The Information Security Forum (ISF) understands that your privacy is important to you and that you care about how your personal data is used. We respect and value the privacy of all our Members and will only collect and use personal data in ways that are described here, and in a way that is consistent with our obligations and your rights under the law.
Information Security Forum.
www.isflive.org is operated by the Information Security Forum Limited, a UK Limited company registered in England under company number 04822538.
Some important details about us:
Our registered address is:
Information Security Forum Limited
Our VAT number is GB 606 0386 62.
This Privacy Notice provides a high-level overview of how we use your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data. More detailed information about how we use your personal data can be found in other layers of our privacy notices.
Personal data is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simple terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
The personal data that we use is set out in Part 5, below.
You have the following data protection rights, which we will always work to uphold:
a) The right to be informed about our collection and use of your personal data. This Privacy Notice should tell you everything you need to know, but you can always contact us to find out more or to ask any questions using these details firstname.lastname@example.org.
b) The right to access the personal data we hold about you. Part 8 will tell you how to do this.
c) The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Part 9 to find out more.
d) The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Part 9 to find out more.
e) The right to restrict (i.e. prevent) the processing of your personal data.
f) The right to object to us using your personal data for a particular purpose or purposes.
g) The right to data portability. This means that you can ask us for a copy of your personal data held by us to re-use with another service or business in many cases.
Further information about your rights can also be obtained from the Information Commissioner’s Office.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office:www.ico.org.uk.
The table below describes a summary of the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this.
|Purpose (Reasons why we use your personal information)||Personal information used||Lawful basis|
|If your organisation is an ISF Member you can access ISF Live, where we provide you with membership services, cyber, information security and risk management content, consultancy services, online collaboration and networking and the like.||All contact details, download information, records of your interactions with us, and marketing preferences.||On the basis of the Membership contract agreement.|
|For the purposes of promoting ISF events, products, surveys and services, as described in the Membership Agreement.||Contact lists and participation lists.||Where you have given us your consent to do so.|
|To administer any membership account(s) your organisation has with us, to manage our relationship with you, to deal with payments and any support, service or product enquiries made by you.||All contact and membership details, transaction and payment information, records of your interactions with us, and marketing preferences, necessary to enable us to manage and administer your organisation’s membership agreement with us.||On the basis of the Membership contract agreement.|
|To arrange and manage any contracts for the provision of any merchandise, products and/or services.||All contact and membership details, transaction and payment information, necessary to enable us to administer and perform any contract for the provision of merchandise/products/services.||Contract.|
|To publish resources on our website or through our services.||Publication data, relevant contact and membership details.||Where you have given us consent to do so.|
|Retention of records.||All the personal information we collect.||On the basis of our legal obligation as a Membership organisation to retain records.|
|To refine our services and offerings to better tailor them to your needs to market other services the ISF offers that may assist you and our Member organisations.||Records of your interest in our products and services, and attendance at ISF events and webinars.||Where you have given us your consent to do so.|
|For the purpose of monitoring use of ISF Live (“usage data”) and improving our website and services.||Account data, IP address, geographical location, browser type and version, operating system, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.||Our legal basis for this processing is legitimate interest.|
|The security of our IT systems.||Your usage of our IT systems and online portals.||We have a legal obligation from various laws to ensure that our IT systems are secure e.g. EU General Data Protection Regulation.|
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Based on your personal communication preferences specified in ISF Live, we will disable your account and no longer contact you 15 months from your last login to the system.
For the purposes described above, the organisations we work with who are acting as our data processors are:
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 9. To make this as easy as possible for you, a Subject Access Request Form is available for you to use. You do not have to use this form, but it is the easiest way to tell us everything we need to know to respond to your request as quickly as possible.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 30 days and, in any case, not more than one month of receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
To contact us about anything to do with your personal data and data protection, including to make a subject access request, please use the following details (for the attention of the ISF Data Protection Officer):
Email address: email@example.com.
Telephone number: +44 (0)203 875 6868
Postal address: 10 Eastcheap, Monument, London, EC3M 1AJ
Registered address: Information Security Forum Limited, 42-50 Hersham Road, Walton-on-Thames, Surrey, KT12 1RZ, United Kingdom
We may change this Privacy Notice from time to time. This may be necessary, for example, if the law changes, or if we change our business in a way that affects personal data protection.
Any changes will be made available at the earliest opportunity in ISF Live.