By using this website site you agree to the use of your data as described in this Privacy Statement.
We want to make sure you understand what information we collect from you and why. World CISO Day treats your personal data and/or those of your business with the greatest possible care and confidentiality. We believe it is important to inform you of the manner in which your personal data is processed and secured by us.
In this privacy statement you can find more information on what personal data World CISO Day processes of you and/or your company, what World CISO Day uses this personal data for, on what legal grounds and for what purposes World CISO Day processes this personal data, when World CISO Day shares the personal data with third parties and when we deploy processors for the processing of the personal data, and what rights you have with regard to this personal data.
This privacy statement is applicable to:
• visitors of the Website;
• persons with whom World CISO Day is in contact, or tries to be, by email or by telephone;
• newsletter subscribers;
• recipients of invitations for events (in the following: Marketing) of World CISO Day; Partners of World CISO Day; and
• all other persons who contact World CISO Day and of whom World CISO Day processes personal data.
In this privacy statement, the following definitions apply:
• processor: a natural or legal person, a government institution, a services or other body who/which processes personal data for World CISO Day;
• third party: any other besides: you, World CISO Day, a processor, or any person who is authorised to process personal data under the direct authority of the data controller or the processor;
• you: the person whose personal data is processed by World CISO Day;
• personal data: any data which regard you and can also be traced back to you, especially by way of an identifier such as a name, an identification number, location data, online identifier, or of one or more elements which are characteristic for your physical, physiological, genetic, psychological, economic, cultural, or social identity;
• consent: any free, specific, informed and unequivocal expression of will by which, through a statement or an unequivocal active operation you accept the processing of your personal data;
• provision of personal data: the disclosure or making available of personal data; and
• processing of personal data: an act of processing or a whole of acts of processing regarding personal data or a whole of personal data, whether or not carried out through automatic procedures, such as the collecting, recording, ordering, structuring, storing, updating or modifying, requesting, perusing, using, providing by way of forwarding, distributing or making available in another manner, aligning or combining, shielding or destroying of data;
World CISO Day receives personal data from you in the following situations:
• When you visit the Website;
• When you contact World CISO Day, for example by email, by way of the registration form on the website, telephonically, or through social media, such as LinkedIn, Twitter or Facebook;
• When you register for the Marketing of World CISO Day; and/or
• When you provide data to us on account of a customer business relation with World CISO Day.
• Visit of Website
In case of a visit to the Website, our servers automatically store information, such as the URL, IP-address, browser type and language, date and time of the visit and your email address. For the rest, we would like to refer you to our cookie statement https://app.zerocopter.com/cookies for more information which we collect on you during the use of the Website.
• Contact with World CISO Day
When you contact World CISO Day, for instance with a request for information or advice on our events, World CISO Day processes the personal data which you thereby transmit to us, such as the contact information provided by email, through the registration form on the Website, or by telephone, but also the information provided during an introductory conversation, or during an event which is organised by World CISO Day. We keep this information in our customer database, Active Campaign. The email address, name and/or phone number provided by you, through the registration form on the Website or otherwise, will be used for providing information or advice as requested.We keep this information for two years after it has been stored there. The information will only be used for the purpose it was given to us.
• Marketing (and unsubscribing)
World CISO Day makes use of newsletters, subscribers are sent newsletters with materials which may be relevant for our subscribers, such as events, blog posts or news. If you have agreed to receive the newsletter, you can always unsubscribe at a later date. You can do so by pressing the unsubscribe button in any marketing email from World CISO Day. We make use of registration forms on the Website. We ask for your name, organisation, email address and phone number, so we can reach out to you. We keep your contact information in our customer database, Active Campaign. We keep this information for two years after it has been stored there. The information will only be used for the purpose it was given to us.
• Transmission of data outside the European Economic Area
Any possible personal data we process as a result of the survey mentioned under “When do we receive personal data from you?” sub 2, can in some cases be transmitted outside the European Economic Area (“EEA”), because it may be necessary for the delivery of our information.
• Optimisation Website, and provision of information
The information which the Website automatically stores and generates of you (see for this under “When do we receive personal data from you?” sub 1 and sub 2) is used by us to further optimise and to improve information delivery but also to prevent fraud. In addition, during the use of the Website, cookies are placed on your computer, smartphone, or tablet. We would further like to refer you to our cookie statement https://app.zerocopter.com/cookies for more information which we collect on you when using the Website.
• Information exchange between you and World CISO Day
For information exchange between you and World CISO Day, World CISO Day is required to process your personal data, such as your first name, last name, email address, and World CISO Day may process other personal data as well such as, phone number, function, country. World CISO Day uses this data for:
• Maintaining contact with you if you request information from World CISO Day. World CISO Day processes the personal data provided to comply with that request and/or to answer your questions.
• Other purposes for the use of personal data. Personal data is only used for such as audits and assessments
The personal data is only processed if one of the following conditions (grounds) has been complied with:
• you have given your consent for it;
• it is necessary for the implementation of an agreement to which you are a party;
• it is necessary to comply with a legal obligation which World CISO Day is subject to;
• it is necessary to protect the vital interests of you or of another natural person (these grounds are not rare);
• it is necessary to defend the legitimate interests of World CISO Day, or a third party, except in the event that your interests or basic rights and fundamental freedoms outweigh the interests of World CISO Day and/or the third party.
The security of your personal data is our top priority. Our team consists of a great number of security experts who are constantly assessing and improving the manner in which we collect, process, and store your personal data.
World CISO Day has taken both organisational and technical measures to assure the security of our customers. World CISO Day constantly implements security features for the processing of the personal data which, within the possibilities of current techniques, is sufficient to prevent unauthorised access, modification, publication, or loss of your personal data. The security measures taken by World CISO Day are based on ISO/IEC 27002 (2013) and the security guideline NCSC (2015).
The most important (security) measures of World CISO Day are:
• The data security policy, in which specific attention is also dedicated to data classification, the granting of access, and the control of vulnerabilities;
• The appointment of a Data Protection Officer. The Data Protection Officer collaborates closely with the Head of Software Development. The Data Protection Officer and the Head of Software Development are responsible for, amongst other things, the attribution of authorisations for access to sensitive customer information, the securing of back-ups, the registration and handling of incidents and the monitoring of compliance with the security policy.
• The screening of staff prior to possible employment. Furthermore, every five years a certificate of good behaviour is required from all collaborators. In addition, collaborators sign a non-disclosure statement.
• Code of conduct for the World CISO Day staff, in which specific attention is given to confidentiality and security. This document is reviewed and updated annually.
All other files, such as personnel documents and email traffic in the online environment of World CISO Day are also secured by access authorisations. The Chief Executive Officer gives authorisations to collaborators.
• Having a policy for network protection. There is an internal network at the office; on this internal network sensitive information is handled. This network is not accessible from the outside, as it is password-secured.
• The application of a ‘clear screen’ and ‘clean desk’ policy, meaning that collaborators are obliged to lock their PC or laptop when leaving their workstation. The workstation must be left behind clean and tidy when leaving the building.
• Having a policy in place for the physical security of both access and environment. The office of World CISO Day is protected against invaders by way of locks. The office area is closed outside office hours and to gain access a physical key and an electronic key must be used.
• The policy for security incidents. Future incidents are registered in the internal incident register. The Data Protection Officer becomes responsible for the registration and timely handling of the incidents. After handling the incident, it will be evaluated, and appropriate improvement measures will be taken.
We have also implemented efficacious procedures. If World CISO Day was to face a data leak, our Data Protection Officer (contact information is listed below under Contact World CISO Day) will be informed of the data leak. If the nature, the severity, and the extent of the data leak require such, the data subjects will be informed accordingly within 48 hours and World CISO Day will make a report to the monitoring agency Autoriteit Persoonsgegevens within 72 hours. When reporting the data leak, we indicate information and facts regarding the data leak. We indicate in addition in which category the data subjects were, and additional information so the report can be treated with due care.
Our database with subscriber information is saved digitally. The database is only accessible for authorised staff inside World CISO Day. Our database with subscriber information is only accessible through personal login data and a secured connection of authorised staff.
You have the right to access your personal data, to restrict the processing of your personal data, to have it corrected, supplemented, modified, or even removed. For some personal data, it could be that World CISO Day is legally obliged to keep it. To this personal data it applies that World CISO Day cannot modify and/or remove it on your request.
We ask you to mail such requests to: firstname.lastname@example.org. We will take your request into consideration as soon as possible, with a final term of four weeks. If you submit a request, we ask for a copy of your ID, so we can verify your identity against the requested information. We want to ask you emphatically to black out the social security number on the copy of the ID. Because we may not process social security numbers without being legally obliged to do so. Could you indicate in the email you sent us regarding the request that you have blacked out the social security number on the copy of the ID? Take into account besides that, after we have modified or removed your personal data on your request, it may be that this information will still be available for a while in our back-ups, until these back-ups will be deleted as well. If you have deregistered, we will keep the deregistration (that is, not the personal data themselves) for 5 years after deregistration.
In some cases, you have the right to obtain your personal data, which you have provided World CISO Day with, in a structured, customary, and machine-readable form. Also, you have the right to transfer this data, if this process is done in the manner to which the applicable legislation and regulations the transfer of data has been assigned. To exercise the rights mentioned in the preceding, you can send an email to email@example.com.
Cookies, pixel tags and other technologies (collectively called 'cookies') are files containing small amounts of information which are downloaded to any internet enabled device – such as your computer, smartphone or tablet – when you visit a website.
We will not transmit your personal data to third parties without your consent, unless:
• It is necessary in the context of negotiations on, the conclusion of, and the implementation of the assignment agreement between you and World CISO Day; and/orand/or in case of a partnership agreement
• World CISO Day on grounds of a legal obligation or in an emergency is obligated to transmit the personal data to government agencies, such as in the event of a court order imposes the obligation of providing personal data to third parties. In this particular case, World CISO Day will exclusively provide the data that is legally obliged and/or
• World CISO Day organises a training or event with a third party, in which case exclusively your contact information will be shared with a third party; and/or
• A reorganisation or transfer of business activities takes place on World CISO Day with the result that World CISO Day must transfer personal data to another organisation.
Your information, including personal information, can be transferred to – and maintained on – computers outside your state, province, land, or other jurisdiction of the government where legislation regarding data protection may be different from that in your jurisdiction. If you are located outside the EEA and you choose to provide us with information, please take into account that we transfer the information, including personal information, to the EEA where we will process it.
By using the Website outside the EEA, followed by the submission of such information, you indicate your approval of the international transfer.
Privacy statements of third parties
The privacy statement of World CISO Day is not applicable to websites and/or applications of third parties, not either in case World CISO Day has placed a hyperlink or connection on its Website to these other websites. It may happen that upon the use of our Website by way of links to other websites you are conducted to websites which are not managed by us. If you choose to click on this link, you will be directed to the website of that third party. World CISO Day does not accept any responsibility and liability with regard to the manner in which these third parties handle personal data and cookies. We advise you to review the privacy statements and cookie statements of those websites, before you visit them.
World CISO Day deploys third parties to process your personal data. These third parties (processors) process your personal data exclusively within our assignment and we conclude processor agreements with these third parties which are compliant with the requirements of GDPR (or its Netherlands ratification AVG).
Your personal data is kept for as long as it is necessary for the realisation of the purposes as mentioned under “What personal data does World CISO Day process?” of this privacy statement. After the (statutory) retention period, your personal data is destroyed.
The above retention period does not apply in case World CISO Day is subject to a legal obligation to keep the personal data any longer.
We do not aim our services at children under 16, so our service does not regard minors. We do not deliberately collect personal, identifiable information on minors. If you are a parent or guardian and you know that your children have provided us with personal data, please contact us. In case we become aware that we have collected personal information on a child younger than 13 without the parents’ consent, we take actions to remove the information from our servers.
If you have questions about our privacy statement, contact our Data Protection Officer at:
Attn: Privacy Officer
Werfkade 21033 RA Amsterdam
We reserve ourselves the right to modify the privacy statement at all times, for example when legislation or regulations change. The most recent can always be found on the Website. If and when the privacy statement is comprehensively reviewed, we report this on the Website. You are advised to regularly check this privacy statement for any possible changes. Modifications to this privacy statement are effective when they are published on this page.
If you have questions, comments and/or complaints in general or about/regarding our privacy statement, you can contact the monitoring agency of ‘Autoriteit Persoonsgegevens’ on: https://autoriteitpersoonsgegevens.nl/en.