Privacy Notice

This Privacy Notice describes how ISACA Belgium Chapter (“ISACA Belgium) VZW/ASBL, a not-for-profit organization incorporated under the laws of Belgium, with registered offices at Koningsstraat 109-111, b.5, 1000 Brussels (Belgium) and with operational offices at Pegasuslaan 5, 1831 Diegem (Belgium), company number BE0458.859.389, processes personal data.

We endeavour to process personal data in compliance with the European Regulation (EU) 2016/679 General Data Protection Regulation (GDPR) and other applicable data protection legislation.

You can find our cookie policy on this page.

1. How do we use personal data?

We collect personal data for the following purpose:

1.a Membership management

When you are a member, we process the following personal data for membership management purposes:

• Identification and contact details (surname, first name, address, telephone number, e-mail)
• Membership details (ISACA membership number, certificate and dates of exam, passed exams and certified certification status)
• Financial data (for example, data relating to payment and payment status)
• Personal characteristics (language and sex)
• Professional data (occupation and career).

The legal basis is your agreement in form of filling in the membership request and our legitimate interest, namely the freedom of association.

The personal data is provided by ISACA International, your employer (if applicable) and may be supplemented with publicly available information (e.g. LinkedIn).

Processing personal data for membership management purposes includes amongst others:

• Keep you informed about ISACA Belgium Chapter;
• Contact you to participate in Annual General Meeting of the ISACA Belgium Chapter (applicable to fully paid up members of ISACA International and ISACA Belgium Chapter);
• Contact you to participate in the relevant surveys (e.g. feedback on events, training etc.) and research initiatives supported by ISACA Belgium Chapter.

ISACA Belgium will continue to process personal data of members whilst they are fully paid up members of ISACA International and ISACA Belgium Chapter . We will retain membership information until 10 years after the end of the membership.

If we consider there is a need to store records for longer (for example, the transaction has been the subject of a dispute or claim) then we will retain the data for as long as is necessary for that purpose.

1.b Supplier Management

When you are a supplier, we process your personal information when you register for supplier management:

• Identification and contact details (surname, first name, address, telephone number, e-mail)
• Financial data (for example, data relating to payment)
• Personal characteristics (language and sex)
• Professional data (occupation and career).

The legal basis is contractual necessity and legitimate interest (the freedom of entrepreneurship).

The personal data may be obtained from your employer (if applicable) and publicly available sources (e.g. LinkedIn).

Processing personal data for supplier management purposes includes amongst others:

• Identifying supplier and potential suppliers;
• Assessing contract performance;
• Handling payments to suppliers.

We will retain membership information until 10 years after the end of the supplier relationship.

1.c Event and training organisation

We process your personal information when you register for an event or training:

• Identification and contact details (surname, first name, address, telephone number, e-mail)
• Membership details (ISACA membership or partner membership, …)
• Financial data (for example, data relating to payment)
• Personal characteristics (language and sex)
• Professional data (occupation and career).

The legal basis is contractual necessity and our legitimate interest to deliver you the promised service at professional quality.

Personal data must be provided to enable the performance of the contract, namely the event or the training.

The personal data may be obtained from your employer or from event partners in case of a partner event.

Processing personal data for event and training management purposes includes amongst others:

• Event organization, including:
  • Issue event ticket and or communicate about the event,
  • Authenticate on arrival,
  • Process payments for paid events,
  • Provide with a name badge,
  • Record evidence of entry and attendance to the event to ensure compliance with security, health and safety requirements.
• Training organization, including:
  • Communicate schedules and training details,
  • Process payments,
  • Administer training and certification,
  • Record evidence of entry and attendance to the training to ensure compliance with security, health and safety requirements.

If you are an ISACA member, CPE Management, including sending information to ISACA International for central CPE records

We will retain information about event and training participation until 10 years after the end of the event or training.

1.d Direct marketing

We process the following data for direct marketing purposes:

• Name and contact details (surname, first name, address, telephone number, e-mail)
• Personal characteristics (language and sex);
• Professional data (occupation and career);
• IP-address

Direct marketing includes:

• Keeping you informed of future ISACA BELGIUM CHAPTER and partner educational events (including events, certification courses etc.)
• Sending you newsletters and tracking the IP address to the demographic analysis of the geographical location of constituents.

The legal basis is consent (non-members) or opt-in for communications (members),. You can opt-out of these communications by clicking “unsubscribe” or “opt-out” options in emails.

We retain personal data for a period of 3 years following the last meaningful contact.

1.e Contact form (queries)

We process your personal data when you contact us (queries) by post, by e-mail or through our website, including:

• Identification and contact details;
• Query details (i.e. the content of your query).

The legal basis is legitimate interest, namely our interest to follow-up queries to us.

We store logs of queries and outbound emails for up to ten (10) years following the latest contact for the purposes handling abuse complaints and compliance monitoring.

2. Who are the recipients of your personal data?

We share your personal data with other recipients such as:

• You and your employer (e.g. for payment purposes);
• ISACA International for purposes related to your membership with ISACA International;
• Event partners, if you register for a ISACA partner event;
• Our administrative staff and management, as needed;
• Our accredited trainers who provide our certification trainings;
• Processors that provide us with services;
• National and European authorities, in case of queries in relation to you;
• Banks and payment service providers;
• Our professional advisers and lawyers.

3. International data transfers

We may send your personal data to countries outside the European Economic Area, which may not offer the same level of protection.

We will protect your personal information in accordance with this Privacy Notice wherever it is processed and will take appropriate contractual or other steps to protect the relevant personal information in accordance with applicable laws. These steps include implementing the European Commission’s Standard Contractual Clauses for transfers of personal information to our service providers and business partners.

For data transfers to ISACA International (ISACA membership details and CPE details), the personal data is transferred based on contractual necessity.

4. Security

ISACA Belgium Chapter employs a risk based variety of technical and organisational measures to keep personal data safe and to prevent unauthorised access to, or use or disclosure of it.

ISACA Belgium Chapter respects your personal data and do not sell your personal data to third parties.

5. What rights do you have regarding the processing of your personal data?

The GDPR provides you with the following rights:

• the right to access and receive a copy of your data
• the right to rectify your data if it is inaccurate
• the right object to the processing for direct marketing and for reasons related to your particular situation
• the right to erase (“the right to be forgotten”) or restrict the processing of your data
• the right to withdraw your consent when the processing is based on consent
• the right to data portability when the processing is based on consent or contractual obligation.

Exercising these rights may be subject to conditions set out in the GDPR.

You have the right to lodge a complaint with the competent supervisory authority (for Belgium, this is the Belgian Data Protection Authority). In case of complaint, we invite you however to contact us to find an amicable solution.

To exercise these rights, you can contact us at privacy@isaca.be or at the address mentioned below.

In case we have reasonable doubts about your identity, we may request additional information to verify your identity.

6. Changes to this notice

We may need to update this Privacy Notice from time to time. If we make a change that we believe materially affects how we process your personal information, we will provide notice of such change on this website or via email.

7. Contact information

To exercise your data protection rights or if you have any question relating to the processing of your personal data, do not hesitate to send an email to privacy@isaca.be or to contact:

ISACA Belgium Chapter

Pegasuslaan 5

1831 Diegem

Belgium