Privacy Notice – ISF Live
The Information Security Forum Limited (‘ISF’, ‘we’, ‘our’) is a global leader in Information Security and Information Risk Management, providing its Members with specialised tools, expert guidance on information security matters, topical research-based materials and access to peer Members through ISF discussion forums.
ISF events, including local chapters and the globally recognised World Congress provide attendees with unrivalled access to leading information security professionals, industry leading vendors and a unique opportunity to socialise and network with industry peers.
Based in the United Kingdom, company registration number 04822538, the ISF’s registered address is Information Security Forum Limited, Elder House St Georges Business Park, 207 Brooklands Road, Weybridge, Surrey, United Kingdom, KT13 0TS.
The purpose of this Notice
This Notice describes how we collect, use, share, retain and safeguard personal data. This Notice also explains our lawful basis when processing personal data, highlights your legal rights governing the processing of personal data and who you should contact if wishing to discuss the use of personal data.
What is Personal Data?
Personal data is information relating to an identified or identifiable natural person. Examples may include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special category data. This may be information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data and data concerning a person’s health, medical conditions, sex life or sexual orientation.
Personal data may also contain data relating to an individual’s criminal convictions and offences.
Personal Data we collect
In providing you with our services we will collect personal data about you. This may be information relating to your name and role, the name of your employer, employer provided contact details, information relating to your use of our online events and websites and finally, information you may provide when contributing to online discussions.
Why do we need your Personal Data?
Personal data is used to administer our business, your membership and our events, to respond to requests for information on our products, to provide you with access to our services, to aid Member collaboration, to resolve complaints, to market events and promotions, to inform you on new products and services, to aid and improve the user experience when accessing events and participating in online discussions.
Individuals set their marketing preferences within ISF Live, they can also set preferences when requesting ISF materials and when registering for events. Individuals are provided with several mechanisms for opting out from receiving marketing related information e.g. by clicking the unsubscribe option within emails, through the preferences settings or by emailing email@example.com.
You should understand some level of communication is necessary to help administer accounts and memberships, to inform on new services and up and coming events that we feel may be of benefit to you.
When will we collect Personal Data?
You may provide us with your personal data when requesting information on our events, when registering for and participating in ISF events, when browsing our website, when posting to online chat rooms and discussion forums or when contacting us with member related queries.
How do we collect your Personal Data?
We collect personal data when individuals complete contact and registration forms, via email and the telephone, when navigating our website and its features, through the post and when exchanging contact details.
Our relationship with you when processing Personal Data?
In most situations, the ISF is the controller of personal data, where the ISF determines the purpose of processing. In almost all situations, our service providers are processors of data, processing data under instruction from the ISF.
In some situations, service providers may collect personal data directly from you for their own purposes, in these situations the provider is required to inform you on their own data processing activities. Individuals can be assured service providers are contractually prohibited from using or sharing personal data for any purpose other than is necessary to administer events or as agreed with the ISF.
Individuals can be assured service providers are contractually prohibited from using or sharing
personal data for any purpose other than is necessary to administer events or as agreed with the ISF.
Data we share
We will only share (or provide access to) personal data with authorised third parties, including platform providers. This is necessary to administer our business, to facilitate Member events, to provide individuals with our services and to promote our services and products. Examples include:
- IT service providers;
- Event platform providers;
- Event organisers.
We may share personal data with the following 3rd party providers:
|Supplier Name||The purpose of processing||Controller / Processor relationship|
|TK Events Ltd||Platform provider||Joint Controller|
|BrightTalk Limited||Platform provider||Controller|
|Blackthorn||Platform provider||Joint Controller|
|Pardot||Email campaign manager||Processor|
|Vimeo||Video capture and streaming||Processor|
|Slido||Platform provider||Joint Controller|
|Beings||Creation and broadcasting of Congress digital recordings||Processor|
|Geiger||Distribution of Congress related merchandise||Processor|
|Advanced Communities||Salesforce Partner||Processor|
Our lawful basis for processing Personal Data
The following table details our lawful basis for processing personal data:
|Category of Individuals||Purpose of processing||Data used||Legal basis|
|Member and member organisations||To undertake relevant anti-money laundering, anti-corruption, anti-terrorism and identity checks and conflict checks to ensure we can act for you.||
|Member and member organisations||To aid in the delivery of our services including the managing of payments, fees and charges and collecting and recovering any money owed to us.||
|Members||To register individuals as new Members and to open a new file or matter for you.||
|Members||To manage our relationship with you including notifying you about changes to our services, contractual terms or this notice.||
|Members||To invite you to seminars, events and/or workshops and to manage your attendance at those activities.||
|Members, event speakers and contributors||Photographic materials, written materials and direct quotes when presenting at events, contributing to written articles and/or webinars.||
|Prospective Members||To provide prospective Members with information about us.||
|Public||To respond to requests for information on our services.||
The ISF will only ever use personal data for the purposes defined within this Notice.
We may share to organisations based outside the European Economic Area. This is necessary to provide you with our online events. The ISF fully complies with EU and UK international data transfer requirements when transferring data outside the European Economic Area. The Information Security Forum is not responsible for data that some third parties collect directly from you for example:
- Information an accommodation provider may collect when you check-in;
- Information you may provide directly to a sponsor / vendor when attending events i.e. when exchanging contact details or allowing your name badge to be scanned.
How long do we need to retain your data for?
Personal data may be retained for up to 7 years from the date of any last communication with the ISF. This is necessary for the purposes of the ongoing administration of our business or if needing to defend ourselves from legal claims, disputes and other complaints. We may need to retain personal data for longer if legal proceedings are ongoing or have occurred.
Protecting your Personal Data
We will take all appropriate technical, organisational and physical steps to protect the confidentiality, integrity and availability of personal data, including when sharing data with authorised third parties.
As set out by the EU’s General Data Protection Regulations 2016/679 and the United Kingdom’s Data Protection Act 2018, you are provided with legal rights governing the processing of your personal data, these rights are known as Individual Rights. These are:
- The right to be informed on the collection and use of your personal data;
- The right of access to the personal data we hold about you;
- The right to rectification of the data if inaccurate or incomplete;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object to the processing of your personal data; and
- Rights related to automated decision-making including profiling.
If exercising the right of access, we are entitled to charge a reasonable fee to cover administrative costs if we believe the request to be excessive or repetitive.
In certain situations, we maintain the right to reject requests, for example we can refuse a request to erase personal data if we need this data to aid in the defence of legal claims or disputes or to help resolve complaints or as part of any contractual obligation. We may also reject requests if we believe them to be unfounded, excessive or repetitive.
Further information on your rights can be obtained from the United Kingdom’s Information Commissioner’s Office.
Please contact us if wishing to complain on any aspect of the processing of your personal data. You also have the right to complain to the Information Commissioner by writing to:
The Information Commissioner’s Office
Or by telephoning: 0303 123 1113
How to contact us
If you have any questions re the processing of your personal data or if you require more information on your Individual Rights, please write to:
The Data Protection Officer
Information Security Forum
You can also contact us via email at firstname.lastname@example.org or by calling +44 (0)203 875 6868.