www.isaca.org
Open in
urlscan Pro
2606:4700::6810:1d79
Public Scan
Submitted URL: http://track.landingpagemktg.com/?xtl=2pzmigcsnomyui8vqfxnwcuuy7ty62m1q54fio3v8btt0nh5sjyln59ufzvoy3ni2pupgcil140vrh1fmxzg79vk28b...
Effective URL: https://www.isaca.org/privacy-policy?utm_source=dataaxle&utm_medium=email&utm_campaign=b2c_NewYearNewYou_EXT_2B_20230130
Submission: On January 31 via api from US — Scanned from NL
Effective URL: https://www.isaca.org/privacy-policy?utm_source=dataaxle&utm_medium=email&utm_campaign=b2c_NewYearNewYou_EXT_2B_20230130
Submission: On January 31 via api from US — Scanned from NL
Form analysis 0 forms found in the DOM
Text Content
ISACA_logo_RGB
* Why ISACA?
* Membership
* Credentialing
* Training & Events
* Resources
* Enterprise
*
* Sign In
* Support
* Careers
* Join/Renew
* MyISACA
* Cart (0)
* Renew
* Professional Join
* Recent Grad Join
* Student Join
* Membership
* Certifications
* Certificates
* CPE Certificates
* Learning Access
* Resources
* Order History
Search
For 50 years and counting, ISACA® has been helping information systems
governance, control, risk, security, audit/assurance and business and
cybersecurity professionals, and enterprises succeed. Our community of
professionals is committed to lifetime learning, career progression and sharing
expertise for the benefit of individuals and organizations around the globe.
Today, we also help build the skills of cybersecurity professionals; promote
effective governance of information and technology through our enterprise
governance framework, COBIT® and help organizations evaluate and improve
performance through ISACA’s CMMI®. We serve over 165,000 members and enterprises
in over 188 countries and awarded over 200,000 globally recognized
certifications. ISACA is, and will continue to be, ready to serve you.
* Why ISACA Home
* What We Offer
Benefit from transformative products, services and knowledge designed for
individuals and enterprises.
* About Us
Information and technology power today’s advances, and ISACA empowers IS/IT
professionals and enterprises.
* One In Tech
One In Tech is a non-profit foundation created by ISACA to build equity and
diversity within the technology field.
* * Participate and Volunteer
* Leadership and Governance
* Academic Partnership
* Advocacy
* Contact Us
* Newsroom
Gain a competitive edge as an active informed professional in information
systems, cybersecurity and business. ISACA® membership offers you FREE or
discounted access to new knowledge, tools and training. Members can also earn up
to 72 or more FREE CPE credit hours each year toward advancing your expertise
and maintaining your certifications.
As an ISACA member, you have access to a network of dynamic information systems
professionals near at hand through our more than 200 local chapters, and around
the world through our over 165,000-strong global membership community.
Participate in ISACA chapter and online groups to gain new insight and expand
your professional influence. ISACA membership offers these and many more ways to
help you all career long.
* Membership Home
* IamISACA
We are all of you! Meet some of the members around the world who make ISACA,
well, ISACA.
* Professional
Contribute to advancing the IS/IT profession as an ISACA member.
* Recent Graduate
Start your career among a talented community of professionals.
* Student
Get an early start on your career journey as an ISACA student member.
* * Member Benefits
* Membership Levels
* Browse Chapters
* Join Now
* Contact Us
Validate your expertise and experience. Whether you are in or looking to land an
entry-level position, an experienced IT practitioner or manager, or at the top
of your field, ISACA® offers the credentials to prove you have what it takes to
excel in your current and future roles.
Take advantage of our CSX® cybersecurity certificates to prove your
cybersecurity know-how and the specific skills you need for many technical
roles. Likewise our COBIT® certificates show your understanding and ability to
implement the leading global framework for enterprise governance of information
and technology (EGIT). More certificates are in development. Beyond
certificates, ISACA also offers globally recognized CISA®, CRISC™, CISM®, CGEIT®
and CSX-P certifications that affirm holders to be among the most qualified
information systems and cybersecurity professionals in the world.
* Credentialing Home
A CISA, CRISC, CISM, CGEIT, CSX-P, CDPSE, ITCA, or CET after your name proves
you have the expertise to meet the challenges of the modern enterprise.
* Certifications
* Certificates
Choose from a variety of certificates to prove your understanding of key
concepts and principles in specific information systems and cybersecurity
fields.
* * Badges
* Career Pathways
* Verify a Certification
* Contact Us
ISACA® is fully tooled and ready to raise your personal or enterprise knowledge
and skills base. No matter how broad or deep you want to go or take your team,
ISACA has the structured, proven and flexible training options to take you from
any level to new heights and destinations in IT audit, risk management, control,
information security, cybersecurity, IT governance and beyond.
ISACA delivers expert-designed in-person training on-site through hands-on,
Training Week courses across North America, through workshops and sessions at
conferences around the globe, and online. Build on your expertise the way you
like with expert interaction on-site or virtually, online through FREE webinars
and virtual summits, or on demand at your own pace.
* Training & Events Home
* Train Your Way
Choose the Training That Fits Your Goals, Schedule and Learning Preference
* Digital Trust World Conference
Expand your knowledge, grow your network and earn CPEs while advancing
digital trust.
* GRC CONFERENCE
Grow your expertise in governance, risk and control while building your
network and earning CPE credit.
* Online Training
Advance your know-how and skills with expert-led training and self-paced
courses, accessible virtually anywhere.
* * Cybersecurity Training
* Career Home
* Find Training by Topic
* Training Partners
* Academic Partnership
* Sponsorship Opportunities
* Learning Access
* Call for Speakers
Get in the know about all things information systems and cybersecurity. When you
want guidance, insight, tools and more, you’ll find them in the resources ISACA®
puts at your disposal. ISACA resources are curated, written and reviewed by
experts—most often, our members and ISACA certification holders. These leaders
in their fields share our commitment to pass on the benefits of their years of
real-world experience and enthusiasm for helping fellow professionals realize
the positive potential of technology and mitigate its risk.
Available 24/7 through white papers, publications, blog posts, podcasts,
webinars, virtual summits, training and educational forums and more, ISACA
resources.
* Resources Home
* Insights & Expertise
Audit Programs, Publications and Whitepapers
* COBIT
The leading framework for the governance and management of enterprise IT.
* Journal
Peer-reviewed articles on a variety of industry topics.
* * Store
* Frameworks, Standards and Models
* Privacy
* IT Audit
* IT Risk
* Cybersecurity
* News and Trends
* ISACA Digital Videos
* ISACA Podcast
* Glossary
* Engage Online Communities
Add to the know-how and skills base of your team, the confidence of stakeholders
and performance of your organization and its products with ISACA Enterprise
Solutions. ISACA® offers training solutions customizable for every area of
information systems and cybersecurity, every experience level and every style of
learning. Our certifications and certificates affirm enterprise team members’
expertise and build stakeholder confidence in your organization. Beyond training
and certification, ISACA’s CMMI® models and platforms offer risk-focused
programs for enterprise and product assessment and improvement.
On the road to ensuring enterprise success, your best first steps are to explore
our solutions and schedule a conversation with an ISACA Enterprise Solutions
specialist.
* Enterprise Home
* Train
Build your team’s know-how and skills with customized training.
* Certify
Affirm your employees’ expertise, elevate stakeholder confidence.
* Performance Solutions
Build capabilities and improve your enterprise performance using: CMMI V2.0
Model Product Suite, CMMI Cybermaturity Platform, Medical Device Discovery
Appraisal Program & Data Management Maturity Program
* * CMMI - An ISACA Enterprise
* Medical Device Discovery Appraisal Program
* CMMI Cybermaturity Platform
* CMMI-CMMC
* Partner with ISACA
* Partner Directory
* Contact Enterprise Solutions
* Why ISACA?
* Why ISACA Home
* What We Offer
* About Us
* One In Tech
* Participate and Volunteer
* Leadership and Governance
* Academic Partnership
* Advocacy
* Contact Us
* Newsroom
* Membership
* Membership Home
* IamISACA
* Professional
* Recent Graduate
* Student
* Member Benefits
* Membership Levels
* Browse Chapters
* Join Now
* Contact Us
* Credentialing
* Credentialing Home
* Certifications
* Certificates
* Badges
* Career Pathways
* Verify a Certification
* Contact Us
* Training & Events
* Cybersecurity Training
* Training & Events Home
* Train Your Way
* Digital Trust World Conference
* GRC CONFERENCE
* Online Training
* Career Home
* Find Training by Topic
* Training Partners
* Academic Partnership
* Sponsorship Opportunities
* Learning Access
* Call for Speakers
* Resources
* Resources Home
* Insights & Expertise
* COBIT
* Journal
* Store
* Frameworks, Standards and Models
* Privacy
* IT Audit
* IT Risk
* Cybersecurity
* News and Trends
* ISACA Digital Videos
* ISACA Podcast
* Glossary
* Engage Online Communities
* Enterprise
* Enterprise Home
* Train
* Certify
* Performance Solutions
* CMMI - An ISACA Enterprise
* Medical Device Discovery Appraisal Program
* CMMI Cybermaturity Platform
* CMMI-CMMC
* Partner with ISACA
* Partner Directory
* Contact Enterprise Solutions
* Join/Renew
* Renew
* Professional Join
* Recent Grad Join
* Student Join
* MyISACA
* Membership
* Certifications
* Certificates
* CPE Certificates
* Learning Access
* Resources
* Order History
* Sign In
* Support
* Careers
* Cart (0)
HOME / PRIVACY POLICY
PRIVACY POLICY
ISACA has changed its privacy notice, which is noted below. By continuing to use
the site, you agree to the revised terms.
Last Updated: 17 February 2021
This ISACA® privacy notice (“Privacy Notice”) describes how the Information
System Audit and Control Association, Inc. (“ISACA”, “we” or “us”) collects,
uses, shares, and retains personal information that you provide to us, or that
we collect, when you use the ISACA website located at www.isaca.org and other
websites owned or controlled by ISACA (the “Sites”) or related mobile
applications, use ISACA products and services and complete related forms,
participate in ISACA events, or communicate with one of our customer service
representatives (“Personal Data”).
This Privacy Notice does not cover the privacy practices of local ISACA
chapters, which are separate legal entities that – depending on where they are
located, may be subject to different laws and requirements than those of ISACA
(to understand how chapters use personal information, please contact them
directly). Please note that if you disagree with anything in this Privacy
Notice, you must not use the Sites or mobile applications, or provide personal
information to us in connection with ISACA’s products or services.
1. Overview
2. Information We Collect
3. Why We Collect Your Information
4. How We Share Your Information
5. Information Security
6. Data Retention
7. Your Choices and Privacy Rights
8. International Transfers
9. Notice for Individuals Located in Europe
10. Children
11. Changes to this Notice
12. Contact Information
1. OVERVIEW
SUMMARY
This policy applies to all information that we collect about you when you use
ISACA websites.
It does not cover the privacy practices of local ISACA chapters or other
third-party websites we may link to.
If you are in the European Economic Area, United Kingdom and/or Switzerland,
refer to Section 9 below for polices specific to you.
DETAILS
This Privacy Policy applies to all personal information that we collect about
you when you do any of the following (collectively “Services”):
* use the ISACA websites located at isaca.org, cmmiinstitute.com, and other
websites owned or controlled by ISACA or related mobile applications that
link to this Privacy Policy (collectively “Sites”); or
* use ISACA products or services and complete related forms, participate in
ISACA events, or communicate with one of our customer service
representatives.
This Privacy Policy does not cover the privacy practices of local ISACA
chapters, which are separate legal entities. You should contact them directly or
review the privacy policy located on their websites to understand how they
process your information.
Our Sites may contain links to third-party websites. These third-party websites
and services are not related to us and may have separate privacy policies and
data collection practices. We have no responsibility for these websites or their
privacy practices and encourage you to read the privacy policies of all websites
you visit.
A “visitor” is an individual who visits the Sites, without having registered. A
“registered user” is an individual, such as a member, who has registered with
us, and whose identity can be determined directly or indirectly from the
information provided. For the purpose of this Privacy Policy “you” means a
visitor or a registered user.
By accessing and using our Services, subject to applicable law, you signify you
understand and consent to the terms of this Privacy Policy and consent to our
Terms of Use. If you do not agree with or you are not comfortable with any
aspect of this Privacy Policy or our Terms of Use, you should immediately
discontinue access or use of our Services.
2. INFORMATION WE COLLECT
SUMMARY
We collect personal information when you interact with our Services.
You provide data to us when you:
* Sign up to become a registered user of our site(s)
* Join as an ISACA member
* Register for virtual, or in-person, events or conferences
* Download certain publications or materials which are offered for free
* Register to take a certificate or certification exam
* Communicate with ISACA staff and provide information to us, such as your
email address.
We record your visits and use of our services.
We may use automatic data collection technologies to collect certain information
about your device, your activities on our site and your location as described in
our Cookie Notice.
Third parties such as your employer, our training partners or companies
controlled by ISACA, may share your data with us.
We may collect data about you when you use our services on social media.
You provide us with data when you participate in our professional networking
features or post on public areas of the site.
We use third party payment processors who fully comply with PCI requirements. As
such, your online payment data is not captured, stored or used by us.
DETAILS
We collect personal information when you interact with our Services. Personal
information is data that can be used to identify you directly or indirectly or
to contact you including, but not limited to, your name, mailing address, email
address, and telephone number. This policy does not apply to anonymized
information as it cannot be used to identify you. The types of personal
information that we may collect about you include, but are not limited to,
information you provide to us, information from third parties, and information
collected automatically about your use of our Services.
A. Information You Directly and Voluntarily Provide to Us
* Membership. If you provide your personal information to ISACA to become a
member, or if you sign up to become a registered user of any Site, you
will be required to provide certain information as part of the
registration process. This information may include your first and last
name, email address, and business or home address. We may also request
that you voluntarily provide other information, such as your phone number,
date of birth, demographic information, educational background, work
experience, information about your non-ISACA certifications, courses or
areas of study in which you may be interested and information about your
company as it relates to our Services and your membership. We use this
information to communicate with you, to design content and activities that
we believe would be of interest to you, and to ensure that we will not
violate any applicable U.S. sanctions in providing you access to our
Services.
We rely on fulfillment of contract as the lawful basis under Article 6,
GDPR for processing members’ personal information.
* Events and Conferences. We may host events that include in-person and
virtual conferences, training, knowledge sharing and webinars. If you
register for an event, and you already have an account, we will access the
information in your account to provide you with information and services
associated with the event. We may also ask for additional demographic
information during the registration process. If you register for one of
our events and you do not have an account or are not a member, we will
collect your first and last name, email address, business or home address,
information about the type of business you work for or with, and your role
in that business.
We use the information provided by event attendees to provide them with
event services, including badge printing, tracking your Continuing
Professional Education (CPE) credits, tailoring sessions to meet the
audience profile and to determine the sessions likely to require the
biggest rooms, and related purposes connected with the event. We rely on
fulfillment of contract as the lawful basis under Article 6, GDPR for
processing your personal information in relation to events and
conferences.
If you are a presenter at one of our events, we will collect information
about you such as your name, employer, contact information and photograph,
and we may also collect information provided by event attendees who
evaluated your performance as a presenter. We may also make and store a
recording of your voice and likeness in certain instances. We rely on a
legitimate interest as the lawful basis under Article 6, GDPR for
collecting, storing and processing your personal information in this way.
* Publications. We offer various publications and materials through our
Sites. Some of these publications and materials are publicly accessible,
and others require that you be a member, or that you create an account and
subscribe to receive these publications and materials. If you are not a
member and you create an account for this purpose, you will be required to
provide certain information as part of your account registration, which
may include your first and last name, email address, business or home
address and professional information. We rely on our contract with you as
the lawful basis under Article 6, GDPR to process your personal
information for purposes of fulfilling your request to receive our
publications.
* Exams and Certification. When you register to take an ISACA exam, we will
collect certain personal information such as your first and last name,
email address, phone number, business address, home address, demographic
information and professional and education history. We may also collect
and store information you provide to us about special accommodations that
you may request. Only authorized employees within ISACA have access to
your exam scores and personal information pertaining to any special
accommodations you may request. ISACA will collect your exam results and,
in conjunction with maintaining your certification(s), if applicable, your
record of participation in continuing professional education. We rely on a
contract fulfillment basis to process personal information associated with
providing certification services.
* Certification Status. If you hold an ISACA certification, we will only
share your certification status with a third party to the extent we have
received your prior consent to share such information, or to the extent
you have provided the third party with the necessary information to access
your certification status on our site.
* Communications. If you communicate or correspond with us by email, through
postal mail, via telephone or through other forms of communication,
including our customer service center, we may collect the information you
provide as part of those communications. For example, if you correspond
with us through email, we may collect and store the email address you use
to send the applicable correspondence and use it to respond to your
inquiry; to notify you of ISACA conferences, publications, or other
services; or to keep a record of your complaint, accommodation request,
and similar purposes. We have a legitimate interest in processing the
personal information of those who communicate voluntarily with us so that
we can provide our Services.
B. Information We Automatically Collect. As you navigate through and interact
with our Sites, we may use automatic data collection technologies to collect
certain information about your device (computer, tablet, smart phone) and
your activities, including:
* If you access the Services through a computer, we will automatically
collect information such as your browser type and version, computer and
connection information, IP address, mobile device advertising identifier,
Media Access Control (MAC) address pages you have visited, type of device,
operating system name and version, device manufacturer, browser
information (type, version), screen resolution, Internet service provider
or mobile carrier’s name, connection speed and connection type, date
stamp, URL of the last webpage visited before visiting our Platform, and
URL of the first page visited after leaving our Platform, pages viewed,
time spent on a page, click through, clickstream data, queries made,
search results selected, comments made, search history, type of service
requested, purchases made, and information collected through cookies,
pixel tags, and other technologies. For more information on the tracking
technology we use, please see our Cookie Notice , which describes the
cookies used on our Sites and provides information on how users can
control the information they process.
* If you access the Services through a mobile device, we may also be able to
identify the location of your mobile device. We use your location
information (if shared) to identify the geographic locations from which
our content is accessed so that we can better understand what content
topics may be most relevant in that region, and to our members generally,
and to develop resources around those content topics. You may choose not
to share your location details with us by adjusting your mobile device’s
location services settings. For instructions on changing the relevant
settings, please contact your service provider or device manufacturer.
We rely on our legitimate interest in understanding how our members,
visitors and potential customers use our website in processing personal
information in this way. Such processing assists us in providing more
relevant products and services to our members, and with providing value to
our sponsors.
C. Information from Third Parties. We may receive personal information about
individuals from third parties. This may happen if your employer pays and
registers you for training, certification, or membership, however, we will
only share information about you with your employer if you consent in
advance to our sharing this information. Our third-party training partners
may also share your personal information with us when you sign up for
training, certification or membership through the applicable training
partner.
We may also receive personal information about you from companies controlled
by or under common control of ISACA. When you interact with our Services on
a social media platform, we may collect the personal information that you or
the platform make available to us on that page or account, including your
social media account ID and/or user name associated with that social media
service, your profile picture, email address, friends list or information
about the people and groups you are connected to and how you interact with
them, and any information you have made public in connection with that
social media service. The information we obtain depends on your privacy
settings on the applicable social media service; we will comply with the
privacy policies of the social media platform and we will only collect and
store such personal information that we are permitted to collect by those
social media platforms. When you access our Sites through social media
channels or when you connect the Site to social media services, you are
authorizing us to collect, store, and use such information and content in
accordance with this Privacy Policy.
D. Information You Post on the Sites. If you post information on public areas
of the Sites, that information may be collected and used by us, other users
of the Sites, and the public generally.
If you are a member or registered user and choose to participate in our
professional networking features, which are provided by our third-party
vendor and volunteer platform provider, Higher Logic, your postings will be
associated with the personal information in your public member profile
(which includes your name, user name, and other optional information you may
choose to include). ISACA may share the following personal information with
Higher Logic for this volunteer management platform and other ISACA
platforms: your name, state, zip code, country, phone number, bio, email,
job title, company, ISACA and non-ISACA certifications, education
(university or school and degree), areas of interest, membership level,
chapter membership, chapter leader role, chapter ID, work experience, date
of birth, photo and staff membership.
If you decide to participate in our platforms and professional networking
features, keep in mind that your personal information (for example, your
name and online user name), along with any substantive information you
disclose in the communication you decide to post, will be publicly
accessible and viewable by others who visit that area. In addition, we may
highlight certain users’ postings or contributions to other members of the
ISACA professional networking features. For example, users who participate
actively in our social networking features, like contributing materials and
engaging in certain online activities, will be listed as “active members” in
a roster that is viewable by all other registered users. It is possible that
your posting may result in unsolicited messages from third parties. We
strongly recommend that you do not post any information on the public areas
of the Sites that allows strangers to identify or locate you or that you
otherwise do not want to share with the public.
E. Information You Provide to Payment Processors. All payments made to us are
processed by a PCI/DSS-compliant (these are payment card industry security
standards) payment processing service. All information collected by these
third-party providers for purposes of processing your payments is not
available to us, unless you have otherwise provided this information to us
in connection with your use of the Sites or our Services.
3. WHY WE COLLECT YOUR INFORMATION
SUMMARY
We use your data to provide our services to you, respond to you, advise you of
other services, and to personalize your experience.
DETAILS
We will only use your information as described in this Notice or as disclosed to
you prior to such processing taking place.
A. To Provide and Maintain our Services. We will use your personal information
to provide information or deliver Services that you request and to allow you
to participate in interactive features of our Sites and Services when you
choose to do so. For example, we process your personal information to
provide membership benefits and other services to you, including order
processing, processing of certification or membership applications,
registering you for event or training programs, or registering you for
reduced hotel price rates. When you sign up for a certification course or
seminar, we will use your personal information to facilitate the delivery of
such course or seminar. To the extent your organization has paid for your
certification course or seminar, we may provide the status of your course or
seminar to your organization upon notice to you. In compliance with
applicable laws, we may also publish the names, titles, country and business
affiliations of officers, committee members and others who have assisted
with initiatives or projects to provide recognition of their achievements to
the ISACA community.
B. To Provide Customer Support or Respond to You. We collect any information
that you provide to us when you contact us, such as with questions,
concerns, feedback, disputes or issues. Without your personal information,
we cannot respond to you.
C. To Advise You of Other Services. From time to time, subject to the
applicable law, we may share your personal information with third parties or
partners. You may opt out of having your personal information shared with
third parties. If you choose to limit the use of your personal information,
certain features or Services may not be available to you.
D. To Personalize Your Experience. We may also use your personal information to
tailor your experience at our Sites, to compile and display content and
information that we think you might be interested in, and to provide you
with content according to these preferences. We may also use this
information to help us understand your needs and interests, and to better
tailor our products and services to meet your needs.
E. To Send You Marketing and Promotional Emails. We may use your personal
information we collect from you and third-party sources to contact you with
newsletters, marketing or promotional materials and other information that
may be of interest to you, to deliver targeted and relevant advertising and
marketing to you, and to promote our Services. Our marketing will be
conducted in accordance with your advertising / marketing preferences and as
permitted by applicable law.
F. For Research and Development. We may use your information to gather analysis
or valuable information so that we can improve our Services and to detect,
prevent and address technical issues. We may also use your information to
monitor the usage of our Site including without limitation search terms
entered, pages visited and documents viewed.
G. For Security Reasons. We may use personal information to help monitor,
prevent and detect fraud, enhance security, monitor and verify identity or
access, or security risks.
H. To Post Testimonials. We may use personal information to post testimonials
on our Sites. Prior to posting a testimonial, we will obtain your consent to
use your name and testimonial. You can request your testimonial be updated
or deleted at any time by sending a request with your name, testimonial
location and contact information.
I. To Enforce Compliance with Our Terms and Agreements or Policies. When you
access or use our Services, you are bound to our Terms of Use and this
Policy. To ensure you comply with them, we process your personal information
by actively monitoring, investigating, preventing and mitigating any alleged
or actual prohibited, illicit or illegal activities on our Services. We also
may process your personal information to: investigate, prevent or mitigate
violations of our internal terms, agreements or policies; enforce our
agreements with third parties and business partners; and, as applicable,
collect fees based on your use of our Services. We also use your information
to ensure that we will not violate any applicable U.S. sanctions in
accepting your donation or by providing you access to our Services.
J. Other Legitimate Business Purpose. We may use your personal information when
it is necessary for other legitimate purposes such as protecting our
confidential and proprietary information.
4. HOW WE SHARE YOUR INFORMATION
SUMMARY
We share your data only with those who need access or those to whom you have
provided consent.
DETAILS
Except as set forth in this Privacy Policy or when specifically agreed to by
you, we take care to allow your personal information to be accessed only by
those who really need access in order to perform their tasks and duties, and to
share with third parties who have a legitimate purpose for accessing it. In
general, we do not share your information with a third party for their
independent use unless: (i) you request or authorize it, (ii) it is required by
law, or (iii) it is in connection with a co-sponsored event. We may share
personal information in the following circumstances:
A. Service Providers. We may share your information with our suppliers,
subcontractors, and other third parties who provide services to us
(collectively “service providers”) in connection with advertising, hosting,
data analytics, information technology and infrastructure, email delivery,
auditing, exam-testing, training providers and other related activities,
vendors or third parties who deliver or provide goods and services or
otherwise act on our behalf of or at our direction. Our service providers
are given only the information they need to perform their designated
functions and are prohibited from using the information we provide them for
their own purposes.
B. Business Partners and Sponsors. From time to time, we may engage in joint
sales or product promotions with selected business partners. If you purchase
or specifically express interest in a jointly-offered product, promotion or
service, we may share relevant personal information with those partners. If
you are an event attendee, speaker, or sponsor, certain items of your
information may be included in the event roster, which may also be shared
with third-party event sponsors and exhibitors and publicly disclosed,
subject to the applicable law. While we do not control our business
partners’ use of such information, we do take appropriate steps to ensure
that they use appropriate safeguards to protect your personal information.
Our partners and sponsors are responsible for managing their own use of the
personal information collected in these circumstances, including providing
information to you about how they use your personal information. We
recommend you review the privacy policies of the relevant partner to find
out more about their handling of your personal information. Where we do
share your personal information with third parties, ISACA takes steps to
ensure that they use appropriate safeguards to protect your personal
information.
C. Within Our Corporate Organization and with Our Local Chapters and
Volunteers. We are part of a corporate organization that has many legal
entities, business processes, management structures and technical systems.
We may share your personal information within this organization and with our
subsidiaries and/or affiliates to provide services and support, provide
recommendation to optimize services, to provide members and prospective
members with information about our Services, and for the purposes otherwise
described in this Privacy Policy. We may also share your information with
our board members and our volunteers for the purposes of conducting our
internal business operations. We may also share your information with
your local ISACA chapter so they may offer membership and associated
services to you pursuant to your membership in that Chapter, and One in
Tech, an ISACA Foundation to provide information regarding their programs
and initiatives. If you participate in our “Enterprise Participation
Program,” your information, particularly with respect to the goods and/or
services your company has purchased from ISACA for your benefit, will be
shared with your organization’s program coordinator.
D. Compliance with Laws or Regulatory Body. We may disclose your information to
government authorities or third parties if: (i) required to do so by law or
regulation, or in response to a subpoena or court order or any other
enforceable governmental request or order; (ii) we believe disclosure is
reasonably necessary to protect against fraud, to protect the property or
other rights of us or other users, third parties or the public at large; or
(iii) to exercise, establish or defend our legal rights.
E. Business Transfers. We may share or transfer your information in connection
with, or during negotiations of, any merger, sale of company assets,
financing, acquisition, dissolution, corporate reorganization or similar
event. We will inform any buyer that your information shall only be used in
accordance with this Privacy Policy.
F. Potential Employers. If you use ISACA’s Career Center services, the
information you include in your profile will be shared with our Career
Center site vendor and will be subject to the vendor’s privacy policies.
When you provide information in the Career Center, your information may be
accessible to potential employers or recruiters. We will only share
information about you with potential employers or recruiters if you consent
in advance to our sharing of this information.
Subject to applicable law, we may also make publicly available the names,
titles, country and business affiliations of officers, committee members and
others who have assisted with initiatives or projects to ensure they receive
the appropriate recognition.
5. INFORMATION SECURITY
SUMMARY
We take reasonable measures to ensure your data is safe.
DETAILS
We take reasonable measures to protect any personal information we may hold in
order to prevent loss, misuse, unauthorized access, disclosure, alteration and
destruction. In some areas of our platforms, we may use encryption technologies
to enhance data privacy and help prevent loss, misuse, or alteration of the
information under ISACA’s control.
We cannot guarantee, however, that all information will remain secure. The
Internet by its nature is a public forum. We encourage you to use caution when
disclosing information online. Often, you are in the best situation to protect
yourself online. You are responsible for protecting your login ID and password
from third-party access, and for selecting passwords that are secure.
6. DATA RETENTION
SUMMARY
We retain your information according to applicable laws and store it securely.
DETAILS
We will retain the personal information we collect from you where we have a
justifiable business need to do so and/or for as long as is needed to fulfil the
purposes outlined in this Privacy Policy, unless a longer retention period is
required or permitted by law (such as tax, legal, accounting or other purposes).
You can request deletion of your personal information at any time (see "Your
Privacy Rights and Choices" section for further information) and we will
consider your request in accordance with applicable laws.
When we have no justifiable business need to process your personal information,
we will either delete or anonymize it, or, if this is not possible (for example,
because your personal information has been stored in backup archives), then we
will securely store your personal information and isolate it from any further
processing until deletion is possible.
7. YOUR CHOICES AND PRIVACY RIGHTS
SUMMARY
You have choices on how we communicate with you.
DETAILS
Listed below are choices we provide you in relation to the processing of your
personal information. Individuals located in the European Economic Area (“EEA”),
the United Kingdom or Switzerland at the time they access our Services, please
see section 9, for more information about your choices and rights.
A. Marketing Communications. If you receive commercial electronic
communications from us, you can unsubscribe from the receipt of future
commercial electronic communications from us by clicking on the “unsubscribe
link” provided in such communications, or by going to the Preference Center
and submitting an opt-out request. Please note that even though you have
opt-out of receiving marketing-related communications from us, we may still
send you important administrative messages, and you cannot opt out from
receiving these messages.
B. Subscriptions. You may manage your subscriptions by subscribing or
unsubscribing at any time. Please use the Preference Center to modify or
cancel such subscriptions.
C. Access and Correction. You have the right to review and correct personal
information that we have collected from you. You may exercise this right by
contacting us as indicated in the “How to Contact Us” section, or by going
to the Data Subject Access Request form. In your request, please make clear
what information you would like to have changed. For your protection, we may
need to verify your identity before implementing your request. We will try
to implement your request as soon as reasonably practicable. We reserve the
right to refuse to act on a request that is manifestly unfounded or
excessive (for example because it is repetitive) and/or to charge a fee that
takes into account the administrative costs for providing the information or
taking the action requested.
D. California Residents. This section applies only to California residents.
* California's "Shine the Light" law (Civil Code Section § 1798.83) permits
users of our Services that are California residents to request certain
information regarding our disclosure of personal information to third
parties for their direct marketing purposes, to the extent applicable. To
make such a request, please visit our Data Subject Access Request (DSAR)
Portal.
* If you are a California resident under the age of 18, and you are
registered visitor of a Site, you may request that we remove content or
information that you posted on the Site or stored on our servers, by
submitting a request in writing as indicated in the “How to Contact Us”
section below, and clearly identifying the content or information that you
wish to have removed, and providing sufficient information to allow us to
locate the content or information to be removed.
* Your browser may allow you to adjust your browser settings so that “do not
track” requests are sent to the websites that you visit. However, we do
not respond to “Do Not Track” (DNT) signals. To determine whether any of
the third-party services it uses honor the “Do Not Track” requests, please
read their privacy policies.
8. INTERNATIONAL TRANSFERS
SUMMARY
We operate in the United States as a global organization.
DETAILS
Your personal information may be transferred to and maintained on computers
located outside of your state, province, country or other governmental
jurisdiction where the data protection laws may differ from those of your
jurisdiction. If you are located outside the United States and choose to provide
information to us, please note that we transfer the data, including personal
information, to the United States and process it there.
We will take all the steps reasonably necessary to ensure that your personal
information is treated securely and in accordance with this Privacy Policy and
no transfer of your personal information will take place to an organization or a
country unless there are adequate controls in place. If you do not want your
information transferred to or processed or maintained outside of the country or
jurisdiction where you are located, you should not use our Services.
Individuals located in the European Economic Area (“EEA”), the United Kingdom or
Switzerland at the time they access our Services, please see section 9, for
information on how we transfer your personal information.
9. NOTICE FOR INDIVIDUALS LOCATED IN EUROPE
SUMMARY
If you are in the European Economic Area, United Kingdom and/or Switzerland, the
policies in this section are specific to you. They describe how we market to
you, our legal bases for processing your information and your rights.
DETAILS
This section only applies to individuals that access or use our Services while
located in the European Economic Area, United Kingdom and/or Switzerland
(collectively “Europe”). We may ask you to identify which country you are
located in when you use some of the Services or we may rely on your IP address
to identify which country you are located in. When we rely on your IP address,
we cannot apply the terms of this section to any individual that masks or
otherwise hides their location information from us so as not to appear located
in Europe. If any terms in this section conflict with other terms contained in
this Policy, the terms in this section shall apply to users in Europe.
We are a controller with regard to any personal information collected from
individuals accessing or using our Services. A “controller” is an entity that
determines the purposes for which and the manner in which any personal
information is processed.
1. Marketing. We will only contact individuals located in Europe by electronic
means (including email or SMS) based on our legitimate interests, as
permitted by applicable law or the individual’s consent. When we rely on
legitimate interest, we will only send you information about our Services
that are similar to those which were the subject of a previous sale or
negotiations of a sale to you. If you do not want us to use your personal
information in this way or to disclose your personal information to third
parties for marketing purposes, please click an unsubscribe link in your
emails or go to the Preference Center and submit an opt-out request. You can
object to direct marketing at any time and free of charge. Direct marketing
includes any communications to you that are only based on advertising or
promoting products and services.
2. Legal Bases for Processing. Our legal bases for the processing activities
identified in this Policy are:
* We rely on our contract with you as our legal basis for processing in
relation to the following: to provide and maintain our services, to
provide customer support or respond to you, to enforce compliance with our
Terms, agreements or policies, and to share your information with service
providers.
* Depending on the specific circumstances, we rely on your consent or
legitimate interest in relation to the following processing activities: to
send you marketing and promotional emails, to advise you of other
services, and to share your information with business partners, sponsors,
or within our corporate organization.
* We rely on legitimate interest in relation to the following processing
activities: to personalize your experience, for research and development,
and when we share your information with board members or volunteers or in
relation to business transfers or bankruptcy.
* When we share your information to respond to subpoenas, court orders,
government requests, or to protect rights and comply with our policies, or
in relation to business transfers or bankruptcy, our processing is based
on our legal obligations.
3. Your Rights. We provide you with the rights described below when you use our
Services. We may limit your individual rights requests in the following
ways: (a) where denial of access is required or authorized by law; (b) when
granting access would have a negative impact on other’s privacy; (c) to
protect our rights and properties; and (d) where the request is frivolous or
burdensome. When we fulfill your individual rights requests for correction
(or rectification), erasure or restriction of processing, we will notify
third parties also handling the relevant personal information unless this
proves impossible or involves disproportionate effort. If you would like to
exercise your rights under applicable law, please contact us at our Data
Subject Access Portal. We may seek to verify your identity when we receive
an individual rights request from you to ensure the security of your
personal information. If you have questions, you may reach our member
representative, DataRep, by emailing them at isaca@datarep.com, or by
clicking here.
In certain circumstances, you have the following data protection rights:
* Right to withdraw consent. You have the right to withdraw your consent to
the processing of your personal information collected on the basis of your
consent at any time. Your withdrawal will not affect the lawfulness of our
processing based on consent before your withdrawal.
* Right of access to and rectification of your personal information. You
have a right to request that we provide you a copy of your personal
information held by us. This information will be provided without undue
delay subject to some fee associated with the gathering of the information
(as permitted by law), unless such provision adversely affects the rights
and freedoms of others. You may also request us to rectify or update any
of your personal information held by us that is inaccurate.
* Right to erasure. You have the right to request erasure of your personal
information that: (a) is no longer necessary in relation to the purposes
for which it was collected or otherwise processed; (b) was collected in
relation to processing that you previously consented, but later withdraw
such consent; or (c) was collected in relation to processing activities to
which you object, and there are no overriding legitimate grounds for our
processing. If we have made your personal information public and are
obliged to erase the personal information, we will, taking account of
available technology and the cost of implementation, take reasonable
steps, including technical measures, to inform other parties that are
processing your personal information that you have requested the erasure
of any links to, or copy or replication of your personal information. The
above is subject to limitations by relevant data protection laws.
* Right to data portability. If we process your personal information based
on a contract with you or based on your consent, or the processing is
carried out by automated means, you may request to receive your personal
information in a structured, commonly used and machine-readable format,
and to have us transfer your personal information directly to another
“controller”, where technically feasible, unless the exercise of this
right adversely affects the rights and freedoms of others.
* Right to the restriction of or processing. You have the right to restrict
or object to us processing your personal information where one of the
following applies:
* You contest the accuracy of your personal information that we processed.
In such instances, we will restrict processing during the period
necessary for us to verify the accuracy of your personal information.
* The processing is unlawful and you oppose the erasure of your personal
information and request the restriction of its use instead.
* We no longer need your personal information for the purposes of the
processing, but it is required by you to establish, exercise or in
defense of legal claims.
* You have objected to processing, pending the verification whether the
legitimate grounds of our processing override your rights.
* Restricted personal information shall only be processed with your
consent or for the establishment, exercise or defense of legal claims or
for the protection of the rights of another natural or legal person or
for reasons of important public interest. We will inform you if the
restriction is lifted.
* Right to object to processing. Where the processing of your personal
information is based on consent, contract or legitimate interests, you may
restrict or object, at any time, to the processing of your personal
information as permitted by applicable law. We can continue to process
your personal information if it is necessary for the defense of legal
claims or for any other exceptions permitted by applicable law.
* Automated individual decision-making, including profiling. You have the
right not to be subject to a decision based solely on automated processing
of your personal information, including profiling, which produces legal or
similarly significant effects on you, save for the exceptions applicable
under relevant data protection laws. We do not engage in this type of
automated processing.
4. Transfers of European Personal Information to the U.S. Our headquarters are
located in the United States, and information we collect from you will be
transferred, stored and processed in the United States. We will protect your
personal information in accordance with this Privacy Policy wherever it is
processed and will take appropriate contractual or other steps to protect
the relevant personal information in accordance with applicable laws. These
steps include implementing the European Commission's Standard Contractual
Clauses for transfers of personal information to our service providers and
business partners. To the extent applicable, ISACA may rely on derogations
as set forth in Article 49, GDPR for the transfer and onward transfer of
personal information collected from individuals in Europe to the United
States, and other countries that the EU views as not providing adequate data
protection. Specifically, we may transfer such information to another party
to perform a contract with you, with your explicit consent or in a manner
that does not outweigh your rights and freedoms. If this personal
information is not processed and transferred, we will not be able to execute
the contract with you or you will not have access to any or all of the
benefits and features associated with your transaction.
10. CHILDREN
SUMMARY
We do not collect data from children.
DETAILS
We do not knowingly collect personal information data from persons under the age
of 16. If you are a parent of a child under 16, and you believe that your child
has provided us with information about him or herself, please contact us via the
information in the Contact section below.
11. CHANGES TO THIS NOTICE
SUMMARY
We may update this policy.
DETAILS
We may need to update this Privacy Policy from time to time to reflect changes
in our business practices, data collection practices or organization. If we make
a change that we believe materially affects how we process your personal
information, we will provide notice of such change on this Site or via email, at
the email address we have on file for you. After such notice, your continued use
of our Services will be subject to the then-current Privacy Policy. We encourage
you to look for updates and changes to this Privacy Policy by checking the
“Effective Date” located at the top of the new Privacy Policy.
12. CONTACT INFORMATION
SUMMARY
Our contact information.
DETAILS
If you have any questions or concerns about this Privacy Policy, please visit
our Data Subject Access Request (DSAR) Portal, or write to us at ISACA, Data
Protection Officer, 1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173,
USA.
*
*
*
*
*
* Contact Us
* Terms
* Privacy
* Cookie Notice
* Fraud Reporting
* Bug Reporting
* COVID-19
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173,
USA | +1-847-253-1545 | ©2023 ISACA. All rights reserved.
ISACA COOKIE CONSENT INFORMATION
This website uses information gathering tools including cookies, and other
similar technology. We use cookies to personalize content and ads, to provide
social media features and to analyze our traffic. We also share information
about your use of our site with our social media, advertising and analytics
partners. Ad and Cookie Policy
Cookies Settings Accept All Cookies
COOKIE SETTINGS
* YOUR ISACA COOKIE PRIVACY...
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
* SOCIAL MEDIA COOKIES
YOUR ISACA COOKIE PRIVACY...
When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
SOCIAL MEDIA COOKIES
Social Media Cookies
These cookies are set by a range of social media services that we have added to
the site to enable you to share our content with your friends and networks. They
are capable of tracking your browser across other sites and building up a
profile of your interests. This may impact the content and messages you see on
other websites you visit. If you do not allow these cookies you may not be
able to use or see these sharing tools.
Cookies Details
Back Button
BACK
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
* View Third Party Cookies
* Name
cookie name
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Deny All Allow All