1. Introduction & General Terms

Information Systems Security Association UK Chapter (ISSA-UK) is committed to protecting your (and your team’s) personal information when you are using ISSA-UK services or participating in events. We want our services and events to be safe and enjoyable environments for our participants and users. This Privacy Policy relates to our use of any personal information you provide to us via our websites, phone, text, email, online or in letters, or any other correspondence.

This policy does not cover any personal information collected or shared by the Information Systems Security Association International organisation at www.issa.org (ISSA-INTL).

In order to provide you with the full range of ISSA-UK services, we sometimes need to collect information about you, and where you are sponsoring an event or participating in an event we will need to collect significant personal data to facilitate your involvement.

This Privacy Policy explains the following:

  • what information ISSA-UK may collect about you
  • how ISSA-UK will use information we collect about you
  • when ISSA-UK may use your details to contact you
  • whether ISSA-UK will disclose your details to anyone else
  • your choices regarding the personal information you provide to us

ISSA-UK is committed to safeguarding your personal information and we try to avoid collecting information where practical. Whenever you provide such information, we are legally obliged to use your information in line with all laws concerning the protection of personal information, including the Data Protection Act 1998 and EU General Data Protection Regulation (these laws are referred to collectively in this Privacy Policy as the “data protection laws”).

  1. What information will ISSA-UK collect about me?

When you participate in, access or sign up to any of ISSA-UK’s services, events, activities or online content (such as newsletters, competitions, live chats, message boards, votes), or register for an ISSA-UK event we may receive personal information about you.

This can consist of information such as your name, email address, telephone, mobile number, and membership information (dates and status) depending on the activity. We may at times collect demographic data such as industry sector, title, region or city.

By submitting your details, you enable ISSA-UK to provide you with the services, events, activities or online content you select.

We do not knowingly or intentionally collect what is commonly referred to as “sensitive personal information”. Please do not submit sensitive personal information about you to us.

  1. What information do we get from ISSA-INTL?

When you register with the ISSA-INTL, they will capture your personal information to process your membership. The ISSA-UK receives from ISSA-INTL a list of registered UK Chapter members. ISSA-UK may use this from time to time to contact you about the services we offer in the UK. We do not use this information in any other way.

  1. How will ISSA-UK use the information it collects about me?

ISSA-UK will use your personal information for a number of purposes including the following:

  • to provide our services, events, activities or online content and to deal with your requests and enquiries
  • for “service administration purposes”, which means that ISSA-UK may contact you for reasons related to the service, event, activity or online content you have signed up for, as set out in section 5 below (e.g.to notify you that a particular service, event, activity or online content has been suspended, updated or cancelled, or to provide details of such)
  • To fulfil legal obligations under the laws of England and Wales.
  • to contact you about a submission you have made, including any content you provide
  • to provide you with information about our services, events, activities or online content
  • to personalise the way ISSA-UK content is presented to you
  • to use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits and to determine where you are accessing the services from
  • to analyse and improve the services offered on ISSA-UK websites
  • to understand the type of and industry domains of our participants to help planning, content decisions and location of events
  1. When will ISSA-UK contact me?

ISSA-UK may contact you:

  • in relation to any service, event, activity or online content you have signed up to
  • in relation to any correspondence we receive from you or any comment or complaint
  • in relation to any contribution you have submitted to or about ISSA-UK and our services, events and activities, including online blog posts, tweets or other media
  • to invite you to participate in surveys about ISSA-UK services
  • for sending of information relevant to the operations of the ISSA-UK and sponsorship of our events
  1. Will ISSA-UK share my personal information with anyone else?

We will keep your information confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies) or as described in section 7 below.

We will only use your information within ISSA-UK and we do not share it with any 3rd parties without your explicit permission.

ISSA-UK uses 3rd Party solutions such as Google G Suite, Eventbrite, and Mailchimp. We strive to only use services that have a compatible privacy policy. In some cases, the data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). By submitting your personal data, you agree to this transfer and storage. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

  1. Offensive or inappropriate content at ISSA-UK events or on websites

If you post or send offensive, inappropriate or objectionable content anywhere on or to ISSA-UK websites or otherwise engage in any disruptive behaviour on any ISSA-UK service, ISSA-UK may use your personal information to stop such behaviour.

Where ISSA-UK reasonably believes that you are or may be in breach of any applicable laws (e.g. because content you have posted may be defamatory), ISSA-UK may use your personal information to inform relevant third parties such as your employer, Internet provider or law enforcement agencies about the content and your behaviour.

  1. What if I am a user aged 18 or under?

If you are aged 18 or under, please contact us so we can best guide you. You will need to obtain a parent/guardian’s permission before you provide any personal information to ISSA-UK. Users without this consent are not allowed to provide us with personal information.

  1. How long will ISSA-UK keep my personal information?

We will hold your personal information on our systems for as long as is necessary for the relevant service, event or activity, or as long as is set out in any relevant contract you agreed with ISSA-UK, or according to ISSA-UK’s retention schedule. If you cancel your registration your account personal data is deleted and a flag goes against any remaining personal information which stays on the system for up to a period of one year for administration purposes before being deleted.

If you register for a service, event or activity we will retain your details until all obligations under the contract have been discharged and for a minimum of four months following that date for administration purposes before being deleted during a period of up to one year.

Where you contribute material to ISSA-UK we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted. For example, we will only keep copies of entries to an event for the duration of the event. However other information (e.g. posts to blogs or other websites) are likely to have a longer, or even permanent, duration.

Links and References

ISSA International, their privacy policy is here

Link to ICO

Link to the GDPR Text