Privacy

ISC2 Adriatic Chapter created this privacy notice to demonstrate our firm commitment to privacy. We respect your privacy and we are committed to protecting it through compliance with the policies listed in this document.

Definition of personal data

The term ‘Personal data’ is defined in the GDPR, article 4(1). For convenience sake we reproduce the text here:

personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Maintenance and version

This notice is maintained by the Board of our Chapter. The Board may change this notice at any time. If they do, this will be reported on our website https://isc2chapter-adriatic.org/privacy-notice where we also always publish the latest version of the notice.

Your continued use of our services and website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

This is version 1.0 of the notice, which was published on July 7th, 2020.

Scope

We abide to European Union Law.

This policy describes the type of information we may collect from you or that you may provide to us when you visit our website https://isc2chapter-adriatic.org.org

It describes our practices for collecting, using, maintaining, protecting and disclosing your personal information. By accessing or using our website you agree to this policy.

This policy applies to information we collect:

  • on our website;
  • in email, text, and other electronic messages between you, our website or our Board members;
  • from your registration for an event we host;
  • offline or through any other means, including on any other website operated by ISC2 or any third party.

It does not apply to information collected by:

  • any third party (including affiliates) including through any application or content (including advertising) that may link to or be accessible from our website.

Spirit of our agreement

We care about your privacy. It is the core of what our profession is all about: to improve the well-being of all by ensuring data integrity, confidentiality, and availability. Processing of personal data requires special care. Therefore, when there can be doubt if data is personal data or not, we will treat any data you provide to us as if it were personal data. We will keep your data adequately protected and will limit the number of people that have access to your data, the amount of data that we have on you and the time we store that data to the minimum necessary to deliver our services to you. We will never provide any of your data to third parties without your explicit consent. We will promptly and adequately respond to any complaints you may have. If you withdraw consent, we will remove as much of your data as we are allowed by law. If we have doubt if we can adequately protect your data against misuse, we will destroy any information we may have on you to prevent misuse, even if that means we can no longer be of service to you. We will do our best to inform you about which data we have on you and we will ensure that any data that we have is indeed under our guard by your consent. We will be honest and open about what we do with your data.

What personal data we collect

We only collect personal data from you when you use https://isc2chapter-adriatic.org/join-us/ to register yourself (“the registry”).

The registry uses a session cookie for technical reasons, to allow you to complete a multipage form. This requires no consent on your behalf under the GDPR and none will be asked.

The registry requires you to fill in your first name, last name and email address and, if you have one, your ISC2 Member ID.

If you did provide an ISC2 registration number, members of the Board will contact the certification verification site of ISC2 to establish if you are indeed still a member. We will use the last name and the ISC2 registration number you provided to do so. If you are found to be a member of ISC2, it will enrich the data you provided with data from the ISC2 verification site: date on which your registration by ISC2 expires.

Your mail address will be used to send you further communications. Any records we have of which the mail addresses are not verified will be deleted within 48 hours.

Before you submit your request, you will be asked for explicit consent to become registered. If you provide such consent you are registered, and your personal data is stored in our database.

When you visit our generic website https://isc2chapter-adriatic.org, we also store cookies on your system. They are never used to track your behaviour, and merely for technical reasons, hence requiring permission to store these cookies is not required under EU law (anymore).

ISC2 Adriatic online chapter meetings are sometimes recorded and made available via streaming service (YouTube) in order to reach members who couldn’t attend in person. By joining our online chapter meetings you agree your screen name provided via online meetings platform and chat entries visible on screen are made available public.

What we do with your personal data

We use your personal data to send information to you (via mail) about our Chapter and about events we organise or help organise. The main reason for us to do so is to allow you to visit our events to maintain or build knowledge. Our mails are often personalized, which requires us to use your personal data.

We also use the data in our registry to periodically verify if you are still a member in good standing. If you are not, we may contact you to offer assistance.

We also use your personal data to match against personal data exported from databases maintained by third parties. An example would be personal data you provide to EventBrite or Eventim to register to one of our events, which we match against our registry to find out if you are actually a member of our chapter or not. In general, we will – at least initially – limit participation to our own events to those that registered in our database. If we find that you registered to one of our events, but we cannot find your data in our registry, we will contact you to resolve the matter. Also, this gives us a way to maintain the quality of our data. Sometimes we work with external event providers who agree to give discounts to our members. In such cases we provide the external provider with a database of (one time) unique codes, one for each registered person in our database. Our members can use this code to register with the external event provider to get a discount. After the event we may require a list of codes of people that actually visited the event. We then use this data to credit the members’ CPEs. Note that no personal data is ever exchanged, and the codes are randomly generated one-time codes.

How long we keep your personal data

In general, we will only keep your personal data for as long as is required to provide the service to you that you requested from us.

We are not allowed to remove your data when that would be against the law. For example, if we are required to support police investigations. We will also not remove your data if we are still obliged to perform a service to you which requires your personal data to do so, for example if you registered with us for an event for which you are entitled to a discount and for which we need to provide CPE registration.

Per your request, we will inform you about the data we have on you. This will be done by sending you a copy of all personal data we have on you on mail address you used to register with us.

How we ensure the quality of your personal data

Under EU law you have the right to have your data corrected if you find any flaws in it. You can also require us to remove your data from our systems given that this does not prevent legal action. You have the right to know which personal data we have on you and the right to have us transfer any personal data to other similar service providers in a well know technical format (e.g. XML or CSV). You can send mail to  to require to have these rights exercised.

We will use third-party data – mostly that of event organisers and ISC2 – to improve the quality of our data, for example if you have registered with such third parties with an alternate mail address we will try to correlate the new mail address with our data and register the new data for future usage to allow us to register CPEs on your behalf. This additional data is seen as your personal data too and will also be removed if your personal data is removed.

How we protect your personal data

Our website only uses encrypted traffic (using SSL technology. i.e. using the HTTPS protocol), which requires a valid X509 certificate.

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data during transmission to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Our registry and the registry databases run on cloud services select by their security practices and proved with internationally recognized standards/compliance efforts.

Our registry hosts are maintained by ONE administrator (and only ONE), using encrypted connections and strong authentication.

Your personal data as stored in the registry database can also be accessed read-only to authenticated members of our Board, only on a need to know basis and always using strong authentication and encrypted connections. This way of access, for example, is used to allow us to send you personalised mail.

Where We Store Your Personal Data

We may use cloud providers / storage providers etc. that are not located in the EU for example Google docs. In such cases we will preferably employ providers that adhere to similar or stricter laws than the EU GDPR.

If we are not absolutely sure that your personal data is secure on non-EU servers, we will always encrypt the data using a strong algorithm and sufficiently strong key and only decrypt the data locally, on EU soil and by EU residents.

Our site may, from time to time, contain links to and from the website of our partner networks, advertisers, and affiliates. If you follow a link to any of these website, please note that these website have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these website.

Children Under the Age of 16

Our website are not intended for children under 16 years of age. No one under age 16 may provide any personal data to or on the website. We do not knowingly collect personal information from children under 16. If you are under 16, do not use or provide any information on this website or on or through any of its features/register on the website. If we learn we have collected or received personal information from a child under 16 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us via email.

External links on our website

Our website may contain links to other sites; we are not responsible for any actions or policies of such third parties. Users should check the applicable privacy policy of such a party when providing personal data.

Contact Us

If you have any comments on this Privacy Notice or wish to contact ISC2 Adriatic Chapter, send mail to .

Privacy Notice
© 2025, ISC2 Chapter Adriatic. All Rights Reserved. (ISC)², CISSP, SSCP, CCSP, CAP, CSSLP, HCISSP, CCFP, CISSP-ISSAP, CISSP-ISSEP, CISSP-ISSMP and CBK are registered marks of (ISC)², Inc.

Disclaimer: (ISC)² does not own, operate, or moderate this website. All content of this site, exclusive of licensed trademarks and trade dress is the property of ISC2 Chapter Adriatic, which is not owned, managed, or controlled by (ISC)² and operates independent of (ISC)².”