Chapter Privacy Policy

This Data Security and Privacy Policy describes how the ISACA Astana Chapter  (“ISACA Chapter”) collects, uses, shares, and retains personally identifiable information you provide. The Policy is effective as of 01 April 2016. The policy was last modified on 30 March 2016. This Privacy Policy applies only to information collected by ISACA Chapter (‘we” or “us”) at 240  (the “Site”).  It does not apply to information collected or used by ISACA International (“ISACA”) web sites, including (www.isaca.org, for the ISACA International Privacy Policy, please visit http://www.isaca.org/pages/Privacy.aspx). This Privacy Policy also does not cover the practices of ISACA Chapter business partners (such as vendors, sponsors, or advertisers), nor does it apply to personally identifiable information that we collect from or about our employees, consultants, contractors, vendors, sponsors, or advertisers.

 

Modifications to this Policy

From time to time, ISACA Chapter may need to update or modify this Privacy Policy, including to address new issues or to reflect changes on our web sites. To the extent required by law, including the Personal Data Protection law (21 May 2013) of the Republic of Kazakhstan, ISACA Chapter will notify you of material changes to this Privacy Policy, including by posting the most recent version of the Privacy Policy and information about the changes from the previous version on ISACA Chapter web site.

 

 

Collection of Personally Identifiable Information

ISACA Chapter collects and maintains a variety of personally identifiable information, including email addresses, phone numbers, credit card and other payment information, business and home addresses, as well as demographic information such as courses or areas of study in which you may be interested.  ISACA Chapter collects information directly from you through, for example online registration forms, as well as offline, through exam or event registration forms.

Information is collected and maintained from members, exam candidates, those who have been certified by ISACA, applicants, event attendees, speakers, participants in ISACA Chapter programs, purchasers of ISACA Chapter products and services, current and past web site users, survey respondents, and others. To the extent that information requested is not required for your participation in a given ISACA Chapter program, you will be told which information is optional.  Should you fail to provide optional information, certain ISACA Chapter programs or features may not be available to you.

 

ISACA Chapter may also maintain information about you that you do not directly provide, whether it is information received from third parties, such as business partners who provide exam administration services, or information ISACA Chapter collects about your activities.  For example, ISACA Chapter keeps track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.

 

Passive Online Data Collection

ISACA Chapter also collects certain information passively, such as collecting online, non-identifying information through the use of cookies technology and/or Internet Protocol (“IP”) address tracking. Non-personal identification information might include the browser used by you, the type of computer, the operating systems, the Internet service providers, and other similar information. The  ISACA Chapter system also automatically gathers information about the areas you visit on the Site and about the links you may select from within the Site to other sites. Most browsers are set to accept cookies. You can set yours to refuse cookies, or to alert you when cookies are being sent; however, if you disable cookies, the full functionality of our sites may not be available to you.

 

On the ISACA Chapter Site, there may be certain third-party advertisers whose advertisements contain cookies that collect data from you.  Some of those cookies may contain tracking mechanisms that observe your behavior across multiple Sites.  ISACA Chapter does not control the use of cookies by advertisers or third parties displaying data on the Site or on the sites you visit using links from the Site.

 

Use, Sharing and Retention of Personally Identifiable Information

ISACA Chapter uses personally identifiable information for the purposes described at the time of collection or as otherwise described to you; to process your requests; to report to others about whether you are certified or not; as permitted by law to provide you with information about ISACA Chapter, our products and services or other products and services in which we believe you may be interested; or for other legitimate ISACA Chapter business purposes, including order processing, processing of certification or membership applications, or registering you for event or training programs.  We may also use your personally identifiable information to tailor your experience at our sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to such preferences. ISACA Chapter also publishes the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects.

 

ISACA Chapter may share personally identifiable information with third parties for legitimate business purposes, including for the following reasons or in the following circumstances:

 

  • To vendors or third-parties who  deliver or provide goods and services or otherwise act on behalf of or at the direction of ISACA Chapter, which third parties include, for example, exam testing agencies and training providers and partners, product-fulfillment companies, third-party event hosts, other third parties who may provide services on web sites that are accessible from links on one of our Site, and credit card companies processing payment;

 

  • To  ISACA Chapter volunteers and board members;

 

  • To ISACA and other ISACA chapters, the IT Governance Institute, and if you participate in our “Enterprise Participation Program,” your information will be shared with your organization’s program coordinator;

 

  • If you are an event attendee, speaker, or sponsor, certain of your information will be included in the event roster, which roster will be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors;

 

  • To investigate potentially fraudulent or questionable activities;

 

  • In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of our business or operations; and

 

  • When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid ISACA Chapter business purposes.

 

ISACA Chapter also may use your profile information on an aggregate basis – without personal identifiers – to provide third parties with information, such as to help us develop new features and content for the Site, and to provide Sponsors and others with aggregate information about our users and the usage patterns of the Site.

 

ISACA Chapter retains personally identifiable information for as long as necessary for its legitimate business purposes, and as otherwise permitted by applicable law.

 

Security

ISACA Chapter uses reasonable measures to safeguard sensitive personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control.  In addition, in some areas of our Site, ISACA Chapter may use Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information under ISACA Chapter control.

 

ISACA Chapter cannot guarantee, however, that your information will remain secure.  The Internet by its nature is a public forum, and ISACA Chapter encourages you to use caution when disclosing information online.  Often, you are in the best situation to protect yourself online.  You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.

 

Links to Third-Party Sites

From time to time, ISACA Chapter will provide links to third-party web sites, or advertisements will contain links to third-party sites.  For example, ISACA Chapter may link to a third party who is assisting in or is providing online training services.  These links are provided as a service to you.  These sites are operated by independent entities that have their own privacy policies.   ISACA Chapter’s Privacy Policy does not apply to such other sites or to the use that those entities make of your information.  ISACA Chapter has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information.

 

Your Privacy Rights Relating to Certain Information Disclosures

If you have an established business relationship with us you may request from us a list of the categories of personal information we have disclosed to third parties for those third parties’ marketing purposes, and a list of all third parties to whom we have shared that information. We will include in that list the names and addresses of the third parties who received the information and used it (or who we believe may have used it) for their own marketing purposes.

 

To exercise your rights, you may make one request each year by emailing us at isaca@chapter.kz or writing us at the address listed in the “How to Contact ISACA Chapter and Modify Your Information Preferences” section below. Indicate in your letter that you are making a “Shine the Light” inquiry. Responses to requests sent to this email address or the mailing address listed below will be provided within 30 days.

 

How to Contact ISACA Chapter and Modify Your Information or Preferences

Questions regarding this Privacy Policy should be directed to isaca@chapter.kz by email.  If you would like to modify the types of marketing email messages you receive from ISACA Chapter, you may do so by following the instructions within the body of any email message that you receive from us.

 

To help us keep your personal information up to date, or to request access to the personal information ISACA Chapter maintains about you, you may contact us at isaca@chapter.kz.

 

Children

ISACA does not believe its Sites are appealing to children, nor are they directed to children under 13. ISACA does not knowingly collect personally identifiable data from persons under the age of 13, and strives to comply with the provisions of COPPA (The Children’s Online Privacy Protection Act). If you are a parent of a child under 13, and you believe that your child has provided us with information about him or herself, please contact us at privacy@isaca.org.

Adopted by ISACA Astana Chapter on March 2016 and efffictive since 1st April 2016.



This policy outlines Chapter policies with respect to the treatment of the personally identifiable information (PII)[1] of the following individuals:

  • Current and past website users and individuals who purchase materials;
  • Members (both current and past);
  • Event attendees, speakers, sponsors, survey respondents, and other participants in Chapter programs; and
  • Non-member volunteers who participate on Chapter projects and/or volunteer groups.

This policy does not describe Chapter policies with respect to personally identifiable information of employees, consultants, contractors, vendors, licensees, sponsors, or advertisers.

This policy applies to handling of personally identifiable information stored in all forms (whether on paper, electronically – including on computer hard drives, CD ROMs, removable flash drives – or otherwise) by Chapter. It does not describe the treatment of information by legally independent entities that may work with Chapter, including ISACA International.

This policy is for internal use by Chapter volunteers, employees and by others (such as contractors, vendors, committee members, and the like) who have access in the course of their duties for Chapter to PII (as defined below) maintained by or on behalf of Chapter.

Responsibility and Accountability For periods of years 2016-2017 and 2018-2019 Arman Oramalov, CISA, CISM is responsible for Chapter’s privacy program and data security in the Chapter activities. 
Notice Chapter provides notice about its policies and practices relating to personally identifiable information and identifies the purposes for which information is collected, used, stored shared, and secured.  Chapter’s notice program includes the following elements:

  • When feasible (and/or legally required) Chapter provides notice to individuals before their personally identifiable information is collected.
  • Chapter provides notice and obtains consent (as legally required) before information it maintains is used for a purpose that is either unrelated to the purpose for which the information was originally provided, or that is for a purpose that was not disclosed in the original notice to the individual.
  • Chapter provides external notice about its privacy practices on its website.  The notice describes how personally identifiable information is collected, used, stored, and shared, and secured.
  • Chapter provides notice in its various printed information collection forms about how personally identifiable information will be used.
  • Chapter also provides notice in situations other than traditional online or offline information collection, such as when people are taking surveys or attending meetings, and instructs its employees about when notice must be provided.
  • This Internal Privacy Policy is used to inform Chapter personnel (and others, such as volunteers, contractors, etc., who will access personally identifiable information maintained by Chapter and who have a responsibility to adhere to this policy) about Chapter’s responsibilities with respect to use of personally identifiable information, and is distributed to personnel along with the external privacy notice

 

Collection Chapter currently collects the following types of personally identifiable information in a variety of ways, including (for the purposes described in the “use” section of this policy): information as contained in the Chapter membership list, member completed survey’s, completed meeting critiques or other use by Chapter leadership as approved by the individual member. In the online environment, Chapter uses some common passive data collection mechanisms, including cookies.Chapter uses fair and lawful means to collect information, collects information using methods that have been reviewed and approved by the chapter designee responsible for the Chapter privacy program, and analyzes third-party sources of personally identifiable information to determine if those third parties are reliable data providers.

It is Chapter’s policy not to develop or acquire additional information about those individuals whose personal information is covered by this policy, unless it has obtained consent from those individuals.  Certain exceptions apply, including to build behavioral profiles or to obtain information to verify applicants for courses or certification

 

Choice and Consent To the extent feasible – keeping in mind Chapter’s legal obligations, business goals and resources – Chapter gives individuals choice about how their information will be used.  This choice includes, for example, seeking consent and/or providing clear notice about use of personally identifiable information.Chapter informs individuals what choices they have about how information will be used, stored, or shared with third parties.  The following are some representative examples of the types of situations when Chapter gives individuals choice or seeks consent posting name in newsletters for certifications awarded, new member welcome, chapter or national events.

 

Use Chapter uses personally identifiable information it obtains for the following purposes:

  • Those purposes described in Chapter’s external privacy policy, and as described at the time it collects information (for example in an online or offline form);
  • To process individuals’ requests;
  • For purposes that a reasonable individual would view as related to the purpose for which an individual provided information; and
  • For other legitimate business purposes of Chapter that are permitted by applicable laws, rules and regulations, and/or that are in keeping with appropriate industry guidelines and practices.

 

Sharing Chapter shares personally identifiable information with third parties only for legitimate business purposes and as permitted by applicable law, rules and regulations. Instances when Chapter may share information include:

  • To vendors or third-party to deliver or provide goods and services, including, for example, exam testing agencies and training providers and partners, product-fulfillment companies, or third-party event hosts;
  • To the IT Governance Institute, ISACA Headquarters, and from time to time volunteers (such as ISACA board members) performing tasks on Chapter’s behalf;
  • To those who wish to determine if an individual is certified provided that the requester of the information provides to Chapter the certification number and last name of the individual;
  • To investigate potentially fraudulent or questionable activities;
  • In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of Chapter’s business or operations; and
  • When Chapter believes it is necessary to cooperate with law enforcement or in response to a government request.

Individuals are notified of Chapter’s practices with respect to the sharing of information with third parties in Chapter’s external privacy policy, accessible on the Chapter website.

When sharing information, Chapter limits the amount and type of information shared to that which the other party needs or that is relevant to the other party.

If Chapter shares personally identifiable information with a vendor or other third party providing services on Chapter’s behalf, Chapter requires that the third party use the data as directed by Chapter and that it maintain the confidentiality and security of the data.

Chapter will take appropriate remedial actions if it becomes aware of any situation in which a third party misuses personally identifiable information.

 

Access Those who wish to access their information or have their information updated are directed in Chapter’s external privacy policy to contact Chapter by email, regular mail, or phone.  Such requests will be answered and addressed under the direction and supervision of chapter designee responsible for the Chapter privacy program. 

 

Completeness and Accuracy Chapter relies on individuals to provide it with complete and accurate personally identifiable information, and in certain circumstances may require individuals to represent and warrant that the details they have provided are their own, are complete, and are accurate. 
Retention and Disposal Chapter’s current policy is to retain information for so long as it is needed by the business.  Since most information is in continuous use, much is retained on an indefinite basis.When Chapter finds that it has extensive information it is not using, it will determine appropriate means to dispose of personally identifiable information in a secure manner in keeping with its legal obligations.

 

 

[1] Defined to include any information that could be used to directly or indirectly identify an individual, such as name, email or home address, phone number, as well as information that is maintained in connection with individually identifiable information, like credit card numbers, demographic information, and the like.