Privacy Notice

About us
This website is operated by the Information Security Forum Limited (ISF), company registration number 04822538. Our registered address is: Information Security Forum Limited, Elder House St Georges Business Park, 207 Brooklands Road, Weybridge, Surrey, United Kingdom, KT13 0TS


The purpose of this Notice
This Notice describes how we collect, use, share, retain and safeguard personal data. This Notice also explains our lawful basis when processing personal data, highlights your legal rights governing the processing of personal data and who you should contact if wishing to discuss the use of personal data.


What is Personal Data?
Personal data is information relating to an identified or identifiable natural person. Examples may include an individual’s name, age, address, date of birth, gender and contact details.

Personal data may contain information which is known as special category data. This may be information relating to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data and biometric data and data concerning a person’s health, medical conditions, sex life or sexual orientation.

Personal data may also contain data relating to an individual’s criminal convictions and offences.


Personal Data we collect

When communicating with us or where we provide you with our services we will collect personal data about you. This may be information relating to your name, your role, the name of your employer, photographic materials, personal and employer provided contact details and information relating to your use of our website.

If registering for our events, we may collect special category data relating to dietary and mobility requirements.


Why do we need your Personal Data?

Personal data is used to administer our business and our events, to respond to requests for information, to provide you with access to our services, to meet dietary and accessibility requirements when attending events, to resolve complaints, to market events and promotions, to inform on new services and to aid and improve the user experience when accessing this website and using its features. Please see our cookie notice for further details on cookies being used.

We will request your consent to market our services and events to you. You can opt-out from receiving marketing related information by emailing

You should understand some level of communication is necessary with you to help to administer your relationship with us.


When will we collect Personal Data?

You provide us with your personal data when requesting information on our services and events, when registering and using our services and when browsing our website.


How do we collect your Personal Data?

We collect personal data when communicating via email and the telephone, through the post, when individuals browse our website and use its features, when exchanging contact details and when completing purchase orders and contact and registration forms.


Personal Data we share

We will only share (or provide access to) personal data with authorised third parties. This is necessary to administer our business, to facilitate ISF events, to provide you with our services and to market our services and products. Examples include:

  • IT service providers;
  • Venue hosting providers;
  • Sponsors; and
  • Event organisers.

The following third party suppliers provide us with services that allow us to administer this website and the services we provide:

Supplier Name The purpose of processing Controller / Processor relationship
Salesforce EMEA Limited Customer relationship management Processor
WPE Engine Website hosting provider Processor
Grandad Website support providers Processor
BrightTalk Limited Webinar staging provider Controller
Blackthorn Event management platform Processor
Cloudshift Salesforce Partner Processor
Advanced Communities Salesforce Partner Processor
Rapidswitch Hosting provider Processor


Our lawful basis for processing Personal Data

The following table details our lawful basis when processing personal data:

Category of Individuals Purpose of processing Data used Legal basis
Member and member organisations To undertake relevant anti-money laundering, anti-corruption, anti-terrorism and identity checks and conflict checks to ensure we can act for you.
  • Identity
  • Contact
  • Financial
  • Performance of a contract
  • Legal obligation
Member and member organisations To aid in the delivery of our services including the managing of payments, fees and charges and collecting and recovering any money owed to us.
  • Identity
  • Contact
  • Financial


  • Performance of a contract


Members To register individuals as new members and to open a new file or matter for you.
  • Identity
  • Contact


  • Performance of a contract


Members To manage our relationship with our members including notifying members about changes to our services, contractual terms or this notice.
  • Identity
  • Contact


  • Performance of a contract



Members, event speakers and contributors Photographic materials, written materials and direct quotes when presenting at events, contributing to written articles and/or webinars.
  • Identity
  • Consent
  • Performance of a contract
  • Legitimate interest
Members, Public and Perspective Members To invite individuals to seminars, events and/or workshops and to manage attendance at those seminars, events and/or workshops.
  • Identity
  • Contact


  • Performance of a contract
  • Legitimate interests – to grow and expand our business
Prospective Members To provide prospective members with information about us.
  • Identity
  • Contact
  • Legitimate interests – to enable us to respond to requests for information
Public To provide ISF research and other materials and to provide information on our services.
  • Identity
  • Contact
  • Legitimate interests – to enable us to respond to requests for information
  • Consent

The ISF will only use personal data for the purposes defined within this Notice. We will contact you if an additional requirement to process personal data for an alternative compatible means occurs.


International transfers
We may share to organisations based within and outside the European Economic Area. This is necessary to help facilitate ISF events, to arrange accommodation and to administer regional chapter events. The ISF fully complies with EU and UK international data transfer requirements when transferring data outside the European Economic Area. The Information Security Forum is not responsible for data that accommodation providers collect directly from you for example:

  • Information an accommodation provider may collect when checking-in;
  • Information you may provide directly to a chapter agent; and
  • Information you may provide directly to a sponsor / vendor when attending events i.e. when exchanging contact details or allowing your name badge to be scanned.


How long do we need to retain your data for?
Personal data may be retained for up to 7 years from the date of any last communication. This is necessary for the purposes of the ongoing administration of our business or if needing to defend ourselves from legal claims, disputes and other complaints. We may need to retain personal data for longer if legal proceedings are ongoing.


Protecting your Personal Data

We will take all necessary technical, organisational and physical steps to protect the confidentiality, integrity and availability of personal data, including when sharing data with authorised third parties.


Individual Rights
As set out by the EU’s General Data Protection Regulations 2016/679, UK GDPR and the United Kingdom’s Data Protection Act 2018, you are provided with legal rights governing the processing of your personal data, these rights are known as Individual Rights. These are:

  • The right to be informed on the collection and use of your personal data;
  • The right of access to the personal data we hold about you;
  • The right to rectification of the data if inaccurate or incomplete;
  • The right to erasure;
  • The right to restrict processing;
  • The right to data portability;
  • The right to object to the processing of your personal data; and
  • Rights related to automated decision-making including profiling.

If exercising the right of access, we are entitled to charge a reasonable fee to cover administrative costs if we believe the request to be excessive or repetitive.

We also maintain the right to reject requests under some certain situations, for example if we receive a request to erase personal data where we need to retain this data to help defend ourselves from legal claims or disputes or the data is required for contractual purposes.  We may also reject requests if we believe them to be unfounded, excessive or repetitive.

Further information on your rights can be obtained from the United Kingdom’s Information Commissioner’s Office.



Please contact us if wishing to complain on any aspect of the processing of your personal data. You also have the right to complain to the Information Commissioner by writing to:


The Information Commissioner’s Office

Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Or by telephoning: 0303 123 1113


How to contact us
If you have any questions re the processing of your personal data or if you require more information on your Individual Rights, please write to:

The Data Protection Officer

Information Security Forum
10 Eastcheap, London, EC3M 1AJ

You can also contact us via email at or by calling +44 (0)203 875 6868.

Changes to this Notice

This Notice is periodically reviewed to be ensure it remains current with Law, suppliers or how we might use personal data.

Any changes will be made available on