Skip to content
Menu
menu

Privacy Policy

Effective 17 January 2019


Contents

Introduction
Data Protection Officer
How we collect and use (process) your personal information
          1. Personal information you give to us:
                1. Membership
                2. Live events and web conferences
                3. Publications
                4. Professional Development
                5. Certification
                6. Your correspondence with ASIS
                7. Purposes for processing your data
                8. Payment card information
          2. Personal information we get from third parties 
          3. What happens if you don’t give us your data
Use of ASIS Website
Cookies and web beacon
          How is ASIS using cookies?
          Categories of ASIS cookies:
                Authentication
                Security
                Preferences, features and services
                Marketing
                Performance, Analytics and Research
          How are cookies used for advertising purposes?
Website Tracking
When and how we share information with others
          Member Directory
Transferring personal data from the EU to the US
Data subject rights
Security of your information
Data storage and retention
Changes and updates to the Privacy Policy
Questions, concerns or complaints


Introduction

ASIS International (ASIS) is a global community of security practitioners, each of whom has a role in the protection of assets—people, property, and/or information. Our members represent virtually every industry in the public and private sectors, and organizations of all sizes. From entry-level managers, CSOs and CEOs to security veterans, consultants, and those transitioning from law enforcement or the military, the ASIS community is global and diverse.

We understand that you are aware of and care about your own personal privacy interests, and we take that seriously. This Privacy Policy and Conditions of Use describes ASIS’s policies and practices regarding its collection and use of your personal data and sets forth your privacy rights. We recognize that information privacy is an ongoing responsibility, and so we will from time to time update this Privacy Policy as we undertake new personal data practices or adopt new privacy policies. As a general practice, we do not knowingly attempt to solicit or receive information from children.

Data Protection Officer

ASIS is headquartered in Virginia, in the United States. ASIS has appointed an internal data protection officer for you to contact if you have any questions or concerns about ASIS’s personal data policies or practices. ASIS’s data protection officer’s name and contact information are as follows:

Jason Porter 
1625 Prince St.
Alexandria, VA USA 
dpo@asisonline.org

How we collect and use (process) your personal information

Personal information you give to us:

1. Membership

When you become an ASIS member, we collect information about you including (but not limited to) your name, your employer’s name, your work address (including your country location), information about your professional position, eligibility information, and your email address. We may also collect:
Your personal email address, a personal mailing address, and a mobile phone number. We ask members to voluntarily provide additional information in their membership profile, such as information about their educational background, number of years in the industry, and the like. Members may edit their profile at any time to change, add, or remove personal information. 
We process your personal information for membership administration, to deliver member benefits to you, and to inform you of ASIS-related events, content, and other benefits or opportunities associated with your ASIS membership. ASIS may also use this information to help us understand our members’ needs and interests to better tailor our products and services to meet your needs.

ASIS relies on fulfillment of contract as the lawful basis under GDPR Article 6 for processing members’ personal information.

2. Live events and web conferences

ASIS hosts or sponsors many events throughout the year. These include in-person conferences like the Global Security Exchange (GSX) and ASIS Europe, for example, as well as live web conferences and classroom programs (collectively “events”). If you register for one of our events and you are a member, we will access the information in your member account to provide you with information and services associated with the event. If you are not a member and you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event. We process this information to fulfill the order you have made to receive the event or web conference services.

If you are a presenter at one of our events, we will collect information about you including your name, employer, contact information, and headshot, and we may also collect information provided by event attendees who evaluated your performance as a presenter. We may also make and store a recording of your voice and likeness in certain instances. ASIS relies on a legitimate interest basis for collecting, storing, and processing this information.

We keep a record of your participation in ASIS events as an attendee or presenter. This information may be used to provide you with membership and certification services (for example, keeping track of your continuing professional education (CPE) credits, or to tell you about other events and publications). It may also be used to help ASIS understand our members’ needs and interests to better tailor our products and services to meet your needs. 
In association with attending one of or more of our events, you may have the option to download an “ASIS Events App” to help you navigate the event and plan your schedule. The ASIS Events App may require the device identifier associated with the device you use it on. Information may also be collected from you when you register on the App, enter information, write posts/comments, add content to favorites, provide ratings or submit educational content (such as documents, videos, narrations and images), are active on an educational activity, download materials, create content (such as quizzes), and when you use mobile device resources (such as camera or microphone) to scan Quick Response (QR) codes, submit photos, record narrations and send educational materials.

Some of our events are sponsored in a way that attendance is free of charge. For these events (such as Webinars), ASIS provides a post-event registration list to sponsors and/or co-sponsors. Any such event will include notification verbiage on the registration page with a clear ask for opt-in.

Exhibitors at ASIS events may wish to scan your badge so they can contact you with more information. ASIS uses MCI to provide badge scanning services to exhibitors who request it. By allowing an exhibitor to scan your badge, you are consenting to have MCI and ASIS provide the exhibitor with your contact information, and thereafter you may be contacted by the exhibitor post-event. To manage your personal information with the exhibitor, please communicate directly with the exhibitor.

3. Publications

ASIS offers a great deal of content for our members. In addition to producing original content, ASIS also subscribes to news feeds and blogs produced by others, which we often link to from our website or provide via an email. This means you may find yourself on the ASIS website or reading an email from the ASIS publications team and we will offer you a link to another organization’s website where you will find content on interesting topics that we find relevant and useful to you. At these times, you will be leaving the ASIS website. ASIS is not responsible or liable for content provided by these third-party websites or personal information they may happen to gather from you.

You may wish to subscribe to ASIS’s publications without becoming a member of ASIS. For example, many people sign up to receive ASIS’s newsletters even though they are not ASIS members. To receive ASIS content by email, you will need to create an account with us, which involves providing ASIS with at least your first name, last name and an email address. In some cases, ASIS shares this information with a third party who curates and sends the content on our behalf. We rely on a contract basis to process your personal information for purposes of fulfilling your request to receive our publications. You may at your own option choose to subscribe to ASIS News and updates.

You may manage your ASIS subscriptions by subscribing or unsubscribing at any time. If you have any difficulties managing your email or other communication preferences with ASIS, please contact us at asis@asisonline.org.

ASIS uses Google Analytics to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our members find useful or interesting, so we can produce the most valuable content to meet your needs.

We also conduct surveys that we use to produce original research on the security profession. We do not track individuals but look at information in the aggregate only. Participation in surveys is voluntary.

4. Professional Development

If you participate in ASIS professional development, you may sign up directly through ASIS in which case we collect your name and contact information directly from you. You may, alternatively, sign up for professional development—or be signed up for professional development—by or through a third party such as one of our partners, or your own employer. We may also use independent contractors to conduct professional development and third parties to provide the venue. Your personal information will be stored in our database (hosted by a cloud service provider) and may also be shared with our education partners, trainers, and/or the venue hosting the event (to verify your identity when you arrive). ASIS may use a third-party data hosting service to transfer the information from partners to ASIS. ASIS’s professional development partners, trainers, venue hosts, and data transfer hosts have agreed not to share your information with others and not to use your personal information other than to provide you with ASIS products and services. ASIS relies on fulfillment of a contract to process personal data associated with providing professional development services.

5. Certification

When you sign up to take one of ASIS’s certification exams, we will collect your name and contact information. This information may be shared with our exam hosting service. The exam hosting service may also share with us information you provide to them to verify your identity in taking the exam. ASIS will collect your exam results and, in conjunction with maintaining your certification(s), your record of participation in continuing professional education. Only authorized employees within ASIS have access to your certification exam scores and personal information pertaining to any special accommodations you may request. ASIS relies upon a contract fulfillment basis to process personal data associated with providing certification services.

6. Your correspondence with ASIS

If you correspond with us by email, the postal service, or other form of communication, we will retain such correspondence and the information contained in it and use it to respond to your inquiry; to notify you of ASIS conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and the like. If you wish to have ASIS refrain from communicating with you, please contact us at asis@asisonline.org.

Note: if you ask ASIS not to contact you by email at a certain email address, ASIS will retain a copy of that email address on its “master do not send” list in order to comply with your no-contact request.

ASIS has a legitimate interest in maintaining personal information of those who communicate voluntarily with ASIS.

7. Purposes for processing your data

As explained above, ASIS processes your data to provide you with the goods or services you have requested or purchased from us, including membership services, events, publications and other content, certification, and professional development. We use this information to refine our goods and services to better tailor them to your needs and to communicate with you about other services ASIS offers that may assist you in your career or otherwise help you do your job as a security professional. Most of the time, ASIS needs to process your personal data to fulfill an order for goods or services—including membership services, with all the attendant benefits and professional opportunities ASIS provides. Sometimes ASIS has a legitimate interest in processing data to better understand the needs, concerns, and interests of ASIS members and customers so ASIS can operate optimally as an association and as a business. And sometimes, ASIS relies upon your consent, in which case we will keep a record of it and honor your choices.

8. Payment card information

You may choose to purchase goods or services from ASIS using a payment card. Typically, payment card information is provided directly by users, via the ASIS website, into the PCI/DSS-compliant payment processing service to which ASIS subscribes, and ASIS does not, itself, process or store the card information. Occasionally, members or customers ask ASIS employees to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which ASIS subscribes. We strongly encourage you not to submit this information by email. When ASIS employees receive payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.

Personal information we get from third parties

From time to time, ASIS receives personal information about individuals from third parties. This may happen if your employer is a corporate member of ASIS and signs you up for professional development, certification, or membership. One of our third-party professional development partners may also share your personal information with ASIS when you sign up for professional development, certification, or membership through that professional development partner.

What happens if you don’t give us your data

You can enjoy many of ASIS’s services without giving us your personal data. Much of the information on our website is available even to those who are not ASIS members. To access information outside of the information on our public website, some personal information is necessary so that ASIS can supply you with the services you have purchased or requested, and to authenticate you so that we know it is you and not someone else. You may manage your ASIS subscriptions and you may opt-in or opt-out of receiving marketing communications at any time.

Use of ASIS Website

As is true of most other websites, ASIS’s website collects certain information automatically and stores it in log files. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other usage information about the use of ASIS’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences.

ASIS has a legitimate interest in understanding how members, customers and potential customers use its website. This assists ASIS with providing more relevant products and services, with communicating value to our sponsors and corporate members, and with providing appropriate staffing to meet member and customer needs.

Cookies and web beacon

We also collect and use your personal information by using cookies on our website.

A cookie is a small amount of data that is sent to your browser from a website's computer and is automatically stored on your computer. You can configure your browser to accept, reject and/or notify you when a cookie is set. (Each browser is different, so check the "Help" menu of your browser for cookie settings.) These cookies are optional and may be refused any time using your Web browser software; however, doing so may make some parts of the ASIS site inaccessible. Please feel free to contact us at asis@asisonline.org if you have questions about this policy.

How is ASIS using cookies?

Some cookies are associated with your account and personal information in order to remember that you are logged in and which sites you are logged into. Other cookies are not tied to your account but are unique and allow us to carry out analytics and customization, among other similar things.

Cookies can be used to recognize you when you visit an ASIS website or use our services, remember your preferences, and give you a personalized experience that’s consistent with your settings. Cookies also make your interactions faster and more secure.

Categories of ASIS cookies:

Authentication: If you're signed in to our services, cookies help us show you the right information and personalize your experience.

Security: We use cookies to enable and support some of our security features, and to help us detect malicious activity.

Preferences, features and services: Cookies can help you fill out forms on our sites more easily. They also provide you with features, insights, and customized content.

Marketing: We may use cookies to help us deliver marketing campaigns and track their performance (e.g., a user visited our store and then made a purchase). Similarly, our partners may use cookies to provide us with information about your interactions with their services but use of those third-party cookies would be subject to the service provider’s policies.

Performance, Analytics and Research: Cookies help us learn how well our sites and services perform. We also use cookies to understand, improve, and research products, features, and services, including to create logs and record when you access our sites and services from different devices, such as your work computer or your mobile device.

How are cookies used for advertising purposes?

Cookies and other ad technology such as pixels and tags help us market more effectively to users that we and our partners believe may be interested in ASIS. They also help provide us with aggregated auditing, research, and reporting, and know when content has been shown to you.

Some people may prefer to not allow cookies. Most browsers give you the ability to manage cookies to suit your own preferences, and, in some browsers, you can set up rules on a site-by-site basis, giving you more granular control over your own privacy. This means that you can disallow cookies from all sites except those that you trust.

Please consult the documentation that your browser manufacturer provides if you are interested in customizing your cookie preferences.

You may opt-out of third-party cookies from Google Analytics on its website. If you limit the ability of websites and applications to set cookies, you may worsen your overall user experience and/or lose the ability to access the services, since it will no longer be personalized to you. It may also stop you from saving customized settings, like login information.

Website Tracking

ASIS tracks users when they cross from our primary public website (ASISonline.org) to our “ASIS community” portion of the site (community.ASISonline.org) by logging in with their user name and password via our user portal (external.ASISonline.org), as well as when visitors to our website enter through a marketing landing page. ASIS also keeps a record of third-party websites accessed when a user is on ASIS site and clicks on a hyperlink.

To provide you information about products or services that we believe may be of interest to you, ASIS employs advertising tracking technology that extends through a network of websites that ASIS does not own or directly partner with. We utilize a third-party technology that tracks you via a cookie but does not collect personal information about you. This system can be disabled by setting your browser to not accept cookies as described in the Cookies section of this policy.

When and how we share information with others

ASIS International does not sell or rent any personal information or data from our users, members, customers, partners or exhibitors. Information about your ASIS purchases and certification status are maintained in association with your membership or profile account. The personal information ASIS collects from you is stored in one or more databases hosted by third parties located in the United States. These third parties do not use or have access to your personal information for any purpose other than cloud storage and retrieval. On occasion, ASIS engages third parties to mail information to you, including items like books you may have purchased, or material from an event sponsor. We do not otherwise reveal your personal data to third-parties for their independent use unless: (1) you request or authorize it; (2) it’s in connection with ASIS-hosted and ASIS co-sponsored conferences as described above; (3) the information is provided to comply with the law (for example, to comply with a search warrant, subpoena or court order), enforce an agreement we have with you, or to protect our rights, property or safety, or the rights, property or safety of our employees or others; (4) the information is provided to our agents, vendors or service providers who perform functions on our behalf; (5) to address emergencies or acts of God; or (6) to address disputes, claims, or to persons demonstrating legal authority to act on your behalf; and (7) through ASIS Member Directory. We may also gather aggregated data about our members and Site visitors and disclose the results of such aggregated (but not personally identifiable) information to our partners, service providers, advertisers and/or other third parties for marketing or promotional purposes. ASIS website uses interfaces with social media sites such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from ASIS website through these services, you should review the Privacy Policy of that service. If you are a member of a social media site, the interfaces may allow the social media site to connect your site visit to your personal data.

Member Directory

To best honor the privacy of our community members, you have complete control over your privacy settings in our community platform which drives our member directory. This control includes what profile information is allowed via the membership directory. You can add to or remove from your profile in the ASIS Connects platform by updating your profile. ASIS only makes member information available through ASIS Member Directory to other ASIS members, if the member actively shares out their information.

Transferring personal data from the EU to the US

ASIS has its headquarters in the United States. Information we collect from you will be processed in the United States. The United States has not sought nor received a finding of “adequacy” from the European Union under Article 45 of the GDPR. ASIS relies on derogations for specific situations as set forth in Article 49 of the GDPR. In particular, ASIS collects and transfers to the U.S. personal data only: with your consent; to perform a contract with you; or to fulfill a compelling legitimate interest of ASIS in a manner that does not outweigh your rights and freedoms. ASIS endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with ASIS and the practices described in this Privacy Policy. ASIS also enters into data processing agreements and model clauses with its vendors whenever feasible and appropriate. ASIS also minimizes the risk to your rights and freedoms by not collecting or storing sensitive personal information about you. Where we collect personal information within the European Economic Area (EEA), we have taken steps to ensure that the personal information is handled in compliance with European data protection and privacy legislation.

If you are located in the EEA, you should be aware that your personal information will be transferred to the US. In such cases, where your personal information is transferred from the EEA to the US, we will take all reasonable steps necessary to ensure that appropriate safeguards designed to protect your personal information are implemented.

Data subject rights

The European Union’s General Data Protection Regulation and other countries’ privacy laws provide certain rights for data subjects. A good explanation of them (in English) is available on the website of the United Kingdom’s Information Commissioner’s Office.This Privacy Policy is intended to provide you with information about what personal data ASIS collects about you and how it is used. If you have any questions, please contact us at dpo@asisonline.org. If you wish to confirm that ASIS is processing your personal data, or to have access to the personal data ASIS may have about you, please contact us at dpo@asisonline.org.

a. Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.

b. Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we shall use limited personal information to suppress further communications with you, rather than delete it entirely.

c. Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/ up to date.

d. Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.

e. Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests’ ground, (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.

f. Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.

g. Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects on you or similarly significantly affects you, unless such a decision (i) is necessary to enter into/ perform a contract between you and us/ another organization; (ii) is authorised by EU or Member State law to which ASIS is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.

We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.

Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the methods above.

In many countries, you have a right to lodge a complaint with the appropriate data protection authority if you have concerns about how ASIS processes your personal data. When technically feasible, ASIS will—at your request—provide your personal data to you or transmit it directly to another controller.

Reasonable access to your personal data will be provided at no cost to ASIS members, conference attendees and others upon request made to ASIS at dpo@asisonline.org. If access cannot be provided within a reasonable time frame, ASIS will provide you with a date when the information will be provided. If for some reason access is denied, ASIS will provide an explanation as to why access has been denied.

Security of your information

To help protect the privacy of data and personally identifiable information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Data storage and retention

Your personal data is stored by ASIS on its servers, and on the servers of the cloud-based database management services ASIS engages, located in the United States. ASIS retains data for the duration of the customer’s or member’s business relationship with ASIS and for a period thereafter to allow members to recover accounts if they decide to renew, to analyze the data for ASIS’s own operations, and for historical and archiving purposes associated with ASIS’s history as a membership association. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact ASIS’s data protection officer at dpo@asisonline.org.

Changes and updates to the Privacy Policy

By using this Site, you agree to the terms and conditions contained in this Privacy Policy and Conditions of Use and/or any other agreement that we might have with you. If you do not agree to any of these terms and conditions, you should not use this Site or any ASIS benefits or services.

As our organization, membership and benefits change from time to time, this Privacy Policy and Conditions of Use is expected to change as well. We reserve the right to amend the Privacy Policy and Conditions of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy and Conditions of Use at this Site. We will post any privacy policy changes on this page and, if the changes are significant, we will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). We may e-mail periodic reminders of our notices and terms and conditions and will email ASIS members of material changes thereto, but you should check our Site frequently to see the current Privacy Policy and Conditions of Use that is in effect and any changes that may have been made to it. The provisions contained herein supersede all previous notices or statements regarding our privacy practices and the terms and conditions that govern the use of this Site.

Questions, concerns or complaints

Please contact ASIS’s data protection officer, named at the top of this policy.

Please see prior versions of our Privacy Policy: 25 May 20181 January 2013

back to top

arrow_upward