Chapter Privacy Policy

ISACA Winnipeg Chapter Privacy Policy

Last Updated: January 29, 2026

This Privacy Policy describes how the ISACA Winnipeg Chapter of ISACA ("ISACA Chapter", "we" or "us") collects, uses, shares, and retains personal information when you use this ISACA Chapter at www.isaca-wpg.org (the "Site"), or when you interact with us in person. Personal information is data that can be used to identify you directly or indirectly or to contact you including, but not limited to, your name, mailing address, email address, and telephone number.

Please note that this Privacy Policy does not apply to information collected or used by the global ISACA web sites, or mobile applications, which is governed by the Privacy Notice located at https://www.isaca.org/privacy-policy. Also, this Privacy Policy does not cover the practices of any of our Chapter's business partners (such as vendors, sponsors, or advertisers), and does not apply to personal information that we collect from or about our employees, consultants, contractors, vendors, sponsors, or advertisers.

1. Modifications to this Policy

From time to time, we may need to update or modify this Privacy Policy, to address changes in the law, new issues or to reflect changes on our Site. When we update this Privacy Policy, we will change the "Last Updated" date at the top of the Policy so you know it has been updated. To the extent required by law, we will notify you of material changes to this Privacy Policy.

2. Jurisdiction and Applicability

Our Site is primarily intended for residents of Canada. This Privacy Policy complies with the Personal Information Protection and Electronic Documents Act (PIPEDA), the federal privacy law applicable to the ISACA Winnipeg Chapter. If you are not a resident of Canada, your country's data protection laws may differ from those in Canada and may provide greater protection.

For information about ISACA chapters in other regions, you can conduct a search on ISACA's Local Chapters page.

3. Collection of Personal Information You Directly Provide

We collect personal information from you when you interact with our Site and when you use our services. We may collect information directly from you through online and offline registration forms for events, exams, meetings, and Chapter participation.

Events. We may host events that include in-person and virtual conferences, training, knowledge sharing and webinars. If you register for an event, we may collect the following information from you: first name, last name, email address, phone number, credit card and other payment information, business address, the type of business you work for or with, and your role in that business, as well as demographic information such as courses or areas of study in which you may be interested, and any dietary or accessibility requirements you choose to provide. We use the information you give us to process your registration, provide you with event services, and issue CPE credits where applicable. To the extent the information requested is not required for your participation in a given ISACA Chapter program, you will be told which information is optional. Should you fail to provide optional information, certain ISACA Chapter programs or features may not be available to you.

Presenters and Speakers. If you are a presenter or speaker at one of our events, we will collect information about you such as your name, biography, employer, contact information, professional profile, and photograph. We may also collect information provided by event attendees who evaluated your performance as a presenter. This information may be used in event programs, promotional materials, and on our website or social media channels, based on your consent obtained during speaker onboarding.

Committee Members and Volunteers. We may also collect your personal information if you are a committee member, volunteer, or when you assist with initiatives or projects, or when you serve as a Chapter Officer or on the Chapter Board. This may include biographical information and areas of expertise.

Chapter Meetings. We may also collect your personal information when you attend a Chapter Meeting, including attendance records and participation information (for example, sign-in sheets or virtual attendance logs).

Communications. If you communicate or correspond with us by email, through postal mail, via telephone or through other forms of communication, we may collect the information you provide as part of those communications. For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry, to notify you of other ISACA Chapter events, or to keep a record of your complaint, accommodation request, and similar purposes.

Indirect Collection. We may also maintain information about you that you do not directly provide, whether it is information received from third parties, such as business partners who provide exam administration services, or information we collect about your activities. For example, we may keep track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.

4. Passive Data Collection – Information We Automatically Collect

As you navigate through and interact with our Site, we may use automatic data collection technologies to collect certain information about your device (computer, tablet, smart phone) and your activities, including:

If you access our Site through a computer, we may automatically collect information such as your browser type and version, computer and connection information, IP address, mobile device advertising identifier, Media Access Control (MAC) address, pages you have visited, type of device, operating system name and version, device manufacturer, browser information (type, version), screen resolution, Internet service provider or mobile carrier's name, connection speed and connection type, date stamp, URL of the last webpage visited before visiting our Site, and URL of the first page visited after leaving our Site, pages viewed, time spent on a page, click through, queries made, search results selected, comments made, search history, type of service requested, purchases made, and information collected through cookies, pixel tags, and other technologies.

If you access our Site through a mobile device, we may also be able to identify the location of your mobile device. We use your location information (if shared) to identify the geographic locations from which our content is accessed so that we can better understand what content topics may be most relevant in that region, and to develop resources around those content topics. You may choose not to share your location details with us by adjusting your mobile device's location services settings.

Cookies and Similar Technologies. Cookies are small files, typically of letters and numbers, downloaded onto your computer or mobile device when you visit certain websites. When you return to these websites, or visit other websites that use the same cookies, the websites recognize these cookies and your browsing device. A cookie cannot read data off your hard drive or read cookie files created by other websites. You can set yours to refuse cookies, or to alert you when cookies are being sent; however, if you disable cookies, the full functionality of our Site may not be available to you. More information on cookies and their use can be found at www.aboutcookies.org or www.allaboutcookies.org.

Cookies set by the website operator are called "first party cookies". Cookies set by parties other than the website operator are called "third party cookies". The parties that set third party cookies can recognize your web browser both when it visits our Site and when it visits certain other websites where the third party's cookies are also present.

On our Site, there may be certain third-party advertisers whose advertisements contain cookies that collect data from you. Some of those cookies may contain tracking mechanisms that observe your behavior across multiple Sites. We do not control the use of cookies by advertisers or third parties displaying data on the Site or on the sites you visit using links from the Site.

5. Why We Collect Your Information

We collect and process personal information based on your consent, contractual necessity (for example, event registration or membership-related services), legal obligations, and our legitimate interests in operating and improving the Chapter's activities.

We will only use your information as described in this Policy or as disclosed to you prior to such processing taking place. We may use your personal information:

  • To provide our services to you, such as registering you for event or training programs;

  • To respond to your requests;

  • To advise you with information about other events or services which we believe may be of interest to you;

  • To improve our services and to detect, prevent and address technical issues;

  • To enforce compliance with our agreements, codes of conduct and this policy;

  • To manage Chapter membership, committees, and volunteer activities;

  • To compile aggregate statistics about member participation and engagement;

  • To comply with applicable laws and regulations, including PIPEDA.

6. Sharing Your Information

We may share your personal information with third parties for legitimate business purposes, including in the following circumstances:

  • To vendors or third-parties who deliver or provide services or otherwise act on our behalf or at our direction (such as membership management platforms, payment processors, and email service providers);

  • To our volunteers and board members to provide our services;

  • To ISACA and other ISACA chapters, the IT Governance Institute, and if you participate in our "Enterprise Participation Program," your information will be shared with your organization's program coordinator;

  • If you are an event attendee, speaker, or sponsor, certain of your information (such as your name, organization, role, and session details) will be included in the event roster, which roster will be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors to facilitate networking or follow-up about the event. You may be offered choices or consent options regarding such sharing at the time of registration;

  • To investigate potentially fraudulent or questionable activities; and

  • When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid ISACA Chapter business purposes.

Where service providers are located outside of Canada or use infrastructure outside of Canada, we ensure appropriate contractual safeguards and security measures are in place.

7. Data Retention

We will retain personal information for as long as is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). Retention periods vary based on the type of information and applicable legal or business requirements:

  • Membership Records: Retained as long as you remain a member, plus 7 years for legal and compliance purposes

  • Event Registration Data: Retained for 7 years following event completion, or longer if required for tax, audit, or dispute-resolution purposes

  • Communications: Retained for up to 7 years, unless required longer for legal, audit, or dispute-resolution purposes

  • Payment Records: Retained in accordance with applicable accounting and tax regulations

  • Breach Records: Retained for a minimum of 24 months from the date of assessment

When we have no justifiable business need to process your personal information, we will either delete or anonymize it in accordance with applicable privacy laws. Individuals may request deletion of their personal information at any time, subject to legal or business exceptions.

8. Security

We use reasonable measures to safeguard your personal information, and follow applicable laws regarding safeguarding such information under our control. These measures include:

  • Encryption of sensitive information in transit and at rest

  • Restricted access to personal information (authorized personnel only, based on role and need-to-know basis)

  • Regular security assessments and updates

  • Secure password protocols

  • Confidentiality agreements with employees, volunteers, and service providers

We cannot guarantee, however, that your information will remain 100% secure. The Internet by its nature is a public forum, and we encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.

9. Privacy Breach Notification

In the event of a privacy breach involving personal information under our control that poses a real risk of significant harm, the Chapter will:

  • Notify affected individuals without unreasonable delay

  • Notify the Office of the Privacy Commissioner of Canada, as required under PIPEDA, where applicable

  • Maintain detailed records of all privacy incidents and breaches for a minimum of 24 months, regardless of whether they meet the breach notification threshold

A privacy breach is assessed using the "real risk of significant harm" test, which considers factors including the sensitivity of the personal information, the probability of misuse, and the nature and scope of the breach. The Chapter documents all breach assessments and maintains records to demonstrate compliance with PIPEDA requirements.

10. Your Choices and Data Subject Rights (PIPEDA)

Unsubscribe and Opt-Out

If you receive commercial electronic communications from us, you can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the "unsubscribe link" provided in such communications. You may also contact our Privacy Officer to request removal from our mailing list.

Access and Correction

Under PIPEDA, you have the right to request information about what personal data we maintain about you, and to request access to and seek to correct the personal information we maintain about you. To exercise these rights, contact us at privacy@isaca-wpg.org. In your request, please make clear what information you would like to have changed or accessed. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable, and no later than 30 business days, unless a longer period is justified. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.

Deletion Rights

You may request deletion of your personal information at any time, subject to legal or business exceptions.

Your Rights Under PIPEDA

Under the Personal Information Protection and Electronic Documents Act (PIPEDA), individuals in Canada have the right to:

  • Request access to their personal information held by the Chapter

  • Request correction of inaccurate information

  • Request deletion of personal information (subject to legal and business exceptions)

  • Understand the purpose of information collection and use

  • Request information about how your personal information has been used and disclosed

  • Lodge a complaint regarding our privacy practices

11. Contacting the Privacy Commissioner of Canada

If you have concerns about our privacy practices or if you are not satisfied with our response to your privacy request, you may contact:

Office of the Privacy Commissioner of Canada

Telephone: 1-800-282-1376 (toll-free)

Website: www.priv.gc.ca

12. Links to Third-Party Sites

From time to time, we will provide links to third-party web sites, or advertisements will contain links to third-party sites. For example, we may link to a third party who is assisting in or is providing online training services. These links are provided as a service to you. These third-party sites are operated by independent entities that have their own privacy policies. This Privacy Policy does not apply to those third-party sites or to how those third-parties may collect or use your personal information. We have no control over the content displayed on such third-party sites, nor over the measures, if any, that are taken by such sites to protect the privacy of your information.

13. Children

We do not knowingly collect personal information from persons under the age of 18. Our Chapter activities and events are designed for professionals and are not targeted to children. If you are a parent of a child under 18, and you believe that your child has provided us with information about him or herself, please contact us via the information in the Contact section below. We will promptly delete such information and notify the parent or guardian.

14. Data Localization and Cross-Border Processing

Personal information collected by the ISACA Winnipeg Chapter may be transferred to, stored in, and processed in Canada and potentially other countries (including the United States) where ISACA Global, service providers, or authorized partners maintain operations or infrastructure. Where personal data is transferred or processed outside Canada, we ensure that appropriate contractual safeguards and data processing agreements are in place, and that service providers maintain security standards comparable to those required under PIPEDA.

By providing personal information to us, you consent to such transfers and processing in accordance with this Privacy Policy.

15. Contact Information

If you have questions or concerns about this Privacy Policy or how we process your personal information, please contact:

ISACA Winnipeg Chapter

Email: privacy@isaca-wpg.org

Website: www.isaca-wpg.org

Response Time: We aim to respond to all privacy inquiries within 30 business days.

For privacy matters, you may also reach out to the ISACA Winnipeg Chapter Privacy Officer through the above contact information.

Copyright © 2026 ISACA Winnipeg Chapter. All Rights Reserved.