About us

The ISF Live website is operated by the Information Security Forum Limited (ISF), company registration number 04822538. Our registered address is: Information Security Forum Limited, Elder House St Georges Business Park, 207 Brooklands Road, Weybridge, Surrey, United Kingdom, KT13 0TS.

The purpose of this Notice

This Notice describes how we collect, use, share, retain and safeguard personal data. This Notice also explains our lawful basis when processing personal data, highlights your legal rights governing the processing of personal data and who you should contact if wishing to discuss the use of personal data.

What is Personal Data?

Personal data is information relating to an identified or identifiable natural person. Examples may include an individual’s name, age, address, date of birth, gender and contact details. Personal data may contain information which is known as special category data. This may be information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data and data concerning a person’s health, medical conditions, sex life or sexual orientation. Personal data may also contain data relating to an individual’s criminal convictions and offences.

Personal Data we collect

In providing you with our services we will collect personal data about you. This may be information relating to your name, your role, photographic materials, the name of your employer, employer provided contact details and information relating to your use of our website. If registering for our events, we may collect special category data relating to your medical health and medical conditions.

Why do we need your Personal Data?

Personal data is used to administer our business, your membership and our events, to respond to requests for information on our products, to provide you with access to our services, to aid member collaboration, to meet dietary and accessibility requirements when attending events, to resolve complaints, to market events and promotions, to inform you on new member provided products and services and to aid and improve the user experience when accessing this website and using its features. You can set your marketing preferences within ISF Live, you can also opt-out from receiving marketing related information by emailing info@securityforum.org. You should understand some level of communication is necessary with you to help administer your membership and to inform you on new member services, website features and events that we feel may be of benefit to you.

When will we collect Personal Data?

You provide us with your personal data when requesting information on our services and when purchasing, using and registering for our services, when browsing our website, when attending events, when posting items to member-only discussion forums and when commenting on articles posted on our forums or when contacting us with member related queries.

How do we collect your Personal Data?

We collect personal data when communicating via email and the telephone, through the post, when using our website and its features, when exchanging contact details and when completing purchase orders and contact and registration forms.

Personal Data we share

We will only share (or provide access to) personal data with authorised third parties. This is necessary to administer our business, to facilitate member events, to provide you with our services and to market our services and products. Examples include: − IT service providers; − Accommodation providers; − Venue hosting providers; and − Event organisers. We may share personal data with the following third parties, where their products help us to administer the ISF Live web site and our organisation:

Supplier Name The purpose of processing Controller/Processor relationship
Salesforce Customer relationship Processor
Blendr NV Integration provider Processor
ExpoPlatform Limited Event management provider Processor
Refractiv Limited Benchmark hosting provider Processor
CRMG Consulting services Controller
Pardot Email marketing provider Processor
TK Events Inc. Event management provider Processor

 

Our lawful basis for processing Personal Data

The following table details our lawful basis for processing personal data:

Category of Individuals Purpose of processing Data used Legal basis
Member and member organisations To undertake relevant anti-money laundering, anticorruption, anti-terrorism and identity checks and conflict checks to ensure we can act for you. ·       Identity

·       Contact

·       Financial

·       Performance of a contract

·       Legal obligation

Member and member organisations To aid in the delivery of our services including the managing of payments, fees and charges and collecting and recovering any money owed to us. ·       Identity

·       Contact

·       Financial

·       Performance of a contract

 

Members To register individuals as new members and to open a new file or matter for you. ·       Identity

·       Contact

 

·

·       Performance of a contract

·

Members To manage our relationship with you including notifying you about changes to our services, contractual terms or this notice. ·       Identity

·       Contact

 

·       Performance of a contract

 

Members To invite you to seminars, events and/or workshops and to manage your attendance at those activities. ·       Identity

·       Contact

 

·      Legitimate interests – to grow and expand our business.

 

Members, event speakers and contributors Photographic materials, written materials and direct quotes when presenting at events, contributing to written articles and/or webinars. ·       Identity

·       Contact

 

·   Consent

·   Performance of a contract

·   Legitimate interest

Prospective Members To provide prospective members with information about us. ·       Identity

·       Contact

 

·    Legitimate interests – to enable us to respond to requests for information
Public To respond to requests for information on our services ·       Identity

·       Contact

 

·    Legitimate interests – to enable us to respond to requests for information

The ISF will only use personal data for the purposes defined within this Notice. We will contact you if a requirement exists to process personal data for compatible additional purposes.

International transfers

We may share to organisations based outside the European Economic Area. This is necessary to help facilitate ISF events, to arrange accommodation and to administer regional chapter events. The ISF fully complies with EU and UK international data transfer requirements when transferring data outside the European Economic Area. The Information Security Forum is not responsible for data that accommodation providers collect directly from you for example:

–  Information an accommodation provider may collect when you check-in

–  Information you may provide directly to a chapter agent

–  Information you may provide directly to a sponsor / vendor when attending events i.e. when exchanging contact details or allowing your name badge to be scanned.

How long do we need to retain your data for?

Personal data may be retained for up to 7 years from the date of the last communication with the Information Security Forum. This is necessary for the purposes of the ongoing administration of our business or if needing to defend ourselves from legal claims, disputes and other complaints. We may need to retain personal data for longer if legal proceedings are ongoing.

Protecting your Personal Data

We will take all appropriate technical, organisational and physical steps to protect the confidentiality, integrity and availability of personal data, including when sharing data with authorised third parties.

Individual Rights

As set out by the EU’s General Data Protection Regulations 2016/679 and the United Kingdom’s Data Protection Act 2018, you are provided with legal rights governing the processing of your personal data, these rights are known as Individual Rights. These are:

– The right to be informed on the collection and use of your personal data;

– The right of access to the personal data we hold about you;

– The right to rectification of the data if inaccurate or incomplete; – The right to erasure;

– The right to restrict processing;

– The right to data portability;

– The right to object to the processing of your personal data; and

– Rights related to automated decision-making including profiling.

If exercising the right of access, we are entitled to charge a reasonable fee to cover administrative costs if we believe the request to be excessive or repetitive.

We also maintain the right to reject requests under some certain situations, for example if we receive a request to erase personal data and we need to retain this data if needing to defend ourselves from legal claim or dispute, if needing to respond to complaints or if needing to fulfil ongoing contractual obligations. We may also reject requests if we believe them to be unfounded, excessive or repetitive.

Further information on your rights can be obtained from the United Kingdom’s Information Commissioner’s Office.

Complaints

Please contact us if wishing to complain on any aspect of the processing of your personal data. You also have the right to complain to the Information Commissioner by writing to:

The Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow Cheshire

SK9 5AF

 

Or by telephoning: 0303 123 1113

 

How to contact us

If you have any questions re the processing of your personal data or if you require more information on your Individual Rights, please write to:

The Data Protection Officer

Information Security Forum

10 Eastcheap

London

EC3M 1AJ

 

You can also contact us via email at info@securityforum.org or by calling +44 (0)203 875 6868.