www.isaca.org
Open in
urlscan Pro
104.17.254.203
Public Scan
Submitted URL: https://click.em.isaca.org/?qs=1fe87d0d1e585883555c439402c5f65b5a3c108a9ea26a2d48688dd123ab01c66986789859b8bca0bd1564a5b221...
Effective URL: https://www.isaca.org/privacy-notice?utm_source=sfmc&utm_medium=email&utm_campaign=at-isaca&utm_term=newsletter_null_a...
Submission: On June 04 via api from CA — Scanned from CA
Effective URL: https://www.isaca.org/privacy-notice?utm_source=sfmc&utm_medium=email&utm_campaign=at-isaca&utm_term=newsletter_null_a...
Submission: On June 04 via api from CA — Scanned from CA
Form analysis 0 forms found in the DOM
Text Content
ISACA_logo_RGB
* Credentialing
* Membership
* Enterprise
* PARTNERSHIPS
* Training & Events
* Resources
*
* Join
* PROFESSIONAL JOIN
* RECENT GRAD JOIN
* STUDENT JOIN
* About Us
* ABOUT US HOME
* WHO WE ARE
* NEWSROOM
* PARTICIPATE & VOLUNTEER
* LEADERSHIP & GOVERNANCE
* ADVOCACY
* ISACA FOUNDATION
* CONTACT US
* CODE OF PROFESSIONAL ETHICS
* CAREERS
* Career Center
* Careers at ISACA
* SUPPORT
* Store
Total
View Cart Checkout
No items have been added to your cart yet
Browse Search
* Cart (0)
* Sign In
* MEMBERSHIP
* CERTIFICATIONS
* CERTIFICATES
* CPE CERTIFICATES
* LEARNING ACCESS
* RESOURCES
* ORDER HISTORY
* Redeemable Products
* Sign Out
* Sign In
* Create an Account
* CERTIFICATIONS
* CISA—Certified Information Systems Auditor
* CISM—Certified Information Security Manager
* CRISC—Certified in Risk and Information Systems Control
* CDPSE—Certified Data Privacy Solutions Engineer
* CGEIT—Certified in the Governance of Enterprise IT
* CET—Certified in Emerging Technology Certification
* CSX-P—CSX Cybersecurity Practitioner Certification
* ITCA—Information Technology Certified Associate
* View More
* CERTIFICATES
* CCAK—Certificate in Cloud Auditing Knowledge
* COBIT
* COBIT 2019 Foundation
* COBIT 2019 Design & Implementation
* Implementing the NIST Cybersecurity Framework using COBIT 2019
* COBIT 5 Certificates
* Cybersecurity Audit
* Cybersecurity Fundamentals
* Digital Trust Ecosystem Framework Foundation Certificate
* Emerging Technology
* AI Fundamentals
* Blockchain Fundamentals
* Cloud Fundamentals
* IoT Fundamentals
* Information Technology
* Computing Fundamentals
* Data Science Fundamentals
* Networks and Infrastructure Fundamentals
* Software Development Fundamentals
* IT Audit Fundamentals
* IT Risk Fundamentals
* View More
* WHICH CERTIFICATION IS RIGHT FOR YOU?
* RENEW A CERTIFICATION
* MAINTAIN A CERTIFICATION
* VERIFY A CERTIFICATION
* DIGITAL BADGES
* Which Exam Prep is Right for You?
* TRAIN YOUR WAY WITH OFFICIAL ISACA EXAM PREP
* BUILD YOUR TEAM'S PERFORMANCE WITH CUSTOMIZED TRAINING
* BECOME A MEMBER
* Browse Chapters
* Find Your Membership Type
* Member Benefits
* ENGAGE ONLINE COMMUNITY
* GET INVOLVED
* Advocacy
* Author an Article
* Chapter Events Calendar
* ISACA Awards
* SheLeadsTech
* Speak at Conferences
* Volunteer
* Write an Exam Question
* MAXIMIZE YOUR MEMBERSHIP
* Career Center
* Discounts & Savings
* Free CPE
* Free Resource Previews
* Member-Exclusive Speaker Series
* Mentorship
* Personalize Your Experience
* UPDATE YOUR PROFILE
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI Performance Solutions
* CMMI Cybermaturity Platform
* Voluntary Improvement Program
* ENTERPRISE TRAINING & CREDENTIALS
* ISACA Credentials
* CMMI Training
* CMMI APPRAISALS (PARS)
* ENTERPRISE SUPPORT
* CONTACT US
* Empower Your Team to Power Business Growth
* CUSTOMIZE YOUR IT TEAM TRAINING
* BECOME A TRAINING PARTNER
* BECOME A CMMI PARTNER
* BECOME AN ACADEMIC OR WORKFORCE PARTNER
* BECOME A SPONSOR
* FIND A TRAINING PARTNER
* Certification Training Partners
* Certification Training Partners
* Americas
* Asia and Oceania
* China
* EMEA
* COBIT Training Partners
* Academic & Workforce Partners
* CMMI Performance Improvement Partners
* Over 100,000 People Were Trained by ISACA in 2022
* BECOME A PARTNER TO CAPITALIZE ON THIS HIGH DEMAND
* CONFERENCES
* CMMI Conference
* GRC Conference
* ISACA Europe Conference
* ISACA North America Conference
* CHAPTER EVENTS
* Training Week
* TRAIN YOUR WAY
* All Training Types
* Online Review Courses
* Webinars
* Virtual Summits
* GROUP/ENTERPRISE TRAINING
* TRAINING FROM AN ACCREDITED PARTNER
* TRAINING BY TOPIC
* All Training Topics
* Artificial Intelligence
* Cybersecurity
* IT Audit
* Certification Exam Preparation
* COBIT
* CPE ON-DEMAND
* Ready to Take Your AI Knowledge to the Next Level?
* BROWSE ISACA’S NEW AI TRAINING COURSES
* DIGITAL TRUST
* ISACA JOURNAL
* INSIGHTS & EXPERTISE
* NEWS & TRENDS
* ENGAGE ONLINE COMMUNITIES
* COBIT
* RESOURCES BY TOPIC
* Artificial Intelligence
* Cybersecurity
* Emerging Technology
* Governance
* IT Audit
* IT Risk
* Privacy
* FRAMEWORKS, STANDARDS AND MODELS
* ISACA NOW BLOG
* ISACA VIDEOS
* ISACA PODCAST
* GLOSSARY
* Announcing ISACA’s Digital Trust Ecosystem Framework and Portfolio
*
* Advance Digital Trust
* Credentialing
* CREDENTIALING
* CERTIFICATIONS
* CERTIFICATIONS
* CISA—Certified Information Systems Auditor
* CISM—Certified Information Security Manager
* CRISC—Certified in Risk and Information Systems Control
* CDPSE—Certified Data Privacy Solutions Engineer
* CGEIT—Certified in the Governance of Enterprise IT
* CET—Certified in Emerging Technology Certification
* CSX-P—CSX Cybersecurity Practitioner Certification
* ITCA—Information Technology Certified Associate
* CERTIFICATES
* CERTIFICATES
* CCAK—Certificate in Cloud Auditing Knowledge
* COBIT
* COBIT 2019 Foundation
* COBIT 2019 Design & Implementation
* Implementing the NIST Cybersecurity Framework using COBIT 2019
* COBIT 5 Certificates
* Cybersecurity Audit
* Cybersecurity Fundamentals
* Digital Trust Ecosystem Framework Foundation Certificate
* Emerging Technology
* AI Fundamentals
* Blockchain Fundamentals
* Cloud Fundamentals
* IoT Fundamentals
* Information Technology
* Computing Fundamentals
* Data Science Fundamentals
* Networks and Infrastructure Fundamentals
* Software Development Fundamentals
* IT Audit Fundamentals
* IT Risk Fundamentals
* WHICH CERTIFICATION IS RIGHT FOR YOU?
* RENEW A CERTIFICATION
* MAINTAIN A CERTIFICATION
* VERIFY A CERTIFICATION
* DIGITAL BADGES
* TRAIN YOUR WAY WITH OFFICIAL ISACA EXAM PREP
* BUILD YOUR TEAM'S PERFORMANCE WITH CUSTOMIZED TRAINING
* Membership
* MEMBERSHIP
* BECOME A MEMBER
* BECOME A MEMBER
* Browse Chapters
* Find Your Membership Type
* Member Benefits
* ENGAGE ONLINE COMMUNITY
* MAXIMIZE YOUR MEMBERSHIP
* MAXIMIZE YOUR MEMBERSHIP
* Career Center
* Discounts & Savings
* Free CPE
* Free Resource Previews
* Member-Exclusive Speaker Series
* Mentorship
* UPDATE YOUR PROFILE
* GET INVOLVED
* GET INVOLVED
* Advocacy
* Author an Article
* Chapter Events Calendar
* ISACA Awards
* SheLeadsTech
* Speak at Conferences
* Volunteer
* Write an Exam Question
* Enterprise
* ENTERPRISE
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI PERFORMANCE IMPROVEMENT SOLUTIONS
* CMMI Performance Solutions
* CMMI Cybermaturity Platform
* Voluntary Improvement Program
* CUSTOMIZE YOUR IT TEAM TRAINING
* ENTERPRISE TRAINING & CREDENTIALS
* ENTERPRISE TRAINING AND CREDENTIALS
* ISACA Credentials
* CMMI Training
* CMMI APPRAISALS (PARS)
* ENTERPRISE SUPPORT
* CONTACT US
* PARTNERSHIPS
* PARTNERSHIPS
* BECOME A TRAINING PARTNER
* BECOME A CMMI PARTNER
* BECOME AN ACADEMIC OR WORKFORCE PARTNER
* BECOME A SPONSOR
* FIND A TRAINING PARTNER
* FIND A TRAINING PARTNER
* Certification Training Partners
* Certification Training Partners
* Americas
* Asia and Oceania
* China
* EMEA
* COBIT Training Partners
* Academic & Workforce Partners
* CMMI Performance Improvement Partners
* BECOME A PARTNER TO CAPITALIZE ON THIS HIGH DEMAND
* Training & Events
* TRAINING AND EVENTS
* CONFERENCES
* CONFERENCES
* CMMI Conference
* GRC Conference
* ISACA Europe Conference
* ISACA North America Conference
* CHAPTER EVENTS
* Training Week
* TRAIN YOUR WAY
* TRAIN YOUR WAY
* All Training Types
* Online Review Courses
* Webinars
* Virtual Summits
* GROUP/ENTERPRISE TRAINING
* TRAINING FROM AN ACCREDITED PARTNER
* TRAINING BY TOPIC
* Find Training by Topic
* All Training Topics
* Artificial Intelligence
* Cybersecurity
* IT Audit
* Certification Exam Preparation
* COBIT
* CPE ON-DEMAND
* BROWSE ISACA’S NEW AI TRAINING COURSES
* Resources
* RESOURCES
* DIGITAL TRUST
* ISACA JOURNAL
* INSIGHTS & EXPERTISE
* NEWS & TRENDS
* ENGAGE ONLINE COMMUNITIES
* COBIT
* RESOURCES BY TOPIC
* Artificial Intelligence
* Cybersecurity
* Emerging Technology
* Governance
* IT Audit
* IT Risk
* Privacy
* FRAMEWORKS, STANDARDS AND MODELS
* ISACA NOW BLOG
* ISACA VIDEOS
* ISACA PODCAST
* GLOSSARY
*
* Advance Digital Trust
* Join
* PROFESSIONAL JOIN
* RECENT GRAD JOIN
* STUDENT JOIN
* About Us
* ABOUT US HOME
* WHO WE ARE
* NEWSROOM
* PARTICIPATE & VOLUNTEER
* LEADERSHIP & GOVERNANCE
* ADVOCACY
* ISACA FOUNDATION
* CONTACT US
* CODE OF PROFESSIONAL ETHICS
* CAREERS
* Career Center
* Careers at ISACA
* SUPPORT
* Store
* Cart
Sign In
HOME / PRIVACY NOTICE
GLOBAL PRIVACY NOTICE
Last Updated: 15 June 2023
This ISACA® Privacy Notice describes the types of personal data that the
Information System Audit and Control Association, Inc., and its respective
subsidiaries and affiliated companies (“ISACA”, “we” or “us”) collect, how we
use it, how and when it may be shared, and the rights and choices you have with
respect to your data. We provide this Privacy Notice to help you understand how
we process your data as part of our commitment to maintaining your trust. Thank
you for taking the time to read and understand our data and privacy related
practices.
Please note, our privacy practices are subject to the applicable laws of the
places in which we operate. You will see additional region-specific terms that
only apply to customers located in those geographic regions, or as required by
applicable laws.
You can click on the following links to go directly to the corresponding
sections of this Privacy Notice.
TABLE OF CONTENTS
1. WHAT OUR PRIVACY NOTICE COVERS
2. CHANGES TO THIS NOTICE
3. PERSONAL DATA WE COLLECT AND HOW WE USE IT
4. WHY WE COLLECT YOUR PERSONAL DATA
5. HOW WE DISCLOSE YOUR PERSONAL DATA
6. HOW WE PROTECT YOUR PERSONAL DATA
7. DATA RETENTION
8. YOUR CHOICES
9. YOUR RIGHTS
10. INTERNATIONAL TRANSFERS
11. ADDITIONAL NOTICE FOR INDIVIDUALS LOCATED IN THE EEA, UNITED KINGDOM AND
SWITZERLAND
12. ADDITIONAL NOTICE TO INDIVIDUALS IN CANADA
13. ADDITIONAL NOTICE TO INDIVIDUALS IN AUSTRALIA
14. ADDITIONAL NOTICE TO INDIVIDUAL IN BRAZIL
15. CHILDREN’S PRIVACY
16. CONTACT INFORMATION
1. WHAT OUR PRIVACY NOTICE COVERS
SUMMARY
This Privacy Notice applies to the personal data that we collect about you when
you use ISACA’s Services.
It does not cover the privacy practices of local ISACA chapters. To understand
how ISACA chapters use personal data, please contact them directly.
This Privacy Notice does not apply to third-party websites we may link to from
ISACA’s Services.
If you are in the European Economic Area, United Kingdom or Switzerland, refer
to Section 11 for polices specific to you.
DETAILS
This Privacy Notice applies to all personal data that we collect about you when
you do any of the following (collectively “Services”):
* use the ISACA websites located at isaca.org, cmmiinstitute.com, and other
websites owned or controlled by ISACA or related mobile applications that
link to this Privacy Notice (collectively “Sites”);
* use ISACA products or services and complete related forms, participate in
ISACA events, or communicate with one of our customer service
representatives; or
* interact with CMMI or other ISACA affiliated companies.
This Privacy Notice does not cover the privacy practices of local ISACA
chapters, which are separate legal entities. You should contact them directly or
review the privacy notice located on their websites to understand how they
process your personal data.
Our Sites may contain links to third-party websites. These third-party websites
and services are not related to us and may have separate privacy policies and
data collection practices. We have no responsibility for these websites or their
privacy practices and encourage you to read the privacy policies of all websites
you visit.
By accessing and using our Services, subject to applicable law, you acknowledge
you understand the terms of this Privacy Notice and consent to our Terms of Use.
If you are not comfortable with any aspect of this Privacy Notice or our Terms
of Use, you should immediately discontinue access to and use of our Services.
2. CHANGES TO THIS NOTICE
SUMMARY
We may update this Notice from time to time.
DETAILS
We may need to update this Privacy Notice from time to time to reflect changes
in our business practices, data collection practices or changes in the
applicable law. If we make a change that we believe materially affects how we
process your personal data, we will provide notice of such change on this Site
or via email, at the email address we have on file for you. After such notice,
your continued use of our Services will be subject to the then-current Privacy
Notice. We encourage you to look for updates and changes to this Privacy Notice
by checking the “Last Updated” date located at the top of the new Privacy
Notice.
3. PERSONAL DATA WE COLLECT AND HOW WE USE IT
SUMMARY
We collect personal data when you interact with our Services.
You provide personal data to us when you:
* Sign up to become a registered user of our site(s)
* Join as an ISACA member
* Register for virtual, or in-person, events or conferences
* Download certain publications or materials which are offered for free
* Register to take a certificate or certification exam
* Communicate with ISACA staff and provide information to us for various other
reasons relating to our Services
* Participate in our professional networking features or post on public areas
of our Sites
* Seek for CMMI to provide Services
We record your visits and use of our Services.
We may use automatic data collection technologies to collect certain data about
your device, your activities on our Sites and your location as described in our
Cookie Notice.
DETAILS
We collect personal data when you interact with our Services. Personal data is
data that can be used to identify you directly or indirectly or to contact you
including, but not limited to, your name, mailing address, email address, and
telephone number. This Notice does not apply to anonymized information as it
cannot be used to identify you.
The types of personal data that we may collect about you include, but are not
limited to, information you provide to us, information from third parties, and
information collected automatically about your use of our Services.
A. Data You Directly and Voluntarily Provide to Us
* Membership or Registered User. If you sign up to become a registered user or
an ISACA Member, you will be required to provide certain personal data as
part of the registration process. This information may include your first and
last name, email address, and business or home address. We use this
information to communicate with you, to design content and activities that we
believe would be of interest to you, and to ensure that we will not violate
any applicable U.S. sanctions in providing you access to our Services.
We rely on fulfillment of contract as the lawful basis for processing your
personal data.
We may also request that you voluntarily provide other information, such as
your phone number, date of birth, demographic information, educational
background, work experience, information about your non-ISACA certifications,
courses or areas of study in which you may be interested and information
about your company as it relates to our Services and your membership.
We rely on our legitimate interests as the lawful basis for processing your
personal data in this way.
* Events and Conferences. We may host events that include in-person and virtual
conferences, training, knowledge sharing and webinars.
* Registrants. If you register for an event, and you already have an account,
we will access the personal data in your account to provide you with
information and services associated with the event. We may also ask for
additional demographic information during the registration process.
If you register for one of our events and you do not have an account or are
not a member, we will collect certain personal data such as your first and
last name, email address, business or home address, information about the
type of business you work for or with, and your role in that business. We use
this personal data to provide event attendees with event services, including
badge printing, tracking your Continuing Professional Education (CPE)
credits, tailoring sessions to meet the audience profile and to determine the
sessions likely to require the biggest rooms, and related purposes connected
with the event. We rely on fulfillment of contract as the lawful basis for
processing your personal data in relation to events and conferences.
Presenters. If you are a presenter at one of our events, we will collect
information about you such as your name, employer, contact information and
photograph, and we may also collect information provided by event attendees
who evaluated your performance as a presenter. We may also make and store a
recording of your voice and likeness in certain instances, subject to
applicable law. We rely on a legitimate interest as the lawful basis for
collecting, storing and processing your personal data in this way.
* Publications. We offer various publications and materials through our Sites.
Some of these publications and materials are publicly accessible, and others
require that you be a member, or that you create an account and subscribe to
receive these publications and materials. If you are not a member and you
create an account for this purpose, you will be required to provide certain
information as part of your account registration, which may include your
first and last name, email address, business or home address and professional
information. We rely on our contract with you as the lawful basis to process
your personal data for purposes of fulfilling your request to receive our
publications.
* Exams and Certification. When you register to take an ISACA exam, we will
collect certain personal data such as your first and last name, email
address, phone number, business address, home address, demographic
information and professional and education history. We may also collect and
store information you provide to us about special accommodations that you may
request. Only authorized employees within ISACA have access to your exam
scores and personal data pertaining to any special accommodations you may
request. ISACA will collect your exam results and, in conjunction with
maintaining your certification(s), if applicable, your record of
participation in continuing professional education. We rely on a contract
fulfillment basis to process personal data associated with providing
certification services.
* Certification Status. If you hold an ISACA certification, we will only share
your certification status with a third party to the extent we have received
your prior consent to share such information, or to the extent you have
provided the third party with the necessary information to access your
certification status on our Site. We rely on your consent as the legal basis
for processing your personal data in this way.
* Communications. If you communicate or correspond with us by email, through
postal mail, via telephone or through other forms of communication, including
our customer service center, we may collect the personal data you provide as
part of those communications. For example, if you correspond with us through
email, we may collect and store the email address you use to send the
applicable correspondence and use it to respond to your inquiry; to notify
you of ISACA conferences, publications, or other services; or to keep a
record of your complaint, accommodation request, and similar purposes. We
have a legitimate interest in processing the personal data of those who
communicate voluntarily with us seeking our Services.
* CMMI Services. If you contact CMMI about its services, we may collect the
personal data you provide in order to communicate with you about our
services. If you retain CMMI to provide you with their services, we will
process certain personal data of your employees who interact with us in
finalizing the contract and in providing the services, including their first
and last name, email address, business address and telephone number. We rely
on fulfillment of contract as the lawful basis for processing your personal
data in such situations.
B. Information We Automatically Collect. As you navigate through and interact
with our Sites, we may use automatic data collection technologies to collect
certain information about your device (computer, tablet, smart phone) and
your activities, including:
* If you access the Services through a computer, we will automatically collect
certain information such as your browser type and version, computer and
connection information, IP address, mobile device advertising identifier,
Media Access Control (MAC) address pages you have visited, type of device,
operating system name and version, device manufacturer, browser information
(type, version), screen resolution, Internet service provider or mobile
carrier’s name, connection speed and connection type, date stamp, URL of the
last webpage visited before visiting our Platform, and URL of the first page
visited after leaving our Platform, pages viewed, time spent on a page, click
through, clickstream data, queries made, search results selected, comments
made, search history, type of service requested, purchases made, and
information collected through cookies, pixel tags, and other technologies.
For more information on the tracking technology we use, please see our Cookie
Notice, which describes the cookies used on our Sites and provides
information on how you can control the personal data processed.
* If you access the Services through a mobile device, we may also be able to
identify the location of your mobile device. We use your location information
(if shared) to identify the geographic locations from which our content is
accessed so that we can better understand what content topics may be most
relevant in that region, and to our members generally, and to develop
resources around those content topics. You may choose not to share your
location details with us by adjusting your mobile device’s location services
settings. For instructions on changing the relevant settings, please contact
your service provider or device manufacturer.
To the extent our Sites use non-essential tracking technology, we rely on
consent as the legal basis for processing the personal data of individuals
located in the European Economic Area, the United Kingdom and Switzerland.
C. Information from Third Parties. We may receive personal data about
individuals from third parties. This may happen if your employer pays and
registers you for training, certification, or membership, however, we will only
share information about you with your employer if you consent in advance to our
sharing this information. Our third-party training partners may also share your
personal data with us when you sign up for training, certification or membership
through the applicable training partner.
We may also receive personal data about you from companies controlled by or
under common control of ISACA. When you interact with our Services on a social
media platform, we may collect the personal data that you or the platform make
available to us on that page or account, including your social media account ID
and/or user name associated with that social media service, your profile
picture, email address, friends list or information about the people and groups
you are connected to and how you interact with them, and any information you
have made public in connection with that social media service. The information
we obtain depends on your privacy settings on the applicable social media
service; we will comply with the privacy policies of the social media platform
and we will only collect and store such personal data that we are permitted to
collect by those social media platforms. When you access our Sites through
social media channels or when you connect the Site to social media services, you
are authorizing us to collect, store, and use such information and content in
accordance with this Privacy Notice.
D. Information You Post on the Sites. If you post personal data on public areas
of the Sites, that information may be collected and used by us, other users of
the Sites, and the public generally.
If you are a member or registered user and choose to participate in our
professional networking features, which are provided by our third-party vendor
and volunteer platform provider, Higher Logic, your postings will be associated
with the personal data in your public member profile (which includes your name,
user name, and other optional information you may choose to include). ISACA may
share the following personal data, to the extent you have provided it, with
Higher Logic for this volunteer management platform and other ISACA platforms:
your name, state, zip code, country, phone number, bio, email, job title,
company, ISACA and non-ISACA certifications, education (university or school and
degree), areas of interest, membership level, chapter membership, chapter leader
role, chapter ID, work experience, date of birth, photo and staff membership.
If you decide to participate in our platforms and professional networking
features, keep in mind that your personal data (for example, your name and
online user name), along with any substantive information you disclose in the
communication you decide to post, will be publicly accessible and viewable by
others who visit that area. In addition, we may highlight certain users’
postings or contributions to other members of the ISACA professional networking
features. For example, users who participate actively in our social networking
features, like contributing materials and engaging in certain online activities,
will be listed as “active members” in a roster that is viewable by all other
registered users, to the extent that they consent to being listed. It is
possible that your posting may result in unsolicited messages from third
parties. We strongly recommend that you do not post any information on the
public areas of the Sites that allows strangers to identify or locate you or
that you otherwise do not want to share with the public.
E. Payment Information. All credit or debit card numbers you provide to pay for
our Services are processed by a third party payment processing service that is
compliant with the Payment Card Industry Data Security Standard (PCI/DSS). All
information collected by these third-party providers for purposes of processing
your payments is not available to us, unless you have otherwise provided this
information to us in connection with your use of the Sites or our Services.
4. WHY WE COLLECT YOUR PERSONAL DATA
SUMMARY
We use your personal data to provide our Services to you, respond to you, advise
you of other services, and to personalize your experience.
DETAILS
We use your information for business purposes, including to provide the products
and services you request, to perform customer service functions, for security
and fraud prevention, for marketing and promotional purposes, and to perform
website and mobile application analytics. We may use the data we collect about
you to:
A. To Provide and Maintain Our Services. We will use your personal data to
provide information or deliver Services that you request and to allow you to
participate in interactive features of our Sites and Services when you choose to
do so. For example:
* We process your personal data to provide membership benefits and other
services to you, including order processing, processing of certification or
membership applications, registering you for event or training programs, or
registering you for reduced hotel price rates.
* When you sign up for a certification course or seminar, we will use your
personal data to facilitate the delivery of such course or seminar.
* To the extent your organization has paid for your certification course or
seminar, subject to your consent, we may provide the status of your course or
seminar to your organization.
* In compliance with applicable laws, we may also publish the names, titles,
country and business affiliations of officers, committee members and others
who have assisted with initiatives or projects to provide recognition of
their achievements to the ISACA community.
B. To Provide Customer Support or Respond to You. We collect any information
that you provide to us when you contact us, such as with questions, concerns,
feedback, disputes or issues. Without your personal data, we cannot respond to
you.
C. To Personalize Your Experience. We may also use your personal data to tailor
your experience at our Sites, to compile and display content and information
that we think you might be interested in, and to provide you with content
according to these preferences. We may also use this information to help us
understand your needs and interests, and to better tailor our products and
services to meet your needs.
D. For Research and Development. We may use your information to gather analysis
or valuable information so that we can improve our Services and to detect,
prevent and address technical issues. We may also use your information to
monitor the usage of our Site including without limitation search terms entered,
pages visited and documents viewed.
E. For Security Reasons. We may use personal data to help monitor, prevent and
detect fraud, enhance security, monitor and verify identity or access, or
security risks.
F. To Send You Marketing and Promotional Emails. We may use your personal data
we collect from you and third-party sources to contact you with newsletters,
marketing or promotional materials and other information that may be of interest
to you, to deliver targeted and relevant advertising and marketing to you, and
to promote our Services. Our marketing will be conducted in accordance with your
advertising / marketing preferences and as permitted by applicable law.
G. To Advise You of Other Services. From time to time, subject to the applicable
law, we may share your personal data with third parties or partners. You may opt
out of having your personal data shared with third parties. If you choose to
limit the use of your personal data , certain features or Services may not be
available to you.
H. To Post Testimonials. We may use personal data to post testimonials on our
Sites. Prior to posting a testimonial, we will obtain your consent to use your
name and testimonial. You can request your testimonial be updated or deleted at
any time by sending a request with your name, testimonial location and contact
information.
I. To Enforce Our Terms, Agreements or Policies. When you access or use our
Services, you are bound to our Terms of Use. To ensure you comply with them, we
process your personal data by actively monitoring, investigating, preventing and
mitigating any alleged or actual prohibited, illicit or illegal activities on
our Services. We may process your personal data to: investigate, prevent or
mitigate violations of our internal terms, agreements or policies; enforce our
agreements with third parties and business partners; and, as applicable, collect
fees based on your use of our Services. We may also use your data to ensure that
we will not violate any applicable U.S. sanctions in accepting your donation or
by providing you access to our Services.
5. HOW WE DISCLOSE YOUR PERSONAL DATA
SUMMARY
We disclose your personal data as needed to fulfill the purposes described in
this Notice and as permitted by applicable law.
DETAILS
Except as set forth in this Privacy Notice or when specifically agreed to by
you, we take care to allow your personal data to be accessed only by those who
need access in order to perform their tasks and duties, or have a legitimate
purpose for accessing it. In general, we do not share your information with a
third party for their independent use unless: (i) you request or authorize it,
(ii) it is required by law, or (iii) it is in connection with a co-sponsored
event. We may share your personal data in the following circumstances:
A. For Recognition. Subject to applicable law, we may also make publicly
available the names, titles, country and business affiliations of officers,
committee members and others who have assisted with initiatives or projects to
ensure they receive the appropriate recognition.
B. When We Work with Service Providers. We may share your personal data with
our suppliers, subcontractors, and other third parties who provide services to
us (collectively “service providers”) in connection with advertising, hosting,
data analytics, information technology and infrastructure, email delivery,
auditing, exam-testing, training providers and other related activities. Our
service providers are given only the information they need to perform their
designated functions and are prohibited from using the data we provide them for
their own purposes.
C. When We Work with Business Partners and Sponsors. From time to time, we may
engage in joint sales or product promotions with selected business partners. If
you purchase or specifically express interest in a jointly-offered product,
promotion or service, we may share relevant personal data with those partners as
permitted under applicable law. If you are an event attendee, speaker, or
sponsor, certain personal data about you may be included in the event roster,
which may also be shared with third-party event sponsors and exhibitors and
publicly disclosed, subject to the applicable law. While we do not control our
business partners’ use of such information, we do take appropriate steps to
ensure that they use appropriate safeguards to protect your personal data. Our
partners and sponsors are responsible for managing their own use of the personal
data collected in these circumstances, including providing privacy notices to
you about how they use your personal data. We recommend you review the privacy
policies of the relevant partner to find out more about their handling of your
personal data. Where we do share your personal data with third parties, ISACA
takes steps to ensure that they use appropriate safeguards to protect your
personal data in compliance with applicable laws.
D. Within Our Corporate Organization and with Our Local Chapters and Volunteers.
We are part of a corporate organization that has many legal entities, business
processes, management structures and technical systems. If you participate in
our “Enterprise Participation Program,” your personal data, particularly with
respect to the goods and/or services your company has purchased from ISACA for
your benefit, will be shared with your organization’s program coordinator. As
permitted under applicable law, we may also share your personal data:
* Within this organization and with our subsidiaries and/or affiliates to
provide services and support, provide recommendation to optimize services, to
provide members and prospective members with information about our Services,
and for the purposes otherwise described in this Privacy Notice.
* With our board members and our volunteers for the purposes of conducting our
internal business operations.
* With your local ISACA chapter so they may offer membership and associated
services to you pursuant to your membership in that Chapter.
* With One in Tech, an ISACA Foundation to provide information regarding their
programs and initiatives.
E. When Sharing Helps Us Protect Safety and Lawful Interests. We may disclose
your personal data to government authorities or third parties if: (i) required
to do so by law or regulation, or in response to a subpoena or court order or
any other enforceable governmental request or order; (ii) we believe disclosure
is reasonably necessary to protect against fraud, to protect the property or
other rights of us or other users, third parties or the public at large; or
(iii) to exercise, establish or defend our legal rights.
F. When We Work on Business Transactions. If we become involved with a merger,
corporate transaction or another situation involving the transfer of some or all
of our business assets, we may share your information with business entities or
people involved in the negotiation or transfer.
G. Potential Employers. If you use ISACA’s Career Center services, the personal
data you include in your profile will be shared with our Career Center site
vendor and will be subject to the vendor’s privacy policies. When you provide
information in the Career Center, your information may be accessible to
potential employers or recruiters. We will only share personal data about you
with potential employers or recruiters if you consent in advance to our sharing
of this information.
H. With Your Consent. We may share information about you with other companies if
you give us permission or direct us to share the information.
I. When You Post on Our Sites. If you post information on a blog or another part
of our Sites, the information that you post may be seen by other visitors to our
websites. We are not responsible for the information you choose to submit in
these public areas.
6. HOW WE PROTECT YOUR PERSONAL DATA
SUMMARY
We take reasonable measures to ensure your personal data is safe.
DETAILS
Personal data is maintained on our servers or those of our service providers,
and is accessible by authorized employees, representatives, and agents as
necessary for the purposes described in this Privacy Notice.
We realize that individuals trust us to protect their personal data. We take
reasonable measures to protect all personal data we may hold in order to prevent
loss, misuse, unauthorized access, disclosure, alteration and destruction. In
some areas of our platforms, we may use encryption technologies to enhance data
privacy and help prevent loss, misuse, or alteration of the information under
ISACA’s control.
While we attempt to protect your personal data in our possession, no method of
transmission over the internet or security system is perfect, and we cannot
promise that information about you will remain secure in all circumstances. We
encourage you to use caution when disclosing information online. Often, you are
in the best position to protect yourself online. You are responsible for
protecting your login ID and password from third-party access, and for selecting
passwords that are secure.
7. DATA RETENTION
SUMMARY
We retain your personal data according to applicable laws and store it securely.
DETAILS
We will retain the personal data we collect from you where we have a justifiable
business need to do so and/or for as long as is needed to fulfil the purposes
outlined in this Privacy Notice, unless a longer retention period is required or
permitted by law (such as tax, legal, accounting or other purposes). When we
have no justifiable business need to process your personal data, we will either
delete or anonymize it, or, if this is not possible (for example, because your
personal data has been stored in backup archives), then we will securely store
your personal data and isolate it from any further processing until deletion is
possible.
8. YOUR CHOICES
SUMMARY
You have choices on how we communicate with you.
DETAILS
Listed below are the choices we provide you in relation to the processing of
your personal data. Individuals located in the European Economic Area (“EEA”),
the United Kingdom or Switzerland at the time they provide their personal data,
please see section 9 for more information about your rights.
A. Marketing Communications. If you receive commercial electronic communications
from us, you can unsubscribe from the receipt of future commercial electronic
communications from us by clicking on the “unsubscribe link” provided in such
communications, or by going to the Preference Center and submitting an opt-out
request. Please note that even though you have opt-out of receiving
marketing-related communications from us, we may still send you important
administrative messages, and you cannot opt out from receiving these messages.
B. Subscriptions. You may manage your subscriptions by subscribing or
unsubscribing at any time. Please use the Preference Center to modify or cancel
such subscriptions.
C. Access and Correction. You have the right to review and correct personal data
that we have collected from you. You may exercise this right by contacting us as
indicated in the “How to Contact Us” section, or by going to the Privacy Rights
Portal. In your request, please make clear what information you would like to
have changed. For your protection, we may need to verify your identity before
implementing your request. We will try to implement your request as soon as
reasonably practicable. We reserve the right to refuse to act on a request that
is manifestly unfounded or excessive (for example because it is repetitive)
and/or to charge a fee that takes into account the administrative costs for
providing the information or taking the action requested.
D. Cookies and Targeted Advertising. You may opt out of our use of cookies and
similar technologies used on our Sites for various purposes such as targeted
advertising. To do so, when you visit our Sites, go to your browser settings and
turn off cookies per your preferences. Please see our Cookie Notice to learn
more about cookies
E. California Residents. This section applies only to California residents.
* You may request information concerning the categories of personal data (if
any) we disclose to third parties or affiliates for their direct marketing
purposes. To make such a request, please visit our Privacy Rights Portal.
* If you are under the age of 18, and you have a registered account, you may
request that we remove content or information that you posted on the Site or
stored on our servers, by submitting a request in writing as indicated in the
“How to Contact Us” section below, and clearly identifying the content or
information that you wish to have removed, and providing sufficient
information to allow us to locate the content or information to be removed.
* Your browser may allow you to adjust your browser settings so that “do not
track” requests are sent to the websites that you visit. However, we do not
respond to “Do Not Track” (DNT) signals. To determine whether any of the
third-party services it uses honor the “Do Not Track” requests, please read
their privacy notices.
9. YOUR RIGHTS
SUMMARY
Depending on the applicable law in your jurisdiction, you may have certain
rights in relation to your personal data.
DETAILS
Your rights may include:
* Access and portability. You may ask us to confirm whether we are processing
your personal data, provide you with details about such processing, and, in
some limited circumstances, give you a copy of your personal data. You may
ask us to provide your personal data in a structured, commonly used,
machine-readable format, or you can ask to have it ported directly to another
controller.
* Erasure or deletion. You may ask us to delete the personal data that we hold
about you.
* Rectification or correction. You may ask us to correct any inaccurate or
incomplete personal data that we hold about you.
* Objection to processing. You may request that we stop processing your
personal data for specific purposes including marketing and profiling.
* Restriction of processing. You may request that we restrict the processing of
your personal data in certain circumstances (for example, where you believe
that the personal data we hold about you is not accurate or lawfully held).
* Lodge a complaint to your local Data Protection Authority. You may have the
right to lodge a complaint with your national Data Protection Authority or
equivalent regulatory body.
* Automated decision-making. We do not employ solely automated decision-making,
as a matter of course, that results in automated decisions being taken
(including profiling) that legally affect you or similarly significantly
affect you. Automated decisions are decisions made automatically based on
computer determinations (using software algorithms), without human review. If
you are to be subjected to automated decision making, we will make it clear
at the time and you have the right to contest the decision, to express your
point of view, and to require a human review of the decision.
These rights are not absolute and are subject to conditions or limitations as
specified in applicable laws. If you would like to exercise any of the above
rights, please go to our Privacy Rights Portal. We will process your request in
accordance with applicable privacy and data protection laws. To protect your
privacy and security, we may take steps to verify your identity before complying
with the request.
10. INTERNATIONAL TRANSFERS
SUMMARY
We operate in the United States as a global organization.
DETAILS
Your personal data may be transferred to and maintained on computers located
outside of your state, province, country or other governmental jurisdiction
where the data protection laws may differ from those of your jurisdiction. If
you are located outside the United States and choose to provide information to
us, please note that we transfer the data, including personal data, to the
United States and process it there.
We will take all the steps reasonably necessary to ensure that your personal
data is treated securely and in accordance with this Privacy Notice and no
transfer of your personal data will take place to an organization or a country
unless there are adequate controls in place. If you do not want your personal
data transferred to or processed or maintained outside of the country or
jurisdiction where you are located, you should not use our Services.
Individuals located in the European Economic Area (“EEA”), the United Kingdom or
Switzerland at the time they access our Services, please see section 11, for
information on how we transfer your personal data.
11. ADDITIONAL NOTICE FOR INDIVIDUALS LOCATED IN THE EEA, UNITED KINGDOM AND
SWITZERLAND
This section only applies to individuals that access or use our Services while
located in the European Economic Area, the United Kingdom or Switzerland
(collectively “Europe”). We may ask you to identify which country you are
located in when you use some of the Services or we may rely on your IP address
to identify which country you are located in. When we rely on your IP address,
we cannot apply the terms of this section to any individual that masks or
otherwise hides their location information from us so as not to appear located
in Europe. If any terms in this section conflict with other terms contained in
this Notice, the terms in this section shall apply to users in Europe.
A. Data Controller, Data Protection Officer and UK Representative.
The controller for the processing described in this Privacy Notice is: ISACA,
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173, USA.
If you are located in Europe, you can contact our Data Protection Officer via
our Privacy Rights Portal.
UK Data Subjects: As ISACA does not have a physical present in the UK, we have
appointed DataRep as our UK representative in accordance with Art. 27, UK-GDPR.
It you want to raise a question to ISACA or otherwise exercise your rights in
respect of your personal data, you may do so by:
* sending an email to DataRep at datarequest@datarep.com quoting “ISACA” in the
subject line,
* contacting us on our online webform at www.datarep.com/data-request, or
* mailing your inquiry to DataRep at DataRep, BPM 335368, 372 Old Street, EC1V
9AU, London, United Kingdom.
Please note that when mailing inquiries, it is ESSENTIAL that you mark your
letters for “DataRep” and not “ISACA” or your inquiry may not reach us. Please
refer clearly to ISACA in your correspondence. On receiving your correspondence,
ISACA is likely to request evidence of your identity to ensure your personal
data and information connected with it is not provided to anyone other than you.
If you have any concerns over how DataRep will handle the personal data we will
require to undertake our services. please refer to our privacy notice at
www.datarep.com/privacy-policy.
B. Marketing.
We will only contact individuals located in Europe by electronic means
(including email or SMS) based on our legitimate interests, as permitted by
applicable law or the individual’s consent. When we rely on legitimate interest,
we will only send you information about our Services that are similar to those
which were the subject of a previous sale or negotiations of a sale to you. If
you do not want us to use your personal data in this way please click an
unsubscribe link in your emails or go to the Preference Center and submit an
opt-out request. You can object to direct marketing at any time and free of
charge. Direct marketing includes any communications to you that are only based
on advertising or promoting products and services.
C. Legal Bases for Processing.
We rely on our contract with you as our legal basis for processing in relation
to the following: to provide and maintain our services, to provide customer
support or respond to you, to enforce compliance with our Terms, agreements or
policies, and to share your information with service providers.
Depending on the specific circumstances, we rely on your consent or legitimate
interest in relation to the following processing activities: to send you
marketing and promotional emails, to advise you of other services, and to share
your information with business partners, sponsors, or within our corporate
organization.
We rely on legitimate interest in relation to the following processing
activities: to personalize your experience, for research and development, and
when we share your information with board members or volunteers or in relation
to business transfers or bankruptcy. When we share your information to respond
to subpoenas, court orders, government requests, or to protect rights and comply
with our policies, or in relation to business transfers or bankruptcy, our
processing is based on our legal obligations.
D. Transfers of Personal Data Outside the Europe.
While ISACA has an establishment in Ireland, ISACA Europe Limited, our
headquarters are located in the United States, and information we collect from
you will be transferred, stored and processed in the United States.
We will protect your personal data in accordance with this Privacy Notice
wherever it is processed and will take appropriate contractual or other steps to
protect the relevant personal data in accordance with applicable laws. These
steps include implementing the European Commission's Standard Contractual
Clauses for transfers of personal data to our service providers and business
partners located in countries that the EU views as not providing an adequate
level of data protection. To the extent applicable, ISACA may also rely on
derogations as set forth in Article 49, GDPR for the transfer and onward
transfer of personal data in such situations.
12. ADDITIONAL NOTICE TO INDIVIDUALS IN CANADA
This Section provides additional information to individuals located in Canada at
the time their personal data is collected by ISACA. You may request details
about our privacy practices, access or correct your personal data, or make a
complaint by contacting our privacy officer at Privacy Rights Portal.
If you are not satisfied with our response to your inquiry, you may contact the
Office of the Privacy Commissioner of Canada: 1-800-282-1376 (toll-free) or
priv.gc.ca.
13. ADDITIONAL NOTICE TO INDIVIDUALS IN AUSTRALIA
This Section provides additional information to individuals located in Australia
at the time their personal data is collected by ISACA. You may request to
correct or update any of your personal data in our files. We may provide you
with the ability to update some or all of your personal data directly via our
Privacy Rights Portal. If you request that your information be corrected, and we
do not agree that it is incorrect, we may refuse to update that information. In
such a scenario, we will provide written notice of our refusal to do so and upon
your request, will place a statement of what you allege is correct where your
personal data is kept and accessed.
14. ADDITIONAL NOTICE TO INDIVIDUAL IN BRAZIL
This Section provides additional information to individuals located in Brazil at
the time their personal data is collected by ISACA.
The controller for the processing described in this Privacy Notice is: ISACA,
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173, USA.
We process your personal data on one or more of the following legal bases:
* as necessary to enter into a contract with you, to perform our contractual
obligations, to provide our Services, to respond to requests from you, or to
provide customer support;
* where we have a legitimate interest, as described in this Privacy Notice;
* as necessary to comply with relevant law and legal obligations, including to
respond to lawful requests and orders; or
* with your consent.
You can also file a complaint with Brazil’s National Data Protection Authority
(ANPD) through its official channels.
Transfers outside of Brazil. When we transfer your personal data outside Brazil,
we do so in accordance with the terms of this Privacy Notice and applicable data
protection law.
15. CHILDREN’S PRIVACY
SUMMARY
We do not collect data from children under the age of 18.
DETAILS
We do not knowingly collect personal data from persons under the age of 18. If
you are a parent of a child under 18, and you believe that your child has
provided us with information about him or herself, please contact us via the
information in the Contact section below.
16. CONTACT INFORMATION
If you have any questions or concerns about this Privacy Notice, please visit
our Privacy Rights Portal, or write to us at ISACA, Data Protection Officer,
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173, USA.
*
*
*
*
*
* Contact Us
* Terms
* Privacy
* Cookie Notice
* Cookie Settings
* Fraud Reporting
* Bug Reporting
1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173,
USA | +1-847-253-1545 | ©2024 ISACA. All rights reserved.
COOKIE SETTINGS
Your Opt Out Preference Signal is Honored
* YOUR ISACA COOKIE PRIVACY...
* STRICTLY NECESSARY COOKIES
* PERFORMANCE COOKIES
* FUNCTIONAL COOKIES
* TARGETING COOKIES
YOUR ISACA COOKIE PRIVACY...
When you visit our website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
User ID: eac8e047-03c6-40a6-82f3-b9f00e0872af
This User ID will be used as a unique identifier while storing and accessing
your preferences for future.
Timestamp: --
STRICTLY NECESSARY COOKIES
Always Active
These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms. You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.
Cookies Details
PERFORMANCE COOKIES
Performance Cookies
These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site. All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.
Cookies Details
FUNCTIONAL COOKIES
Functional Cookies
These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages. If you do not allow these cookies then
some or all of these services may not function properly.
Cookies Details
TARGETING COOKIES
Targeting Cookies
These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites. They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.
Cookies Details
Back Button
COOKIE LIST
Filter Button
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label
Clear
checkbox label label
Apply Cancel
Confirm My Choices
Deny All Allow All