Modifications to this Policy
If you are providing personally identifiable information and are not a resident of the United States, your country’s laws governing data collection and use, may differ from those in the United States (U.S) in particular, the U.S. may not provide the same level of protections as those in your own country. By providing information to the ISACA Chapter, you are transferring your personal data to the United States, and you consent to the transfer to, retention of and processing of your data in the United States.
Collection of Personally Identifiable Information
The ISACA Chapter collects the following types of personally identifiable information (for the purposes described in the “Use, Sharing, and Retention” section of this policy):
- Job title
- ISACA membership number
- Credit card issuer and last 4 of the card number (required for credit card processing)
- Billing address (required for credit card processing)
The ISACA Chapter collects information in a variety of ways, including, Eventbrite registration forms, and surveys (using various survey services). In the online environment, ISACA Chapter uses some common passive data collection mechanisms, including cookies. The ISACA Chapter uses fair and lawful means to collect information, collects information using methods that have been reviewed and approved by the chapter designee responsible for the Chapter privacy program. Information may be collected and maintained from ISACA International, such as: members, exam candidates, those who have been certified by ISACA, applicants, event attendees, speakers, participants in the ISACA Chapter programs, purchasers of the ISACA Chapter products and services, current and past website users, survey respondents, and others. To the extent that information requested is not required for your participation in a given the ISACA Chapter program, you will be told which information is optional. Should you fail to provide optional information, certain the ISACA Chapter programs or features may not be available to you.
Passive Online Data Collection
Use, Sharing and Retention of Personally Identifiable Information
The ISACA Chapter uses personally identifiable information for the purposes described at the time of collection or as otherwise described to you; to process your requests; to report to others about whether you are certified or not; as permitted by law to provide you with information about the ISACA Chapter, our products and services or other products and services in which we believe you may be interested; or for other legitimate ISACA Chapter business purposes, including order processing, processing of certification or membership applications, or registering you for events or training programs. The ISACA Chapter also publishes the names and titles of board members and others who have assisted with initiatives or projects.
The ISACA Chapter may share personally identifiable information with third parties for legitimate business purposes, including for the following reasons or in the following circumstances:
- To vendors or third-parties who deliver or provide goods and services or otherwise act on behalf of, or at the direction of the ISACA Chapter, which third parties include, for example, exam testing agencies and training providers and partners, product-fulfillment companies, third-party event hosts, other third parties who may provide services on websites that are accessible from links on one of our Site, and credit card companies processing payments;
- To the ISACA Chapter volunteers and board members;
- To the IT Governance Institute, ISACA Headquarters, and from time to time volunteers (such as ISACA board members) performing tasks on the ISACA Chapter’s behalf;
- To those who wish to determine if an individual is certified, provided that the requester of the information provides to ISACA Chapter the certification number and last name of the individual, including justification of the need for such information;
- If you are an event attendee, speaker, or sponsor, some of your information will be included in the event roster which may be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors;
- To investigate potentially fraudulent or questionable activities;
- In anticipation of, and in the course of, an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of the Chapter’s business or operations; and
- When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid ISACA Chapter business purposes.
The ISACA Chapter also may use your profile information on an aggregate basis – without personal identifiers – to provide third parties with information, such as to help us develop new features and content for the Site, and to provide Sponsors and others with aggregate information about our users and the usage patterns of the Site.
Individuals are notified of the ISACA Chapter’s practices with respect to the sharing of information with third parties. When sharing information, the ISACA Chapter limits the amount and type of information shared to that which the other party needs or that is relevant to the other party. If the ISACA Chapter shares personally identifiable information with a vendor or other third party providing services on the ISACA Chapter’s behalf, the Chapter requires that the third party use the data as directed by the Chapter and that it maintain the confidentiality and security of the data. Chapter will take appropriate remedial actions if it becomes aware of any situation in which a third-party misuses personally identifiable information.
The ISACA Chapter retains personally identifiable information for as long as necessary for its legitimate business purposes, and as otherwise permitted by applicable law. Since most information is in continuous use, much is retained on an indefinite basis. When Chapter finds that it has extensive information it is not using, it will determine appropriate means to dispose of personally identifiable information in a secure manner in keeping with its legal obligations.
The ISACA Chapter utilizes a website (“Site”) supported and managed by ISACA International (“ISACA”) who uses reasonable measures to safeguard sensitive personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Site, ISACA may use Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information under ISACA’s control.
The ISACA Chapter cannot guarantee, however, that your information will remain secure. The Internet by its nature is a public forum, and the ISACA Chapter encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
Links to Third-Party Sites
Your Privacy Rights Relating to Certain Information Disclosures
If you have an established business relationship with us, you may request from us a list of the categories of personal information we have disclosed to third parties for those third parties’ marketing purposes, and a list of all third parties to whom we have shared that information. We will include in that list the names and addresses of the third parties who received the information and used it (or who we believe may have used it) for their own marketing purposes.
To exercise your rights, you may make one request each year by emailing us at firstname.lastname@example.org. Indicate in your email that you are making a Privacy inquiry. Responses to requests sent to this email address will be provided within 30 days. Such requests will be answered and addressed under the direction and supervision of the Chapter designee responsible for the Chapter privacy program.
The Chapter relies on individuals to provide it with complete and accurate personally identifiable information, and in certain circumstances may require individuals to represent and warrant that the details they have provided are their own, are complete, and are accurate.
How to Contact the ISACA Chapter and Modify Your Information or Preferences
If you would like to modify the types of marketing email messages you receive from the ISACA Chapter, you may do so by following the instructions within the body of any email message that you receive from us.
To help us keep your personal information up to date, or to request access to the personal information the ISACA Chapter maintains about you, you may contact us at email@example.com.
The ISACA Puget Sound Chapter does not believe its Site is appealing to children, nor are they directed to children under 13. The ISACA Chapter does not knowingly collect personally identifiable data from persons under the age of 13, and strives to comply with the provisions of COPPA (The Children’s Online Privacy Protection Act). If you are a parent of a child under 13, and you believe that your child has provided us with information about him or herself, please contact us at firstname.lastname@example.org