Privacy Policy

Global CISO Council recognizes the importance of maintaining your privacy and is committed to protecting it and developing technology that gives you the most powerful and safest online experience. This Statement of Privacy applies to current and former visitors to all our Global CISO Council websites and governs data collection and usage. By using the Global CISO Council website, you consent to the data practices described in this statement. At Global CISO Council, the privacy and security of our members, participants, and visitors are of paramount importance. We value your privacy and appreciate your trust in us.

1 WHAT TYPE OF PERSONAL INFORMATION DO WE GATHER?

Global CISO Council collects certain personal information about you during your relationship with us. Global CISO Council, through its website and other platforms used to support membership interest, participation in programs or events, partnerships, and related services, may collect personally identifiable information/personal information that may include:

a

Contact information. 

We might collect your name, e-mail, home or work addresses, telephone numbers, organization names, etc.

b

Identification Documents.

For certain Services, we may require you to provide a copy of government-issued identification, such as a passport, national identity card, driver’s license, or other similar documents, to verify your identity. However, such identification documents shall be provided to us subject to clause 9 of this Privacy Policy.

c

Payment and billing information.

We might collect your billing name, billing address, and the legal age as permitted by your country of origin/residency and as per the payment method used by you. We NEVER collect your credit card number or credit card expiry date or other details pertaining to your credit card on our website. We will not be storing any Bank related information on our records and none of our employees will hold or be exposed to this information.

d

Information you submit or share.

We collect information you submit to us through forms or inquiries on our website, or information you choose to share on third-party platforms or social media pages operated or designated by Global CISO Council, subject to the applicable third-party terms and privacy settings.

e

Demographic information.

We may collect anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests, favorites, or any other information provided by you during the use of our website. We might collect this as a part of a survey also.

f

Other information.

If you use our website, we may collect information about your IP address and the browser you’re using. This may also include interactions through our website, Global CISO Council chapters, meetings with our representatives and representatives from our authorized partners and other third parties or the duration of time spent on our website.

Global CISO Council does not collect, use, and/ or disclose sensitive personal information, such as race, religion, health information or political affiliations (“Sensitive Personal Information”) without your explicit consent.

2 Minor’s Online Privacy

Protecting the privacy of children is especially important to Global CISO Council. Our Services are intended for professionals and are not directed to minors. We do not knowingly process or profile personal information of individuals under the legal age of majority without the express consent of a parent or legal guardian, where required by applicable law. If you are under the age of majority in your jurisdiction and believe you have provided personal information to us without appropriate consent, or if you are a parent or legal guardian who believes that a minor has provided personal information without authorization – please contact us at [email protected]. We will take appropriate steps to delete such information or take any other actions as required by applicable laws.

3 Where do we collect Personal Information about you?

We collect information in different ways.

a

We collect information directly from you.

We collect information directly from you when you register or collaborate with us. You may choose to apply for specific information or services on topics such as chapters that you wish to become member of which may require you to fill out forms and share your personal information. This information is irrespective of your membership. Global CISO Council asks you to allow representatives of Global CISO Council to contact you for the purpose asked.

Global CISO Council may collect different data from or about you depending on how you use Global CISO Council Services. When you submit information through the Site or use our Services, including through a third-party platform, we collect any data you provide directly, including, where applicable, information you choose to share in connection with your participation in third-party platforms or services.

b

We collect information from you passively.

We receive and store certain types of information whenever you interact with us. We use browser cookies, web beacons, and similar technologies to collect information about your usage of our website or any of our subdomains for purposes such as analytics, security, and improving site functionality. We may use this information for internal analysis and to better understand how our website and services are used.

To help us make our emails communication more useful and interesting, we often receive confirmation when you open email from Global CISO Council, if your computer supports such capabilities. If you do not wish to receive email or other communications from us, you may update your communication preferences using the options provided in our messages or by contacting us, where applicable.

c

We get information about you from third parties.

If you access or use our Services through a third-party platform or service, or if you use an integrated social media feature on our websites, or click on any third-party links, the collection, use, and sharing of your data will also be subject to privacy policies and other agreements of that third party.

We may obtain certain information through third-party platforms or services that you choose to use in connection with Global CISO Council activities, such as community or communication platforms sponsored or designated by Global CISO Council. If you choose to participate in such platforms (for example, a Global CISO Council-sponsored messaging group or community platform), we may receive information that you choose to share through those platforms, subject to your privacy settings and the applicable third-party terms and policies. The information we receive depends on the platform or service used and the permissions you grant and may include basic profile or contact information necessary for participation.

d

We may get information about you from other sources.

We might receive information about you from other sources and, where applicable, combine it with information you have provided to us through the Site or in connection with our Services.

4 How and why do we use your Personal Information?

We collect information in different ways.

a

We collect information directly from you.

Certain Global CISO Council services require you to provide your personal information, so as to enable us to provide you the whole range of that Service.

b

We use information to contact/respond to your requests or questions:

We might use the information you provide to contact you to deliver the services you have requested.

c

We use information to improve our services and user experience.

We may use your information to analyze and enhance our website, newsletters, and other communications, so we can better support and improve your interaction with Global CISO Council’s online services.

d

We use information to understand site usage patterns and user interests.

We may use your information to improve our website, services, and member offerings. We may also combine information we collect from you with information obtained from third parties to enhance our understanding of user needs. Global CISO Council may contact you to participate in surveys or research initiatives to gather feedback on current services or potential programs.

e

We use information for security purposes.

We may use information to protect Global CISO Council, our Members and users, and the security and integrity of our websites and services.

f

We use information for marketing and outreach purposes.

We may use your information to send marketing, promotional, informational, or satisfaction-related communications about services, events, programs, or initiatives offered by the Global CISO Council and its Affiliates.

g

We may use information to send you transactional or service-related communications.

We may send you emails or SMS messages about services, events, programs, or information you have requested from Global CISO Council, or other communications necessary to administer our Services.

h

We use information as otherwise permitted by law.

To comply with our legal and regulatory obligations, such as record-keeping, reporting, accounting, and tax requirements.

5 Who do we share your Personal Information with?

Global CISO Council does not sell, rent, or lease your personal information to third parties without your explicit consent. Global CISO Council shares personal information in the following ways:

a

We will share your personal information with our Affiliates

for internal reasons, primarily for business and operational purposes.

b

We will share information with our authorized Vendors.

We share information with vendors who help us manage our online registration process or payment processors or transactional message processors. Some vendors may be located outside of the country where you reside in.

c

We will share information with our business partners/ third parties who perform services on our behalf.

Global CISO Council may engage third-party service providers and trusted partners to process personal information on our behalf in order to support our operations, including data hosting, platform services, analytics, communications, and administrative functions. From time-to-time, Global CISO Council may also contact you on behalf of external business partners regarding offerings that may be relevant to your interests; however, your personal information (such as your name, email address, mailing address, or telephone number) will not be shared with those partners for their independent use. Any third-party service provider engaged by Global CISO Council are contractually required to maintain the confidentiality and security of your information.

d

We may share information if we think we must comply with the law or to protect ourselves.

Global CISO Council websites will disclose your personal information, without consent, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Global CISO Council or the site; (b) protect and defend the rights or property of Global CISO Council; and, (c) act under exigent circumstances to protect the personal safety of users of Global CISO Council or the public.

e

We may share your information for reasons not described in this policy.

We will tell you before we do this. Global CISO Council does not transfer any Sensitive Personal Information. By using or continuing to use the site you agree to our use of your information (including Sensitive Personal Information) in accordance with this Privacy Notice, as may be amended from time to time by Global CISO Council at its discretion. You also agree and consent to us collecting, storing, processing, transferring, and sharing information (including Sensitive Personal Information) related to you with third parties or service providers for the purposes as set out in this Privacy Notice.

We may be required to share the aforementioned information with government authorities and agencies for the purposes of verification of identity or for the prevention, detection, investigation, prosecution, or punishment of cyber incidents or any other legal offenses. You agree and consent to Global CISO Council, at its sole discretion, disclosing the required information with government authorities and agencies in such cases.

f

Corporate Transactions.

Your information may be disclosed to third parties in connection with a corporate transaction, such as a merger, sale of assets or shares, reorganization, financing, change of control, or acquisition of all or a portion of our business.

Global CISO Council encourages you to review the privacy statements of websites you choose to link to from Global CISO Council’s website so that you can understand how those websites collect, use, and share your information. Global CISO Council is not responsible for the privacy statements or content on websites outside of the Global CISO Council’s family of websites.

g

Messaging:

We do not sell your mobile number to any unaffiliated third parties or affiliates for marketing or promotional purposes. Your mobile number and any consent you provide for text messaging will be used exclusively for the purposes for which you have given consent, such as service notifications, event or program updates, or other service-related communications, and will never be sold. Your information may be shared with third-party service providers solely to facilitate message delivery on our behalf. These providers are bound by contractual obligations to protect your data and may not use it for any other purpose. We require your explicit consent before sending any marketing or promotional messages, and you may withdraw your consent or opt out of messaging at any time. We retain records of your consent in accordance with applicable legal requirements and will delete your data upon request when it is no longer necessary for the stated purpose.

h

Global CISO Council may share membership and participation data with Global CISO Council Chapters solely for membership administration, event coordination, and governance purposes.

6 How Global CISO COUNCIL stores the Personal Information it collects?

Global CISO Council stores your personally identifiable information such as name, contact number, email address, etc. on a secure server which is encrypted and is accessible only to Global CISO Council’s applications. Global CISO Council may be required to share personal information with its affiliates, advisors, and auditors in other countries where it may be processed. If we or our affiliates or our service providers transfer personal information outside of the country of origin, we always require that appropriate safeguards are in place to protect the information when it is processed.

7 How Global CISO COUNCIL secures your Personal Information?

We take appropriate technical and organizational measures to secure your information and to protect it against unauthorized or unlawful use and accidental loss or destruction.
Global CISO Council uses secure servers to store your information and only shares and provides access to your information to the minimum extent necessary, subjected to confidentiality restrictions where appropriate, and on an anonymized basis wherever possible. We also verify the identity of any individual who requests access to information prior to granting them access to requested information.

Global CISO Council also uses Secure Sockets Layer (SSL) software or other similar encryption technologies to encrypt any payment transactions you make on or via our website. Global CISO Council also adopts comprehensive standards such as ISO/IEC 27001:2013 for selected Services.

8 How long do we keep your Personal Information?

We will retain your personal information as needed to fulfill the purposes for which it was collected. We will retain and use your personal information as necessary to comply with our business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
We determine standard retention periods for different categories of personal information in our possession. Where it isn’t possible to determine standard retention periods, we do so, based on the following criteria:

our relationship with you
the legal obligations we are subject to.
the legal basis we have for processing your data (consent, performance of contract, etc.).
the purposes and uses of your data (this include present and future uses).
the level of risk with retaining or using your data.
your rights under the GDPR and other relevant laws.
any other relevant circumstances.

As Global CISO Council may collaborate from time to time with external certification bodies, we may, where applicable, collect and share limited information necessary to support certification-related administration, renewal, or continuing education activities, in each case as permitted under the applicable certification policies and in accordance with this Privacy Policy.

9 Masking Personal Information in Government issued Identification?

Where Global CISO Council expressly request submission of a government-issued identification document for a specific and limited purpose, you agree to mask all personal or Sensitive Personal Information, except your name and photograph, in such document (“Pseudonymized Document”). By submitting any Pseudonymized Document, you acknowledge that you are responsible for ensuring that only the information expressly requested by Global CISO Council is disclosed. Global CISO Council reserves the right to reject or securely discard any documents that are not properly masked.

10 What Legal Basis do we have for using your Personal Information?

We process your personal information on the following legal bases:

a

Consent

We use consent to process your data for certain purposes such as when you consent to receive marketing communication, when you express interest in associating with us or to know more about us, etc. You can withdraw your consent at any time by writing to us at [email protected]

b

Performance of Contract

To fulfil the contract between you and Global CISO Council, we process certain types of contact and service-related information. This enables us to provide you with the services you have requested and to meet our contractual obligations under our Terms of Use and any other agreement you enter into with Global CISO Council through our websites.

c

Legitimate Interests

Provided that such processing does not override your rights and freedoms, we may process your personal information for our legitimate interests. These interests may include conducting market research, performing web analytics, improving our services and user experience, maintaining records, ensuring security and integrity of our systems, carrying out internal review and analysis, and communicating with Members and users. We may also process personal information as necessary to comply with applicable legal obligations.

10 What Legal Basis do we have for using your Personal Information?

We process your personal information on the following legal bases:

a

Consent

b

Performance of Contract

c

Legitimate Interests

11 Global CISO COUNCIL Cookie Policy

A cookie is a small text file which is placed onto your computer or electronic device when you access our website. Cookies are used to collect information about how users interact with our website, such as pages visited and session details, and to support essential site functionality, security, and analytics. We use these cookies and/or similar technologies on this website for the only purpose of ensuring that you get the best experience. You can go to the preference or content setting of your web browser to delete the cookies pertaining to any website at any time.

12 Website Visitors

Global CISO Council collects, records, and may analyze information from visitors to our websites. We may record your IP address and use cookies. Furthermore, Global CISO Council collects and processes any personal data that you volunteer to share with us via our website forms, such as when you register for events or sign up for information and newsletters. This information is used to deliver relevant content, communications, or recommendations to Members, participants, and visitors whose interactions with Global CISO Council indicate an interest in specific topics or subject areas. If you provide Global CISO Council with your social media details, Global CISO Council will retrieve publicly available information about you from social media.

13 Consent for Cookies

In most cases we will need your consent to use cookies on this website. The exceptions are where the cookie is essential for us to provide you with service you have requested, or essential to the inherent functionality of the website. Where we wish to use cookies that require your consent you will be asked to consent through a checkbox pop-up on the website homepage that you will have to answer to gain full access to the website.

14 Turn Off or OPT-OUT of Cookies

Rejecting cookies may restrict certain features or functionality of the Global CISO Council website, such as essential site operations, analytics, or performance-related features.
However, you will be provided with an opportunity to opt-out of the use of cookies while consenting by controlling the collection of cookies in the cookie settings provided on the cookie banner.

15 Third-Party Cookies

Global CISO Council does not share cookie information with any other website, nor do we sell this data to any third party. We work with third party suppliers who may also set cookies on our website. By consenting to the use of cookies on our site you will be consenting to the use of these cookies.

16 What Rights do you have in Relation to the Personal Information we hold on you, in Compliance to GDPR?

Where General Data Protection Regulation (GDPR) applies, individuals located in the European Union have the following rights.

a

The Right to be Informed.

Global CISO Council is publishing this Privacy Policy Statement to keep our users informed as to what we do with their personal information and what their rights are, in a clear, transparent, and easily understandable manner.

b

The Right of Access

You have the right to obtain access to your information that we are processing and certain other information, in accordance with data protection law. Contact Global CISO Council if you wish to access the personal information Global CISO Council holds about users/data subjects.

c

The Right to Rectification

You are entitled to have your information corrected if it’s inaccurate or incomplete.

d

The Right to Erasure

This is also known as ‘the right to be forgotten’. If users want Global CISO Council to erase all personal data and we do not have a legal reason to continue to process and hold it, please contact us at [email protected] or [email protected]. This is not a general right to erasure; there are exceptions. If none of the applicable exceptions apply, we will delete your personal information within a period of thirty (30) days.

e

The Right to Restrict Processing

You have rights to ‘block’ or suppress further use of your information. Users have the right to ask Global CISO Council to restrict how we process user data. This means we are permitted to store the data but not process it further. We keep just enough data to make sure we respect our users’ request in the future.

f

The Right to Data Portability

Global CISO Council allows to obtain and reuse personal data for purposes across services in a safe and secure way without this effecting the usability of user data.

g

The Right to Withdraw Consent

If users have given us their consent to process their data but change their mind later, they have the right to withdraw their consent at any time, and Global CISO Council stop processing their data. Users can write to [email protected] or www.eccouncil.org/unsubscribe.

h

The Right to Object to Processing and Automated Processing

You have right to object to the processing and automated profiling of your personal information as per applicable data protection laws. If you wish to object to the processing or automated processing of your personal information, please contact us at [email protected]. Further information and advice about your rights can be obtained from the data protection regulator in your country.

17 Data Protection Officer

Global CISO Council complies with applicable data privacy laws in the jurisdictions in which it operates. If and to the extent Global CISO Council becomes subject to specific legal requirements – such as the EU General Data Protection Regulation (GDPR), Global CISO Council will provide the appropriate contact information, including details of any appointed Data Protection Officer or representative, as required under those laws If you have any questions about this Policy or other privacy concerns, you can also email us at [email protected].

18 What is our OPT-OUT Policy?

Where General Data Protection Regulation (GDPR) applies, individuals located in the European Union have the following rights.

a

Users may unsubscribe from our marketing communications by clicking on the “unsubscribe” link located on the bottom of our e-mails, and by sending us email at [email protected] or www.eccouncil.org/unsubscribe. Members and users cannot opt out of receiving automated communications that are necessary for the delivery and administration of Global CISO Council Services. These may include service notifications, membership or participation reminders, security-related alerts, or other mandatory service communications. Further, certain U.S. state privacy laws, including the California Consumer Privacy Act (CCPA/CPRA), Colorado Privacy Act (CPA), Virginia Consumer Data Protection Act (VCDPA), Connecticut Data Privacy Act (CTDPA), and other applicable state laws, grant residents the right to opt out of the sale or sharing of their personal information and targeted advertising. Residents of the following states may exercise their opt-out rights under applicable law by writing to [email protected]: California (CA), Colorado (CO), Connecticut (CT), Virginia (VA), Utah (UT), Texas (TX), Oregon (OR), Montana (MT), Nebraska (NE), Iowa (IA), Indiana (IN), Kentucky (KY), Tennessee (TN), Maryland (MD), District of Columbia (DC), Delaware (DE), New Jersey (NJ), Rhode Island (RI), and New Hampshire (NH).

b

If you would like to opt-out of sharing of your personally identifiable information/personal information submitted on our website with third parties or otherwise, contact us at [email protected] and indicate your unwillingness to share such information with third parties or otherwise. However, this shall restrict your access to certain services as our services are linked internally to various platforms.

c

However, under the following circumstances, we may still be required to share your personal information:

If we are responding to court orders or legal process, or if we need to establish or exercise our legal rights or defend against legal claims.
If we believe it is necessary to share information to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Terms of Use or as otherwise required by law.
If we believe it is necessary to restrict or inhibit any user from using any of our websites, including, without limitation, by means of “hacking” or defacing any portion thereof.

19 Third Party Sites

If you click on one of the links to third party websites, you may be taken to websites we do not control. This policy does not apply to the privacy practices of those websites. Read the privacy policy of other websites carefully. We are not responsible for these third-party sites.

20 Breach of Privacy Policy

Global CISO Council reserves the right to suspend or restrict access to its Services, or to remove any content submitted in connection with the Site or Global CISO programs, if we determine that such content or use violates this Privacy Policy or any applicable Global CISO Council Policies. We request you to respect privacy and secrecy concerns of others. The jurisdiction of any breach or dispute shall be determined in accordance with the Terms of Use of the website.

21 No Reservations

Global CISO Council does not accept any reservation or any type of limited acceptance of our Privacy Policy Statement. You expressly agree with each, and every term and condition as stipulated in this Policy Statement without any exception whatsoever.

22 No Conflict

This Privacy Policy Statement constitutes a part of Terms of Use and Terms of Service appearing on Global CISO Council’s family of websites. We have taken utmost care to avoid any inconsistency or conflict of this policy with any other terms, agreements, or guidelines available on our family of websites. In case there exists a conflict, we request you to kindly contact us at [email protected] for the final provision and interpretation.

23 How can you Contact us?

Global CISO Council welcomes your comments regarding this Privacy Policy Statement. If you believe that Global CISO Council has not adhered to this Privacy Policy Statement, please contact Global CISO Council at [email protected]. We will use commercially reasonable efforts to promptly determine and remedy the problem. We usually act on requests and provide information free of charge but may charge a reasonable fee to cover our administrative costs of providing the information for baseless or excessive/repeated requests, or further copies of the same information. Alternatively, the law may allow us to refuse to act on the request.

24 Updates to this Global CISO COUNCIL Privacy Policy statement

This Privacy Policy was last updated on the date provided below. Global CISO Council may update this Privacy Policy from time to time to reflect changes in our practices, feedback from Members and users, or legal and regulatory requirements. We will notify you of any material changes to this policy as required by law. We will also post an updated copy on our website. Global CISO Council encourages you to periodically review this Policy Statement to be informed of how Global CISO Council is protecting your information.

Last updated: 10th December 2025