CISO

Privacy Policy

The Professional Association of CISOs (“PAC”, or “the Association”) and its various affiliates recognize the importance of maintaining your privacy and are committed to protecting it. This online Privacy Policy explains how the Association collects, uses, shares and safeguards Personal Information, as defined below, through phone, paper or our websites, such as www.theciso.org , mobile websites, microsites, mobile applications, PAC or PAC affiliate social media accounts and any other digital services and platforms officially operated or used by the Association from time to time (each, a “Site” and collectively, the “Sites”), except where a separate privacy policy may be displayed on such Sites, in which case such separate privacy policy will govern (including in the case of a conflict).

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Sites or our Services.

By accessing or using this Website, or by applying for Membership in the Association, you agree to this policy. This policy may change from time to time (see Changes to Our Statement of Privacy / Privacy Policy). Your continued use of this Site and our Services after we make changes is deemed to be acceptance of those changes.

Information We Collect About You and How We Collect It

When you create an account or otherwise request to become a Member of the Professional Association of CISOs, or choose to interact with us in other ways, you may be required to provide us with information that enables the Association to identify you (“Personal Information”). This information may include:

  • Personal Information (“PI”): We might collect your name, personal e-mail addresses, home addresses, telephone numbers or any other identifier by which you may be contacted online or offline;
  • Professional Information: We might collect your professional email address, place of employment, work address, organization time, role and time in role and other information required to confirm your role as a cybersecurity professional including as a cybersecurity leader including time in a head of security / CISO role;
  • Payment and billing information: We might collect your billing name, billing address, the legal age as permitted by your country of origin/residency and as per the payment method used by use. We use third-party payment processors who will collect and process your payment information. We will not be storing any Bank-related information on our records and none of our employees or Members will have access to this information.
  • Topical interest information: We might collect information on areas of interest in support of our programming and program enhancement, including information related to specific Member benefits, as well as special interest topics as may be provided to Members from time-to-time, where this information may also be collected as part of individual responses to surveys administered by or on behalf of PAC.
  • Other Information: We may collect information that is about you but individually does not identify you, such IP address, browser type, operating system, information about your internet connection, the equipment you use to access our Website and usage details including top viewed and visited pages and links from our Website, top entry and exit points, number of form completions, time spent on pages, top downloads, top keywords used offsite to lead customers to our Website, information collected via cookies, and other information such as system activity, crashes, and hardware settings (“usage data”). Generally, we do not consider usage data as personal information because usage data by itself usually does not identify an individual. Personal information and usage data may be linked together. Different types of usage data may also be linked together and once linked, may identify an individual person. Also, some usage data may be personal information under applicable law.

The Association does not collect, use or disclose sensitive personal information, such as race, religion, health information, or political affiliations.

You provide data to us when you engage with the Association or its Sites. Such activities may include, but are not limited to:

  • Sign up to become a Member of the Association;
  • Initiate the accreditation process as a Member of the Association;
  • Request services available to Members of the Association including those made available as Member Benefits;
  • Register for or participate in virtual, in-person events, or conferences;
  • Download our publications or materials which are offered for free;
  • Contact us, or provide information to us relating to our services;
  • Submit a review or file an ethics complaint against a Member;
  • Send other communications to the Association.

How We Process Your Information

We use the Personal Information that we collect to operate, improve, and personalize the Association’s Sites and Services, including but not limited to member services, customer services, advertising and marketing, and for the detection, prevention and mitigation of fraudulent or illegal activities. You agree that we may use your personal information as follows:
  • to provide services to you;
  • to fulfil any other purpose for which you provided it;
  • to operate, improve and personalize the products and services we offer, and to give each user a more consistent and personalized experience when interacting with us;
  • for customer service, security, to detect fraud or illegal activities, or and for archival and backup purposes in connection with the provision of the services;
  • to verify your Membership status including your Accreditation status with the Association;
  • to communicate with you, either via email, telephone, text (SMS) messages, postal mail, or otherwise as authorized by you to inform you about the services, special offers, etc. Message and data rates may apply.
  • to better understand how users’ access and use the Site and services, for the purposes of trying to improve the Sites and services and to respond to user preferences, including language and location customization, personalized help and instructions, or other responses to users’ usage of the services;
  • to help us develop our new products and services and improve our existing products and services;
  • to provide users with information and access to selected membership benefits including those provided by third-party providers;
  • to assess the effectiveness and improve other marketing and promotional activities on or in connection with the services and Membership in the Association;
  • to enforce our Terms of Service or other applicable policies; and for any other purpose with your consent.
Personal information you provide depends on how you interact with the Assocation:

A. Membership and Account Creation

When you become a Member of the Association, or request Membership in the Assocation, we collect information including, but not limited to, your first name, last name, email, phone, mailing address, billing address, and employment information (including employer and title). We process your information for customer and membership administration to deliver or notify you of member benefits, inform you of Association events, request participation in surveys related to the cybersecurity industry, and other activities or opportunities associated with your Association membership.

We may also ask members to voluntarily provide additional information, such as demographic data and other related personal information.  We may use this information to understand our members’ needs and interests, to better tailor our products and services to meet your needs and to help provide advocacy activities for the Cybersecurity Profession.

We rely on fulfilment of contract as the lawful basis for processing your Membership data.

B. Accreditation

When you register for one of the Association’s forms of Accreditation (including designations of “CISO Ready”, “Self-Attested CISO” or “Accredited CISO”), we may collect additional information, if not already collected, including, but not limited to, name, address (including city, state, country), employer, position, and we may collect optional information including date of birth and demographic information (including ethnicity, gender, language).

We rely on fulfilment of contract and legitimate interest to process your request for information on Accreditation data. 

C. Member Benefits

As a Member of the Association, you are provided various Benefits. We may collect additional information, if not already collected, including, but not limited to, name, address (including city, state, country), employer, position, and we may collect optional information including date of birth and demographic information (including ethnicity, gender, language) in support of Member Benefits. As some Member Benefits may be provided through third-party Benefits providers, this information may be provided to the Benefits provider where it will be managed to the Benefit’s Provider’s policies and practices, which will be no less strict that the policies and practices of the Association.  

 We rely on fulfilment of contract and legitimate interest to process your request for information on Member Benefit data. 

D. Training

If you participate in training from Association-affiliated providers, we may provide you with the ability to sign up directly through our Sites, in which case we may collect the same information that is detailed in section A [Membership and Account Creation]. You may, alternatively, sign up for training – or be signed up for training – by or through a third party such as one of our Official Training Partners.  We may use independent contractors to conduct the training and third parties to provide the training venue. Your personal information will be stored and may also be shared with our training partners, trainers, and/or the venue hosting the event. The Association’s agreement with our Official Training Partners prohibits them from sharing your information other than to provide you with Association-sponsored products and services. 

We rely on fulfillment of contract as the lawful basis for processing your training data. We also rely on legitimate interest to process your request for information on training offers.   

E. Virtual and In-Person Events

If you register for an event and you already have an account, we will access the personal information in your account to provide you with information and services associated with the event. We may also ask for additional demographic information during the registration process.

If you do not already have an account we may collect the following information: name, email, company, position, industry, address, phone number, meal preferences and other relevant information.  We use this information for badge printing, tailoring sessions to our audience needs, and related purposes connected with the event.  We also use the information for billing purposes if you do not pay at the time of registration.

We rely on fulfillment of contract as the lawful basis for processing your personal information in relation to Virtual and In-Person Events.

F. Communications

The Assocation processes your data to provide you with services including, but not limited to, customer and membership services, events, training, webinars, and accreditation activities. We use this information to refine our goods and services to better tailor them to your needs and to communicate with you about the services the Association offers that may assist you in your career or otherwise help your professional development. 

We rely on legitimate interest as the lawful basis for Communication with Members including to assess the needs, concerns, and interests of Association members so the Association can operate optimally as an association and as a business. 

G. Payment and purchase information

You will be required to pay membership dues to the Association may also purchase related services as made available through the Assocation.  Typically, payment information is provided directly by users via the Website to our PCI/DSS-compliant third-party payment processing service. The Association does not process or store the card information. 

The Association relies on the legitimate interest basis for processing this Payment and Purchase Information.

H. Information from Third Parties

Third parties that assist us with our business operations may collect information (including personal information and usage data) about you through the services they provide and may share this information with us. For example, our vendors collect and share information with us to help us detect and prevent fraud and collect information regarding your registration for Association events.

Collection of Information Through Cookie Use

We may obtain information about your general internet usage by using a “cookie” file. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. If you do not agree, you can choose to not receive a cookie file by enabling your web browser to refuse cookies or to prompt you before you accept a cookie.

The following types of cookies may be used on our Sites:

  • Strictly Necessary Cookies: These cookies are necessary for our websites to work properly. They are usually only set in response to actions you take such as logging in or completing online forms. You can set your browser to block or alert you about these cookies, but some parts of our sites will not function if these cookies are blocked.
  • Functionality Cookies: These cookies enable our websites to provide enhanced functionality and personalization by storing your preferences (such as your region that you are in), allowing us to provide enhanced features on our sites, and allowing us to serve you with advertisements for our products and services that may be of interest to you. These cookies may be set by us or by third-party content that we have placed within our pages. If you do not allow these cookies, some of the features on our websites may not function properly and you may not receive a personalized experience when visiting our sites.
  • Performance Cookies: These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our sites. They help us to understand which pages are visited most frequently and how visitors interact with our sites. If you do not allow these cookies, we will not receive data related to your visits to our sites.
  • Targeting Cookies: These cookies may be set through our site by our advertising partners, such as Google. They may be used by these companies to enable them to build a profile of your interests and show relevant advertisements on other sites. These cookies are based on identifying your browser and internet device. If you do not allow these cookies, you will experience a decrease in the targeted advertisements that you see online.
  • Social Media Cookies: These cookies are used to connect a website to a third-party social media platform. They remember a user’s details after the user signs into a social account from a website.

All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage your preferences related to cookies, please consult the privacy features within your browser.

To the extent our Sites uses non-essential cookies, we rely on consent as the legal basis for processing the personal information of individuals located in the European Economic Area, United Kingdom, and Switzerland.

Disclosure of Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect, or you provide, as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To third parties to market their products or services to you if you have consented to these disclosures. We contractually require these third parties to keep personal information confidential and use it only for the purposes for which we disclose it to them.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

For legal purposes: We also may share information that we collect from users, as needed, to enforce our rights, protect our property or protect the rights, property or safety of others, or as needed to support external auditing, compliance and corporate governance functions. We will disclose personal information as we deem necessary to respond to a subpoena, regulation, binding order of a data protection agency, legal process, governmental request or other legal or regulatory process. We may also share personal information as required to pursue available remedies or limit damages we may sustain.

Corporate Changes: We may transfer information, including your personal information, in connection with a merger, sale, acquisition or other change of ownership or control by or of us or any affiliated company (in each case whether in whole or in part). When one of these events occurs, we will use reasonable efforts to notify users before your information is transferred or becomes subject to a different privacy policy.

PAC Accreditation Verification

As Professional Assocation that provides accreditation for individuals, the Association anticipates that we will be requested to verify an individual’s accreditation status and their overall Membership status.  It is an implied duty that the Assocation will identify and attest to the Membership and Accreditation status of our members (including past and present members). As such, the Association will verify whether an individual is a Member in good standing and is accredited by the Association upon receiving sufficient identifying information regarding the subject of the inquiry.  The Association also anticipates providing a verification process on its Site which will list members based on last name.  This listing will provide the name, Membership Status and Accreditation Status of the member.  However, under no circumstances will any contact or other information be disclosed.

We rely on fulfillment of contract as the lawful basis for processing your personal information in relation to Membership Status and Accreditation verification.

Your Rights

You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by not checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at membership@theciso.org.

Accessing and Correcting Your Information; Opt-Out

You can review and change your personal information by sending us an email at membership@theciso.org to request access to, correct or delete any personal information that you have provided to us.

To opt-out of Interest-Based Ads, please disable cookies through your browser settings. 

We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your user contributions from the Website, copies of your user contributions may remain viewable in cached and archived pages or might have been copied or stored by other Website users. Proper access and use of information provided on the Website, including user contributions, is governed by our Terms of Service.

Children Under the Age of 13

Our Website is not intended for children under 13 years of age. No one under age 13 may provide any personal information to or on the Website. We do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or on or through any of its features, make any purchases through the Website, use any of the interactive or public comment features of this Website, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at: membership@theciso.org.

This site may contain links to other sites; the Association is not responsible for any actions or policies of such third parties. Users should check the applicable privacy policy of such a party when providing personally identifiable information.

Notice For Individuals in the European Economic Area

This section only applies to individuals that access or use our Services while located in the European Economic Area, United Kingdom, and/or Switzerland. We are a controller with regard to the data we collect.  If you wish to confirm that the Association is processing your personal information, or to have access to the personal information Association may have about you, please contact us at: membership@theciso.org.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page and to provide notice of updates to our members over email. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Us

If you have any comments on this Privacy Policy please contact us at: membership@theciso.org.

Scroll to Top