<div class="container_title"><h1>NCC Policies</h1></div><div class="container_content"> </div><pd4ml-page-break><div class="container_title"><h1>Data Use and Privacy</h1></div><div class="container_content"><div class="OutlineElement Ltr SCXW80442137 BCX2" style="direction: ltr;"> <p class="Paragraph SCXW80442137 BCX2" style="font-weight: normal;font-style: normal;vertical-align: baseline;background-color: transparent;color: windowtext;text-align: left;margin: 0.0px;padding-left: 0.0px;padding-right: 0.0px;text-indent: 0.0px;"><span style="font-size: 11.0pt;"><span style="font-family: Calibri , sans-serif;"><strong>Data Use and Privacy Information for Users </strong></span></span><br> <br> <span style="font-size: 11.0pt;"><span style="font-family: Calibri , sans-serif;">National Cybersecurity Consortium (NCC) policy states that data collected that are not personally identifiable to an individual and collected for the operations of the NCC is owned by the NCC. Personally identifiable data are owned by the individual identified but can be retained by the NCC if there is a legitimate business or legal responsibility for holding them. Except as otherwise permitted or required by applicable law or regulation, the NCC will only: (i) collect and use data that constitute personal information for the purpose the data were provided; and (ii) retain data that constitute personal information for as long as necessary to fulfill the purposes for which the data were collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The NCC will maintain data integrity to the greatest extent possible and in conformance with any relevant privacy and data protection legislation and/or regulations.</span></span><br> <br> <br> </p> </div> </div>
NCC Policies