ISACA Denmark Chapter Privacy Policy
Last Updated: October 23, 2024
Welcome to the ISACA Denmark Chapter (the “Chapter,” “we,” “us,” or “our”). We are an independent chapter of ISACA, Inc. (referred to herein as “ISACA”), engaged in the promotion of the education of its members for the improvement and development of their capabilities relating to the auditing of, management consulting in, or direct management of, the fields of IT governance, IS audit, security, control and assurance.
This Privacy Policy describes how our Chapter collects, uses, shares, and retains personal data when you use our website at https://engage.isaca.org/denmarkchapter/home (the “Site”), or when you interact with us in person. Personal data is data that can be used to identify you directly or indirectly or to contact you including, but not limited to, your name, mailing address, email address, and telephone number.
Please note that this Privacy Policy does not apply to information collected or used by ISACA International’s global websites, or mobile applications which is governed by the Privacy Notice located at https://www.isaca.org/privacy-policy. This Privacy Policy also does not cover the practices of any other ISACA Chapter, or any ISACA Chapter business partners (such as vendors, service providers, sponsors, or advertisers) and does not apply to personal data that we collect from or about our employees, consultants, contractors, vendors, sponsors, or advertisers.
1. Modifications to this Policy
From time to time, we may need to update or modify this Privacy Policy, including to address changes in the law, new issues or to reflect changes on our Site. When we update this Privacy Policy, we will change the “Last Updated” date at the top of the page, so you know it has been updated. To the extent required by law, we will notify you of material changes to this Privacy Policy.
2. Collection of Personal Data You Directly Provide
We collect personal data from you when you interact with our Site and when you use our services. We may collect personal data directly from you, for example through online and offline registration forms for events, exams or meetings.
Events. We may host events that include in-person and virtual conferences, training, knowledge sharing and webinars. If you register for an event, we may collect the following information from you: first name, last name, email address, phone number, photograph, credit card and other payment information, business address, the type of business you work for or with, and your role in that business. as well as demographic information such as courses or areas of study in which you may be interested. We use this information to provide you with event services. To the extent the information requested is not required for your participation in a given ISACA Chapter program, you will be told which information is optional. Should you fail to provide optional information, certain Chapter programs or features may not be available to you.
Presenter. If you are a presenter at one of our events, we will collect information about you such as your name, employer, contact information and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter.
Committee Member. We may also collect your personal data if you are a committee member, or when you assist with initiatives or projects, or when you serve as a Chapter Officer, or on the Chapter Board.
Communications. If you communicate or correspond with us by email, through postal mail, via telephone or through other forms of communication, we may collect the information you provide as part of those communications. For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of other ISACA Chapter events; or to keep a record of your complaint, accommodation request, and similar purposes.
We may also maintain information about you that you do not directly provide, whether it is information received from third parties, such as business partners who provide exam administration services, or information we collect about your activities. For example, we may keep track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.
3. Passive Data Collection – Information We Automatically Collect
As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your device (i.e. your computer, tablet, smart phone, etc.) and your activities. These technologies include “cookies,” which are small files, typically composed of letters and numbers, that are downloaded onto your computer or mobile device when you visit certain websites. When you return to these websites, or visit other websites that use the same cookies, these websites recognize these cookies and your browsing device. A cookie cannot read data off your hard drive or read cookie files created by other websites.
Your Right to Refuse Consent for Non-Essential Cookies. You must provide your consent before any tracking technologies other than those that are strictly-necessary / essential can be placed on your device. Please note that this means the consent requirement does not apply to cookies that are strictly necessary for the operation of our Site. If you do not agree to accept our cookies or other tracking technologies that are not strictly-essential for the operation of this Site, we will make commercially reasonable efforts to provide you with as similar level of services as we can.
4. Why We Collect Your Personal Data
We may use your personal data to provide the following services, based upon the legal bases noted below:
- We rely on our contract with you to
-
- Provide our services to you, such as registering you for event or training programs.
- Enforce compliance with our agreements, codes of conduct and this Privacy Policy.
- We rely on your consent to process your personal data to:
-
- Advise you with information about other events or services which we believe may be of interest to you; and
- Respond to your requests.
- We rely on legitimate interests to process your personal data to:
-
- Improve our services and to detect, prevent and address technical issues.
5. Sharing Your Data
We may share your personal data with the following parties:
- To vendors or third parties who deliver or provide services, or otherwise act on our behalf or at our direction;
- To our volunteers and board members to provide our services;
- With ISACA as part of our ISACA affiliation agreement, and to provide our services;
- With other ISACA chapters, the IT Governance Institute, and if you participate in our “Enterprise Participation Program,” with your organization’s program coordinator; and
- When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid Chapter business purposes.
6. Data Retention
For any other personal data we collect, we will retain the personal data for as long as is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). When we have no justifiable business need to process your personal data, we will either delete or anonymize it.
7. Security
We use reasonable measures to safeguard your personal data and follow applicable laws regarding safeguarding such information under our control. We cannot guarantee, however, that your information will remain secure. The Internet is by its nature a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from any third party’s access, and for selecting passwords that are secure.
8. Your Data Subject Rights
You have a number of rights in relation to your personal data. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal data. You have the following rights in relation to your personal data:
- Right of access to and rectification of your personal data. You have a right to request that we provide you a copy of your personal data held by us. This information will be provided without undue delay subject to some fee associated with the gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal data held by us that is inaccurate.
- Right to erasure. You have the right to request erasure of your personal data that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing to which you previously consented, but later withdrew such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal data public and are obliged to erase the personal data, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal data that you have requested the erasure of any links to, or copy or replication of your personal data. The above is subject to limitations by relevant data protection laws.
- Right to data portability. If we process your personal data based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format, and to have it transferred directly to another “controller,” where technically feasible, unless the exercise of this right adversely affects the rights and freedoms of others.
- Right to restrict processing. You have the right to restrict or object to processing your personal data where one of the following applies:
- You contest the accuracy of your personal data that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal data.
- The processing is unlawful and you oppose the erasure of your personal data and request the restriction of its use instead.
- We no longer need your personal data for the purposes of the processing, but it is required by you to establish, exercise, or in defense of legal claims.
- You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.
- Restricted personal data shall only be processed with your consent or for the establishment, exercise, or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
- Right to withdraw consent. You have the right to withdraw your consent to the processing of personal data collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
- Right to object to processing. Where the processing of your personal data is based on consent, contract, or legitimate interests, you may restrict or object, at any time, to the processing of your personal data as permitted by applicable law. We can continue to process your personal data if it is necessary for the defense of legal claims or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal data, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws. We do not engage in this type of automated processing.
- Right to complain to a Supervisory Authority. You have the right to complain to the Supervisory Authority in the jurisdiction in which you reside if you are concerned about the way we have processed your personal data. If you are a resident of the EEA you can find the contact information for your Supervisory Authority here. If you are a resident of the United Kingdom, you can find the contact details for the Information Commissioner’s Office here.
To exercise your rights noted above, please contact using the form at
https://engage.isaca.org/denmarkchapter/about/aboutchapter/contactus
Marketing Communications. We will only contact you by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or your consent. When we rely on legitimate interests, we will only send you information about our Sites or services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal data in this way or to disclose your personal data to third parties for marketing purposes, please click an unsubscribe link in your emails from us, or you contact us using the form linked to just above this section. You can object to direct marketing at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.
International Transfers. We will protect your personal data in accordance with this Privacy Policy wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal data in accordance with applicable laws. These steps include implementing the European Commission's Standard Contractual Clauses for transfers of personal data to our service providers and business partners outside of the UK or EEA. To the extent applicable, we may rely on derogations as set forth in Article 49 of the UK GDPR/GDPR for the transfer of personal data collected from individuals in the UK and the EEA to the United States, and other countries that the European Commission views as not providing adequate levels of protection. Specifically, we may transfer such information to another party to perform a contract with you, with your explicit consent, or in a manner that does not outweigh your rights and freedoms.
9. Links to Third-Party Sites
From time to time, we will provide links to third-party web sites, or advertisements will contain links to third-party sites. For example, we may link to a third party who is assisting in or is providing online training services. These links are provided as a service to you. These third-party sites are operated by independent entities that have their own privacy policies. This Privacy Policy does not apply to those third-party sites or to how those third-parties may collect or use your personal information. We have no control over the content displayed on such third-party sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information.
10. Children
We do not knowingly collect personal data from persons under the age of 16. If you are a parent of a child under 16, and you believe that your child has provided us with information about him or herself, please contact us via the information in the Chapter and DPO Contact Information section below.
11. Chapter and DPO Contact Information
If you have questions or concerns about this Privacy Policy or how we process your personal data, please contact using the form at
https://engage.isaca.org/denmarkchapter/about/aboutchapter/contactus