Contact Us

Privacy Policy

Introduction

CI-ISAC (Australia) operates as a public Not-For-Profit (NFP) company. Our mission is dedicated to building communities to leverage the network effects of risk-based intelligence sharing while also building central capabilities to help resource-constrained entities and their service providers participate effectively.

Your privacy is important to us, and so is being transparent about how we collect, use and share information about you. We will take reasonable steps to ensure the personal information we collect, use, hold or disclose is done so in accordance with the Privacy Act 1988 and the Australian Privacy Principles (APP).

This privacy policy applies to ci-isac.com.au (“Website”) and to all products and services offered by CI-ISAC (collectively, “CI-ISAC”, “CI-ISAC Platform”, “we”, “us” or “our”) and outlines how we manage personal information. In addition to the Privacy Act 1988 and APPs, individuals located in the European Union (EU) may also have rights under the EU-based General Data Protection Regulations (GDPR).

What is personal data?

‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Source: gdpr.eu

What kinds of personal information we collect

Depending on the way you use our services, we collect information about you that we deem necessary for providing products, services and features that optimise and secure your user experience with CIISAC.

Consistent with the provision of our services, we collect and process information that could be directly or indirectly associated with you; information such as your full name, company name where applicable, username and password, phone number, email address, billing or mailing address, and other information that you share with us.

You can choose not to provide us with certain information, but that may inhibit your ability to use certain features of our services because such information may be required for you to be registered as a member, set up an account, access our platform, purchase products or services, participate in our forums or communicate with us or initiate other transactions on our website.

Third-Party Payment Processors (TPPs): Payments made via the CI-ISAC Platform are processed by third-party payment processors and are subject to the terms of use and privacy policies of those payment gateways and are not accessible or controlled by CI-ISAC. For additional information, we recommend reviewing the third-party payment processor’s Privacy Policy provided at the time of processing.

Why we collect your personal information

We collect personal information, use, and disclose it in the provision of our services and for purposes connected to those services. The purposes for which we collect, hold, use and disclose information can include, but are not limited to:

  1. To enter into or to fulfil a contract. We may use your personal data when necessary to meet a contractual obligation we owe you, including providing access to your account, our platform or other products or services you have signed up for.
  2. For a legitimate interest. We may use your personal information where processing will be necessary to achieve our business objectives or to facilitate a benefit to you.
  3. With our authorised service providers. CI-ISAC may share your personal data with our authorised service providers that perform certain services and process personal data on our behalf, including for IT and system administration services. These services may also include supporting the CI-ISAC Platform’s functionality, delivering a summit or conference, training, webinars, and other features offered through our website.
  4. With your consent. We may transmit your personal data to a third party when you give us express permission to do so.
  5. If we are required to disclose information by law. CI-ISAC may be obligated to disclose a website user’s personal information if directed by a court of law or other governmental entity. If your information is disclosed, we will comply with the law and make commercially reasonable efforts to notify you.

Disclosure of Information

Your personal information may be stored on third-party service provider infrastructure based on the CI-ISAC platform(s) you are granted access to as part of your membership. The personal data will not be accessed by third parties to enable CI-ISAC service provision, however, may be visible to third-party technical support staff in the course of incident response/troubleshooting. This may include our agents, contractors, contracted service providers and like-minded bodies.

We won’t use or disclose your personal information for any secondary purpose unless:

  1. that secondary purpose is related to the primary purpose for which we collect that information, and you would reasonably expect the disclosure in the circumstances; or
  2. you have explicitly given your consent.

How we collect and hold information

Typically, we collect and hold personal information which is provided to us by our members and other organisations and bodies. If we deal directly with individuals, we will collect and hold personal information you provide us through our website, by email or over the phone. For example, when you send an email to us or give us information over the phone, we may retain this to respond to your enquiry and/or for the provision of our services for members. Personal information is held only for as long as the information remains relevant and the purpose for which it was collected.

Cookies

Our website uses “cookies”. A cookie is a very small text document, which often includes a unique anonymous identifier. When you visit a Web site, that site’s computer asks your computer for permission to store this file in a part of your hard drive specifically designated for cookies. Each Website can send its own cookies to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a website to access the cookies it has already sent to you, not the cookies sent to you by other sites. If we use cookies in connection with your visit to this website, we typically will do so to increase our functionality and service. You can edit your preferences in relation to cookies in your web browser settings. Depending on your cookie preferences, choosing not to store cookies for CI-ISAC Platforms may impact or limit the functionality of certain services.

Click here to view our Cookie Policy.

Non-Personal Information:

Log Files: Log file information is automatically reported by your browser each time you access a web page. When you use the CI-ISAC Platforms, our servers automatically record certain information that your web browser sends out whenever you visit any website. These logs are stored on our servers and may include information such as your web request, IP address, browser type, referring/exit pages, operating system, date/time stamp, the files viewed on our site (e.g., HTML pages, graphics, etc.) and URLs, number of clicks, domain names, landing pages, pages viewed and other similar information. This information is primarily collected to enable analytics to improve user experience and troubleshoot a technical issue. Logging information is not intended to be used to identify individuals.

Access and Correction

We will take all reasonable steps to ensure any personal data we collect, use, or disclose is up to date and accurate. If you believe that the personal information that we hold about you is not accurate, you may either correct this yourself as part of your membership profile or ask us to correct it on your behalf. You may request the details of the personal information we hold about you, and copies thereof as part of your privacy rights. Where relevant, you may have additional rights under the GDPR depending on where you are accessing our services from.

We will respond to your request and, unless we are not required to do so under any relevant legislation, attempt to provide you with the data within one calendar month of receipt of your request, however this may be extended by and additional two months if your request is complex. Additionally, we may charge you an administration fee for your data request if we, as the ‘data controller’, deem it to be repetitive, excessive or unfounded.  If you are accessing our services from within a jurisdiction captured under GDPR legislation, you should state this at the time of your enquiry

All data requests, including for access, and correction should be directed to the CI-ISAC Chief Privacy Officer at  privacy@ci-isac.com.au.

Overseas disclosure

Ci-ISAC operates as an Australian data sovereign entity, with the Core Threat Sharing and Customer Relationship Management platforms being hosted on Australian infrastructure. CI-ISAC is unable to control the routing of external requests to/from our services, which means that depending on where you are accessing our systems from, your traffic may be routed outside of Australia by your organisation or Internet Service Provider.

We are unlikely to disclose personal information to overseas entities. However, if we do, we will take reasonable steps to ensure those overseas entities comply with the Australian Privacy Principles or equivalent privacy legislation in the relevant country.

Notifiable Data Breaches

From February 2018, the Privacy Act includes a new Notifiable Data Breaches (NDB) scheme which requires us to notify affected persons and the Office of the Australian Information Commissioner (OAIC) of any data breaches that is likely to result in serious harm to affected individuals. There are exceptions where notification is not required.

If we believe there has been a data breach that impacts your personal information and creates a likely risk of serious harm, we will notify you and/or the subscriber who provided your information to us and the OAIC as soon as practicable in accordance with our obligations. If you believe that any personal information that we hold about you has been impacted by a data breach, please contact the CI-ISAC Chief Privacy Officer at privacy@ci-isac.com.au

Our policy towards children

CI-ISAC services are not intended to be used by individuals under the age of 18. We do not knowingly collect personal information from minors under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please inform our Chief Privacy Officer at privacy@ci-isac.com.au

Complaints

If you consider CI-ISAC as having breached your data privacy rights, please direct your complaint to privacy@ci-isac.com.au. Our Chief Privacy Officer will respond within one calendar month of receipt of your complaint and will attempt work with you to resolve it. If you do not consider our response satisfactory, you may complain to the Office of the Australian Information Commissioner (OAIC).

Information on how to make a complaint to the OAIC is available on its website: http://www.oaic.gov.au, or you may also call the OAIC enquiries line on 1300 363 992.

If the GDPR applies to you, the UK data protection authority is Information Commissioner’s Office Wycliffe House, Wilmslow, Cheshire SK9 5AF, UK (www.ico.org.uk).  For other European jurisdictions, please refer to the European Commission website for details of the relevant data protection authority.

Contact Us

Please note that we have a Chief Privacy Officer responsible for overseeing questions concerning this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please get in touch with the Chief Privacy Officer at privacy@ci-isac.com.au. 

Written submissions may be sent to CI-ISAC Australia, Suite 8, 84 Wises Road, Maroochydore, QLD 4558, however we encourage electronic notification in the first instance to expedite delivery.

Changes to this policy

Please note that this Privacy Policy may change from time to time, with the most recent version is published on our website.

This policy is effective 29 January 2023.

#strongertogether

CI-ISAC leverages membership fees to promote the collective uplift of all critical infrastructure defences, and as such members of all tiers gain access to the same core services and capabilities

View Prospectus
Join Us!