Chapter Privacy Policy

Privacy notice

(Last Updated: 23 March 2021)

By accessing and using our Services, subject to UK GDPR (General Data Protection Regulation), the DPA (Data Protection Act) 2018 and all applicable data privacy laws / regulations, you signify you understand and consent to the terms of this Privacy Policy and consent to our Terms of Use. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy or our Terms of Use, you should immediately discontinue access or use of our Services.

Who are we?

The ISACA London Chapter (ILC) is an independent chapter and affiliate of ISACA International, engaged in the promotion of the education of its members for the improvement and development of their capabilities relating to the auditing of, management consulting in, or direct management of the fields of IT governance, IS audit, security, control and assurance.

Our data privacy representatives can be contacted directly here:

  • dataprivacy@isaca-london.org
  • 0207 1832211

What personal data we collect and the Legal Basis

Personal data we would collect from/process on you


Personal data type: Source:
Your registration details including ISACA membership number, certificate and dates of exam passed exams and certified, Payment Status, Certification Status ISACA International
Event registration details (Member/Non Member/Affiliate of ISACA London Chapter) ISACA London Chapter Event Registration
Event Registration Details including Membership Number and  Partners Event Registration
Name, personal contact details, Query Information Queries from Members/Non Members

Personal data shared by ISACA International

The personal information shared by ISACA International is used to meet ISACA London Chapter objectives as an affiliate of ISACA International (Article 6 1 f) and provide membership services to ISACA London Chapter members. We use your personal data to provide following services:-

  • Maintain your record of registration for attending the ILC event and share it with event venue host/provider to print and issue attendee badges for security, health and safety.
  • Keep you informed of future ILC and partner educational events (including events, certification courses etc.)
  • Send you Newsletter and track the IP address to the demographic analysis of the geographical location of constituents. • Contact you to participate in the relevant surveys and research initiatives supported by ISACA London Chapter.
  • Contact you to participate in Annual General Meeting of the ISACA London Chapter (applicable to fully paid up members of ISACA International and ISACA London Chapter).

Personal Data collected by (3rd Party Online Event Organiser)

ISACA London Chapter only collects the registration information that you provide when you register to attend ISACA London Chapter in-person and on-line educational events.

This event registration information is used by ISACA London Chapter and its service providers and venue hosts to provide services including:

  • Issue event ticket,
  • authenticate on arrival,
  • provide with a name badge,
  • record evidence of entry and attendance to the event to ensure compliance with security, health and safety requirements.

If you are an ISACA member, your ISACA membership number and duration of the event will be passed on to ISACA International to update your central CPE records. For audit purposes, the information collected during this registration will be retained by ISACA- London Chapter for a maximum of five (5) years.

If you are not an ISACA member, your registration data collected by ISACA London Chapter will be erased within sixty (60) days of the event.

If you are a member of a partner organisation, by virtue of which you are entitled to attend an ISACA event free of charge, we may pass on your event registration details to the participating Partner organisation.

These third-party websites and services are not related to us and may have separate privacy policies and data collection practices. We have no responsibility for these websites or their privacy practices unless there is DPA (Data Processing Agreement) with them and encourage you to read the privacy policies of all websites you visit.

Partners holding an event that you attended

If you are a member of ISACA London Chapter attending our partner events, participating partner may share your registration detail including ISACA Membership number, which we in turn would pass on to ISACA International to update your central CPE records. For audit purposes, the information collected during this registration will be retained by ISACA- London Chapter for a maximum of five years.

Our legal basis for processing for the personal data

Due to ISACA London Chapter's (ILC) affiliation with ISACA International, ILC is required to process ISACA London Chapters members (subjects) data in order to provide membership services under its by-laws (affiliation agreement) with ISACA International. ISACA International (the Data Controller) is responsible for managing the consent directly. Please note that if you are fully paid up member of ISACA International or ISACA London Chapter then please contact ISACA International to withdraw your consent for processing of personal identifiable data by ISACA London Chapter. You can withdraw consent directly using ISACA International website (www.isaca.org)

Any legal obligation that ISACA London Chapter is required to meet being a UK registered company;

You can choose to ‘opt out’ of ILCs newsletters and other communications by clicking the ‘unsubscribe’ link at the bottom of our emails communication.

If you wish to change your contact details or preferences please contact ISACA International.

Security

ISACA London Chapter employs a risk based variety of technical and organisational measures to keep personal data safe and to prevent unauthorised access to, or use or disclosure of it.

ISACA London Chapter respect your personal data and will never sell your personal data to third parties.

International Transfers

The ISACA London Chapter may use service providers who are based on non-EU countries. In such cases ISACA London Chapter will inform members and ISACA International list of sub-processors based in non-EU countries.

ISACA London Chapter currently uses following named organisations based in third country (non EU) as service providers and share your least amount of personal information to provide services to you outlined in previous sections.


Third country (non- EU)/international organisation Safeguards in place to protect your personal data
Eventbrite Refer section 15-16 at
https://www.eventbrite.co.uk/support/articles/en_US/Troubleshooting/eventbrite-privacy-policy?lg=en_GB
Mailchimp Refer section E. International Transfers under https://mailchimp.com/legal/privacy/

Retention period

ISACA London Chapter will continue to process personal data of members whilst they are fully paid up members of ISACA International and ISACA London Chapter.
For information collected as part of event registration (via Eventbrite) process data for sixty (60) days and will store the personal data for up to five (5) years. We remove most information provided to us by members as soon as memberships are ceased, and data will cycle out of long-term backups up to six months later. We store logs of outbound emails for up to twelve (12) months after the email is sent for the purposes handling abuse complaints and compliance monitoring.

We will continue to store limited information about our members (including transaction records) for seven (7) years plus the current calendar year for accounting, audit, record keeping and administrative purposes.

If we consider there is a need to store records for longer (for example, the transaction has been the subject of a dispute or claim) then we will retain the data for as long as is necessary.

Your rights as a data subject

You have a number of rights in relation to your personal information under data protection law. In relation to certain rights, we may ask you for information to confirm your identity and, where applicable, to help us to search for your personal information. Except in rare cases, we will respond to you within 30 days after we have received this information or, where no required, after we have received your request. At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:-

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to certain types of processing such as direct marketing.
  • Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that ISACA London Chapter refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined in section below.
All of the above requests will be forwarded on should there be a third party involved in the processing of your personal data (or instead of ILC, a third party (e.g. ISACA International) is the data controller.)

Please note that since most of your personal data is shared with ISACA London Chapter by ISACA International, we would suggest that you raise your queries with International as well in order to exercise your subject rights with ISACA International as well.

Modifications to this Privacy Notice

We keep our privacy notice under regular review. From time to time, ISACA London Chapter may need to update or modify this Privacy Notice, to reflect changes in our business practices, data collection practices or organization. We reserve the right to amend this Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice on the Sites, or, if you have provided your email address to us, sending you an email notifying you of the amended Privacy Notice.

Questions or Concerns

If you have any questions or concerns about this Privacy Notice, please contact ISACA’s London data protection resource at: dataprivacy@isaca-london.org.

Complaining to the UK data protection regulator

You have the right to complain to the Information Commissioners Office (ICO) if you are concerned about the way we have processed your personal information. Please visit the ICO’s website for further details.