ISACA Lagos has updated its privacy notice, which is noted below. By continuing to use the site, you agree to the terms below.

Last Updated: 13 July 2021

This ISACA LAGOS privacy notice (“Privacy Notice”) describes how the Information System Audit and Control Association, Lagos. (“ISACA LAGOS”, “we” or “us”) collects, uses, shares, and retains personal information that you provide to us, or that we collect, when you use the ISACA LAGOS website located at www.isacalagos.org.ng and other websites owned or controlled by ISACA LAGOS (the “Sites”) or related mobile applications, use ISACA LAGOS products and services and complete related forms, participate in ISACA LAGOS events, or communicate with one of our customer service representatives (“Personal Data”).

This Privacy Notice does not cover the privacy practices of other local ISACA chapters, which are separate legal entities that – depending on where they are located, may be subject to different laws and requirements than those of ISACA LAGOS (to understand how chapters use personal information, please contact them directly). Please note that if you disagree with anything in this Privacy Notice, you must not use the Sites or mobile applications, or provide personal information to us in connection with ISACA LAGOS’s products or services.

1.    Overview

2.    Information We Collect

3.    Why We Collect Your Information

4.    How We Share Your Information

5.    Information Security

6.    Data Retention

7.    Your Choices and Privacy Rights

8.    Children

9.    Changes to this Notice

10.    Contact Information

1. Overview

Summary

This policy applies to all information that we collect about you when you use ISACA LAGOS websites. It does not cover the privacy practices of local ISACA chapters or other third-party websites we may link to. If you are in the European Economic Area, United Kingdom and/or Switzerland, refer to Section 9 below for polices specific to you.

Details

This Privacy Policy applies to all personal information that we collect about you when you do any of the following (collectively “Services”):

•    use the ISACA LAGOS websites located at isacalagos.org.ng, and other websites owned or controlled by ISACA LAGOS or related mobile applications that link to this Privacy Policy (collectively “Sites”); or

•    use ISACA LAGOS products or services and complete related forms, participate in ISACA LAGOS events, or communicate with one of our customer service representatives.

This Privacy Policy does not cover the privacy practices of other local ISACA chapters, which are separate legal entities. You should contact them directly or review the privacy policy located on their websites to understand how they process your information.

  Our Sites may contain links to third-party websites. These third-party websites and services are not related to us and may have separate privacy policies and data collection practices. We have no responsibility for these websites or their privacy practices and encourage you to read the privacy policies of all websites you visit.

A “visitor” is an individual who visits the Sites, without having registered. A “registered user” is an individual, such as a member, who has registered with us, and whose identity can be determined directly or indirectly from the information provided. For the purpose of this Privacy Policy “you” means a visitor or a registered user.

By accessing and using our Services, subject to applicable law, you signify you understand and consent to the terms of this Privacy Policy and consent to our Terms of Use. If you do not agree with or you are not comfortable with any aspect of this Privacy Policy or our Terms of Use, you should immediately discontinue access or use of our Services.

2. Information We Collect Summary

We collect personal information when you interact with our Services.

You provide data to us when you:

•    Sign up to become a registered user of our site(s)

•    Join as an ISACA member • Register for virtual, or in-person, events or conferences

•    Download certain publications or materials which are offered for free

•    Communicate with ISACA LAGOS staff and provide information to us, such as your email address.

We may record your visits and use of our services. We may use automatic data collection technologies to collect certain information about your device, your activities on our site and your location as described in our Cookie Notice.

Third parties such as your employer, our training partners or companies controlled by ISACA LAGOS, may share your data with us.

We may collect data about you when you use our services on social media. You provide us with data when you participate in our professional networking features or post on public areas of the site. We use third party payment processors who fully comply with PCI requirements. As such, your online payment data is not captured, stored or used by us.

Details

We collect personal information when you interact with our Services. Personal information is data that can be used to identify you directly or indirectly or to contact you including, but not limited to, your name, mailing address, email address, and telephone number. This policy does not apply to anonymized information as it cannot be used to identify you.

The types of personal information that we may collect about you include, but are not limited to, information you provide to us, information from third parties, and information collected automatically about your use of our Services.

A. Information You Directly and Voluntarily Provide to Us

o Membership.  If you provide your personal information to ISACA to become a member, or if you sign up to become a registered user of any Site, you will be required to provide certain information as part of the registration process. This information may include your first and last name, email address, and business or home address.

We may also request that you voluntarily provide other information, such as your phone number, date of birth, demographic information, educational background, work experience, information about your non-ISACA certifications, courses or areas of study in which you may be interested and information about your company as it relates to our Services and your membership.

We use this information to communicate with you, to design content and activities that we believe would be of interest to you, and to ensure that we will not violate any applicable Nigerian laws in providing you access to our Services.

oEvents and Conferences. We may host events that include in-person and virtual conferences, training, knowledge sharing and webinars. If you register for an event, and you already have an account, we will access the information in your account to provide you with information and services associated with the event. We may also ask for additional demographic information during the registration process.

If you register for one of our events and you do not have an account or are not a member, we will collect your first and last name, email address, business or home address, information about the type of business you work for or with, and your role in that business.

We use the information provided by event attendees to provide them with event services, including badge printing, tracking your Continuing Professional Education (CPE) credits, tailoring sessions to meet the audience profile and to determine the sessions likely to require the biggest rooms, and related purposes connected with the event.

If you are a presenter at one of our events, we will collect information about you such as your name, employer, contact information, and photographs, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances.

o Publications. We offer various publications and materials through our Sites. Some of these publications and materials are publicly accessible, and others require that you be a member, or that you create an account and subscribe to receive these publications and materials.

If you are not a member and you create an account for this purpose, you will be required to provide certain information as part of your account registration, which may include your first and last name, email address, business or home address and professional information.

o Certification Status. If you hold an ISACA certification, we will only share your certification status with a third party to the extent we have received your prior consent to share such information, or to the extent you have provided the third party with the necessary information to access your certification status on our site.

o Communications. If you communicate or correspond with us by email, through postal mail, via telephone or through other forms of communication, including our customer service center, we may collect the information you provide as part of those communications.  For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of ISACA conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and similar purposes.

We have a legitimate interest in processing the personal information of those who communicate voluntarily with us so that we can provide our Services.

B. Information We Automatically Collect. As you navigate through and interact with our Sites, we may use automatic data collection technologies to collect certain information about your device (computer, tablet, smart phone) and your activities, including:

o If you access the Services through a computer, we may automatically collect information such as your browser type and version, computer and connection information, IP address, mobile device advertising identifier, Media Access Control (MAC) address pages you have visited, type of device, operating system name and version, device manufacturer, browser information (type, version), screen resolution, Internet service provider or mobile carrier’s name, connection speed and connection type, date stamp, URL of the last webpage visited before visiting our Platform, and URL of the first page visited after leaving our Platform, pages viewed, time spent on a page, click through, clickstream data, queries made, search results selected, comments made, search history, type of service requested, purchases made, and information collected through cookies, pixel tags, and other technologies.

o If you access the Services through a mobile device, we may also be able to identify the location of your mobile device. We use your location information (if shared) to identify the geographic locations from which our content is accessed so that we can better understand what content topics may be most relevant in that region, and to our members generally, and to develop resources around those content topics. You may choose not to share your location details with us by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.

We rely on our legitimate interest in understanding how our members, visitors and potential customers use our website in processing personal information in this way. Such processing assists us in providing more relevant products and services to our members, and with providing value to our sponsors.

C. Information from Third Parties. We may receive personal information about individuals from third parties. This may happen if your employer pays and registers you for training, or membership, however, we will only share information about you with your employer if you consent in advance to our sharing this information. Our third-party training partners may also share your personal information with us when you sign up for training, or membership through the applicable training partner. We may also receive personal information about you from companies controlled by or under common control of ISACA.

When you interact with our Services on a social media platform, we may collect the personal information that you or the platform make available to us on that page or account, including your social media account ID and/or user name associated with that social media service, your profile picture, email address, friends list or information about the people and groups you are connected to and how you interact with them, and any information you have made public in connection with that social media service.

The information we obtain depends on your privacy settings on the applicable social media service; we will comply with the privacy policies of the social media platform and we will only collect and store such personal information that we are permitted to collect by those social media platforms.

When you access our Sites through social media channels or when you connect the Site to social media services, you are authorizing us to collect, store, and use such information and content in accordance with this Privacy Policy.

D. Information You Post on the Sites. If you post information on public areas of the Sites, that information may be collected and used by us, other users of the Sites, and the public generally.

If you decide to participate in our platforms and professional networking features, keep in mind that your personal information (for example, your name and online user name), along with any substantive information you disclose in the communication you decide to post, will be publicly accessible and viewable by others who visit that area.

In addition, we may highlight certain users’ postings or contributions to other members of the ISACA LAGOS professional networking features. It is possible that your posting may result in unsolicited messages from third parties. We strongly recommend that you do not post any information on the public areas of the Sites that allows strangers to identify or locate you or that you otherwise do not want to share with the public.

3. Why We Collect Your Information

Summary

 We use your data to provide our services to you, respond to you, advise you of other services, and to personalize your experience.

Details

We will only use your information as described in this Notice or as disclosed to you prior to such processing taking place.

A. To Provide and Maintain our Services. We will use your personal information to provide information or deliver Services that you request and to allow you to participate in interactive features of our Sites and Services when you choose to do so. For example, we process your personal information to provide membership benefits and other services to you, including order processing, processing of certification or membership applications, registering you for event or training programs, or registering you for reduced hotel price rates. When you sign up for a training or seminar, we will use your personal information to facilitate the delivery of such course or seminar. To the extent your organization has paid for your certification course or seminar, we may provide the status of your course or seminar to your organization upon notice to you. In compliance with applicable local laws, we may also publish the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects to provide recognition of their achievements to the ISACA community.

B. To Provide Customer Support or Respond to You. We collect any information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your personal information, we cannot respond to you.

C. To Advise You of Other Services. From time to time, subject to the applicable law, we may share your personal information with third parties or partners. You may opt out of having your personal information shared with third parties. If you choose to limit the use of your personal information, certain features or Services may not be available to you.

D. To Personalize Your Experience. We may also use your personal information to tailor your experience at our Sites, to compile and display content and information that we think you might be interested in, and to provide you with content according to these preferences. We may also use this information to help us understand your needs and interests, and to better tailor our products and services to meet your needs.

E. To Send You Marketing and Promotional Emails. We may use your personal information we collect from you and third-party sources to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you, to deliver targeted and relevant advertising and marketing to you, and to promote our Services. Our marketing will be conducted in accordance with your advertising / marketing preferences and as permitted by applicable local law.

F. For Research and Development. We may use your information to gather analysis or valuable information so that we can improve our Services and to detect, prevent and address technical issues. We may also use your information to monitor the usage of our Site including without limitation search terms entered, pages visited and documents viewed.

G. For Security Reasons. We may use personal information to help monitor, prevent and detect fraud, enhance security, monitor and verify identity or access, or security risks.

H. To Post Testimonials. We may use personal information to post testimonials on our Sites. Prior to posting a testimonial, we will obtain your consent to use your name and testimonial. You can request your testimonial be updated or deleted at any time by sending a request with your name, testimonial location and contact information.

I. To Enforce Compliance with Our Terms and Agreements or Policies. When you access or use our Services, you are bound to our Terms of Use and this Policy. To ensure you comply with them, we process your personal information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also may process your personal information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and, as applicable, collect fees based on your use of our Services. We also use your information to ensure that we will not violate any applicable laws.

J. Other Legitimate Business Purpose. We may use your personal information when it is necessary for other legitimate purposes such as protecting our confidential and proprietary information.

4. How We Share Your Information

Summary

We share your data only with those who need access or those to whom you have provided consent.

Details

Except as set forth in this Privacy Policy or when specifically agreed to by you, we take care to allow your personal information to be accessed only by those who really need access in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. In general, we do not share your information with a third party for their independent use unless: (i) you request or authorize it, (ii) it is required by law, or (iii) it is in connection with a co-sponsored event. We may share personal information in the following circumstances:

A. Service Providers.  We may share your information with our suppliers, subcontractors, and other third parties who provide services to us (collectively “service providers”) in connection with advertising, hosting, data analytics, information technology and infrastructure, email delivery, auditing, exam-testing, training providers and other related activities, vendors or third parties who deliver or provide goods and services or otherwise act on our behalf of or at our direction.  Our service providers are given only the information they need to perform their designated functions and are prohibited from using the information we provide them for their own purposes.

B. Business Partners and Sponsors. From time to time, we may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant personal information with those partners. If you are an event attendee, speaker, or sponsor, certain items of your information may be included in the event roster, which may also be shared with third-party event sponsors and exhibitors and publicly disclosed, subject to the applicable law. While we do not control our business partners’ use of such information, we do take appropriate steps to ensure that they use appropriate safeguards to protect your personal information. Our partners and sponsors are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information. Where we do share your personal information with third parties, ISACA LAGOS takes steps to ensure that they use appropriate safeguards to protect your personal information.

C. Within Our Corporate Organization. We are part of a corporate organization that has many legal entities, business processes, management structures and technical systems. We may share your personal information within this organization and with our subsidiaries and/or affiliates to provide services and support, provide recommendation to optimize services, to provide members and prospective members with information about our Services, and for the purposes otherwise described in this Privacy Policy. We may also share your information with our board members and our volunteers for the purposes of conducting our internal business operations. 

D. Compliance with Laws or Regulatory Body. We may disclose your information to government authorities or third parties if: (i) required to do so by law or regulation, or in response to a subpoena or court order or any other enforceable governmental request or order; (ii) we believe disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (iii) to exercise, establish or defend our legal rights.

E. Business Transfers. We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, dissolution, corporate reorganization or similar event. We will inform any buyer that your information shall only be used in accordance with this Privacy Policy.

F. Potential Employers. If you use ISACA LAGOS’s Career services, the information you include in your profile will be shared with our Career Center vendor and will be subject to the vendor’s privacy policies. When you provide information for career enhancement purposes, your information may be accessible to potential employers or recruiters. We will only share information about you with potential employers or recruiters if you consent in advance to our sharing of this information.

Subject to applicable law, we may also make publicly available the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects to ensure they receive the appropriate recognition.

5.  Information Security

Summary

We take reasonable measures to ensure your data is safe.

Details

We take reasonable measures to protect any personal information we may hold in order to prevent loss, misuse, unauthorized access, disclosure, alteration and destruction. In some areas of our platforms, we may use encryption technologies to enhance data privacy and help prevent loss, misuse, or alteration of the information under ISACA’s control.

We cannot guarantee, however, that all information will remain secure. The Internet by its nature is a public forum. We encourage you to use caution when disclosing information online. Often, you are in the best situation to protect yourself online. You are responsible for protecting your login ID and password from third-party access, and for selecting passwords that are secure.

6.  Data Retention

Summary

We retain your information according to applicable laws and store it securely.

Details

We will retain the personal information we collect from you where we have a justifiable business need to do so and/or for as long as is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, legal, accounting or other purposes). You can request deletion of your personal information at any time (see "Your Privacy Rights and Choices" section for further information) and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

7.  Your Choices and Privacy Rights

Summary

You have choices on how we communicate with you.

Details

Listed below are choices we provide you in relation to the processing of your personal information. Individuals located in the European Economic Area (“EEA”), the United Kingdom or Switzerland at the time they access our Services, please see section 9, for more information about your choices and rights.

A. Marketing Communications. If you receive commercial electronic communications from us, you can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the “unsubscribe link” provided in such communications. Please note that even though you have opt-out of receiving marketing-related communications from us, we may still send you important administrative messages, and you cannot opt out from receiving these messages.

B. Subscriptions. You may manage your subscriptions by subscribing or unsubscribing at any time.

C. Access and Correction. You have the right to review and correct personal information that we have collected from you. You may exercise this right by contacting us. In your request, please make clear what information you would like to have changed. For your protection, we may need to verify your identity before implementing your request. We will try to implement your request as soon as reasonably practicable. We reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or to charge a fee that takes into account the administrative costs for providing the information or taking the action requested.

8.  Children

Summary

We do not collect data from children.

Details

We do not knowingly collect personal information data from persons under the age of 16. If you are a parent of a child under 16, and you believe that your child has provided us with information about him or herself, please contact us via the information in the Contact section below.

9.  Changes to this Notice

Summary

We may update this policy.

Details

We may need to update this Privacy Policy from time to time to reflect changes in our business practices, data collection practices or organization. We encourage you to look for updates and changes to this Privacy Policy by checking the “Effective Date” located at the top of the new Privacy Policy.

10.  Contact Information

Summary

Our contact information.

Details

If you have any questions or concerns about this Privacy Policy, please write to us at ISACA Lagos office or email info@isacalagos.org.ng