One In Tech Privacy Notice
This One In Tech Foundation privacy notice (“Privacy Notice”) describes how the One In Tech Foundation (“One In Tech”, “we” or “us”) collects, uses, shares, and retains personal information that you provide to us, or that we collect and your rights and choices in relation to your information. This Privacy Notice applies to all personal information collected about you by One in Tech when you do any of the following (collectively the “Services”):
- Use our website located at www.OneInTech.org, all corresponding webpages, other websites owned or controlled by One In Tech or related mobile applications (collectively, the “Site”); that link to this Privacy Notice;
- Communicate with us during any written, electronic or oral communications; and
- Use any other features or content owned or operated by One In Tech.
Please note that if you disagree with anything in this Privacy Notice, you must not use the Sites or mobile applications, or provide personal information to us in connection with One In Tech’s products or services.
Please read this Notice carefully along with our Terms and Conditions (“Terms”) which describes the Terms under which you use our Services. By using the Services, you agree to the collection and use of your personal information in accordance with this Notice. If you do not agree with or you are not comfortable with any aspect of this Notice, you should immediately discontinue access or use.
Our Site may contain links to third-party websites. These third-party websites and services are not related to One In Tech and may have separate privacy policies and data collection practices. We have no responsibility for these websites or their privacy practices and encourage you to read the privacy policies of all websites you visit.
We may need to update this Privacy Notice from time to time. If we make a change that we believe materially affects how we process your personal information, we will provide notice of such change on this Site or via email. After such notice, your continued use of our Services will be subject to the then-current Privacy Notice.
1. INFORMATION WE COLLECT
We collect personal information when you interact with our Services. Personal information is data that can be used to identify you directly or indirectly or to contact you, including, but not limited to: your name, mailing address, email address, telephone number. This Notice does not apply to anonymized information as it cannot be used to identify you. The types of personal information that we may collect about you include, but are not limited to: information you provide to us, information from third parties, and information collected automatically about your use of our Services.
Information You Voluntarily Provide
- Donor. If you provide your Personal Data to One In Tech when you make a donation to One In Tech, you sign up to become a registered user of the One In Tech site and will be asked to provide certain information as part of the registration process. This information may include your first and last name, email address, and business or home address. We may also request that you voluntarily provide other information, such as your phone number, year of birth, demographic information, educational background, work experience, information about your non-One In Tech certifications, or courses or areas of study in which you may be interested.
- Communications with One In Tech. If you communicate or correspond with us by email, through postal mail, via phone or through other forms of communication, including our customer service center, we may collect the information you provide as part of those communications. For example, if you correspond with us through email, we may collect and store the email address you use to send the applicable correspondence and use it to respond to your inquiry; to notify you of One In Tech conferences, publications, or other services; or to keep a record of your complaint, accommodation request, and similar purposes.
Information Automatically Collected
As you navigate through and interact with our Site or Services, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns, including:
- If you access the Services through a computer, we will automatically collect information such as your browser type and version, computer and connection information, IP address, pages you have visited and standard web log information. We may use remarketing tools that will serve ads to you based the content you have explored on our Site to render ads to you after you have left our Site. We may automatically collect such information using “cookies” and other similar technologies, such as web beacons. For more information on cookies, please see Section 2, below.
- If you access the Services through a mobile device, we may also be able to identify the location of your mobile device. One In Tech also uses your location information (if shared with One In Tech) to identify the geographic locations from which our content is accessed so that we can better understand what content topics may be most relevant in that region, and to One In Tech members generally, and to develop resources around those content topics. You may choose not to share your location details with us by adjusting your mobile device’s location services settings. For instructions on changing the relevant settings, please contact your service provider or device manufacturer.
Information from Third Parties
We may receive personal information about you from companies controlled by or under common control as One In Tech. Also when you interact with our Services on a social media platform, we may collect the personal information that you or the platform make available to us on that page or account, including your social media account ID and/or user name associated with that social media service, your profile picture, email address, friends list or information about the people and groups you are connected to and how you interact with them, and any information you have made public in connection with that social media service. The information we obtain depends on your privacy settings on the applicable social media service; we will comply with the privacy policies of the social media platform and we will only collect and store such personal information that we are permitted to collect by those social media platforms. When you access the Site through social media channels or when you connect the Site to social media services, you are authorizing us to collect, store, and use such information and content in accordance with this Privacy Notice.
Payment Card Information
You may choose to purchase goods or services from us using a payment card. Typically, payment card information is provided directly by users, via the Site, into the PCI/DSS-compliant payment processing service to which the we subscribe, and One In Tech does not, itself, process or store the card information. Occasionally, users request One In Tech employees to, on their behalf, enter payment card information into the PCI/DSS-compliant payment processing service to which the we subscribe. When we receive payment card information from customers or members by email, fax, phone, or mail, it is entered as instructed and then deleted or destroyed.
2. COOKIES AND TRACKING TECHNOLOGIES
Cookies. Cookies are small web files that a site or its provider transfers to your device’s hard drive through your web browser that enables the site’s or provider’s system to recognize your browser and remember certain information. The length of time a cookie will stay on your browsing device depends on whether it is a “persistent” or “session” cookie. Session cookies will only stay on your device until you stop browsing. Persistent stay on your browsing device until they expire or are deleted.
The cookies used on our Site and Services may be categorized as:
- Strictly Necessary Cookies, which are needed for the Site or Services to operate as reasonably expected by you.
- Functional or Preference Cookies, which remember your name or choices.
- Performance or Analytic Cookies, which collect passive information about your use of the Site or Services.
- Advertising or Targeting Cookies, which are used to make advertising messages more relevant and personalized to you based on your inferred interests.
We use first-party and third-party cookies for the following purposes: to make our Site function properly, to improve our Site, to make login to our Site easier, to recognize you when you return to our Site, to track your interaction with the Site, to enhance your experience with the Site, to remember information you have already provided, to collect information about your activities over time and across third-party websites or other online services in order to deliver content and advertising tailored to your interests; and to provide a secure browsing experience during your use of our Site.
Your Choices. Your browser may provide you with the option to refuse some or all browser cookies. You may also be able to remove cookies from your browser. You can exercise your preferences in relation to cookies served on our Site by taking the steps outlined below.
- First-Party Cookies. You can use the browser with which you are viewing this Site to enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please note, if you set your browser to disable cookies, you may not be able to access secure areas of the Site. Also, if you disable cookies other parts of the Services may not work properly. You can find more information about how to change your browser cookie settings at allaboutcookies.org.
- Third-Party Cookies. To opt-out of third-party advertising networks and similar entities that use advertising cookies go to aboutads.info/choices. Once you click the link you may choose to opt-out of such advertising from all participating advertising companies or only advertising provided by specific advertising entities. For more information about third-party advertising networks and similar entities that use these technologies, please see aboutads.info/consumer.
- Targeted Advertising. If you do not want us to use information that we collect or that you provide to us to deliver advertisements according to our advertisers’ target-audience preferences, you can opt-out of interest-based targeting provided by participating ad servers through the Digital Advertising Alliance (optout.aboutads.info) or the Network Advertising Initiative (optout.networkadvertising.org). In addition, on your iPhone, iPad or Android mobile device, you can change your device settings to control whether you see online interest-based ads.
We do not control third-parties’ collection or use of your information to serve interest-based advertising. However, these third-parties may provide you with ways to choose not to have your information collected or used in this way. In addition, most web browsers provide help pages relating to setting cookie preferences. More information may be found for the following browsers here:
We may use third-party service providers to monitor and analyze the use of our Site. Presently, we use Google Analytics. Google Analytics is a web analytics service offered by Google LLC (“Google”) that tracks and reports Site traffic. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: policies.google.com/privacy. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics, available at: tools.google.com/dlpage/gaoptout.
Do Not Track. Some Internet browsers, such as Internet Explorer, Firefox, and Safari, include the ability to transmit “Do Not Track” or “DNT” signals. Since uniform standards for “DNT” signals have not been adopted, our Site does not currently process or respond to “DNT” signals.
Location Information. You may be able to adjust the settings of your device so that information about your physical location is not sent to us or third-parties by (a) disabling location services within the device settings; or (b) denying certain websites or mobile applications permission to access location information by changing the relevant preferences and permissions in your mobile device or browser settings. Please note that your location may be derived from your WiFi, Bluetooth, and other device settings. See your device settings for more information.
3. HOW WE USE YOUR INFORMATION
We will only use your information as described in this Notice or as disclosed to you prior to such processing taking place.
a. To Provide and Maintain our Services. We will use your personal information to provide information or deliver Services that you request and to allow you to participate in interactive features of our Site and Services when you choose to do so. If the applicable information is to be provided or Service is to be performed by a third party, then we will disclose the applicable information to the third party providing the information or performing applicable Services.
b. To Provide Customer Support or Respond to You. We collect any information that you provide to us when you contact us, such as with questions, concerns, feedback, disputes or issues. Without your personal information, we cannot respond to you.
c. To Send You Marketing and Promotional Emails. We may use your personal information to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe link or the instructions provided in any email we send, or submitting your request on our DSAR Form HERE.
d. To Advise You of Other Services. From time to time, subject to the applicable law, we may your personal information with third parties or partners. You may opt out of having your personal information shared with third parties. If you choose to limit the use of your personal information, certain features or Services may not be available to you.
e. To Personalize Your Experience. We may also use your personal information to tailor your experience at our Site, to compile and display content and information that we think you might be interested in, and to provide you with content according to these preferences. One In Tech may also use this information to help us understand our members’ needs and interests, to better tailor our products and services to meet your needs.
f. For Research and Development. We will use your information to gather analysis or valuable information so that we can improve our Services and to detect, prevent and address technical issues. We may also use your information to monitor the usage of our Site including without limitation search terms entered, pages visited and documents viewed.
g. To Enforce Compliance with Our Terms and Agreements or Policies. When you access or use our Services, you are bound to our Terms and Conditions and this Notice. To ensure you comply with them, we process your personal information by actively monitoring, investigating, preventing and mitigating any alleged or actual prohibited, illicit or illegal activities on our Services. We also may process your personal information to: investigate, prevent or mitigate violations of our internal terms, agreements or policies; enforce our agreements with third parties and business partners; and, as applicable, collect fees based on your use of our Services. We also use your information to ensure that One In Tech will not violate any applicable U.S. sanctions in accepting your donation or by providing you access to One In Tech’s goods and services. We cannot perform our Services in accordance with our terms, agreements or policies without processing your personal information for such purposes.
4. DISCLOSURE OF YOUR INFORMATION
Except as set forth in this Privacy Notice or when specifically agreed to by you, we will not disclose personal information we gather from you to third parties unless One In Tech is required to share this information to complete your request or for legitimate business purposes. One In Tech shares personal information in the following circumstances:
a. Third-Party Service Providers. We may share your information with vendors or third parties who deliver or provide goods and services or otherwise act on behalf of or at the direction of One In Tech. These third parties may include, for example, our third-party technology providers, including our mobile application vendor, exam-testing agencies and training providers and partners, product-fulfillment companies, and third-party event hosts, hotels for conference registrants, sponsors, co-sponsors and exhibitors. These third-party service providers will only have access to the information needed to perform these limited functions on our behalf. Where we do share your personal information with third parties, One In Tech takes steps to ensure that they use appropriate safeguards to protect your personal information.
b. Business Partners. From time to time, One In Tech may engage in joint sales or product promotions with selected business partners. If you purchase or specifically express interest in a jointly-offered product, promotion or service, we may share relevant personal information with those partners. For example, if you are an event attendee, speaker, or sponsor, subject to applicable laws, certain items of your information may be included in the event roster, which may also be shared with third-party event sponsors and exhibitors and publicly disclose. We do not control our business partners’ use of such information. Our partners are responsible for managing their own use of the personal information collected in these circumstances, including providing information to you about how they use your personal information. We recommend you review the privacy policies of the relevant partner to find out more about their handling of your personal information.
c. Within Our Corporate Organization. One In Tech is a part of a corporate organization that has many legal entities, business processes, management structures and technical systems. We may share your personal information within this organization, with our affiliates, including ISACA and CMMI.
d. Board Members and Volunteers. We may share your information with One In Tech board members for purposes of conducting One In Tech’s internal business operations. Subject to applicable law, One In Tech makes publicly available the names, titles, country and business affiliations of officers, committee members and others who have assisted with initiatives or projects.
e. To Respond to Subpoenas, Court Orders, Government Requests or to Protect Rights and to Comply with Our Policies. To the extent permitted by law, we will disclose your information to government authorities or third parties if: (a) required to do so by law or regulation, or in response to a subpoena or court order or any other enforceable governmental request or order; (b) we believe in our sole discretion that disclosure is reasonably necessary to protect against fraud, to protect the property or other rights of us or other users, third parties or the public at large; or (c) we believe that you have abused the Sites by using them to attack other systems or to gain unauthorized access to any other system, to engage in spamming or otherwise to violate applicable laws. You should be aware that, following disclosure to any third party, your information may be accessible by others to the extent permitted or required by applicable law.
f. Business Transfers; Bankruptcy. In the event of a merger, acquisition, bankruptcy or other sale of all or a portion of our assets, any user information owned or controlled by us may be one of the assets transferred to third parties. Unless you are residing in the European Economic Area, we reserve the right, as part of this type of transaction, to transfer or assign your information and other information we have collected from users to third parties. One In Tech will still ensure the confidentiality and security of any user information. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to this Privacy Notice.
One In Tech uses reasonable physical, technical and administrative measures to safeguard personal information you provide through the Sites or in connection with One In Tech’s products and services. Please be aware that no data transmission over the Internet can be guaranteed to be 100% secure. As a result, One In Tech cannot guarantee or warrant the security of any information you transmit on or through the Sites and you do so at your own risk.
We limit our retention of your personal information as long as necessary for the purposes set out in this Notice. We will retain and use your personal information to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies. While retention requirements vary by jurisdiction, typically we will retain your email address for marketing purposes on an ongoing basis until you unsubscribe, and we retain information collected via technical means such as cookies, web page counters and other analytics tools is kept for a period of up to one year from the expiration of the cookie.
7. YOUR CHOICES
To help us keep your personal information up to date, or to request access to the personal information One In Tech maintains about you, you may contact us at One In Tech, Data Protection Officer, 1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173, USA or by submitting a request on our DSAR Form HERE.
If you would like to modify the types of marketing email messages you receive from One In Tech, you may do so by following the instructions within the body of any email message that you receive from us.
One In Tech is a 501(c)(3) supporting organization to ISACA, providing philanthropic programs addressing education, advocacy, and IT access needs for underserved populations. Our sites are not directed at children under the age of 16 to access directly. One In Tech does not knowingly collect personally identifiable data from persons under the age of 16.). If you are a parent of a child under 16, and you believe that your child has provided us with information about him or herself, please contact us by submitting an inquiry on our DSAR Form HERE.
9. INTERNATIONAL TRANSFERS
As a global entity, we may store, transfer, and otherwise process your personal information in countries outside of the country of your residence, including the United States and possibly other countries. The data protection laws of such countries may not be as protective as the laws of the country in which you reside. We will take all the steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Notice and no transfer of your personal information will take place to an organization or a country unless there are adequate controls in place. If you do not want your information transferred to or processed or maintained outside of the country or jurisdiction where you are located, you should not use the Services.
For individuals located in the European Economic Area (“EEA”), the United Kingdom or Switzerland (collectively “Europe”) at the time they access our Services, we transfer your personal information subject to appropriate safeguards as permitted under the applicable data protection laws. Specifically, when your personal information is transferred out of Europe, we have the required contractual provisions for transferring personal information in place with the third parties to which your information is transferred. For such transfers, we rely on legal transfer mechanisms such as Standard Contractual Clauses, or we work with U.S.-based third parties that are certified under the EU-US and Swiss-US Privacy Shield Framework.
To the extent necessary, One In Tech relies on derogations as set forth in Article 49 of the GDPR to transfer personal information to the United States, specifically to perform a contract with you. If this data is not processed and transferred, One In Tech will not be able to execute the contract with you or you will not have access to any or all of the benefits and features associated with your transaction.
10. NOTICE TO INDIVIDUALS IN EUROPE
This section only applies to individuals that access or use our Services while located in the European Economic Area, United Kingdom and/or Switzerland (collectively “Europe”). We may ask you to identify which country you are located in when you use some of the Services or we may rely on your IP address to identify which country you are located in. When we rely on your IP address, we cannot apply the terms of this section to any individual that masks or otherwise hides their location information from us so as not to appear located in Europe. If any terms in this section conflict with other terms contained in this Notice, the terms in this section shall apply to users in Europe.
We are a controller with regard to any personal information collected from individuals accessing or using its Services. A “controller” is an entity that determines the purposes for which and the manner in which any personal information is processed.
Marketing. We will only contact individuals located in Europe by electronic means (including email or SMS) based on our legitimate interests, as permitted by applicable law or the individual’s consent. When we rely on legitimate interest, we will only send you information about our Services that are similar to those which were the subject of a previous sale or negotiations of a sale to you. If you do not want us to use your personal information in this way or to disclose your personal information to third parties for marketing purposes, please click an unsubscribe link in your emails or submit your request on our DSAR Form HERE. You can object to direct marketing at any time and free of charge. Direct marketing includes any communications to you that are only based on advertising or promoting products and services.
Legal Bases for Processing. Below is our legal bases for processing for the processing activities identified in this Notice. Legal Bases for Processing. Below is our legal bases for processing for the processing activities identified in this Notice.
- We rely on our contract with you as our legal basis for processing in relation to the following: to provide and maintain our services, to provide customer support or respond to you, to enforce compliance with our Terms, agreements or policies, and to share with third party service providers.
- We rely on your consent or legitimate interest in relation to the following processing activities: to send you marketing and promotional emails, to advise you of other services, and to share your information with business partners, or within our corporate organization.
- We rely on legitimate interest in relation to the following processing activities: to personalize your experience, for research and development, and when we share your information with board members or volunteers or in relation to business transfers or bankruptcy.
- Our processing in relation to the following sections is based on our legal obligations: when we share your information to respond to subpoenas, court orders, government requests, or to protect rights and comply with our policies, or in relation to business transfers or bankruptcy.
Your Rights. We provide you with the rights described below when you use our Services. We may limit your individual rights requests in the following ways: (a) where denial of access is required or authorized by law; (b) when granting access would have a negative impact on other’s privacy; (c) to protect our rights and properties; and (d) where the request is frivolous or burdensome. If you would like to exercise your rights, please submit your request on our DSAR Form HERE so that we may consider your request under applicable law. When we fulfill your individual rights requests for correct (or rectification), erasure or restriction of processing, we will notify third parties also handling the relevant personal information unless this proves impossible or involves disproportionate effort. In certain circumstances, you have the following data protection rights:
- Right to withdraw consent. You have the right to withdraw your consent to the processing of your personal information collected on the basis of your consent at any time. Your withdrawal will not affect the lawfulness of our processing based on consent before your withdrawal.
- Right of access to and rectification of your personal information. You have a right to request that we provide you a copy of your personal information held by us. This information will be provided without undue delay subject to some fee associated with the gathering of the information (as permitted by law), unless such provision adversely affects the rights and freedoms of others. You may also request us to rectify or update any of your personal information held by us that is inaccurate.
- Right to erasure. You have the right to request erasure of your personal information that: (a) is no longer necessary in relation to the purposes for which it was collected or otherwise processed; (b) was collected in relation to processing that you previously consented, but later withdraw such consent; or (c) was collected in relation to processing activities to which you object, and there are no overriding legitimate grounds for our processing. If we have made your personal information public and are obliged to erase the personal information, we will, taking account of available technology and the cost of implementation, take reasonable steps, including technical measures, to inform other parties that are processing your personal information that you have requested the erasure of any links to, or copy or replication of your personal information. The above is subject to limitations by relevant data protection laws.
- Right to data portability. If we process your personal information based on a contract with you or based on your consent, or the processing is carried out by automated means, you may request to receive your personal information in a structured, commonly used and machine-readable format, and to have us transfer your personal information directly to another “controller”, where technically feasible, unless the exercise of this right adversely affects the rights and freedoms of others.
- Right to the restriction of or processing. You have the right to restrict or object to us processing your personal information where one of the following applies:
- You contest the accuracy of your personal information that we processed. In such instances, we will restrict processing during the period necessary for us to verify the accuracy of your personal information.
- The processing is unlawful and you oppose the erasure of your personal information and request the restriction of its use instead.
- We no longer need your personal information for the purposes of the processing, but it is required by you to establish, exercise or defense of legal claims.
- You have objected to processing, pending the verification whether the legitimate grounds of our processing override your rights.
Restricted personal information shall only be processed with your consent or for the establishment, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest. We will inform you if the restriction is lifted.
- Right to object to processing. Where the processing of your personal information is based on consent, contract or legitimate interests you may restrict or object, at any time, to the processing of your personal information as permitted by applicable law. We can continue to process your personal information if it is necessary for the defense of legal claims, or for any other exceptions permitted by applicable law.
- Automated individual decision-making, including profiling. You have the right not to be subject to a decision based solely on automated processing of your personal information, including profiling, which produces legal or similarly significant effects on you, save for the exceptions applicable under relevant data protection laws. We do not engage in this type of automated processing.
We will communicate any rectification or erasure of your personal information or restriction of processing to each recipient to whom your personal information has been disclosed unless this proves impossible or involves a disproportionate effort. We will inform you about those recipients if you request this information.
If you believe that we have infringed your rights, we encourage you to contact us HERE so that we can try to resolve your issue or dispute informally. Or you have a right to lodge a complaint with the supervisory authority situated in a Member State of your habitual residence, place of work, or place of alleged infringement and may do so by contacting our EU member representative DataRep at [email protected], or by clicking HERE.
If you have any questions or concerns about this Privacy Notice, please submit an inquiry to us on our DSAR Form or write us at One In Tech, Data Protection Officer, 1700 E. Golf Road, Suite 400, Schaumburg, Illinois 60173, USA.