Privacy Notice

Updated: 24 May 2018

This ISACA® SCOTLAND privacy notice (“Privacy Notice”) describes how the Scottish Chapter of the Information System Audit and Control Association, Inc. (“ISACA SCOTLAND ”, “we” or “us”) collects, uses, shares, and retains personal information (“Personal Data”). That you provide to us, or that we collect, when you use the ISACA SCOTLAND website located at www.isaca-scotland.org.uk, use ISACA SCOTLAND services and complete related forms, participate in ISACA SCOTLAND events, or communicate with one of our Committee Members

This Privacy Notice does not cover the privacy practices of Information Systems Audit and Control Association Inc (hereafter “ISACA Inc”) , which is a separate legal entity that has its own privacy notice at

https://www.isaca.org/pages/Privacy.aspx?cid=edmi_1230242&Appeal=EDMi&sp_rid=MTE4MTI5NDkyMzc4S0&sp_mid=20262850&spMailingID=20262850&spUserID=MTE4MTI5NDkyMzc4S0&spJobID=1223899855&spReportId=MTIyMzg5OTg1NQS2

Please note that if you disagree with anything in this Privacy Notice, you must not use the Sites or mobile applications, or provide personal information to us in connection with ISACA SCOTLAND’s services.

Data Protection Contact: You can complain to ISACA SCOTLAND on data protection matters by emailing secretary@isaca-scotland.org.uk.  You can also complain to the Information Commissioner
https://ico.org.uk/concerns/   Start a live chat or call the ICO helpline on 0303 123 1113
https://ico.org.uk/global/contact-us/live-chat

Information You Directly and Voluntarily Provide to Us. 

Membership

If you are a member of ISACA SCOTLAND Chapter through joining ISACA Inc, you will have provided your Personal Data to ISACA Inc and they will make some details available to your chosen Chapter (for further details see their Privacy Notice at https://www.isaca.org/pages/Privacy.aspx?cid=edmi_1230242&Appeal=EDMi&sp_rid=MTE4MTI5NDkyMzc4S0&sp_mid=20262850&spMailingID=20262850&spUserID=MTE4MTI5NDkyMzc4S0&spJobID=1223899855&spReportId=MTIyMzg5OTg1NQS2)

Membership information is used to communicate with you, to design content and activities that we believe would be of interest to you, and to ensure that ISACA SCOTLAND will not violate any applicable U.K. law in providing you with access to ISACA SCOTLAND’s services

If you wish to opt-out of receiving these communications from us, please submit a request by email to secretary@isaca-scotland.org.uk

Members and Non Members using ISACA SCOTLAND websites

If you sign up to become a registered user of a website operated by ISACA SCOTLAND, including our Linkedin page, you will be also be required to provide certain information as part of the registration process.  The information we request for this will include your first and last name and email We may also request that you voluntarily provide other information, such as your phone number, occupation and certifications.

This information is used to communicate with you, to design content and activities that we believe would be of interest to you, and to ensure that ISACA SCOTLAND will not violate any applicable U.K. law in providing you with access to ISACA SCOTLAND’s services

If you wish to opt-out of receiving these communications from us, please follow the instructions contained in an applicable communication you receive from us or submit a request by email to secretary@isaca-scotland.org.uk

Events and Conferences:

ISACA SCOTLAND may host events that include in-person and virtual conferences, training, knowledge sharing and webinars.

If you register for an ISACA SCOTLAND event and you are an ISACA SCOTLAND Chapter member, we will access the information from your membership to provide you with information and services associated with the event.

If you are not an ISACA SCOTLAND member and you register for one of our events we will collect your first and last name, email address, which we will use to provide you with information and services associated with the event.

Publications:

We offer various publications and materials through our Sites. Some of these publications and materials are publicly accessible, however, others require that you to be an ISACA SCOTLAND member, or that you create an account and subscribe to receive these publications and materials. If you are not an ISACA SCOTLAND member and you create an account for this purpose, you will be required to provide certain information as part of your account registration, including your first and last name, and email address. You may manage your ISACA SCOTLAND subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your subscription or other preferences, email secretary@isaca-scotland.org.uk

Exams and Certification:

When you register with an address in SCOTLAND to take an ISACA Inc certification exam, ISACA SCOTLAND may contact you to offer various forms of support. Note that only authorised employees within ISACA centrally have access to your certification exam scores and personal information pertaining to any special accommodations you may request.

Communications with ISACA SCOTLAND:

If you communicate or correspond with us by email, through postal mail, via phone or through other forms of communication, we may collect the information you provide as part of those communications.  For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of ISACA SCOTLAND conferences, publications, or other services; or to keep a record of your complaint, request, and similar purposes.

Information We Automatically Collect from You.

We may automatically collect information about you when you use the Sites or our services. For example, if you access the Sites through a computer, we will automatically collect information such as your browser type and version, computer and connection information, IP address and standard web log information.  If you access the Sites through a mobile device, we may also be able to identify the location of your mobile device.   You may choose not to share your location details with us by adjusting your mobile device’s location services settings.  For instructions on changing the relevant settings, please contact your service provider or device manufacturer. This information that we automatically collect from you is used to enhance the performance of ISACA SCOTLAND website.

Information Collected by Third Parties through Third-Party Links and Content.

The Sites may include links to other websites and other content from third-party businesses and can offer direct interaction with external websites, networks or platforms that are outside ISACA SCOTLAND’s control.  These third-party businesses may use cookies, web beacons or other similar technology to collect information about you. ISACA SCOTLAND does not have access to or control over these third parties or the cookies, web beacons or other technology that these third parties may use. We are not responsible for the security, privacy of the information collected by these third parties or the privacy practices of these third parties or the content on any third-party website.  You are encouraged to review the privacy policies of the different websites you visit and of the advertisers whose ads you may choose to click while on our Sites (see Section 3 below for additional information about Online Advertising).

Information Collected by Third-Party Analytics Services.

We may work with third-party analytics services to help us understand how the Sites are being used, such as tracking the frequency and duration of use of the Sites. These Analytics Tools may use cookies to collect information about the content you view, what websites you visit immediately prior to and after visiting the Sites, and your system information and geographic information. The information generated by these cookies about your use of the Sites will be transmitted to and stored by the applicable analytics services. The information collected by these analytics services allows us to analyse your use of the Sites. The Analytics Tools may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. You may refuse the use of cookies by selecting the appropriate settings on your browser, however, please note that if you do this you may not be able to use the full functionality of the Sites. At the moment that you cancel your ISACA Inc membership or withdraw your consent for the processing of personal information, ISACA SCOTLAND will not be able to access the personal information processed by third-party analytics. By using the Sites, you consent to the processing of data about you by Adobe and Google in the manner and for the purposes set out above. You can opt-out of Google Analytics by installing Google’s opt-out browser add-on, and out of interest-based Google ads using Google’s Ads Settings.

Information You Share on Third-Party Websites or through Social Media Services.

Third-Party Websites such as Eventbrite, Linkedin, Mailchimp, and Twitter  may include links to third-party websites and social media services where you will be able to post comments, stories, reviews or other information outside of ISACA SCOTLAND’s control. Your use of these third-party websites and social media services may result in the collection or sharing of information about you by these third-party websites and social media services. ISACA SCOTLAND is not responsible for the security or privacy of any information collected by other websites or other services. Information collected by third parties is governed by their privacy practices. We encourage you to review the privacy policies and settings on the third-party websites and social media services with which you interact to make sure you understand the information that may be collected, used, and shared by those third-party websites and social media services.

Information You Post on the Sites.

If you post information on public areas of the Sites, that information may be collected and used by ISACA SCOTLAND, other users of the Sites, and the public generally. In addition, if you are an ISACA SCOTLAND  member or registered user and choose to participate in our professional networking features, which are provided by third-party vendors such as Linkedin, postings you make in connection with those features will be associated with the personal information in your public member profile (which includes your name, user name, and other optional information you may choose to include).

If you decide to participate in our platforms and professional networking features, keep in mind that your personal information (for example, your name and online user name), along with any substantive information you disclose in the communication you decide to post, will be publicly accessible and viewable by others who visit that area. In addition, we may highlight certain users’ postings or contributions to other members of the ISACA SCOTLAND  professional networking features. It is possible that your posting may result in unsolicited messages from third parties. We strongly recommend that you do not post any information on the public areas of the Sites that allows strangers to identify or locate you or that you otherwise do not want to share with the public.

Information You Provide to Payment Processors.  

All payments made to ISACA SCOTLAND are processed by a PCI/DSS-compliant (these are payment card industry security standards) payment processing service engaged by ISACA SCOTLAND. All information collected by these third-party providers for purposes of processing your payments is not available to us, unless you have otherwise provided this information to us in connection with your use of the Sites or our products and services.

Personal Information Provided by Third Parties.

We may receive personal information about individuals from third parties. Our third-party training and networking partners may also share your personal information with ISACA SCOTLAND when you sign up for training, certification or membership through the applicable partner.

Online Advertising; Tracking

ISACA SCOTLAND and third party businesses may use the information collected through the Sites using cookies, web beacons, and other similar technologies to help manage online advertising programs. This information may enable ISACA SCOTLAND and our third-party advertising services and other third-party businesses to track the actions of users online over time and across different websites or platforms to measure statistics relating to marketing efforts, and to deliver electronic advertisements that may be more relevant to individual consumers and that will improve the consumer experience. For information about how tracking works for online advertising purposes, and what happens when you elect a do-not-track option, visit http://www.aboutads.info/choices

In addition, some third-party businesses may provide a mechanism to opt-out of their technology. For more information about the opt-out process, you may visit the Network Advertising Initiative website, available at: http://www.networkadvertising.org/managing/opt_out.asp

Do Not Track: Your browser may allow you to adjust your browser settings so that “do not track” requests are sent to the websites that you visit. To determine whether any of the third-party services ISACA SCOTLAND uses honour the “Do Not Track” requests, please read their privacy policies.

Use, Sharing and Retention of Personal Information

How We Use Your Information.

ISACA SCOTLAND uses personal information for the purposes described at the time of collection, to provide membership benefits and other services to you, including order processing, or registering you for event or training programs, or registering you for reduced hotel price rates, and to otherwise process your requests or address your inquiries, and to report to others about whether you are certified or not. ISACA SCOTLAND also publishes the names, titles, and country and business affiliations of officers, committee members and others that have assisted with initiatives or projects to provide recognition of their achievements to the ISACA SCOTLAND community.  ISACA SCOTLAND also uses your information, as permitted by law, to provide you with information about ISACA INC, ISACA SCOTLAND, our services or other products and services in which we believe you may be interested. If you are a member or registered user, we may email you about products and services that we believe may be of interest to you. If you wish to opt-out of receiving these emails from us, please follow the instructions contained in an applicable email you receive from us, which will allow you to opt-out of receiving these types of email communications from us. We may also use your personal information to tailor your experience at our Sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to these preferences. ISACA SCOTLAND may also use this information to help us understand our members’ needs and interests, to better tailor our products and services to meet your needs.

How We Share Your Information with Third Parties.

Except as set forth in this Privacy Notice or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless ISACA SCOTLAND is required to share this information to complete your request or for legitimate business purposes. ISACA shares personal information in the following circumstances:

Third Party Service Providers.  We may share your information with vendors or third parties that deliver or provide goods and services or otherwise act on behalf of or at the direction of ISACA SCOTLAND.  These third parties may include, for example, our third-party technology providers, including training providers and partners, product-fulfilment companies, and third-party event hosts, hotels for conference registrants, sponsors, co-sponsors and exhibitors. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf. If you do not wish to have your information included in an attendee list or to receive information from sponsors, co-sponsors and/or exhibitors, you can express your preferences when you register for events or you may contact ISACA SCOTLAND directly at secretary@isaca-scotland.org.uk

Volunteers and Board Members. We may share your information with our affiliates, subsidiaries and ISACA SCOTLAND volunteers and board members for purposes of conducting ISACA SCOTLAND’s internal business operations.  ISACA SCOTLAND also makes publicly available the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects.

Other ISACA Organisations. We may share your information with ISACA Inc so that they may offer membership and associated services to you pursuant to your membership in our Chapter, the IT Governance Institute as well as ISACA Inc and ISACA SCOTLAND subsidiaries and affiliates to provide information regarding their programs and initiatives.

ISACA Events.     If ISACA SCOTLAND provides an event and you are an event attendee, speaker, or sponsor, certain items of your information may be included in the event roster, which will be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors.

If a conference is provided by ISACA Inc this will be made clear in advertising and registration materials

Further, by registering and attending an ISACA Inc or ISACA SCOTLAND event, including through Eventbrite and other third party sites, you agree irrevocably, with no compensation to you, that ISACA Inc, ISACA SCOTLAND or any third party who is acting on their behalf may create images, videos and/or sound recordings of you (“works”) at the event for marketing purposes. This grant of rights in the works also includes the rights to adapt, reproduce, distribute, perform, make available to the public, broadcast, retransmit or sublicense the works to ISACA Inc affiliates. This grant of rights in the works also includes all current and future media and is not restricted to time or territory.

Response to Subpoenas, Court Orders, Government Requests or to Protect Rights and to Comply with Our Policies.

To the extent permitted by law, we will disclose your information to government authorities or third parties if: (a) required to do so by law or regulation, or in response to a subpoena or court order or any other enforceable governmental request or order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (c) we believe that you have abused the Sites by using them to attack other systems or to gain unauthorised access to any other system, to engage in spamming or otherwise to violate applicable laws. You should be aware that, following disclosure to any third party, your information may be accessible by others to the extent permitted or required by applicable law.

Business Transfers; Bankruptcy. In the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets, any user information owned or controlled by us may be one of the assets transferred to third parties.. ISACA SCOTLAND will still ensure the confidentiality and security of any user information. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Notice.

Aggregate Information. We may share your information with affiliated or unaffiliated third parties on an anonymous, aggregate basis. While this information will not identify you personally, in some instances these third parties may be able to combine this aggregate information with other data they have about you, or that they receive from third parties, in a manner that allows them to identify you personally.

Where we do share your personal data with third parties, ISACA SCOTLAND takes steps to ensure that they use appropriate safeguards to protect your personal data

Legal Basis for The Processing of Personal Information.

Our processing of your personal information will be legitimised as follows:

(i) Whenever we require your consent for the processing of your personal information such processing will be justified pursuant to Article 6(1) lit. (a) of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). This article in the GDPR describes when processing can be done lawfully.

(ii) If the processing of your personal data is necessary for the performance of a contract between you and ISACA SCOTLAND or for taking any pre-contractual steps upon your request, such processing will be based on GDPR Article 6(1) lit. (b).”). If this data is not processed, ISACA SCOTLAND will not be able to execute the contract with you.

(iii) Where the processing is necessary for us to comply with a legal obligation, we will process your information on basis of GDPR Article 6(1) lit. (c), for example complying in the fields of employment law.

(iv) And where the processing is necessary for the purposes of ISACA SCOTLAND’s legitimate interests, such processing will be made in accordance with GDPR Article 6(1) lit. (f), for example to detect fraud.

Transferring Personal Data from the EU to the US:

ISACA Inc has its headquarters in the United States. Information ISACA SCOTLAND  collect from you may be processed in the United States and some ISACA SCOTLAND websites may be hosted by ISACA Inc in the USA

The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR). A finding of “adequacy” in short means that the European Commission has decided that this country outside the EEA ensures an adequate level of data protection. ISACA centrally relies on derogations as set forth in Article 49 of the GDPR as the United States has no “adequacy” decision and no other safeguards under the GDPR are in place (for example binding corporate rules on the transfer outside the EEA). In particular, ISACA SCOTLAND and ISACA centrally collects and transfers to the U.S. personal data only: with your explicit consent; to perform a contract with you; in a manner that does not outweigh your rights and freedoms. If this data is not processed and transferred, ISACA SCOTLAND will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction. ISACA SCOTLAND endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with ISACA SCOTLAND and the practices described in this Privacy Notice. ISACA SCOTLAND also minimises the risk to your rights and freedoms by not collecting or storing sensitive information about you.

If you wish to confirm that ISACA SCOTLAND is processing your personal data, or to have access to the personal data ISACA SCOTLAND may have about you, please contact us by email to secretary@isaca-scotland.org.uk.

Data Subject Rights

The European Union’s General Data Protection Regulation UK privacy laws provide certain rights for data subjects (these are persons that can be identified).

This Privacy Notice is intended to provide you with information about what personal data ISACA SCOTLAND collects about you and how it is used.

If you wish to confirm that ISACA SCOTLAND is processing your personal data, or to have access to the personal data ISACA SCOTLAND may have about you, or have other questions, please contact us by email to secretary@isaca-scotland.org.uk

You may also request information this process about:

  • the purpose of the processing;
  • the categories of personal data concerned;
  • who else outside ISACA SCOTLAND or ISACA Inc might have received the data from ISACA SCOTLAND;
  • what the source of the information was (if you did not provide it directly to ISACA SCOTLAND );
  • where the personal data is stored and how long it will be stored.

You have a right to correct (rectify) the record of your personal data maintained by ISACA SCOTLAND if it is inaccurate.

You may request that ISACA SCOTLAND erase that data or cease processing it, subject to certain exceptions.

You may also ask ISACA SCOTLAND for your personal data to be supplemented or updated, or for their transformation into anonymous format or to block any data held in violation of the law, as well as to oppose their treatment for any and all legitimate reasons.

You may withdraw your consent for the processing of personal data or the further processing of personal data by ISACA SCOTLAND at any time.

You may also request that ISACA SCOTLAND cease using your data for direct marketing purposes.

You have a right to lodge a complaint with the Information Commissioner if you have concerns about how ISACA SCOTLAND processes your personal data.

When technically feasible, ISACA SCOTLAND will—at your request—provide your personal data to you or transmit it directly to another controller. You have the right to receive your personal information in a structured and standard format.

In addition to the information contained in this Privacy Notice, you may be provided with additional and contextual information concerning particular services or the collection and processing of your personal data upon request.

Reasonable access to your personal data will be provided at no cost to ISACA SCOTLAND members, conference attendees and others upon request made to ISACA SCOTLAND by email to secretary@isaca-scotland.org.uk

If access cannot be provided within a reasonable time frame, ISACA SCOTLAND will provide you with a date when the information will be provided.

If for some reason access is denied, ISACA SCOTLAND will provide an explanation as to why access has been denied.

Security of Your Information.

ISACA SCOTLAND uses reasonable physical, technical and administrative measures to safeguard personal information you provide through the Sites or in connection with ISACA SCOTLAND’s products and services.  Please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, ISACA cannot guarantee or warrant the security of any information you transmit on or through the Sites and you do so at your own risk.

Collection, Storage, Retention and Destruction of Personal Data

Your personal data is collected with your agreement for the provision of information to you by ISACA SCOTLAND in relationship to ISACA Inc and ISACA SCOTLAND Chapter membership and their products and services

Your personal data is stored by ISACA SCOTLAND on servers owned by ISACA Inc  , and on the servers of the database management services ISACA and ISACA SCOTLAND  engages. ISACA SCOTLAND uses UK based providers while ISACA Inc servers and providers are located in the United States.

ISACA SCOTLAND retains data for the duration of the customer’s or member’s business relationship with ISACA SCOTLAND and otherwise as required under applicable law. Personal data will be kept for no longer than is necessary for the purposes for which your personal data are processed. We will retain your personal data as long as you are an ISACA SCOTLAND Chapter  member or require our services so that we can provide these services to you.

ISACA SCOTLAND has appropriate processes in place to destroy data at the moment you cancel your membership or withdraw your consent for the processing of your personal information, and all your personal data received and stored are erased if no longer needed by us unless we are required to retain this personal data by law or to comply with our regulatory obligations. In such a case, we will only keep this personal data for as long as necessary. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please email to secretary@isaca-scotland.org.uk.

How to Contact ISACA SCOTLAND and Modify Your Information or Preferences.

Questions regarding this Privacy Notice should be directed  by email to secretary@isaca-scotland.org.uk.

If you would like to modify the types of marketing email messages you receive from ISACA SCOTLAND , you may do so by following the instructions within the body of any email message that you receive from us.

To help us keep your personal information up to date, or to request access to the personal information ISACA SCOTLAND maintains about you, you may contact us by email to secretary@isaca-scotland.org.uk

Children.

ISACA SCOTLAND  is a professional membership association and the Sites are not directed to children under the age of 13. ISACA SCOTLAND does not knowingly collect personally identifiable data from persons under the age of 13

If you are a parent of a child under 13, and you believe that your child has provided us with information about him or herself, please contact us by email to secretary@isaca-scotland.org.uk

Modifications to this Privacy Notice.

From time to time, ISACA SCOTLAND  may need to update or modify this Privacy Notice, to reflect changes in our business practices, data collection practices or organisation. We reserve the right to amend this Privacy Notice at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice on the Sites, or, if you have provided your email address to us, sending you an email notifying you of the amended Privacy Notice. It is strongly recommended to check the Site often, referring to the date of the last modification listed at the top. We will in any case not reduce your rights under this Privacy Notice without your explicit and informed consent. If you do not agree to the changes, you should discontinue your use of the Sites, and cease providing personal information to us, prior to the time the modified Privacy Notice takes effect. If you continue using the Sites or provide personal information after the modified Privacy Notice takes effect, the modified Privacy Notice will bind you.

Questions, Concerns or Complaints

If you have any questions or concerns about this Privacy Notice, please contact ISACA SCOTLAND by email to secretary@isaca-scotland.org.uk