Modifications to this Policy
ISACA International is located in the United States (state of Illinois). If you are providing personally identifiable information and are not a resident of the United States, your country’s laws governing data collection and use may differ from those in the United States, in particular, the U.S. may not provide the same level of protections as those in your own country. By providing information to ISACA, you are transferring your personal data to the United States, and you consent to the transfer to, retention of and processing of your data in the United States.
Collection of Personally Identifiable Information
ISACA collects and maintains a variety of personally identifiable information, including email addresses, phone numbers, credit card and other payment information, business and home addresses, as well as demographic information such as courses or areas of study in which you may be interested. ISACA collects information directly from you through, for example, online registration forms, as well as offline, through exam or event registration forms. Information is collected and maintained from members, exam candidates, those who have been certified by ISACA, applicants, event attendees, speakers, participants in ISACA programs, purchasers of ISACA products and services, current and past web site users, survey respondents, and others. To the extent that information requested is not required for your participation in a given ISACA program, you will be told which information is optional. Should you fail to provide optional information, certain ISACA programs or features may not be available to you.
ISACA may also maintain information about you that you do not directly provide, whether it is information received from third parties, such as business partners who provide exam administration services, or information ISACA collects about your activities. For example, ISACA keeps track of which events you have attended, which exams you have taken, which boards and committees you have served on, and which offices you have held.
Passive Online Data Collection
Online Professional Networking Features – Public Display of Information
Online web site users should be aware that our professional networking features are public in nature, thus any contributions and postings you make to our Sites will be viewable by other web site users, and will be associated with the personally identifiable information in your public profile (which includes your name, user name, and other optional information you may choose to include). If you decide to participate in our professional networking features, keep in mind that your personally identifiable information (for example, your name and online name), along with any substantive information you disclose in the communication you decide to post, will be publicly accessible and viewable by others who visit that area. In addition, we may highlight certain users’ postings or contributions to other members of the professional networking features. For example, those who participate actively in our social networking features, like contributing materials and engaging in certain online activities, will be listed as “active members” in a roster that is viewable by all other registered users. It is possible that your posting may result in unsolicited messages from third parties. Such activities are beyond the control of ISACA, and ISACA makes no guaranties about the discoverability of your identity.
Use, Sharing and Retention of Personally Identifiable Information
ISACA uses personally identifiable information for the purposes described at the time of collection or as otherwise described to you, to process your requests, and to report to others about whether you are certified or not. ISACA also publishes the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects. ISACA also uses your information, as permitted by law, to provide you with information about ISACA, our products and services or other products and services in which we believe you may be interested, or for other legitimate ISACA business purposes, including order processing, processing of certification or membership applications, or registering you for event or training programs. We may also use your personally identifiable information to tailor your experience at our sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to such preferences.
ISACA may share personally identifiable information with third parties for legitimate business purposes, including for the following reasons or in the following circumstances:
- To vendors or third-parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of ISACA, which third parties include, for example, exam testing agencies and training providers and partners, product-fulfillment companies, third-party event hosts, other third parties who may provide services on web sites that are accessible from links on one of our Sites, and credit card companies processing payment;
- To ISACA volunteers and board members;
- To ISACA chapters, the IT Governance Institute, and if you participate in our “Enterprise Participation Program,” your information will be shared with your organization’s program coordinator;
- If you are an event attendee, speaker, or sponsor, certain of your information will be included in the event roster, which roster will be publicly disclosed, and may also be shared with third-party event sponsors and exhibitors;
- If you use our Career Center services, your information may be accessible to potential employers or recruiters;
- To those who wish to determine if you are certified, your certification status will be shared with those who inquire;
- To investigate potentially fraudulent or questionable activities;
- In anticipation of and in the course of an actual or potential sale, reorganization, consolidation, merger, or amalgamation of all or part of our business or operations; and
- When we believe it is necessary to cooperate with law enforcement or in response to a government request, including if specifically requested or required, as otherwise permitted by law, and for other valid ISACA business purposes.
ISACA also may use your profile information on an aggregate basis – without personal identifiers – to provide third parties with information, such as to help us develop new features and content for the Sites, and to provide Sponsors and others with aggregate information about our users and the usage patterns of the Sites.
ISACA retains personally identifiable information for as long as necessary for its legitimate business purposes, and as otherwise permitted by applicable law.
ISACA uses reasonable measures to safeguard sensitive personally identifiable information, which measures are appropriate to the type of information maintained, and follows applicable laws regarding safeguarding any such information under our control. In addition, in some areas of our Sites, ISACA may use Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information under ISACA control.
ISACA cannot guarantee, however, that your information will remain secure. The Internet by its nature is a public forum, and ISACA encourages you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure.
Links to Third-Party Sites
Our site may also serve third party ads or other content that contains their own cookies or tracking technologies. To learn more, click here . We do not control the use of those technologies.
Your Privacy Rights Relating to Certain Information Disclosures
If you have an established business relationship with us you may request from us a list of the categories of personal information we have disclosed to third parties for those third parties’ marketing purposes, and a list of all third parties to whom we have shared that information. We will include in that list the names and addresses of the third parties who received the information and used it (or who we believe may have used it) for their own marketing purposes.
To exercise your rights, you may make one request each year by emailing us at firstname.lastname@example.org or writing us at the address listed in the “How to Contact ISACA and Modify Your Information Preferences” section below. Indicate in your letter that you are making a “Shine the Light” inquiry. Responses to requests sent to this email address or the mailing address listed below will be provided within 30 days.
How to Contact ISACA and Modify Your Information or Preferences
To help us keep your personal information up to date, or to request access to the personal information ISACA maintains about you, you may contact us at 3701 Algonquin Road, Suite 1010, Rolling Meadows, Illinois, 60008, USA or by fax to +1.847.253.1443. Or, if you are a registered user of one of our Sites, you may go online to your personal profile and update your information in that area.
ISACA does not believe its Sites are appealing to children, nor are they directed to children under 13. ISACA does not knowingly collect personally identifiable data from persons under the age of 13, and strives to comply with the provisions of COPPA (The Children’s Online Privacy Protection Act). If you are a parent of a child under 13, and you believe that your child has provided us with information about him or herself, please contact us at email@example.com.
We Use Common Tracking Technologies
We collect personal information about users over time and across different web sites when you use this site or service. We also have third parties that collect personal information this way. To do this, we use several common tracking tools. These may include browser cookies. We may also use web beacons, flash cookies, and similar technologies. Our vendors may also use these tools. In this policy “we” and “us” refers to both ISACA and our vendors.
We Use Tracking Technologies For a Variety of Reasons
- To recognize new visitors to our web sites.
- To recognize past customers.
- To store your password if you are registered on our site.
- To improve our website and better understand your visits on our platforms.
- To integrate with third party social media websites.
- To serve you with interest-based or targeted advertising (see below for more on interest-based advertising).
- To observe your behaviors and browsing activities over time across multiple websites or other platforms.
- To better understand the interests of our customers and our website visitors.
We Engage in Interest-Based Advertising
We and our partners display interest-based advertising using information gathered about you over time across multiple websites or other platforms. This might include apps.
Interest-based advertising or “online behavioral advertising” includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your browsing habits or online activities. These ads might be served on websites or on apps. They might also be served in emails. We might serve these ads, or third parties may serve ads. They might be about our products or other companies’ products. Where legally required we get consent to engage in interest-based advertising.
How Do We Gather Relevant Information About You for Interest-Based Advertising?
To decide what is relevant to you, we use information you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our partners might look at your purchases or browsing behaviors. We might look at these activities on our platforms or the platforms of others. We work with third parties who help gather this information.
You Can Control Certain Tracking Tools
Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. To find out more about how to enable, disable, or delete cookies from your web browser, please visit here and here. To control flash cookies, which we may use on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.
Our Do Not Track Policy: Some browsers have a “Do Not Track” feature that allows you to tell a web site not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain functionality on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop. Certain options you select are browser and device specific.
You Can Opt-Out of Online Behavioral Advertising
The Self-Regulatory Program for Online Behavioral Advertising provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes. To opt out of having your online behavior collected for advertising purposes, visit www.aboutads.info/choices.
Some of the tracking technologies we may use do not participate in the Self-Regulatory Program for Online Behavioral Advertising. This means you will not be opted out by following the instructions above. Instead, click on the following link to get more information about how to opt-out of that tracker’s cookies: Twitter. Certain choices you make are both browser and device-specific.
We Use Specific Tracking Technologies
Here is more information about the tracking technologies and cookies we currently use on www.ISACA.org. We use all of these tracking technologies to improve our site and the experience of our visitors:
- Adobe Dynamic Tag Management and Omniture (Adobe Analytics): We use Adobe Analytics to track user behavior, traffic analysis and marketing optimization.
- Adobe Test & Target: Adobe Test & Target is a testing and optimization tool that allows us to create different variations of our websites so we can track the effectiveness of and traffic on each one. This also allows us to use information about your web-browsing activities so we can increase the effectiveness of our web pages.
- Bing Ads: Bing Ads allows us to have our advertisements appear at the top of the results page for certain search engines. We also use this tool to track visitors that click on our ads and visit our site. This helps us direct users to our website and determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- DoubleClick: DoubleClick allows us to capture and report on the actions of users who visit our website after viewing or clicking on one of our paid ads. This allows us to determine the effectiveness of our online campaigns in terms of both sales and user activity on our sites.
- Facebook Connect: We use this technology to allow users to share their experiences with our websites on Facebook and to track visitors to our sites who have interacted with our ads or posts on Facebook. For example, we may collect your browser information, demographic data, and interaction data. This allows us to determine the effectiveness of our marketing efforts on Facebook.
- Facebook Custom Audience: We use Facebook Custom Audience to deliver ads on Facebook to a certain group of users.
- Google AdWords Conversion: We use conversion tracking to help us understand how effective our digital campaigns are.
- Google Analytics: We use Google Analytics to collect information about how visitors use our website. For example, we collect details of the site where the visitor has come from and the total number of times a visitor has been to our website. This allows us to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites. Google Dynamic Remarketing: We use these tracking tools to track user behavior over time and across third party sites to improve the effectiveness of our online advertising. We collect information about what ads users view and whether they click on the ads. We use this information to improve and customize our advertising.
- Google Tag Manager: We use Google Tag Manager to measure what features on our site are interesting to our users. It also helps us understand what portions of our site users clicked on during a certain time and how users arrived on our site. This allows us to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- New Relic: This cookie is used to track website performance and user sessions on our website. For more information about how to opt-out of New Relic cookies, you can go here.
- Optimizely: We use these tracking tools to collect information about user preferences on our sites. This tool allows us to create different variations of our websites so we can track traffic on each one. We may use this information to improve the site’s performance and customize user experiences. For more information about how to opt-out of Optimizely cookies, you can go here.
- Twitter: Twitter is an online social networking service that enables users to send and read short messages. We use the Twitter cookies to enable social sharing buttons on our sites, as well as to track social media and other web browsing behavior in order to target ads and promotions to your interests. For more information on how to opt-out of Twitter cookies, you can go here.
- Silverpop: We use this tool to track users that have interacted with our email communications and visited our website. We may use this information to improve our emails and customize user experiences. We also use information collected through this tool to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- LinkedIn: We use LinkedIn cookies to enable social sharing buttons on our sites, as well as to track social media and other web browsing behavior in order to target ads and promotions to your interests.]