additional benefits to PCI Security Standards Council participants or members. By providing us with your personal information, you expressly consent to our storing, processing, and distributing such information for these purposes.


Company information is information that is associated with the name and address of PCI Security Standards Council participant or member organizations and may include data about usage and service operation. The primary representative of any such organization may request usage reports to gauge the extent of their employees' involvement in consortium activities. 您应该知道,有关您参与技术委员会或工作组的信息可能会提供给贵公司的主要代表和 PCI 安全标准委员会的工作人员。


PCI 安全标准委员会可以使用汇总的非个人数据来报告 PCI 安全标准委员会网站的可用性、性能和有效性。它可用于改善网站的体验、可用性和内容。

The PCI Security Standards Council may use personal information to offer or provide services that support its activities or those of PCI Security Standards Council participants or members, and their collaboration with PCI Security Standards Council, or to provide you with electronic newsletters, announcements, surveys or other information. When accessing restricted PCI Security Standards Council Web pages and portals, your personal user information may be tracked in order to support collaboration, ensure authorized access, and enable communication among participants or members.


PCI 安全标准委员会不会出于营销目的向任何人出售、出租或租赁任何个人的个人信息或电子邮件地址列表,我们采取商业上合理的步骤来维护此信息的安全性。但是,PCI 安全标准委员会保留向 PCI 安全标准委员会未来可能合并或可能进行任何转让的任何组织提供任何此类信息的权利,以使第三方能够继续完成部分或全部理事会的使命。当我们合理地认为您违反了我们的使用条款或我们有理由相信您已经发起或参与任何非法活动时,我们还保留发布个人信息以保护我们的系统或业务的权利。此外,请注意,在某些情况下,PCI 安全标准委员会可能有义务根据司法或其他政府传票,搜查令或其他命令发布您的个人信息。

为了与我们的开放流程保持一致,PCI 安全标准委员会可以为我们的绝大多数活动保留可公开访问的档案。例如,向任何 PCI 安全标准委员会托管的邮件列表或讨论论坛发布电子邮件信息,订阅任何 PCI 安全标准委员会通讯或注册我们的某个公开会议可能会让您的电子邮件地址成为可公开访问的档案的一部分。

If you are a PCI Security Standards Council participant or member, you should be aware that some items of your personal information may be visible to other PCI Security Standards Council participants and members, and to   the public. The PCI Security Standards Council participant and member databases may retain information about your name, email address, company affiliation and such other personal address and identifying data as you choose to supply. That data may be generally visible to other PCI Security Standards Council participants or members, and to the public. Your name, email  address, and other information you may supply also may be associated in the PCI Security Standards Council's publicly accessible records with the PCI Security Standards Council's various committees, working groups, and similar activities that you join, in various places, including: (i) the permanently-posted attendance and other records of those activities; (ii) documents generated by the activity, which may be permanently archived; and, (iii) along with message content, in the permanent archives of the PCI Security Standards Council's email lists, which also may be public.


鉴于 PCI 安全标准委员会的国际范围,您所在国家/地区以外的人员可能会看到个人信息,包括您所在国家/地区的隐私法律和法规认为不足以确保对此类信息提供足够保护的国家/地区的人员。如果您不确定本隐私声明是否与适用的当地规则相冲突,则不应提交您的信息。如果您位于欧盟范围内,您应该注意,您的信息将被转移到美国,而欧盟认为该做法不足以保护数据。尽管如此,根据当地法律实施24 10 月1995欧盟关于个人数据处理和个人数据自由流动的个人保护指令 95/46 / EC(“欧盟隐私权指令”),位于美利坚合众国以外的提交个人信息的国家/地区的个人由此同意本隐私声明中规定的信息以及向美利坚合众国转移和/或存储的信息的一般使用规定。

Your Personal Data will never be used for direct marketing purposes, although we may contact you to follow up on a request you made for information about a service, event or activity we provide.

如果您不希望 PCI 安全标准委员会收集和使用您的个人信息,请不要访问 PCI 安全标准委员会的网站或申请参与状态。

Access to and Accuracy of Information

The PCI Security Standards Council is committed to keeping the personal information of our participating and member organizations accurate. 您提交给我们的所有信息都可以进行验证和更改。In order to do this, please email us a request at info@pcisecuritystandards.org. We may provide participants and/or members with online access to their own personal profiles, enabling them to update or delete information at any time. To protect your privacy and security, we also may take reasonable steps to verify identity, such as requiring a user ID and password, before access to modify personal profile data. Certain areas of the PCI Security Standards Council's Web sites may limit access to specific individuals through the use of passwords or other personal identifiers; a password prompt is your indication that a restricted resource is being accessed.


The PCI Security Standards Council uses a variety of means to protect personal information provided by users of the Web site, including using firewalls and other security measures on its servers. 但是,没有任何服务器具有 100% 的安全性,您在任何网站(包括此网站)上提交有关您自己的个人信息或机密信息时都应考虑到这一点。Much of the personal information is used in conjunction with participation and/or member-level services such as collaboration and discussion, so some types of personal information such as your name, company affiliation, and email address will be visible to other the PCI   Security Standards Council participants or members, and to the public. The PCI Security Standards Council assumes no liability for the interception, alteration, use or misuse of the information you provide. 您自己负责维护您的个人信息的保密性。访问本网站时请小心谨慎并提供个人信息。


PCI 安全标准委员会可能会不时通过电子邮件向您发送电子通讯、公告、调查或其他信息。如果您不希望收到任何或所有这些通信,您可以按照电子通讯和公告中提供的指示选择不参与。

General Data Protection Regulation (GDPR) Compliance

If you are a resident of or are located in the European Economic Area (“EEA”), you may also have certain rights under the General Data Protection Regulation (“GDPR”).  Personal Data you provide on any of the PCI Security Standards Council’s sites is only collected with your consent, and may be transmitted outside of the EEA to the PCI Security Standards Council (or computer servers maintained for the benefit of the PCI Security Standards Council) pursuant to that consent.

In general, under the GDPR you may:

Should you request a copy of your Personal Data, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.  Should you request the deletion of your Personal Data, PCI Security Standards Council will generally do so as soon as practicable, although your right to have your Personal Data deleted is subject to exceptions, such as, for example, compliance with a legal obligation or for the establishment, exercise or defense of legal claims. 

If you consider that our processing of your personal information infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

Contact the PCI Security Standards’ Council, through its Data Protection Program at dataprivacy@pcisecuritystandards.org if you have concerns regarding your Personal Data, or wish to exercise any of these listed rights.

Note that, if you are in the EEA, we may transfer your Personal Data outside of the EEA, including to the United States.  By way of example, this may happen if your Personal Data is transferred to our servers located in a country outside of the EEA. These countries may not have similar data protection laws to the EEA. By submitting your Personal Data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EEA in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.


Questions about this Privacy Statement can be directed to info@pcisecuritystandards.org.

Our website uses both essential and non-essential cookies to analyze use of our products and services. This agreement applies to non-essential cookies only. By accepting, you are agreeing to third parties receiving information about your usage and activities. If you choose to decline this agreement, we will continue to use essential cookies for the operation of the website. View Policy

Powered By OneLink