CINXE.COM

FIRST Privacy Policy

<!doctype html><html lang="en" class="web tlp-clear" data-studio-config="eyJ4aHJDcmVkZW50aWFscyI6ZmFsc2UsInhockhlYWRlcnMiOnt9fQo="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>FIRST Privacy Policy</title> <meta property="og:title" content="FIRST Privacy Policy" /> <meta property="og:type" content="website" /> <meta property="og:image" content="https://www.first.org/_/img/first-big-icon.png" /> <meta property="og:url" content="https://www.first.org/about/policies/privacy" /> <meta property="og:site_name" content="FIRST — Forum of Incident Response and Security Teams" /> <meta property="fb:profile_id" content="296983660669109" /> <meta property="twitter:card" content="summary" /> <meta property="twitter:site" content="@FIRSTdotOrg" /><meta name="viewport" content="initial-scale=1,maximum-scale=1.0,user-scalable=no" /><link rel="icon" type="image/png" href="/1st.png" /><link rel="apple-touch-icon" sizes="128x128" href="/favicon.png" /><link rel="stylesheet" type="text/css" href="/_/web.css?20241031194005" /></head><body><header><div id="header" data-studio="CU52CV1W8g"><div id="c3" data-studio="Yu8FjCC11g"><div id="topbar"> <div class="sites right"> <ul> <li><a href="https://support.first.org" class="kb-datalist"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a></li> <li><a href="https://portal.first.org" class="button"><span class="no-tiny">Member </span>Portal</a></li> </ul> </div> <div class="first-logo"> <p><a href="/"><img src="/_/img/first-org-simple-negative.svg" alt="FIRST.Org" title="FIRST" /></a></p> </div> <div class="nav"> <ul class="navbar"><li><a href="/about">About FIRST</a><ul><li><a href="/about/mission">Mission Statement</a></li><li><a href="/about/history">History</a></li><li><a href="/about/sdg">Sustainable Development Goals</a></li><li><a href="/about/organization">Organization</a><ul><li><a href="/about/organization/directors">Board of Directors</a></li><li><a>Operations Team</a><ul><li><a href="/about/organization/ccb">Community &amp; Capacity Building</a></li><li><a href="/about/organization/events">Event Office</a></li><li><a href="/about/organization/executive-director">Executive Director</a></li><li><a href="/about/organization/infrastructure">Infrastructure</a></li><li><a href="/about/organization/secretariat">Secretariat</a></li></ul></li><li><a href="/about/organization/committees">Committees</a><ul><li><a href="/about/organization/committees/compensation-committee">Compensation Committee</a></li><li><a href="/about/organization/committees/conference-program-committee">Conference Program Committee</a></li><li><a href="/about/organization/committees/membership-committee">Membership Committee</a></li><li><a href="/about/organization/committees/rules-committee">Rules Committee</a></li><li><a href="/about/organization/committees/standards">Standards Committee</a></li></ul></li><li><a href="/events/agm">Annual General Meeting</a></li><li><a href="/about/organization/reports">Annual Reports and Tax Filings</a></li></ul></li><li><a href="/about/policies">FIRST Policies</a><ul><li><a href="/about/policies/anti-corruption">Anti-Corruption Policy</a></li><li><a href="/about/policies/antitrust">Antitrust Policy</a></li><li><a href="/about/policies/bylaws">Bylaws</a></li><li><a href="/about/policies/board-duties">Board duties</a></li><li><a href="/about/bugs">Bug Bounty Program</a></li><li><a href="/about/policies/code-of-conduct">Code of Conduct</a></li><li><a href="/about/policies/conflict-policy">Conflict of Interest Policy</a></li><li><a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li><li><a href="/about/policies/gen-event-reg-refund-policy">General Event Registration Refund Policy</a></li><li><a href="/about/policies/event-site-selection">Guidelines for Site Selection for all FIRST events</a></li><li><a href="/identity">Identity &amp; Logo Usage</a></li><li><a href="/about/policies/mailing-list">Mailing List Policy</a></li><li><a href="/about/policies/media">Media Policy</a></li><li><a href="/about/policies/privacy">Privacy Policy</a></li><li><a href="/about/policies/registration-terms-conditions">Registration Terms &amp; Conditions</a></li><li><a href="/about/policies/terms">Services Terms of Use</a></li><li><a href="/about/policies/standards">Standards Policy</a></li><li><a href="/about/policies/diversity">Statement on Diversity &amp; Inclusion</a></li><li><a href="/about/policies/translation-policy">Translation Policy</a></li><li><a href="/about/policies/travel-policy">Travel Policy</a></li><li><a href="/about/policies/uniform-ipr">Uniform IPR Policy</a></li><li><a href="/about/policies/whistleblower-policy">Whistleblower Protection Policy</a></li></ul></li><li><a href="/about/partners">Partnerships</a><ul><li><a href="/global/partners">Partners</a></li><li><a href="/global/friends">Friends of FIRST</a></li><li><a href="/global/supporters/">FIRST Supporters</a></li><li><a href="/about/sponsors">Sponsors</a></li></ul></li><li><a href="/newsroom">Newsroom</a><ul><li><a href="/newsroom/news">What&#039;s New</a></li><li><a href="/newsroom/releases">Press Releases</a></li><li><a href="/newsroom/news/media">In the News</a></li><li><a href="/podcasts">Podcasts</a><ul><li><a href="/newsroom/news/first-impressions/">FIRST Impressions Podcast</a></li><li><a href="/newsroom/news/podcasts/">FIRSTCON Podcast</a></li></ul></li><li><a href="/newsroom/newsletters">Newsletters</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li></ul></li><li><a href="/about/procurement">Procurement</a></li><li><a href="/about/jobs/">Jobs</a></li><li><a href="/contact">Contact</a></li></ul></li><li><a href="/members">Membership</a><ul><li><a href="/membership/">Becoming a Member</a><ul><li><a href="/membership/process">Membership Process for Teams</a></li><li><a href="/membership/process-liaisons">Membership Process for Liaisons</a></li><li><a href="/membership/#Fees">Membership Fees</a></li></ul></li><li><a href="/members/teams">FIRST Teams</a></li><li><a href="/members/liaisons">FIRST Liaisons</a></li><li><a href="/members/map">Members around the world</a></li></ul></li><li><a href="/global">Initiatives</a><ul><li><a href="/global/sigs">Special Interest Groups (SIGs)</a><ul><li><a href="/global/sigs/framework">SIGs Framework</a></li><li><a href="/global/sigs/academicsec" class="borderb">Academic Security SIG</a></li><li><a href="/global/sigs/ai-security">AI Security SIG</a></li><li><a href="/global/sigs/automation">Automation SIG</a></li><li><a href="/global/sigs/bigdata">Big Data SIG</a></li><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a><ul><li><a href="/cvss/calculator/4.0">Calculator</a></li><li><a href="/cvss/v4.0/specification-document">Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">User Guide</a></li><li><a href="/cvss/v4.0/examples">Examples</a></li><li><a href="/cvss/v4.0/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v4-0">CVSS v4.0 Documentation &amp; Resources</a><ul><li><a href="/cvss/calculator/4.0">CVSS v4.0 Calculator</a></li><li><a href="/cvss/v4.0/specification-document">CVSS v4.0 Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">CVSS v4.0 User Guide</a></li><li><a href="/cvss/v4.0/examples">CVSS v4.0 Examples</a></li><li><a href="/cvss/v4.0/faq">CVSS v4.0 FAQ</a></li></ul></li><li><a href="/cvss/v3-1">CVSS v3.1 Archive</a><ul><li><a href="/cvss/calculator/3.1">CVSS v3.1 Calculator</a></li><li><a href="/cvss/v3.1/specification-document">CVSS v3.1 Specification Document</a></li><li><a href="/cvss/v3.1/user-guide">CVSS v3.1 User Guide</a></li><li><a href="/cvss/v3.1/examples">CVSS v3.1 Examples</a></li><li><a href="/cvss/v3.1/use-design">CVSS v3.1 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v3-0">CVSS v3.0 Archive</a><ul><li><a href="/cvss/calculator/3.0">CVSS v3.0 Calculator</a></li><li><a href="/cvss/v3.0/specification-document">CVSS v3.0 Specification Document</a></li><li><a href="/cvss/v3.0/user-guide">CVSS v3.0 User Guide</a></li><li><a href="/cvss/v3.0/examples">CVSS v3.0 Examples</a></li><li><a href="/cvss/v3.0/use-design">CVSS v3.0 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v2">CVSS v2 Archive</a><ul><li><a href="/cvss/v2/guide">CVSS v2 Complete Documentation</a></li><li><a href="/cvss/v2/history">CVSS v2 History</a></li><li><a href="/cvss/v2/team">CVSS-SIG team</a></li><li><a href="/cvss/v2/meetings">SIG Meetings</a></li><li><a href="/cvss/v2/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v2/adopters">CVSS Adopters</a></li><li><a href="/cvss/v2/links">CVSS Links</a></li></ul></li><li><a href="/cvss/v1">CVSS v1 Archive</a><ul><li><a href="/cvss/v1/intro">Introduction to CVSS</a></li><li><a href="/cvss/v1/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v1/guide">Complete CVSS v1 Guide</a></li></ul></li><li><a href="/cvss/data-representations">JSON &amp; XML Data Representations</a></li><li><a href="/cvss/training">CVSS On-Line Training Course</a></li><li><a href="/cvss/identity">Identity &amp; logo usage</a></li></ul></li><li><a href="/global/sigs/csirt">CSIRT Framework Development SIG</a></li><li><a href="/global/sigs/cyberinsurance">Cyber Insurance SIG</a><ul><li><a href="/global/sigs/cyberinsurance/events">Cyber Insurance SIG Webinars</a></li></ul></li><li><a href="/global/sigs/cti">Cyber Threat Intelligence SIG</a><ul><li><a href="/global/sigs/cti/curriculum/">Curriculum</a><ul><li><a href="/global/sigs/cti/curriculum/introduction">Introduction</a></li><li><a href="/global/sigs/cti/curriculum/cti-introduction">Introduction to CTI as a General topic</a></li><li><a href="/global/sigs/cti/curriculum/methods-methodology">Methods and Methodology</a></li><li><a href="/global/sigs/cti/curriculum/pir">Priority Intelligence Requirement (PIR)</a></li><li><a href="/global/sigs/cti/curriculum/source-evaluation">Source Evaluation and Information Reliability</a></li><li><a href="/global/sigs/cti/curriculum/machine-human">Machine and Human Analysis Techniques (and Intelligence Cycle)</a></li><li><a href="/global/sigs/cti/curriculum/threat-modelling">Threat Modelling</a></li><li><a href="/global/sigs/cti/curriculum/training">Training</a></li><li><a href="/global/sigs/cti/curriculum/standards">Standards</a></li><li><a href="/global/sigs/cti/curriculum/glossary">Glossary</a></li><li><a href="/global/sigs/cti/curriculum/cti-reporting/">Communicating Uncertainties in CTI Reporting</a></li></ul></li><li><a href="/global/sigs/cti/events/">Webinars and Online Training</a></li><li><a href="/global/sigs/cti/cti-program">Building a CTI program and team</a><ul><li><a href="/global/sigs/cti/cti-program/program-stages">Program maturity stages</a><ul><li><a href="/global/sigs/cti/cti-program/stage1">CTI Maturity model - Stage 1</a></li><li><a href="/global/sigs/cti/cti-program/stage2">CTI Maturity model - Stage 2</a></li><li><a href="/global/sigs/cti/cti-program/stage3">CTI Maturity model - Stage 3</a></li></ul></li><li><a href="/global/sigs/cti/cti-program/starter-kit">Program Starter Kit</a></li><li><a href="/global/sigs/cti/cti-program/resources">Resources and supporting materials</a></li></ul></li></ul></li><li><a href="/global/sigs/digital-safety">Digital Safety SIG</a></li><li><a href="/global/sigs/dns">DNS Abuse SIG</a><ul><li><a href="/global/sigs/dns/policies">Code of Conduct &amp; Other Policies</a></li><li><a href="/global/sigs/dns/dns-abuse-examples">Examples of DNS Abuse</a></li></ul></li><li><a href="/global/sigs/ethics">Ethics SIG</a><ul><li><a href="/global/sigs/ethics/ethics-first">Ethics for Incident Response Teams</a></li></ul></li><li><a href="/epss/">Exploit Prediction Scoring System (EPSS)</a><ul><li><a href="/epss/model">The EPSS Model</a></li><li><a href="/epss/data_stats">Data and Statistics</a></li><li><a href="/epss/user-guide">User Guide</a></li><li><a href="/epss/research">EPSS Research and Presentations</a></li><li><a href="/epss/faq">Frequently Asked Questions</a></li><li><a href="/epss/who_is_using">Who is using EPSS?</a></li><li><a href="/epss/epss_tools">Open-source EPSS Tools</a></li><li><a href="/epss/api">API</a></li><li><a href="/epss/papers">Related Exploit Research</a></li><li><a>Blog</a><ul><li><a href="/epss/articles/prob_percentile_bins">Understanding EPSS Probabilities and Percentiles</a></li><li><a href="/epss/articles/log4shell">Log4Shell Use Case</a></li><li><a href="/epss/articles/estimating_old_cvss">Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities</a></li></ul></li><li><a href="/epss/partners">Data Partners</a></li></ul></li><li><a href="/global/sigs/msr/">FIRST Multi-Stakeholder Ransomware SIG</a></li><li><a href="/global/sigs/hfs/">Human Factors in Security SIG</a></li><li><a href="/global/sigs/ics">Industrial Control Systems SIG (ICS-SIG)</a></li><li><a href="/global/sigs/iep">Information Exchange Policy SIG (IEP-SIG)</a></li><li><a href="/global/sigs/information-sharing">Information Sharing SIG</a><ul><li><a href="/global/sigs/information-sharing/misp">Malware Information Sharing Platform</a></li></ul></li><li><a href="/global/sigs/le">Law Enforcement SIG</a></li><li><a href="/global/sigs/malware">Malware Analysis SIG</a><ul><li><a href="/global/sigs/malware/ma-framework">Malware Analysis Framework</a></li><li><a href="/global/sigs/malware/ma-framework/malwaretools">Malware Analysis Tools</a></li></ul></li><li><a href="/global/sigs/metrics">Metrics SIG</a><ul><li><a href="/global/sigs/metrics/events">Metrics SIG Webinars</a></li></ul></li><li><a href="/global/sigs/netsec/">NETSEC SIG</a></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/global/sigs/policy">Policy SIG</a></li><li><a href="/global/sigs/psirt">PSIRT SIG</a></li><li><a href="/global/sigs/red-team">Red Team SIG</a></li><li><a href="/global/sigs/cpg">Retail and Consumer Packaged Goods (CPG) SIG</a></li><li><a href="/global/sigs/ctf">Security Lounge SIG</a></li><li><a href="/global/sigs/tic/">Threat Intel Coalition SIG</a><ul><li><a href="/global/sigs/tic/membership-rules">Membership Requirements and Veto Rules</a></li></ul></li><li><a href="/global/sigs/tlp">Traffic Light Protocol (TLP-SIG)</a></li><li><a href="/global/sigs/transport">Transportation and Mobility SIG</a></li><li><a href="/global/sigs/vulnerability-coordination">Vulnerability Coordination</a><ul><li><a href="/global/sigs/vulnerability-coordination/multiparty">Multi-Party Vulnerability Coordination and Disclosure</a></li><li><a href="/global/sigs/vulnerability-coordination/multiparty/guidelines">Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure</a></li></ul></li><li><a href="/global/sigs/vrdx">Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)</a><ul><li><a href="/global/sigs/vrdx/vdb-catalog">Vulnerability Database Catalog</a></li></ul></li><li><a href="/global/sigs/wof">Women of FIRST</a></li></ul></li><li><a href="/global/governance">Internet Governance</a></li><li><a href="/global/irt-database">IR Database</a></li><li><a href="/global/fellowship">Fellowship Program</a><ul><li><a href="https://portal.first.org/fellowship">Application Form</a></li></ul></li><li><a href="/global/mentorship">Mentorship Program</a></li><li><a href="/hof">IR Hall of Fame</a><ul><li><a href="/hof/inductees">Hall of Fame Inductees</a></li></ul></li><li><a href="/global/victim-notification">Victim Notification</a></li><li><a href="/volunteers/">Volunteers at FIRST</a><ul><li><a href="/volunteers/list">FIRST Volunteers</a></li><li><a href="/volunteers/participation">Volunteer Contribution Record</a></li></ul></li><li><a href="#new">Previous Activities</a><ul><li><a href="/global/practices">Best Practices Contest</a></li></ul></li></ul></li><li><a href="/standards">Standards &amp; Publications</a><ul><li><a href="/standards">Standards</a><ul><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a></li><li><a href="/tlp">Traffic Light Protocol (TLP)</a><ul><li><a href="/tlp/use-cases">TLP Use Cases</a></li></ul></li><li><a href="/standards/frameworks/">Service Frameworks</a><ul><li><a href="/standards/frameworks/csirts">CSIRT Services Framework</a></li><li><a href="/standards/frameworks/psirts">PSIRT Services Framework</a></li></ul></li><li><a href="/iep">Information Exchange Policy (IEP)</a><ul><li><a href="/iep/iep_framework_2_0">IEP 2.0 Framework</a></li><li><a href="/iep/iep-json-2_0">IEP 2.0 JSON Specification</a></li><li><a href="/iep/iep-polices">Standard IEP Policies</a><ul><li><a href="https://www.first.org/iep/2.0/first-tlp-iep.iepj">IEP TLP Policy File</a></li><li><a href="https://www.first.org/iep/2.0/first-unknown-iep.iepj">IEP Unknown Policy File</a></li></ul></li><li><a href="/iep/iep_v1_0">IEP 1.0 Archive</a></li></ul></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/epss">Exploit Prediction Scoring System (EPSS)</a></li></ul></li><li><a href="/resources/papers">Publications</a></li></ul></li><li><a href="/events">Events</a></li><li><a href="/education">Education</a><ul><li><a href="/education/first-training">FIRST Training</a><ul><li><a href="/education/trainings">Training Courses</a></li><li><a href="/education/trainers">FIRST Trainers</a></li></ul></li></ul></li><li><a href="/blog">Blog</a></li></ul> </div> </div> <div id="home-buttons"> <p><a href="/join" data-title="Join"><img alt="Join" src="/_/img/icon-join.svg"><span class="tt-join">Join<span>Details about FIRST membership and joining as a full member or liaison.</span></span></a> <a href="/learn" data-title="Learn"><img alt="Learn" src="/_/img/icon-learn.svg"><span class="tt-learn">Learn<span>Training and workshop opportunities, and details about the FIRST learning platform.</span></span></a> <a href="/participate" data-title="Participate"><img alt="Participate" src="/_/img/icon-participate.svg"><span class="tt-participate">Participate<span>Read about upcoming events, SIGs, and know what is going on.</span></span></a></p> </div></div></div></header><div id="body" data-studio="CU52CV1W8g"><div id="c1" data-studio="Yu8FjCC11g" class="data-preview"><h1 id="FIRST-Privacy-Policy">FIRST Privacy Policy</h1> <p>Also available as <a href="FIRST-Privacy-Policy-v2.pdf">PDF</a> (117kb)</p> <p><strong><em>Version 2 (Effective at April 2020)</em></strong></p> <p>The Forum of Incident Response and Security Teams (FIRST or we subsequently) processes personal information in its capacity as a data controller. We collect and process this information according to the policy described herewith.</p> <p>FIRST respects the privacy of your personal information and does not rent, trade, or share it with third-parties for their marketing purposes.</p> <p>This policy does not apply to web sites linked from the FIRST site. FIRST recommends reviewing the privacy policy of those respective third-party web sites in addition to ours.</p> <h2 id="Collection-and-Usage-of-Personal-Information">Collection and Usage of Personal Information</h2> <p>FIRST only collects personal information that is relevant to its activities and seeks to ensure the personal information is accurate and up-to-date. FIRST will use your personal information for staying in touch with you and generally for the purposes for which you provided it (as described in more detail below), including in order to:</p> <ul> <li>process your request to join FIRST as a member, and for the renewal and update (and general administration) of your membership; and</li> <li>process your application and registration for an event, training or other activities.</li> </ul> <p>The personal information that FIRST collects about your use of our services and that you provide to us may occasionally be used to improve our Web Site and wider offerings (on a confidential basis) or to enable us to comply with our legal obligations.</p> <p>Personal information collected by FIRST may include: your name, address, employment details, and contact details, including your IP address, email address and telephone number. You may choose to inform us in confidence about what gender you identify as, whether you identify as a member of an underrepresented group, and if you have a disability.</p> <h3 id="Team-Member-Database">Team/Member Database</h3> <p>FIRST maintains member databases that contain mailing, billing, and member profile information (such as your name, address and contact details). The information in these databases is used by authorized FIRST staff members to process orders; mail invoices, purchases, renewal notices, and announcements; respond to Member inquiries; and help us improve our offerings. Member records are maintained as long as an individual (or their team) is a FIRST member and for two years following a membership lapse. Purchases and credit card transactions are retained for as long as required to meet contractual, tax, or auditing needs.</p> <p>All personally identifiable information contained in FIRST membership and registration databases is treated as confidential and will be used only for the purposes stated in this Policy, except where required by law.</p> <h3 id="FIRST-Emails">FIRST Emails</h3> <p>FIRST maintains various mailing lists and may send out emails to members or previous attendees of events, such as:</p> <ul> <li>&quot;Must Have&quot; messages that help to service FIRST members including answers to member questions, acknowledgments of the receipt of membership applications, renewal notices, and other orders;</li> <li>Occasional &quot;Member Update&quot; announcements about FIRST services that we believe to be of some importance to Members. These announcements are short, straightforward messages that contain pointers to online resources where members can explore the information more fully; and</li> <li>Email messages that are a part of a program for which a Member has registered (e.g., mailing lists)</li> </ul> <p>FIRST does not sell, rent, or exchange email addresses of its members and customers, with the exception of sign-ups to events which are organized by a third party. In those cases, contact information will be provided to the organizer. If at any time you decide that you no longer wish to receive any of the emails described above, you may do so by using the &quot;unsubscribe&quot; instructions set out at the bottom of each email.</p> <h3 id="FIRST-Identity">FIRST Identity</h3> <p>Various FIRST services are access-controlled by the FIRST identity solution. The account is created either by a successful membership application, or if you are joining FIRST activities as a non-member (e.g., attending an event, participation in a Special Interest Group, or sponsoring a FIRST event). A user profile is stored in our membership and account databases. It will consist of the following information: (1) email address, (2) full name, (3) securely stored authentication information (e.g., password or multi-factor authentication secrets), and (4) if provided, additional contact information, such as your public PGP key or other secure communication channels (e.g., Wire, Threema, Signal, Keybase).</p> <h3 id="Collaboration-Platforms">Collaboration Platforms</h3> <p>In order to fulfill our mission to bring security teams together, FIRST is using various platforms where members can discuss security-related topics. FIRST is using self-hosted as well as third-party service providers. FIRST leverages its identity management solution to connect to third-party providers in order to provide controlled access by authorized users. FIRST aims to limit the exposure of any sensitive user information.However, it may be necessary to share details with service providers such as full name, user ID, and email address to run the service. Use of third-party collaboration services is opt-in.</p> <h3 id="Event-Registration">Event Registration</h3> <p>When you register for an event, you will provide information, such as full name, address, email, phone number, and payment information. You may also choose, at your discretion, to be listed on the attendee list, state your gender, social media accounts information, and request special meals. We collect this information to register you for conferences, print your badge, and provide other event services. We also share anonymized statistics about job function and industry with businesses that sponsor our events.</p> <h3 id="Event-Attendee-List">Event Attendee List</h3> <p>If you choose to be included on the attendee list for an event, it will include your name, affiliation, and state/country. This list is available for download from our website by the other registered attendees of that conference. You can choose not to be listed on the public list, by choosing the appropriate option during event sign-up.</p> <p>If a registered attendee contacts us to request another attendee's email address, we request permission before sharing this information.</p> <h3 id="Payment-Information">Payment Information</h3> <p>When you become a member or register for a FIRST event, we collect payment information in order to facilitate the processing of payments. Payment information you submit online will be collected directly by third-party payment processors according to their privacy policies and is not shared with FIRST. If you submit payment information directly to FIRST by another means, we will provide that information to the payment processor.</p> <h3 id="Accounting">Accounting</h3> <p>FIRST is using a third-party financial service provider to provide accounting, tax preparation, and general financial support. Information is shared only as required to fulfill FIRST’s legal requirements to provide proper accounting. In addition, a third-party accounting service is leveraged that stores invoice, bookkeeping, and accounting data.</p> <h3 id="Event-Paper-Submissions-and-Talk-Training-Proposals">Event Paper Submissions and Talk/Training Proposals</h3> <p>We use third-party processors to collect paper submissions and conference presentation proposals. This information is accessible to FIRST staff as well as event volunteer organizers (e.g., program committees). Successful submissions are posted on our website, in conference proceedings, in conference directories, and other publicly available locations. Comments made by reviewers in these systems are accessible only to FIRST and conference organizers and are not distributed. Other Voluntarily Shared Data During your interaction with FIRST, you may choose to provide us with personal information when you emailus, chat with us by phone, complete a survey, sign up for event-specific news or a registration waiting list, comment on our blog, communicate with us through social media services such as Twitter, Facebook, or LinkedIn, use the FIRST conference mobile application, collaboration platforms, or through other communication methods. We will use this information only for the purposes it was submitted.</p> <h3 id="Compliance">Compliance</h3> <p>In order to comply with our legal obligations, FIRST needs to validate various information for FIRST teams, their members, and event attendees. This includes the name of the individual, their employer or organization name, address and other contact information. This purpose of this validation is to determine if an organization or individual is listed on a sanctions list or otherwise restricted from participating as a member or attending events. FIRST uses an external service provider for performing this validation. This external provider performs a “fuzzy match” of the information provided by a registrant, member, member-applicant, or any other individual or organization participating with FIRST, against government-provided sanctions lists. Results of these checks are returned to FIRST.</p> <p>We will ask for your consent before using information for a purpose other than those that are set out in this Privacy Policy.</p> <h2 id="Technical-Personal-Information">Technical Personal Information</h2> <p>Other than in the access controlled services that require a FIRST Account, FIRST does not log the identity of visitors. However, we may keep access logs, for example containing a visitor's IP address and search queries. We may analyze log files periodically to help maintain and improve our public services and enforce our online service policies. Raw log files are treated as confidential.</p> <p>FIRST does not use any user-specific tracking cookies. A cookie is a small file of letters and numbers that is placed on your device. Cookies are only set by FIRST when you visit restricted portions of our Web Site and help us to provide you with an enhanced user experience.</p> <h3 id="Third-Parties">Third Parties</h3> <p>We may share and disclose your personally identifiable information in these limited circumstances:</p> <ul> <li>Vendors and other third-party service providers who require access to your personal information to assist in providing and improving our services. These providers have limited access to your information to perform these tasks on our behalf and are contractually bound to protect and to use it only for the purposes for which it was disclosed and consistent with this Privacy Policy.</li> <li>Where required by law or regulation, court order, or other judicial authorization; in response to lawful requests by public authorities, including for the purposes of meeting national security and law enforcement requirements; to protect or defend our rights, interests, or property, or that of third parties; to investigate any wrong doing in connection with our products and services; and to protect the vital interests of an individual.</li> <li>To any other person with your consent.</li> </ul> <p>We may disclose aggregate, non-identifying information about our members and constituents based on anonymized data.</p> <h2 id="Legal-Basis-for-Processing-Your-Information">Legal Basis for Processing Your Information</h2> <p>We collect personal information from you where the processing is in our legitimate interests. As described above, the data is collected to provide services to our members, event attendees, and other interested parties.</p> <p>We send communications announcing upcoming events, submission deadlines, and other issues of interest to our membership and constituents. You may opt out of these communications at any time.</p> <p>If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us at <a href="mailto:privacy@first.org">privacy@first.org</a>.</p> <h2 id="Security">Security</h2> <p>The security of personal information is very important to FIRST. FIRST maintains all personal information with technical, administrative, and physical safeguards to protect against loss, unauthorized access, destruction, misuse, modification, and improper disclosure. No computer system or information can ever be fully protected against every possible attack. FIRST provides reasonable and appropriate security controls to protect personal information against foreseeable attack. If nevertheless a successful attack was identified, FIRST will inform the affected persons via email.</p> <h2 id="Data-Retention">Data Retention</h2> <p>FIRST retains your personal information and a record of membership, event attendance, volunteer service, and related data. As described in the next section, you have the right to request that your personal information be deleted. For additional details see the <a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a>.</p> <h2 id="Your-Data-Protection-Rights">Your Data Protection Rights</h2> <p>You have the following rights:</p> <ul> <li>If you wish to access your personal information that FIRST collects, you can do so at any time by contacting <a href="mailto:privacy@first.org">privacy@first.org</a>.</li> <li>You can correct your information by logging into our portal and requesting a change or contacting <a href="mailto:first-sec@first.org">first-sec@first.org</a>. Please note if you request an erasure of personal information, the following may apply: <ul> <li>We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting, and auditing obligations.</li> <li>Because we use backup systems to protect from accidental or malicious loss and destruction, backup copies of your personal information may not be removed from those systems for a limited period of time.</li> </ul></li> <li>If we have collected and processed your personal information with your consent, you can withdraw your consent at any timeby contacting <a href="mailto:privacy@first.org">privacy@first.org</a>.</li> <li>You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for many data protection authorities are available at <a href="http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm">http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm</a>.</li> <li>You can object to processing of your personal information for marketing purposes and have the right to opt-out of marketing communications we send you at any time through the functionality in those messages. If you determine functionality to opt out is missing or not functioning as expected, you may make such o request at <a href="mailto:privacy@first.org">privacy@first.org</a>.</li> </ul> <h2 id="Changes-to-This-Policy">Changes to This Policy</h2> <p>FIRST reserves the right to modify this Privacy Policy at any time. However, we will take appropriate measures to inform you about material changes to this policy in a timely manner.</p> <h2 id="Policy-History">Policy History</h2> <table> <thead> <tr> <th>Version</th> <th>Date</th> <th>Author(s)</th> <th>Changes</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>March 2019</td> <td>Thomas Schreck</td> <td>Initial release</td> </tr> <tr> <td>2</td> <td>April 2020</td> <td>Thomas Schreck,<br />Dave Schwartzburg</td> <td>Updated to address:<ul><li>New Identity and Collaboration Platforms</li><li>Accounting reform</li><li>Compliance</li></ul></td> </tr> </tbody> </table> <h2 id="Contact-Us">Contact Us</h2> <p>If you have any questions or concerns regarding the use or disclosure of your personal information, you can contact us through email <a href="mailto:privacy@first.org">privacy@first.org</a>. </p></div></div><div id="navbar" data-studio="CU52CV1W8g"><div id="c4" data-studio="Yu8FjCC11g"><ul class="navbar"><li><a href="/about">About FIRST</a><ul><li><a href="/about/mission">Mission Statement</a></li><li><a href="/about/history">History</a></li><li><a href="/about/sdg">Sustainable Development Goals</a></li><li><a href="/about/organization">Organization</a><ul><li><a href="/about/organization/directors">Board of Directors</a></li><li><a>Operations Team</a><ul><li><a href="/about/organization/ccb">Community &amp; Capacity Building</a></li><li><a href="/about/organization/events">Event Office</a></li><li><a href="/about/organization/executive-director">Executive Director</a></li><li><a href="/about/organization/infrastructure">Infrastructure</a></li><li><a href="/about/organization/secretariat">Secretariat</a></li></ul></li><li><a href="/about/organization/committees">Committees</a><ul><li><a href="/about/organization/committees/compensation-committee">Compensation Committee</a></li><li><a href="/about/organization/committees/conference-program-committee">Conference Program Committee</a></li><li><a href="/about/organization/committees/membership-committee">Membership Committee</a></li><li><a href="/about/organization/committees/rules-committee">Rules Committee</a></li><li><a href="/about/organization/committees/standards">Standards Committee</a></li></ul></li><li><a href="/events/agm">Annual General Meeting</a></li><li><a href="/about/organization/reports">Annual Reports and Tax Filings</a></li></ul></li><li><a href="/about/policies">FIRST Policies</a><ul><li><a href="/about/policies/anti-corruption">Anti-Corruption Policy</a></li><li><a href="/about/policies/antitrust">Antitrust Policy</a></li><li><a href="/about/policies/bylaws">Bylaws</a></li><li><a href="/about/policies/board-duties">Board duties</a></li><li><a href="/about/bugs">Bug Bounty Program</a></li><li><a href="/about/policies/code-of-conduct">Code of Conduct</a></li><li><a href="/about/policies/conflict-policy">Conflict of Interest Policy</a></li><li><a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li><li><a href="/about/policies/gen-event-reg-refund-policy">General Event Registration Refund Policy</a></li><li><a href="/about/policies/event-site-selection">Guidelines for Site Selection for all FIRST events</a></li><li><a href="/identity">Identity &amp; Logo Usage</a></li><li><a href="/about/policies/mailing-list">Mailing List Policy</a></li><li><a href="/about/policies/media">Media Policy</a></li><li><a href="/about/policies/privacy">Privacy Policy</a></li><li><a href="/about/policies/registration-terms-conditions">Registration Terms &amp; Conditions</a></li><li><a href="/about/policies/terms">Services Terms of Use</a></li><li><a href="/about/policies/standards">Standards Policy</a></li><li><a href="/about/policies/diversity">Statement on Diversity &amp; Inclusion</a></li><li><a href="/about/policies/translation-policy">Translation Policy</a></li><li><a href="/about/policies/travel-policy">Travel Policy</a></li><li><a href="/about/policies/uniform-ipr">Uniform IPR Policy</a></li><li><a href="/about/policies/whistleblower-policy">Whistleblower Protection Policy</a></li></ul></li><li><a href="/about/partners">Partnerships</a><ul><li><a href="/global/partners">Partners</a></li><li><a href="/global/friends">Friends of FIRST</a></li><li><a href="/global/supporters/">FIRST Supporters</a></li><li><a href="/about/sponsors">Sponsors</a></li></ul></li><li><a href="/newsroom">Newsroom</a><ul><li><a href="/newsroom/news">What&#039;s New</a></li><li><a href="/newsroom/releases">Press Releases</a></li><li><a href="/newsroom/news/media">In the News</a></li><li><a href="/podcasts">Podcasts</a><ul><li><a href="/newsroom/news/first-impressions/">FIRST Impressions Podcast</a></li><li><a href="/newsroom/news/podcasts/">FIRSTCON Podcast</a></li></ul></li><li><a href="/newsroom/newsletters">Newsletters</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li></ul></li><li><a href="/about/procurement">Procurement</a></li><li><a href="/about/jobs/">Jobs</a></li><li><a href="/contact">Contact</a></li></ul></li></ul></div></div><div id="sidebar" data-studio="CU52CV1W8g"></div><footer><div id="footer" data-studio="CU52CV1W8g"><div id="c2" data-studio="Yu8FjCC11g"><div class="content"> <div class="support"> <div class="kbsearch bottom"> <p><a href="https://support.first.org"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a> <input class="kb-search" type="search" placeholder="Do you need help?"></p> </div> </div> <div id="socialnetworks"><a href="/about/sdg" title="FIRST Supported Sustainable Development Goals (SDG)" class="icon-sdg"></a><a rel="me" href="https://infosec.exchange/@firstdotorg" target="_blank" title="@FIRSTdotOrg@infosec.exchange" class="icon-mastodon"></a><a href="https://twitter.com/FIRSTdotOrg" target="_blank" title="Twitter @FIRSTdotOrg" class="icon-tw"></a><a href="https://www.linkedin.com/company/firstdotorg" target="_blank" title="FIRST.Org at LinkedIn" class="icon-linkedin"></a><a href="https://www.facebook.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Facebook" class="icon-fb"></a><a href="https://github.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Github" class="icon-github"></a><a href="https://www.youtube.com/c/FIRSTdotorg" target="_blank" title="FIRST.Org at Youtube" class="icon-youtube"></a><a href="/podcasts" title="FIRST.Org Podcasts" class="icon-podcast"></a></div> <p><a href="/copyright">Copyright</a> © 2015—2024 by Forum of Incident Response and Security Teams, Inc. All Rights Reserved.</p> </div> <p><span class="tlp"></span></p></div></div></footer><script nonce="jB71QER2uAP-ogtRlSe_pg" async="async" src="/_/web.js?20241125212614"></script><script nonce="jB71QER2uAP-ogtRlSe_pg" async="async" src="/_/s.js?20241125-212616"></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10