Chapter Privacy Policy

Downloadable version of this policy:  ISACANJ_Privacy_Policy.pdf

Effective Date/Approved by the Chapter Board of Directors:  February 18, 2026

Welcome to the ISACA NJ Chapter. We are an independent chapter of ISACA, Inc. (referred to herein as “ISACA”), engaged in the promotion of the education of its members for the improvement and development of their capabilities relating to the auditing of, management consulting in, or direct management of, the fields of IT governance, IS audit, security, control, and assurance.

This Privacy Policy describes how our Chapter collects, uses, shares, and retains personal data when you use our website at https://engage.isaca.org/newjerseychapter/home (the “Site”), or when you interact with us in person. Personal data is data that can be used to identify you directly or indirectly or to contact you including, but not limited to, your name, mailing address, email address, and telephone number.

Please note that this Privacy Policy does not apply to information collected or used by ISACA global websites, or mobile applications which is governed by the Privacy Notice located at https://www.isaca.org/privacy-policy. This Privacy Policy also does not cover the practices of any other ISACA Chapter, or any ISACA Chapter business partners (such as vendors, service providers, sponsors, or advertisers) and does not apply to personal data that we collect from or about our employees, consultants, contractors, vendors, sponsors, or advertisers.         

1.     Modifications to this Policy

From time to time, we may need to update or modify this Privacy Policy, including to address changes in the law, new issues, or to reflect changes on our Site. We will notify you of changes to this policy by updating the “Last Updated” date at the top of the page so you know it has been updated. To the extent required by law, we will notify you of material changes to this Privacy Policy.

2.     Collection of Personal Data You Directly Provide

We collect personal data from you when you interact with our Site and when you use our services. We may collect personal data directly from you, for example through online and offline registration forms for events, exams, or meetings.

Events. We may host events that include in-person and virtual conferences, training, knowledge sharing, and webinars. If you register for an event, we may collect the information from you such as: first name, last name, email address, phone number, credit card and other payment information, business address, the type of business you work for or with, and your role in that business. We may also collect demographic information such as courses or areas of study in which you may be interested. We use this information to provide you with event services. To the extent the information requested is not required for your participation in a given ISACA Chapter program, you will be told which information is optional. Should you fail to provide optional information, certain Chapter programs or features may not be available to you.

Presenter. If you are a presenter at one of our events, we will collect information about you such as your name, employer, contact information and photograph, and we may also collect information provided by event attendees who evaluated your performance as a presenter. 

Committee Member.  We may also collect your personal data if you are a committee member, or when you assist with initiatives or projects, or when you serve as a Chapter Officer, or on the Chapter Board.

Communications. If you communicate or correspond with us by email, postal mail, telephone, or through other forms of communication, we may collect the information you provide as part of those communications.  For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of other ISACA Chapter events; or to keep a record of your comments, complaint, accommodation request, and similar purposes.

We may also maintain information about you not directly provided by you, whether it is information received from third parties, such as business partners who provide exam administration services, or information we collect about your activities. For example, we may keep track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.

3.     Passive Data Collection – Information We Automatically Collect

As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your device (i.e. your computer, tablet, smart phone, etc.) and your activities. These technologies include “cookies,” which are small files, typically composed of letters and numbers, that are downloaded onto your computer or mobile device when you visit certain websites. When you return to these websites, or visit other websites that use the same cookies, these websites recognize these cookies and your browsing device. A cookie cannot read data off your hard drive or read cookie files created by other websites.

Your Right to Refuse Consent for Non-Essential Cookies. You must provide your consent before any tracking technologies can be placed on your device, other than those that are strictly-necessary. Please note that this means the consent requirement does not apply to cookies that are strictly necessary for the operation of our Site. We may also use these cookies to connect the information collected to the collected personal information you may voluntarily provide, improve the quality of the Site, and/or our service, identify user preferences, improve search results and track user browsing trends. Your web browser can be set to allow you to control whether you will accept cookies, reject cookies, or to notify you each time a cookie is sent to you. Please note that cookies are not required to access and use our Site or services.  However, if your browser is set to reject cookies some Site functionality may be lost. The Help section of your browser will tell you how to prevent your browser from accepting cookies or to delete cookies that are already on your computer (persistent cookies). 

Do Not Track.  Except as otherwise described in this privacy policy, we do not track website visitors over time and across third party websites to provide targeted advertising and therefore we do not respond to Do Not Track (DNT) signals. Third parties that have content embedded on our Site may set cookies on your browser and/or obtain information about the fact that a web browser visited our website from a certain IP address. Third parties cannot collect any other personally identifiable information from our website unless you provide it to them directly.

Global Privacy Control.  Some browsers and browser extensions support the Global Privacy Control (“GPC”) that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.]

4.     Why We Collect Your Personal Data

We may use your personal data to:

   Provide our services to you, such as registering you for event or training programs.

   Enforce compliance with our agreements, codes of conduct and this Privacy Policy.

   Advise you with information about other events or services which we believe may be of interest to you; and

   Respond to your requests.

   Improve our services and to detect, prevent and address technical issues.

5.     Sharing Your Data

We may share your personal data with the following parties:

  • To vendors or third parties who deliver or provide services [to us] [and who are bound by contractual obligations to keep personal data confidential and use it only for the purposes for which we disclose it to them], or otherwise act on our behalf or at our direction;
  • To our board members and volunteers to provide our services;
  • With ISACA as part of our ISACA affiliation agreement, and to provide our services;
  • With other ISACA chapters, the IT Governance Institute, and if you participate in our “Enterprise Participation Program,” with your organization’s program coordinator; and
  • When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid Chapter business purposes.
  •   ·  To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal data held by us is among the assets transferred.
  •     If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our organization, our customers, members, or others. This includes, without limitation, exchanging information with other companies and organizations for the purposes of fraud protection.
  •   ·  To fulfill the purpose for which you provide it.
  •   ·  For any other purpose disclosed by us when you provide the information.
  •   ·  With your consent.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

6.     Data Retention

For any personal data we collect, we will retain the personal data for as long as is needed to fulfill the purposes outlined in this Privacy Policy, or for as otherwise legally permitted or required, such as maintaining the Services, operating our organization, complying with our legal obligations, resolving disputes, and for safety, security, and fraud prevention. This means that we consider our legal and business obligations, potential risks of harm, and nature of the information when deciding how long to retain personal data. At the end of the retention period, we will either delete or deidentify it.

7.     Security 

We use reasonable measures to safeguard your personal data and follow applicable laws regarding safeguarding such information under our control. However, we cannot guarantee that your information will remain secure. The Internet is by its nature a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from any third party’s access, and for selecting passwords that are secure.

8.     Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal data, including:

  • Access and Data Portability. You may request that we confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request.
  • Correction. You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.
  • Deletion. You may request that we delete personal data about you that we maintain, subject to certain exception under applicable law.
  • Opt Out of Using Personal Data for Targeted Advertising, Profiling, and Sales. You may request that we do not use your personal data for these purposes by emailing us at Membership@njisaca.org.

Important: The exact scope of these rights vary by state and we may not have an obligation to fulfill your requests.

Nevada Privacy Rights. Nevada provides its residents with a limited right to opt out of certain personal data sales. Residents who wish to exercise their sale opt-out rights may submit a request to Secretary@njisaca.org. However, please know we do not currently sell data triggering that statute's opt-out requirements.

To exercise your rights noted above or appeal a decision regarding a consumer rights request, please contact us at Secretary@njisaca.org. We will respond to your request to the extent required by law. 

9.     Links to Third-Party Sites

From time to time, we will provide links to third-party web sites, or advertisements will contain links to third-party sites.  For example, we may link to a third party who is assisting in or is providing online training services.  These links are provided as a service to you.  These third-party sites are operated by independent entities that have their own privacy policies.  This Privacy Policy does not apply to those third-party sites or to how those third-parties may collect or use your personal information.  We have no control over the content displayed on such third-party sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information. 

10.  Children

We do not knowingly collect personal data from persons under the age of 16. If you are a parent of a child under 16, and you believe that your child has provided us with information about him or herself, please contact us via the information in the Chapter and DPO Contact Information section below.

11.  Chapter and DPO Contact Information

If you have questions or concerns about this Privacy Policy or how we process your personal data, please email us at Secretary@njisaca.org, or you can mail us at:

                                    ISACA New Jersey Chapter

                                    P.O. Box 264

                                    Cranford, NJ 07016