How we keep your information safe
We have implemented security measures to reduce the risk of your personal data from being accidentally or illegally lost, used, or accessed by those who do not have permission. These measures include:
- access controls and user authentication (including multi-factor authentication);
- internal IT and network security;
- regular testing and review of our security measures;
- contractual obligations.
If there is an incident affecting your personal data and we are the controller, we will notify the regulator and keep you informed (where required under data protection law). Where we act as the processor for the affected personal data, we notify the controller and support them with investigating and responding to the incident.
If you notice any unusual activity on the Website, please contact us at team@clubciso.org
International Data Transfers
Although our systems and Services are primarily located within the UK and EEA, there may be occasions where your personal data will be processed in countries not deemed by the UK and EU to have adequate Data Protection safeguards in place. ClubCISO has implemented appropriate measures to ensure an adequate level of protection of your personal data, if they are transferred outside of the UK or EEA. These measures being that we ensure there’s a proper legal agreement or mechanism in place covering the transfer and protecting the data.
How long we keep your data
ClubCISO only processes personal data for as long as necessary to meet our legal obligations or where we have a legitimate business reason for keeping it. We review personal data on a case-by-case basis and document the period of retention for each.
For further information on how long personal data is likely to be kept before being removed from our systems and databases, please contact us via data.protection@clubciso.org
Your rights
Data Protection legislation gives you rights over your information which are focused on placing you in control of how your data are processed.
You can exercise these rights by emailing us at data.protection@clubciso.org.
We may verify your request and identity before any information is provided to you. This is to make sure you are entitled to receive the information.
You have the following rights in relation to the processing of your personal data:
Right to be informed: A right to be informed about the personal data we hold about you.
Right of access: A right to access the personal data we hold about you.
Right to rectification: A right to require us to rectify any inaccurate personal data we hold about you.
Right to erasure: A right to ask us to delete the personal data we hold about you. This right will only apply where (for example):
– We no longer need to use the personal data to achieve the purpose we collected it for.
– Where you withdraw your consent if we are using your personal data based on your consent.
– Where you object to the way we process your data (see the right to object described below).
If you request us to delete your data, we will retain minimum personal data to document these requests and thereby avoid using your personal data for any other purpose.
Right to restrict processing: In certain circumstances, a right to restrict our processing of the personal data we hold about you. This right will only apply where (for example):
– You dispute the accuracy of the personal data held by us.
– Where you would have the right to ask us to delete the personal data but would prefer that our processing is restricted instead.
– Where we no longer need to use the personal data to achieve the purpose, we collected it for, but you need the data for the purposes of establishing, exercising, or defending legal claims.
Right to data portability: In certain circumstances, a right to receive the personal data you have given us, in a structured, commonly used, and machine-readable format. You also have the right to require us to transfer this personal data to another organisation, at your request.
Right to object: A right to object to our processing of the personal data we hold about you where our lawful basis is for the purpose of our legitimate interests, unless we can demonstrate, on balance, legitimate grounds for continuing to process the personal data which override your rights, or which are for the establishment, exercise or defence of legal claims.
In particular, you can exercise your right to object to marketing communications being sent to you by utilising opt-out mechanisms in emails we send to you.
Right related to automated decision-making and profiling: A right for you not to be subject to a decision based solely on an automated process, including profiling, which produces legal effects concerning you or similarly significantly affects you.
Right to withdraw your consent: A right to withdraw your consent, where we are relying on it to use your personal data (for example, to provide you with brochures and newsletters).
Right to complain: A right to complain to us about the way we have processed your personal data which we must acknowledge within 30 days.