Effective Date: September 14, 2014
The Cloud Security Alliance, Inc. (CSA) abides by the following principles when handling personal information in electronic form:
- We collect a small amount of personal information about our users in order to provide them with our products and services;
- We limit the sharing or disclosure of this personal information to our business needs or compliance with applicable legal requirements;
- We give users meaningful choices over the use of their personal information;
- We strive to protect the personal information that we hold.
This Privacy Notice provides detailed information on how CSA puts these principles into practice. It describes the CSA policies with respect to the personal information that it collects through its website located at https://cloudsecurityalliance.org/ (Site), and the choices that are available to its users and members. “Personal information” means any information that relates to an identified or identifiable individual.
1. Your consent
Please read this Privacy Notice before you visit the Site or provide personal information on or through the Site. Your use of the Site signifies that you agree will all terms of this Privacy Notice. If you disagree with any part of this Privacy Notice, please do not use the Site.
This Privacy Notice applies solely to personal information that CSA collects through the Site or through electronic communications that you send to CSA at the addresses indicated on the Site.
It does not apply to the Cloud Security Alliance Group(s) on LinkedIn. It also does not apply to the websites of third parties, such as vendors, business partners, sponsors, advertisers, etc., to which the Site may link. CSA does not endorse, and is not responsible for the content of these websites, their policies or practices, or any product that they may offer. These third party websites are operated independently from CSA and are not under CSA’s control.
If you provide any personal information to or through these third third-party websites, your transaction will be subject to the terms and conditions and the privacy policies of these third parties. We recommend that you review these third party terms before providing any personal information to them.
3. What information we collect, and how we collect it
Personal information about you – The Site is designed to allow users to browse through it without providing any contact information. However, certain areas of the Site may require or allow for the voluntary submission of personal information, such as name and email address. We collect the personal information that you provide when you contact us.
The Site is not directed to children. CSA does not knowingly collect personal information from children. If you are younger than thirteen (13) years old, please do not provide any personal information while using the Site.
Log information – Our server software gathers general information from all Site users. For example: IP address, computer type, screen resolution, OS version, domain name, location, date and time of the visit, page(s) visited, time spent on a page, website from which the user came, action taken by the user when leaving our Site. Some of this information is provided directly by the user’s browser, the remainder is obtained through cookies and tracking technologies.
4. How we use this information
CSA uses the information that it has collected or received from its service providers as follows:
Fulfillment of requests – We record and use your personal information to respond to your inquiries, register you to our events, and send you the publications or documents that you request.
Administrative communications – We may send you important administrative or transactional information regarding the Site or events to which you have registered.
Other communications – We may use your personal information to send you mailings relating to CSA activities or events that we think may be of interest to you, in accordance with applicable law. You may opt-out of receiving these communications as indicated in the Choices section.
Internal business purposes — We may use the collected information for internal business purposes, such as for audits or to track attendance.
Statistical analysis – We use aggregated data about our users’ Site usage (which do not identify a specific user), such as the number of users who have visited certain pages of the Sites, or how long users are spending on a particular page, in order to develop statistics on the use of our Site, so that we can understand how are users interact with the Site, and improve our Site and the services that we provide through our Site.
5. To whom we disclose personal information
Service providers – We may share personal information with entities that provide services to us, such as communications, database management, event planning, hosting, mailing, and marketing.
Sponsors and business partners – We may share with our sponsors and corporate members the personal information that you provide when filling out forms to obtain documents, white papers or other research performed by CSA. These business partners use such personal information in accordance to their own privacy policies, which may include use for direct marketing purposes.
Business transfers – In the event of the sale, transfer or other disposition of any portion of CSA’s assets, we may transfer personal information to third parties, in preparation for, or as part of the sale, transfer or disposition of CSA’s assets.
Law enforcement; compliance – We may use or disclose personal information to any third party (a) if we believe that we are required to do so by law; (b) to comply with legal process or respond to requests from governmental or public authorities; (c) to prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of our Site or network; (d) to enforce our Terms and Conditions; or (e) to protect the rights, privacy, property, business, or safety of CSA, its business partners, employees, members, Site users, or the public.
California privacy rights – CSA does not disclose any personal information to third parties for their direct marketing purposes. Should this practice change, we will allow all users to opt-out from such disclosures.
6. Online Payments
The Site provides the ability to make online payments for products or services that CSA provides for a fee. CSA does not store credit card details. All credit card information and other customer details that are required to process credit card payments are collected directly by the entity that processes online payments on CSA’s behalf. CSA does not have access to these data. These data are handled by our service provider, in accordance with its data handling practices. CSA is not responsible for the handling of these data by its service provider.
7. Your Choices
Marketing communications – We may from time to time send you mailings relating to events that we think may be of interest to you. If you prefer not to receive marketing mailings from us, you may unsubscribe from these mailings by following the unsubscribe instructions in these messages or by contacting us as indicated in How to contact CSA.
8. Cookies and Other Technologies
Cookies – Cookies are identifiers. A cookie assigns a unique identifier to a user’s computer and browser. Session cookies are erased when a user closes his browser or logs out. Persistent cookies are stored for longer period. When a user returns, and uses the computer and browser on which a persistent cookie is stored, the cookie allows us to recognize the computer and browser that were used in a prior session. It does not allow us to identify a specific individual.
We may use both “session” cookies and “persistent” cookies on the Site. These cookies are not linked to any contact information or identifying information, thus they do not tell us who you are, but they may identify your device, personal computer, laptop, tablet, smartphone and the like.
We will use the session cookies to keep track of you while you navigate the Site. We will use the persistent cookies to enable our Site to recognize you when you visit.
Some cookies enable services that you have specifically asked for. Other cookies are used to remember the choices you made (for example, the size of the font, or the language you prefer) in order to make it easier for you to use our Site when you return. Other cookies collect information about how users use our Site, for example which pages they visit most often, or how long they stay on a particular page.
Action tags – Pixel tags, action tags, gif tags, beacons, or similar technologies (tracking technologies) are placed on pages of the Site by CSA or a service provider. They allow the collection of information such as the date or time when a designated page was viewed or how long the user stayed on a specific page. This information is collected in an aggregated format. Users cannot remove or block action tags because they are coded in the programming of the Site, rather than being sent to a browser. However, users can remove any cookie that is associated with the action tag, as explained above.
9. Retention of information
We will retain personal information about you for so long as necessary to fulfill the purposes outlined in this Notice unless a longer retention period is required by law and/or regulations.
CSA seeks to adopt commercially reasonable security measures consistent with industry practice to protect personal information under its control against loss, misuse, and alteration. However, we cannot guarantee the security of our servers, the means by which personal information is transmitted between your computer and our servers, or any personal information that we receive through or in connection with the Site. If you believe that your connection to our Site is no longer secure, please notify us as soon as possible.
We attempt to strike a reasonable balance between security and convenience. Emails are usually sent as unencrypted text. If misrouted or intercepted, an unencrypted email could be read easily. If there is a matter that requires high security or confidentiality, please do not send the related information through email.
11. Crossborder transfers
By using the Site, you acknowledge and consent to the fact that (a) the personal information that you provide to us or that we collect through your our Site may be stored and processed in the United States or abroad, which may provide a different level of data protection than that which is provided by your country of residence; and (b) we may, at our discretion, store and process such data in the United States or other countries.
CSA does not represent or warrant that the Site is appropriate or available for use in any particular jurisdiction. Those who choose to access the Site do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules, and regulations that apply to them.
We may limit access to the Site to any person, geographic area, or jurisdiction that we choose, in our sole discretion.
13. Inquiries and Complaints
If you have any question, comment or complaints about this Privacy Notice, or the use, management or disclosure of personal information collected on or through our Site, please contact us as set forth in the section How to contact CSA.
If you have a complaint, and you are not satisfied with our handling of the disputed matter, or the complaint or dispute cannot be resolved through our internal process, please contact the San Francisco office of the American Arbitration Association, which will assist in the resolution of this matter.
14. California Disclosures
Do Not Track – California law requires that website operators that collect personal information about California residents disclose how they respond to a “Do Not Track” signal. However, because there is not yet a common understanding of how to interpret Do Not Track signals, we do not currently respond to Do Not Track signals, if any, that we might receive from browsers. We will continue to work with the online industry to define a common understanding of how to treat Do Not Track signals.
To learn more about online behavioral advertising, and/or to opt-out of this type of advertising, please visit the Network Advertising Initiative website or the Digital Advertising Alliance website. You can also contact us as indicated in How to contact CSA.
We do not share with these third parties any information that would readily identify you, such as an email address, but these third parties may have access to information about your device, such as an IP or MAC address. We do not have access to, or control over, the technologies that these third parties may use to collect information about your interests.
Opt-out of Third Party Sharing – When you fill out a form to obtain a document, white paper or other CSA research in areas of our Site that are sponsored by CSA Corporate Members or other businesses, we may share this information with our sponsors. We allow you to opt-out from such disclosure. If you do not opt-out, these third parties may use the personal information obtained through these forms for their direct marketing purposes.
15. Updates to the Privacy Notice
We update this Privacy Notice from time to time. If the changes are significant, we will post a prominent notice on this Site for a reasonable time to notify you of these changes. Unless, and until, you object in writing, by contacting us as indicated in How to contact CSA, all changes will apply to the existing information about you that CSA already holds, and the personal information collected from the effective date of the revised Privacy Notice.
We encourage you to periodically review this webpage in order to ensure that you are aware of the current Privacy Notice. Your use of our Site following the effective date of any revision will constitute your acceptance of the terms of the updated Privacy Notice.
16. How to contact CSA
If you have any questions, comments, or complaints, regarding this Privacy Notice, or our privacy, security or data protection practices, please contact us by email at [email protected].