This Privacy Policy describes how the ISACA Central Ohio Chapter ("ISACA Chapter") collects, uses, shares, and retains personally identifiable information (PII) you provide. PII is information that can be used directly or in combination with other information to identify a particular individual and is defined for the purposes of this policy by Ohio Revised Code (ORC) 1347.01. The Policy is effective as of January 28, 2018. This Privacy Policy applies only to information collected by ISACA Chapter at engage.isaca.org/centralohiochapter/home (the "Site"). It does not apply to information collected or used by ISACA International ("ISACA") websites, including www.isaca.org. This Privacy Policy also does not cover the practices of other ISACA Chapter business partners, such as vendors, sponsors, advertisers, social media, and workplace communication tools, nor does it apply to PII that ISACA Chapter collect from or about our employees, consultants, contractors, vendors, sponsors, or advertisers. We encourage you to review privacy statements for those sites.
Modifications to this Policy
From time-to-time, ISACA Chapter may need to update or modify this Privacy Policy, including to address new issues or to reflect changes on our Site. To the extent required by law, ISACA Chapter will notify you of material changes to this Privacy Policy, including by posting the most recent version of the Privacy Policy and information about the changes from the previous version on the Site.
International Visitors
If you are providing PII and are not a resident of the United States, your country's laws governing data collection and use may differ from those in the United States; in particular, the U.S. may not provide the same level of protections as those in your own country. By providing information to ISACA Chapter, you are transferring your personal data to the United States, and you consent to the transfer to, retention and processing of, your data in the United States.
Methods of Collection of Personally Identifiable Information
ISACA Chapter collects and maintains a variety of PII, including names, e-mail and physical addresses, telephone numbers, payment details (e.g., personal check and/or credit card information), business contact information, demographic information (e.g., such as courses or areas of study in which you may be interested), and any other information provided by, or on behalf of, an individual (e.g., information provided in the form of e-mail and/or contact form communication and sponsored guest information).
ISACA Chapter collects information directly from you through, for example, via online registration and contact, survey, and/or feedback forms and e-mail, as well as offline, through exam or event registration forms. Information is collected and maintained from members, exam candidates, those who have been certified by ISACA, applicants, event attendees, speakers, participants in ISACA Chapter programs, purchasers of ISACA Chapter products and services, current and past Site users, survey respondents, and others. To the extent that information requested is not required for your participation in a given ISACA Chapter program, you will be told which information is optional. Should you fail to provide optional information, certain ISACA Chapter programs or features may not be available to you.
ISACA Chapter may also maintain information about you that you do not directly provide, whether it is information received from third-parties, such as business partners who provide exam administration services, or information ISACA Chapter collects about your activities. For example, ISACA Chapter keeps track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.
Passive Online Data Collection
ISACA Chapter also collects certain information passively, such as collecting online, non-identifying information through the use of cookies technology and/or Internet Protocol ("IP") address tracking. Non-Pl I might include the browser used by you, the type of computer, the operating systems, the Internet service providers, and other similar information. The ISACA Chapter system also automatically gathers information about the areas you visit on the Site and about the links you may select from within the Site to other sites. Most browsers are set to accept cookies. You can set yours to refuse cookies, or to alert you when cookies are being sent; however, if you disable cookies, the full functionality of our Site may not be available to you.
On the ISACA Chapter Site, there may be certain third-party advertisers whose advertisements contain cookies that collect data from you. Some of those cookies may contain tracking mechanisms that observe your behavior across multiple websites. ISACA Chapter does not control the use of cookies by advertisers or third-parties displaying data on our Site or on the sites you visit using links from our Site. Advertising landing pages and third-party websites may collect user data that are subject to, and governed by, the privacy policies and information security controls of such third-parties.
Use, Sharing and Retention of Personally Identifiable Information
ISACA Chapter uses PII for the purposes described at the time of collection or as otherwise described to you; to process your requests; to report to others about whether you are certified or not; as permitted by law to provide you with information about ISACA Chapter, our products and services or other products and services in which the ISACA Chapter believes you may be interested; or for other legitimate ISACA Chapter business purposes, including order processing, processing of certification or membership applications, or registering you for event or training programs. ISACA Chapter may also use your PII to tailor your experience at our Site and to compile and display content and information that the ISACA Chapter thinks you might be interested in, and to provide you with content according to such preferences. ISACA Chapter may also publish the names, titles, professional biographies, and business affiliations of officers, committee members and others who have assisted with initiatives or projects or who have been a guest speaker.
ISACA Chapter may share PII with third-parties for legitimate business purposes. Below are some examples of types of disclosures to third-parties:
- To vendors or third-parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of ISACA Chapter, which third-parties include, for example, exam testing agencies and training providers and partners, product-fulfillment companies, third-party event hosts, other third-parties who may provide services on websites that are
accessible from links on our Site, and credit card companies/financial institutions processing payment;
- To ISACA Chapter volunteers and board members;
- To ISACA and other ISACA Chapters, the IT Governance Institute, and if you participate in our "Enterprise Participation Program," your information will be shared with your organization's program coordinator;
- If you are an event attendee, speaker, or sponsor, certain information may be included in the event roster, which may be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors;
- To investigate potentially fraudulent or questionable activities;
- In anticipation of, and in the course of, an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of our business or operations;
- To an independent auditing body in response to an official, periodic ISACA Chapter audit; and
- When ISACA Chapter believes it is necessary to cooperate with law enforcement, or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid ISACA Chapter business purposes.
ISACA Chapter also may use your profile information on an aggregate basis - without personal identifiers - to provide third-parties with information, such as to help the ISACA Chapter develop new features and content for the Site, and to provide Sponsors and others with aggregate information about our users and the usage patterns of the Site. ISACA Chapter does not sell or rent data.
ISACA Chapter retains PII for as long as necessary for its legitimate business purposes in accordance with the Chapter's retention policy, and as otherwise permitted by applicable law.
Security
ISACA Chapter uses reasonable measures to safeguard sensitive PII, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Site, ISACA Chapter may use Secure Socket Layer ("SSL") or Transport Layer Security ("TLS") encryption
technology to enhance data privacy and help prevent loss, misuse, or alteration of the information under ISACA Chapter control. Additionally, access to PII is restricted to necessary board members and volunteers for specified business functions on behalf of the ISACA Chapter. Information is stored through secured cloud-based access portals by ISACA International and ISACA Chapter third-parties. Such reasonable security measures do not extend to entities outside of ISACA Chapter's control.
ISACA Chapter cannot guarantee, however, that your information will remain secure. The Internet by its nature is a public forum, and ISACA Chapter encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself on-line. You are responsible for protecting your username and password from third-party access, and for selecting passwords that are secure.
Warning about Links to Third-Party Sites
From time-to-time, ISACA Chapter will provide links to third-party websites, or advertisements will contain links to third-party sites. For example, ISACA Chapter may link to a third-party, who is assisting in or is providing online training services. These links are provided as a service to you. These sites are operated by independent entities that have their own privacy policies and information security controls. ISACA Chapter's Privacy Policy does not apply to such other sites or to the use that those entities make of your information. ISACA Chapter has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information.
Your Privacy Rights Relating to Certain Information Disclosures
If you have an established business relationship with ISACA Chapter you may request a list of the categories of personal information the Chapter has disclosed to third-parties for those third- parties' marketing purposes, and a list of all third-parties to whom the Chapter has shared that information. ISACA Chapter will include, in that list, the names and addresses of the third-parties who had received the information and used it (or who the ISACA Chapter believes may have used it) for their own marketing purposes.
To exercise your rights, you may make one request each year by emailing us at support@isacacoh.org or writing us at the address listed in the "How to Contact ISACA Chapter and Modify Your Information or Preferences" section below. Indicate in your letter that you are making a "Privacy Information" inquiry. Responses to requests sent to this email address or to the
mailing address listed below will be provided within 30-days.
How to Contact ISACA Chapter and Modify Your Information or Preferences
Questions regarding this Privacy Policy should be directed to ISACA Central Ohio Chapter, P.O. Box 174, Lewis Center, Ohio 43035 or by email at support@isacacoh.org. If you would like to modify the types of marketing email messages you receive from ISACA Chapter, you may do so by following the instructions within the body of any email message that you receive from us or simply respond with a request to be removed from future email messages.
To help us keep your personal information up-to-date, or to request access to the personal information ISACA Chapter maintains about you, you may contact us at the contact methods provided above. Additionally, if you are a registered user of our Site or an associated site, such as our on-line event service provider, you may go online to your respective personal profile and
update your information in the necessary area(s).
Compliance with Children's Online Privacy Protection Act
ISACA Chapter does not believe our Site is appealing to children, nor are they directed to children under the age of 13. ISACA Chapter does not knowingly collect PII from persons under the age of 13 and strives to comply with the provisions of COPPA (the Children's Online Privacy Protection Act). If you are a parent of a child, who is under the age 13, and you believe that your child has provided us with information about himself or herself, please contact us at support@isacacoh.org.
Version 1.2; Last Revised: 5/08/2023