Privacy Policy



ONG-ISAC respects your privacy and is committed to protecting it. This privacy policy applies to (“Website”) and to all products and services offered by ONG-ISAC (collectively, “ONG-ISAC”, “ONG-ISAC Platform”, “we”, “us” or “our”).  This Privacy Policy describes ONG-ISAC’s policies and procedures on the collection, use and disclosure of your personal data when you use the ONG-ISAC Platform. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal data. We will not use or share your confidential information with anyone except as described in this Privacy Policy. This Privacy Policy does not apply to information we collect from other sources. This website is not intended for children and we do not knowingly collect data relating to children. Information which you do not designate as confidential may be publicly available and disclosed.

It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. Our website and related services are hereinafter collectively referred to as our “services”. We respect your privacy and are committed to maintaining and using any information we collect through your use of our services responsibly.

With respect to individuals located in the European Economic Area, ONG-ISAC is a data controller for the processing of personal data in connection with the use of the ONG-ISAC Platform. This Privacy Policy only concerns the processing for which ONG-ISAC is data controller.

Please read this Privacy Policy carefully prior to accessing or using our services. Members of ONG-ISAC should refer to our Operating Rules with respect to the terms of their membership.

Contact Us

Please note that we have designated a privacy officer responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact [email protected].

The Information We May Collect

Our primary purpose in collecting information from or about you is to provide you with a safe, smooth, efficient, and customized experience. Depending on the manner in which you use our services, we collect information about you that we deem necessary for providing services and features that optimize, secure, and ease your user experience with ONG-ISAC.

Personal Data: ONG-ISAC may collect and process information that could be directly or indirectly associated with you; information such as your full name, company name where applicable, user name and password, phone number, email address, billing or mailing address, and other information that you share with ONG-ISAC. You can choose not to provide us with certain information, but that may result in you being unable to use certain features of our services because such information may be required in order for you to register for an account; purchase products or services; participate in a promotion, or survey; communicate with us; or initiate other transactions on our website.

Demographic and Usage Data: Cookies and Similar Technologies

ONG-ISAC may collect information through the use of cookies and other similar technologies.


“Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your web browser on your hard drive. ONG-ISAC may set and access cookies on your computer or wireless device to track and store preferential information about you. We may gather anonymous information about website users through cookie technology on an individual and aggregate level. Such information is used within ONG-ISAC internally only.

Non-Personal Information: Log Files

Log Files: Log file information is automatically reported by your browser each time you access a web page. When you use the ONG-ISAC Platform, our servers automatically record certain information that your web browser sends out whenever you visit any website. These server logs may include information such as your web request, IP address, browser type, referring/exit pages, operating system, date/time stamp, the files viewed on our site (e.g., HTML pages, graphics, etc.) and URLs, number of clicks, domain names, landing pages, pages viewed, and other similar information.

How We Use the Information We Collect & Disclosure of Your Personal Data

There are legal grounds that enable data processing, and we will use your personal data in accordance with this Privacy Policy and applicable data protection legislation, including the General Data Protection Regulation (2016/679/EU) (“GDPR”) for individuals located in the European Economic Area. Below are the most relevant grounds you should be aware of with respect to ONG-ISAC’s legal bases for using or disclosing your personal data:

ONG-ISAC may process any of your information, which in some cases includes personal data, in the following situations:

  • 1. With your consent. We may transmit your personal data to a third party when you give us express permission to do so. For example, this may occur when we complete a transaction on your behalf or at your request.
  • 2. To enter into or to fulfill a contract. We may use your personal data when necessary to meet a contractual obligation we owe you, including to provide you with access to your account or other products or services you have signed up for, including for events, summits, trainings and webinars. Our delivery of specific products or services may be subject to additional privacy practices.
  • 3. For a legitimate interest. We may use your personal data where processing will be necessary to achieve ONG-ISAC’s business objectives or to facilitate a benefit to you or someone else. Where we want to rely on legitimate interests as a legal basis to process personal data of individuals from the European Economic Area, we will carry out a balancing test between our legitimate interests and your privacy rights.
  • 4. With our authorized service providers. ONG-ISAC may share your personal data with our authorized service providers in the United States that perform certain services and process personal data on our behalf, including for IT and system administration services. These services may also include providing customer service and marketing assistance, performing business and sales analysis, supporting ONG-ISAC Platform’s functionality, delivering summits/trainings/webinars, and supporting contests, sweepstakes, surveys and other features offered through our website. In addition, we may share your personal data with professional advisers, acting as processors or joint controllers, including lawyers, auditors and insurers based in the United States and the United Kingdom who provide consultancy, legal, and insurance services. These service providers may have access to personal data needed to perform their functions but are not permitted to share or use such information for any other purposes.
  • 5. In connection with a substantial corporate transaction, such as the sale of our business; a divestiture, merger, consolidation, or asset sale; or in the event of bankruptcy. If another company acquires ONG-ISAC, that company will take on all responsibility for the information we collect, including personal data, and it will assume all rights and obligations with respect to that information. Should this happen, the acquiring company may implement its own policies with respect to your information.
  • 6. If we are required to disclose information by law. ONG-ISAC may be obligated to disclose a website user’s personal information, if directed by a court of law or other governmental entity. Without limiting the foregoing, we reserve the right to disclose such information where we have a good faith basis to believe that such action is necessary to: (a) comply with applicable laws, regulations, court orders, government and law enforcement agencies’ requests; (b) protect and defend ONG-ISAC’s or third party’s rights and property, or safety of ONG-ISAC, our website users, our employees, or others; (c) prevent, detect, investigate and take measures against criminal activity, fraud and misuse or unauthorized use of our services and/or to enforce other agreements or policies; and/or (d) protect your personal safety or property or that of the public. In the event that your information is disclosed, we will comply with the law and make commercially reasonable efforts to notify you.

Data Retention

We will save your personal data in accordance with our data retention policy and, generally, only as necessary to allow you access to the ONG-ISAC Platform and for us to then maintain any information for our necessity to meet our contractual obligations to you or for our legitimate interests, including for statute of limitation purposes.

Access to Your Information and Other Rights (EEA Individuals Only)

If you are an individual located in the European Economic Area, you are entitled to receive a copy of the personal data that we hold about you and information about the processing thereof. Unless your request is unreasonably repetitive or otherwise unduly burdensome, we will provide this data to you free of charge. Please note that in order to be able to answer your request, we will need to be able to establish your identity in a manner that is reasonable under the circumstances.

If you believe that any personal data we are processing is inaccurate please send an email with your specific request to [email protected]. We will work with you to make any corrections deemed necessary. We may need to verify the accuracy of new data and we may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

You have the right to request that ONG-ISAC restricts the processing of your personal data under certain conditions, for example, if you contest the accuracy of the personal data, the processing may be restricted for a period enabling ONG-ISAC to verify the accuracy of the personal data or if ONG-ISAC no longer needs the personal data for the purposes of the processing but you require the personal data for the establishment, exercise or defense of legal claims.

You have the right to have your personal data deleted without undue delay and ONG-ISAC is obliged to delete your personal data without undue delay if, for example the personal data is no longer necessary in relation to the purpose for which it was collected or otherwise processed. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see above), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons, including for the establishment, exercise or defense of legal claims, which will be notified to you, if applicable, at the time of your request.

If you provide your email address to ONG-ISAC, you will always have the opportunity to opt out. We may send you other types of transactional and relationship e-mail communications, such as service announcements, administrative notices, and surveys, without offering you the opportunity to opt out of receiving them. Please note that changing information in your account, or otherwise opting out of receipt of promotional email communications will only affect future activities or communications from us. If we have already provided your information to a third party (such as a credit card processing partner) before you changed your preferences or updated your information, you may have to change your preferences directly with that third party.

You have the right to object, on grounds relating to your particular situation, at any time to ONG-ISAC’s processing of your personal data if the processing is based on legitimate interests. If you object to such processing, ONG-ISAC will no longer be entitled to process your personal data based on such legal basis, unless ONG-ISAC can demonstrate compelling legitimate grounds for the processing which overrides your interests, rights and freedom or if it is conducted for the establishment, exercise or defense of a legal claim. You also have the right to object where we are processing your personal data for direct marketing purposes.

You have, under certain conditions, the right to receive the personal data concerning you and which you have provided to ONG-ISAC, in a structured, commonly used and machine-readable format and have the right to transmit such personal data to another data controller without ONG-ISAC trying to prevent this, where ONG-ISAC’s processing of your personal data is based on a contract or consent and the processing is carried out by automated means. In such case you have the right to request that the personal data shall be transmitted from ONG-ISAC directly to another data controller, where technically feasible.

You also have the right to withdraw your consent, if applicable. If you withdraw your consent, please note that this does not affect the lawfulness of the processing based on your consent before its withdrawal and that ONG-ISAC may, under certain circumstances, have another legal ground for the processing and therefore may be entitled to continue the processing.

If you would like to exercise your rights, you may contact us at [email protected]. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you are unhappy with our processing of your personal data you may lodge a complaint with a competent supervisory authority, for example in the country of your habitual residence, place of work or of an alleged infringement of the General Data Protection or other applicable data privacy laws.

Securing Your Information

ONG-ISAC takes a range of security measures designed to protect your personal data and keep it confidential (unless it is non-confidential by nature) and free from any unauthorized alteration.

Third Parties and Other Information Collectors

Except as otherwise expressly included in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you or you provide to us in the course of using the ONG-ISAC Platform. To the extent that you disclose your information to other parties through our website, different rules may apply to their use, collection, and disclosure of the personal information you disclose to them. Since we do not control the information use, collection, or disclosure policies of third parties, you are subject to their privacy policies.

Our website may include links to third party websites. Once you have used these links to leave our website, you should note that we do not have any control over third party websites. We are not responsible for the content of such websites or the protection and privacy of any information which you provide while visiting such sites. Third-party websites are not governed by this Privacy Policy. You should exercise caution and look at the privacy policies applicable to the websites in question.

Users Outside of the United States

The services are hosted in the United States and are governed by the laws of the United States. If you are using the services outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States where ONG-ISAC’s servers and databases are located. By using the Sites, you consent to the transfer of information to countries outside your country of residence.

Transfer of personal information to countries outside the EEA (EEA Individuals Only)

ONG-ISAC is established in Delaware, USA. If you are located in the EEA, your personal data is therefore processed outside the European Economic Area (“EEA”).

Some of the third parties identified above may also be located outside the EU/EEA, in which case we will take all necessary steps required under applicable law in order for such transfer of information across borders to be compliant with applicable law. In cases where there is no adequacy decision by the Commission, this may for example include the use of EU model clauses (under Article 46.2 of the GDPR) or ensuring that the recipient is certified under the US-EU Privacy Shield Framework (under Article 45 of the GDPR). You may receive a copy of the relevant safeguards by contacting ONG-ISAC using the contact details set forth in this Privacy Policy.

No Rights of Third Parties

This Privacy Policy does not create rights enforceable by third parties or require disclosure of any personal information relating to users of the website.

Effective as of: August 2019