Privacy & Cookies

The Chartered Institute of Information Security recognises that your privacy is important, and is committed to protecting it. This document sets out our policy in relation to any personal information which you supply to us.

By providing your personal information you agree to the collection, storage and use of your personal information by us in accordance with this Privacy Policy.

If we change this policy we will notify you and post changes on the CIISec website, on this page, so that you are always aware of them. By continuing to use this website after such changes have been posted, you will be deemed to have accepted and consented to them, whether you revisit this page or not.

The information that we collect

If you register an application for membership, and/or order products from us by completing our online forms or contact us by email or telephone, we will collect the following personal information from you:

Your name, postal address, organisation name, email address, telephone numbers, facsimile number and your experience and qualifications so that we can fulfil your application or order and contact you in case there is a query with your order.

How we use your personal information

In addition to providing our services and products to you as set out above, we will also use your information for market research purposes and credit control purposes. If you are a member of CIISec through one of the corporate membership schemes, we may provide the information you supply to your employer.

We may also use this information to provide you with news or notify you about our services and products, information security developments and training sessions, or events which we believe may be of interest to you.

If you do not wish to receive such information from us, please email us at [email protected] or write to CIISec, Cotswold House, Haddonsacre, Offenham, WR11 8JJ, marking your envelope 'Data Protection'.

How we share your personal information

We may share your personal information with other companies in our group for any of the above purposes and with those organisations who are working with us and also with whom, we are co-publishing a product or co-presenting any training session or event (in which case the use by our co-presenters will be restricted to arranging and publicising the event).

In order to provide services to you, we may be required to pass your personal information to parties located outside of the European Economic Area in countries which do not have data protection laws equivalent to those in the UK. Where this is the case we will take reasonable steps to ensure the privacy of your information.

Except in the situations listed above or as required by law or other regulation, we will not pass, disclose, rent or sell your personal information (other than any personal information which is already publicly available and which is incorporated into our search products) to any third party without your prior consent.

If you are a member of CIISec through one of the corporate membership schemes, we may use the information you supply for billing and membership enquiries to the corporate account holder.

Protecting your Information

When you order from us we use a secure server. All personal and credit card information is encrypted using Secure Sockets Layer (SSL) technology before it is sent to us over the internet.

We maintain strict security standards and procedures with a view to preventing unauthorised access to your data by anyone, including our staff. We use leading technologies and best practices such as (but not limited to) data encryption, firewalls and server authentication to protect the security of your data. We will require all of our staff and whenever we hire third parties to provide support services to observe our privacy standards and to allow us to audit them for compliance.


Cookies are small files which some websites transfer onto the hard drive of your computer so that you are recognised the next time that you visit the site.

Accessing Personal Data

You have the right, by written request and on payment of a small fee (£10), to a copy of any personal data (as defined in the Data Protection Act 1998) which we hold about you. You also have the right to request that we correct inaccurate information about you.

To exercise these rights please email us at [email protected] or write to CIISec, Cotswold House, Haddonsacre, Offenham, WR11 8JJ, marking your envelope 'Data Protection'.

DPA Registration

The Institute of Information Security Professionals is registered with the Information Commissioner's Office, under the Data Protection Act (1998). Registration number is Z9587669.