summit

3rd Auto-ISAC Cybersecurity Summit
Oct. 23-24 2019

Privacy Policy

I. INTRODUCTION

The Automotive Information Sharing and Analysis Center ("Auto-ISAC" or "we") is committed to respecting and protecting the privacy of our online visitors. We recognize that individuals need to understand how their privacy is protected, so we have established the following privacy statement (this "Privacy Statement") for our online visitors. This Privacy Statement explains what Personal Information Auto-ISAC will collect about you via the Auto-ISAC Website as well as from offline, and how we will use, protect, and disclose that information to provide you with the Auto-ISAC Website and other related services (collectively, the "Services"). By using the Services or by otherwise providing Personal Information to Auto-ISAC, you consent to Auto-ISAC's collection, use, and sharing of the data as described in this Privacy Statement.

"Personal Information" means personally identifiable information, such as your name, company, address, and email address. Aggregated data, de-identified data, and other information that is related to you but is studied as a group or does not otherwise identify you specifically is not considered to be Personal Information.

The "Auto-ISAC Website" is our Website that is located at https://www.automotiveisac.com/. If you are a member of the Auto-ISAC and are using the Auto-ISAC's information sharing portal ("Portal"), the terms of this Privacy Statement, as well as the terms of your member agreement and the Auto-ISAC operating rules shall govern your use of the Portal and, in the event of a conflict between the terms of this Privacy Statement and your member agreement/the Auto-ISAC operating rules, your member agreement / the Auto-ISAC operating rules shall control.

Users of the Auto-ISAC Website in the European Union should also read the information provided in the "European Union Residents: Additional Information" section below.

II. INFORMATION COLLECTED BY AUTO-ISAC

In order to provide you with the Auto-ISAC Website and other benefits of the Services, Auto-ISAC collects certain information from you and your devices.

  1. Information that You Provide to Auto-ISAC

    You may provide Personal Information, including but not limited to your name, company, address, and email address, directly to Auto-ISAC. You may provide Personal Information to Auto-ISAC online when you apply for membership, request information from us using the Auto-ISAC Website, when you complete a membership application form, or when you provide information to us directly either through the Auto-ISAC Website or offline ("Provided Data").

  2. Information Automatically Collected by Auto-ISAC

    In addition to the information you provide, when you use the Auto-ISAC Website, Auto-ISAC may also automatically collect the following types of information ("Automatic Data") from your devices that you use to access the Auto-ISAC Website: IP address, browser type, geographic location, date and time of your visit, and the Auto-ISAC Website pages that you visit (the "Website Data"). None of the Automatic Data is Personal Information unless we use it, either on its own or in combination with other Automatic Data (or other information), to distinguish you from another user of the Auto-ISAC Website.

III. USE AND SHARING OF INFORMATION

  1. Provided Data
    Auto-ISAC may use your Provided Data to:
    • Provide you with the Services (including the Auto-ISAC Website);
    • Provide you with information that you have requested or in connection with the Services;
    • Communicate with you, including in response to your requests, to inform you about important information regarding the Services, and to provide you with other administrative information;
    • Communicate with you about events (such as the Auto-ISAC Cybersecurity Summit) or new services that may be of interest to you;
    • Provide you with user-related services;
    • Manage our business, including performing accounting, auditing, and other internal functions;
    • Verify your identity and authenticate you;
    • Evaluate and improve our Website and other offerings;
    • Personalize and tailor our services and otherwise enhance the user experience;
    • Conduct research, perform analysis and identify usage trends in order to measure, maintain, protect, develop, and improve our products and services;
    • For risk control and fraud detection and prevention;
    • To comply with laws and regulations, legal investigations, contractual obligations, and our own internal policies; and
    • For other purposes as permitted by applicable law.

    Auto-ISAC may use your Automatic Data and Website Data to:

    • Evaluate and improve our Website and other offerings;
    • Personalize and tailor our services and otherwise enhance the user experience;
    • Conduct research, perform analysis and identify usage trends in order to measure, maintain, protect, develop, and improve our products and services;
    • To improve the Services and to help Auto-ISAC understand how users are using the Services;
    • For statistical analysis, to determine what information is of most and least interest to our users, and to improve the utility of the material available on the Services; and
    • For tracking and analytics purposes described in the "Tracking; Third Party Analytics Providers" section below.

    Auto-ISAC may share or disclose Provided Data, Automatic Data, and Website Data (collectively, the "Collected Information" (including Personal Information) in the following situations:

    • With third parties acting on our behalf, such as website providers, credit card processors, data analytics providers, and other service providers;
    • With sponsors of our events, with your consent;
    • If we determine a website or policy violation has occurred, or to enforce applicable Auto-ISAC Website Terms of Use;
    • If we believe such disclosure is necessary to identify, contract or bring legal action regarding injury or interference with the rights and property of Auto-ISAC, including to enforce Auto-ISAC's rights against unauthorized access or attempted unauthorized access to Auto-ISAC's information technology assets or against other inappropriate use of the Services;
    • To comply with laws, regulations, court orders and subpoenas or similar requests for information by authorities, or as otherwise required by law;
    • To respond to an emergency, or to protect the rights, property, safety and security of you and others;
    • To assist us in fraud, security or technical issues prevention or investigation or otherwise manage risks; and
    • If Auto-ISAC is involved in any merger, acquisition, sale of company assets, transition of service to another provider, or insolvency, bankruptcy or receivership, we reserve the right to transfer your Collected Information (including Personal Information) in connection with such transaction.

    Unless we have obtained your prior consent, Auto-ISAC does not share your Personal Information with third parties for their own marketing purposes.

  2. Aggregated Data
    Auto-ISAC may aggregate the Collected Information it collects from its various users (so that it no longer identifies you specifically) and use it for its internal purposes (e.g., to present in reports). The aggregated data may be used by Auto-ISAC for analysis and research purposes.

IV. REVIEW AND CORRECTION OF PERSONAL INFORMATION

You may review, correct, and update certain Personal Information by contacting us through the "Contact Us" section below.

V. OPTING OUT OF EMAIL COMMUNICATIONS

From time to time, you may receive email communications from Auto-ISAC, including communications regarding the Services, event notifications, research, and/or other topics. To contact you, Auto-ISAC may use the information you provide to us, including email or postal address. You may, at any time, inform us that you do not want Auto-ISAC to contact you with marketing or promotional communications by sending your request using the contact information in the "Contact Us" section below. You may also opt out of marketing or promotional email communications from Auto-ISAC by clicking on the link provided in the marketing or promotional email message. After opting out, you will no longer receive marketing or promotional email communications from us but will continue to receive other transactional messages, such as notifications and information relating to the Services.

VI. SAFEGUARDING YOUR INFORMATION

Auto-ISAC is committed to maintaining the security of the data you provide us. We use security controls to help protect against unauthorized access and use of your Personal Information in our custody or control. While we are focused on the security of your Personal Information, you must remember that the Internet is a global communications vehicle open to threats, viruses, and intrusions from others. For this reason, Auto-ISAC cannot promise, and you should not expect, that we will be able to protect your Personal Information at all times and in all circumstances. Auto-ISAC cannot guarantee the security and privacy of transmissions via the Internet, and we will not be liable for any lack of security relating to the use of the Services by you. You agree that you will not hold Auto-ISAC liable for any damages resulting from any loss of privacy or security occurring in connection with any such communications.

VII. CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS

If you are a California resident, you may have the right to request and receive certain information about our disclosure of your Personal Information to third parties for their direct marketing purposes, and your choices with respect to such disclosures. Because it is our policy not to share your Personal Information with unaffiliated third parties for their own direct marketing purposes, we are exempt from having to meet this requirement.

VIII. TRACKING; THIRD PARTY ANALYTICS PROVIDERS

  1. Do Not Track Disclosure
    Certain web browsers may provide an option by which you may ask your browser to inform websites you visit that you do not wish your activities to be tracked by cookies or other persistent identifiers, commonly called "Do Not Track Signals." Because there is not yet a common understanding of how to interpret web browser-based DNT signals other than cookies, the Auto-ISAC Website does not respond to Do Not Track Signals.

  2. Third Party Analytics Providers; Google Analytics
    We work with third party analytics service providers, including but not limited to Google Analytics, Serpstat, and other similar providers, such as search engine optimization (SEO) providers, to help us better understand how our users use the Auto-ISAC Website. As a result, these third parties may collect certain information from you about your online activities over time and across different websites when you use the Auto-ISAC Website.

    For example, we use Google Analytics to learn more about the types of users that visit the Auto-ISAC Website and to help improve the Auto-ISAC Website. Google Analytics provides us with certain data regarding the demographics of the users that visit the Auto-ISAC Website and their activities on the Auto-ISAC Website. To provide this service, Google Analytics may collect certain information about you from your computer, including but not limited to: information regarding your visit (such as the pages you visit and the length of your visit), information about your device (such as your IP address), how you got to the website, and other information about you. You can learn more about Google Analytics and how it collects and processes data (including how to control the information sent to Google) by visiting: www.google.com/policies/privacy/partners/.

    You can opt-out of Google Analytics by using the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout/.

IX. EXCLUSIONS

The Auto-ISAC Website may contain links to websites owned by other companies. Because Auto-ISAC has no control over the privacy practices or content of these linked sites, we recommend that you carefully review the privacy statement of each website you visit. Auto-ISAC is not responsible for the content or privacy practices of Website owned by other companies.

If you do not reside in the U.S. and are using the Auto-ISAC Website, if you provide Personal Information to us, it may be transferred to and processed on computers in the U.S. and other countries. The data protection and privacy laws of such other countries, including the U.S., may not afford you the same level of protection as those in your own country. Do not provide your Personal Information to us if you do not want this information to be transferred outside of your country, or if the laws in your country restrict these types of transfers. Your provision of Personal Information to us will be handled in accordance with this Privacy Statement. By doing business or interacting with Auto-ISAC, using the Services, or by otherwise providing Personal Information to us, you agree to the terms of this Privacy Statement and are consenting to the transfer, storage, and processing of your personal information to and within facilities located in the U.S. and other facility locations selected by Auto-ISAC.

We do not seek to, nor do we knowingly collect, information from children under the age of 13. If a child has provided us with Personal Information, a parent or guardian of that child may contact us to have the information deleted from our records. To do so, contact Auto-ISAC through the information provided below in the "Contact Us" section.

X. CONTACT US

For questions regarding this Privacy Statement, or to update or change any of the Personal Information that Auto-ISAC has about you, please contact us at:


By Postal Mail:
Auto-ISAC, INC.
20 F Street, 7th Floor
Washington, D.C.
20001
Attn: Faye Francy

By E-mail:
fayefrancy@automotiveisac.com

XI. UPDATES TO PRIVACY STATEMENT; CONSENT

Each time you use the Services, including by visiting the Auto-ISAC Website or by submitting information to us, you are indicating your acknowledgement and consent to the collection, use, and disclosure of your Personal Information as set forth in this Privacy Statement. Users of the Auto-ISAC Website in the European Union should read the information provided in the "European Union Residents: Additional Information" section below to understand the legal basis on which their Personal Information is processed.

From time to time, we may update this Privacy Statement. If we do, we will note near the top of this page the date that any changes are made and/or when they become effective. If the changes being made are material (that is, we make a major change in the important points of this Privacy Statement), we may notify you of the changes in a more prominent way, such as through an email. Your inaction or continued use of the Services after the revised Privacy Statement is posted or after any such notices are sent will tell us that you agree to these changes. If you do not accept the terms outlined in this Privacy Statement or the revised Privacy Statement, please do not provide us with Personal Information or use the Services.

XI. EUROPEAN UNION RESIDENTS: ADDITIONAL INFORMATION

This section of the Privacy Statement only applies to users of the Auto-ISAC Website in the European Union.

  1. Purpose and legal basis for processing

    Auto-ISAC is the controller and responsible for the processing of your Personal Information. When we use your Personal Information for the purposes described in the "Use and Sharing of Information" section above, the legal basis for the processing is as follows:

    Provided Data

    • Except as otherwise set out below, the legal basis we rely on to process any Personal Information included in the Provided Data is article 6(1)(f) of the General Data Protection Regulation ("GDPR"), which allows us to process personal data when it is necessary for the purposes of our legitimate interests.
    • If we process the Provided Data for the purpose of complying with laws and regulations, the legal basis we rely on to process any Personal Information in the Provided Data is article 6(1)(c), which allows us to process personal data when it is necessary for compliance with a legal obligation to which we are subject.
    • If we ask for, and you provide, your consent before we process any Personal Information in the Provided Data for a specified purpose, the legal basis we rely on to process your Personal Information is article 6(1)(a), which allows us to process personal data when an individual has consented to the processing for a specified purpose.

    Automatic Data and Website Data

    • The legal basis we rely on to process any Personal Information in the Automatic Data and Website Data is article 6(1)(f) of the GDPR, which allows us to process personal data when it is necessary for the purposes of our legitimate interests.

  2. Retention of Personal Information
    We will only retain your Personal Information for as long as is reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your Personal Information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

    To determine the appropriate retention period for Personal Information, we consider the amount, nature and sensitivity of the Personal Information, the potential risk of harm from unauthorised use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

  3. Additional rights
    Under certain circumstances, you have the following rights under data protection laws in relation to your Personal Information that we process within the scope of this Privacy Statement. These are:
    • The right to request access to your Personal Information. There are some exemptions to the right of access, which means you may not always receive access to all of the Personal Information that we process.
    • The right to request correction of your Personal Information.
    • The right to request erasure of your Personal Information.
    • The right to object to processing of your Personal Information.
    • The right to request restriction of processing your Personal Information.
    • The right to Request transfer of your Personal Information. This right only applies if we are processing information based on your consent or under, or in talks about entering into, a contract and the processing is automated.
    • The right to withdraw consent, where we have asked for and you have given your consent to our processing of your Personal Information. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you.

If you wish to exercise any of the rights set out above, please contact us through the "Contact Us" section above.

You also have the right to make a complaint to the applicable EU data protection supervisory authority about the manner in which we process your Personal Information. We would, however, appreciate the chance to deal with your concerns before you approach the supervisory authority, so please contact us in the first instance through the "Contact Us" section above.