Data Protection and Safeguarding Policy

Behavior University takes reasonable administrative, technical, and organizational measures to protect user information collected through behavioruniversity.com and related course services.

Legal Use Basis

Behavior University processes personal information under one or more lawful bases recognized by applicable data protection laws, including:

  • Performance of a contract, such as providing course access, certificates, and customer support.
  • Compliance with legal obligations, including accounting, tax, and regulatory requirements.
  • Legitimate interests, including website security, fraud prevention, service improvement, and business operations.
  • Consent, where required by law, such as for certain marketing communications.

Information We Protect

Behavior University may collect and maintain information necessary to provide educational services, process enrollments and payments, support users, document course participation, issue certificates or completion records, communicate with users, and verify user participation when required for audit, compliance, or credentialing purposes.

This information may include user contact information, account information, course enrollment records, course progress or completion information, certificate information, payment transaction information, support communications, and website usage information.

Use of Information

Behavior University uses user information only for legitimate business, educational, operational, compliance, payment, support, and communication purposes. User information may be used to:

  • Provide access to courses and related educational materials.
  • Process enrollments, payments, refunds, and account support requests.
  • Maintain course completion and certificate records.
  • Respond to user questions or technical support requests.
  • Communicate service-related information.
  • Support required audit or verification requests, including BACB®-related verification where applicable.
  • Improve website functionality, usability, and course delivery.

Behavior University does not sell user information.

Access Controls

Access to user information is limited to authorized personnel, contractors, and service providers who need access to perform services for Behavior University. Users with administrative access are expected to use appropriate credentials and to access user information only for legitimate business, support, compliance, or operational purposes.

Technical Safeguards

Behavior University uses reasonable technical safeguards intended to protect user information from unauthorized access, loss, misuse, or disclosure. These safeguards may include secure website access, restricted administrative access, server-level security controls, malware and intrusion protection tools, software updates, system monitoring, and backup procedures.

No website, software platform, or internet-connected system can be guaranteed to be completely secure. Behavior University therefore uses reasonable safeguards appropriate to the nature of the information collected and the services provided.

Third-Party Service Providers

Behavior University may use third-party service providers to operate the website, host data, process payments, deliver email communications, provide analytics, maintain backups, or support other business and technical functions. These providers may process information only as needed to provide services to Behavior University or as otherwise permitted by law.

Individual Rights

Individuals located in the United Kingdom may have rights under applicable data protection laws, including the right to:

  • Access their personal information.
  • Request correction of inaccurate information.
  • Request deletion of information where legally permitted.
  • Restrict certain processing activities.
  • Object to certain processing activities.
  • Request transfer of their information to another provider where applicable.

Requests may be submitted using the contact information contained on our website. Behavior University may request information necessary to verify the requester's identity before fulfilling a request.

Data Retention

Behavior University retains user information for as long as reasonably necessary to provide services, maintain course and completion records, support users, comply with audit or legal obligations, process accounting and payment records, resolve disputes, and operate the website.

When information is no longer reasonably needed, Behavior University may delete, archive, anonymize, or securely retain the information according to its operational and legal requirements.

Examples include:

  • Course completion and certificate records may be retained for extended periods to support verification requests.
  • Payment and accounting records may be retained as required by applicable tax and accounting laws.
  • Support communications may be retained for operational, quality assurance, and dispute resolution purposes.

Retention periods may vary based on legal, contractual, operational, and regulatory requirements.

Backups and Recovery

Behavior University may maintain backups of website, course, and user-related data to support continuity of service, restoration, and recovery in the event of technical failure, accidental deletion, security incident, or other disruption.

Backup systems are intended for disaster recovery and business continuity and may retain information for a limited period according to technical and operational requirements.

Incident Response

If Behavior University becomes aware of unauthorized access to user information or another security incident affecting protected user data, Behavior University will take reasonable steps to investigate, contain, and remediate the issue. Where required by applicable law or contractual obligation, Behavior University will provide notice to affected users, regulators, or other appropriate parties.

User Responsibilities

Users are responsible for maintaining the confidentiality of their login credentials, using strong passwords, avoiding credential sharing, and promptly notifying Behavior University if they suspect unauthorized access to their account.

International Transfers

Behavior University may transfer, store, or process personal information outside the United Kingdom, including in the United States and other countries where service providers operate.

Where required by applicable law, Behavior University implements appropriate safeguards for international data transfers, including contractual protections approved under applicable data protection laws, such as the UK International Data Transfer Agreement (IDTA), the UK Addendum to the European Commission's Standard Contractual Clauses, or other legally recognized transfer mechanisms.

ICO Complaints

Individuals located in the United Kingdom have the right to lodge a complaint with the Information Commissioner's Office (ICO) if they believe their personal information has been processed in violation of applicable data protection laws. Information about filing a complaint is available at www.ico.org.uk.

Contact

Questions about Behavior University’s data protection and safeguarding practices may be directed to Behavior University through the contact information provided on the website, [email protected]. Users may use this contact information to exercise applicable privacy rights or inquire about data protection practices.

We use cookies to improve your experience. By using our site, you agree to our Privacy Policy.