The Information We May Collect
Our primary purpose in collecting information from or about you is to provide you with a safe, smooth, efficient, and customized experience. Depending on the manner in which you use our services, we collect information about you that we deem necessary for providing services and features that optimize, secure, and ease your user experience with FS-ISAC.
Personal Data: FS-ISAC may collect and process information that could be directly or indirectly associated with you; information such as your full name, company name where applicable, username and password, phone number, email address, billing or mailing address, and other information that you share with FS-ISAC. You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our services because such information may be required in order for you to register for an account; purchase products or services; participate in a promotion or survey; communicate with us; or initiate other transactions on our website.
Demographic and Usage Data: Cookies and Similar Technologies
Log Files: Log file information is automatically reported by your browser each time you access a web page. When you use the FS-ISAC Platform, our servers automatically record certain information that your web browser sends out whenever you visit any website. These server logs may include information such as your web request, IP address, browser type, referring/exit pages, operating system, date/time stamp, the files viewed on our site (e.g., HTML pages, graphics, etc.) and URLs, number of clicks, domain names, landing pages, pages viewed and other similar information.
How We Use the Information We Collect & Disclosure of Your Personal Data
FS-ISAC may process any of your information, which in some cases includes personal data, in the following situations:
We will save your personal data in accordance with our data retention policy and, generally, only as necessary to allow you access to the FS-ISAC Platform and for us to then maintain any information for our necessity to meet our contractual obligations to you or for our legitimate interests, including for statute of limitation purposes.
Access to Your Information and Other Rights (EEA Individuals Only)
If you are an individual located in the European Economic Area, you are entitled to receive a copy of the personal data that we hold about you and information about the processing thereof. Unless your request is unreasonably repetitive or otherwise unduly burdensome, we will provide this data to you free of charge. Please note that in order to be able to answer your request, we will need to be able to establish your identity in a manner that is reasonable under the circumstances.
If you believe that any personal data we are processing is inaccurate please send an email with your specific request to our Chief Privacy Officer at firstname.lastname@example.org. We will work with you to make any corrections deemed necessary. We may need to verify the accuracy of new data and we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
You have the right to request that FS-ISAC restricts the processing of your personal data under certain conditions, for example, if you contest the accuracy of the personal data, the processing may be restricted for a period enabling FS-ISAC to verify the accuracy of the personal data or if FS-ISAC no longer needs the personal data for the purposes of the processing, but you require the personal data for the establishment, exercise or defense of legal claims.
You have the right to have your personal data deleted without undue delay and FS-ISAC is obliged to delete your personal data without undue delay if, for example the personal data is no longer necessary in relation to the purpose for which it was collected or otherwise processed. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, including for the establishment, exercise or defense of legal claims, which will be notified to you, if applicable, at the time of your request.
If you provide your email address to FS-ISAC, you will always have the opportunity to opt out of receiving email newsletters and promotions through the unsubscribe link in the email communications or by logging into and changing the preferences for your user account. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative and billing notices, and surveys, without offering you the opportunity to opt out of receiving them. Please note that changing information in your account, or otherwise opting out of receipt of promotional email communications will only affect future activities or communications from us. If we have already provided your information to a third-party (such as a credit card processing partner) before you changed your preferences or updated your information, you may have to change your preferences directly with that third-party.
You have the right to object, on grounds relating to your particular situation, at any time to FS-ISAC's processing of your personal data if the processing is based on legitimate interests. If you object to such processing, FS-ISAC will no longer be entitled to process your personal data based on such legal basis, unless FS-ISAC can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedom or if it is conducted for the establishment, exercise or defense of a legal claim. You also have the right to object where we are processing your personal data for direct marketing purposes.
You have, under certain conditions, the right to receive the personal data concerning you and which you have provided to FS-ISAC, in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another data controller without FS-ISAC trying to prevent this, where FS-ISAC's processing of your personal data is based on a contract or consent and the processing is carried out by automated means. In such case you have the right to request that the personal data shall be transmitted from FS-ISAC directly to another data controller, where technically feasible.
You also have the right to withdraw your consent, if applicable. If you withdraw your consent, please note that this does not affect the lawfulness of the processing based on your consent before its withdrawal and that FS-ISAC may, under certain circumstances, have another legal ground for the processing and therefore may be entitled to continue the processing.
If you are unhappy with our processing of your personal data you may lodge a complaint with a competent supervisory authority, for example in the country of your habitual residence, place of work or of an alleged infringement of the General Data Protection or other applicable data privacy laws.
Securing Your Information
FS-ISAC takes a range of security measures designed to protect your personal data and keep it confidential (unless it is non-confidential by nature) and free from any unauthorized alteration.
Where we have given you (or where you have chosen) a password for access to certain parts of our website, you are responsible for keeping this password confidential. As the safety and security of your information also depends on the precautions you take, we ask you not to share your password with anyone.
Third-Parties and Other Information Collectors
Users Outside of the United States
The services are hosted in the United States and are governed by the laws of the United States. If you are using the services outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where FS-ISAC’s servers and databases are located. By using the Sites, you consent to the transfer of information to countries outside your country of residence.
Transfer of personal information to countries outside the EEA (EEA Individuals Only)
FS-ISAC is established in Virginia, USA. If you are located in the EEA, your personal data is therefore processed outside the European Economic Area ("EEA").
No Rights of Third-Parties
Effective as of 5 June 2019.