PRIVACY POLICY

ASEAN-Japan Cybersecurity Capacity Building Centre

Our Mission and Priority in Privacy

The main mission of AJCCBC is to build capacity and provide knowledge regarding cybersecurity, which has become tremendously essential in the modern world, to the cybersecurity officials in ASEAN member states. Central to this mission is our commitment to be transparent about the data we collect about you, how it is used and with whom it is shared.

This Privacy Policy applies when you use our Services (described below). We offer our users choices about the data we collect, use and share as described in this Privacy Policy, Cookie Policy, Settings and our Help Center.

Introduction

The ASEAN-Japan Cybersecurity Capacity Building Centre (AJCCBC) was established under the guidance of TELMIN/SOM in 2017 and funded by Japan ASEAN Integration Fund (JAIF 2.0). The project (2018–2023) was successfully implemented by ETDA of Thailand.

AJCCBC is continuing its new mission from 2023–2027 with the support of ASEAN and Government of Japan, implemented by Japan International Cooperation Agency (JICA) and NCSA of Thailand under the name “Project for Enhancing ASEAN-Japan Capacity Building Programme for Cybersecurity and Trusted Digital Services”, which was started in March 2023. The project’s targeted beneficiaries are government officials, CII operators/enablers, trust digital service enablers, Regulators and providers.

Our registered users (“Members”) are required to share their personal information including name, e-mail address, countries, and professional identities to engage with other members and participate in our activities.

Services

This Privacy Policy, including our Cookie Policy applies to your use of our services on AJCCBC Official website and other AJCCBC own platform.

Data Controllers and Contracting Parties

The personal information of our participants from every ASEAN member state will have AJCCBC as the controller of your personal data provided to, or collected by or for, or processed in connection with our Services. As a Member of our Services, the collection, use and sharing of your personal data is subject to this Privacy Policy and other documents referenced in this Privacy Policy, as well as updates.

Change

Changes to the Privacy Policy apply to your use of our Services after the “effective date.” AJCCBC (“we” or “us”) can modify this Privacy Policy, and if we make material changes to it, we will provide notice through our Services, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may close your account.

You acknowledge that your continued use of our Services after we publish or send a notice about our changes to this Privacy Policy means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy, as of its effective date.

1. Required Personal Data

1.1 Data Provided to Us by You

Your personal data is provided to us in order to create an account on our platform.

Registration

To create an account, you need to provide data including your name, email address, professional identity, and a password for complete registration.

Profile

The information shared on your profile includes only your names and your countries. You don’t have to provide additional information on your profile; however, profile information helps you in identifying other users and being identified. Please do not post or add personal data to your profile that you would not want to be publicly available.

Posting and Uploading

We collect personal data from you when you provide, post or upload it to our Services, such as when you fill out a registration form or respond to a survey. You don’t have to post or upload personal data, and that will not affect your usage of our platform.

1.2 Data from Others

Others may post or write about you.

Content and News

You and others may post content that includes information about you (as part of articles, posts, comments, videos) on our Services. We also may collect public information about you, such as professional-related news and accomplishments, and make it available as part of our Services, including, as permitted by your settings, in notifications to others of mentions in the news.

Partners

We receive personal data (e.g., your job title and work email address) about you when you use the services of our partners such as Micro Learning site.

1.3 Service Use

We log your visits and use of our Services.

We log usage data when you visit or otherwise use our Services, including our sites, app and platform technology, such as when you view or click on content (e.g., learning video), perform a search, install or update one of our mobile apps, share articles or apply for jobs. We use log-ins, cookies, device information and internet protocol (“IP”) addresses to identify you and log your use.

1.4 Cookies and Similar Technologies

We collect data through cookies and similar technologies. As further described in our Cookie Policy, we use cookies and similar technologies to collect data (e.g., device IDs) to recognize you and your device(s) on, off and across different services and devices where you have engaged with our Services. We also allow some others to use cookies as described in our Cookie Policy

1.5 Your Device and Location

We receive data from your devices and networks, including location data. When you visit or leave our Services (including some plugins and our cookies or similar technology on the sites of others), we receive the URL of both the site you came from and the one you go to and the time of your visit. We also get information about your network and device (e.g., IP address, proxy server, operating system, web browser and add-ons, device identifier and features, cookie IDs and/or ISP, or your mobile carrier). If you use our Services from a mobile device, that device will send us data about your location based on your phone settings. We will ask you to opt-in before we use GPS or other tools to identify your precise location.

1.6 Messages

If you communicate through our Services, we learn about that. We collect information about you when you send, receive, or engage with messages in connection with our Services. For example, if you get an AJCCBC platform connection request, we track whether you have acted on it and will send you reminders.

1.7 Other

We are improving our Services, which means we get new data and create new ways to use data. Our Services are dynamic, and we often introduce new features, which may require the collection of new information. If we collect materially different personal data or materially change how we collect, use or share your data, we will notify you and may also modify this Privacy Policy.

2. How We Use Your Data

We use your data to provide, support, personalize and develop our Services. How we use your personal data will depend on which Services you use, how you use those Services and the choices you make in your settings. We use the data that we have about you to provide and personalize our Services, including with the help of automated systems and inferences we make, so that our Services can be more relevant and useful to you and others.

2.1 Services

Our Services help you stay connected with others in cybersecurity field, receive information on new trainings, and participate in our programmes. We use your data to authorize access to our Services and honor your settings.

Stay Informed

Our Services allow you to stay informed about news, events and ideas regarding professional topics you are interested in. Our Services also allow you to improve your professional skills, or learn new ones. We use the data we have about you to personalize our Services for you

Webinar

Our Services allow you to explore new knowledge and evaluate educational opportunities. You will be able to join webinar hosted by professionals both live and recorded in various topics on cybersecurity.

2.2 Communications

We contact you and enable communications between you and our automatic chat response. We offer settings to control what messages you receive and how often you receive some types of messages.

We will contact you through email, notices posted on our websites, and other ways through our Services. We will send you messages about the availability of our Services, security, or other service-related issues. We also send messages about how to use our Services, reminders, and other professional related topics. You may change your communication preferences at any time. Please be aware that you cannot opt out of receiving service messages from us, including security and legal notices.

2.3 Developing Services and Research We develop our Services and conduct research.

Service Development We use data, including public feedback, to conduct research and development for our Services in order to provide you and others with a better, more intuitive and personalized experience. Surveys

Polls and surveys are conducted by us and others through our Services. You are not obligated to respond to polls or surveys, and you have choices about the information you provide. You may opt-out of survey invitations.

2.4 Customer Support

We use data to help you and fix problems. We use data (which can include your communications) to investigate, respond to and resolve complaints and for Service issues (e.g., bugs). AJCCBC Administrator admin@ajccbc.org AJCCBC Contact Point contact@ajccbc.org

2.5 Insights That Do Not Identify You

We use data to generate insights that do not identify you. We use your data to produce and share insights that do not identify you. For example, we may use your data to generate statistics about our members, their profession or industry, to calculate ad impressions served or clicked on, or to publish visitor demographics for a Service or create demographic workforce insights.

2.6 Security and Investigations

We use data for security, fraud prevention and investigations. We use your data (including your communications) for security purposes or to prevent or investigate possible fraud or other violations of our User Agreement and/or attempts to harm our Members, Visitors or others.

3. How We Share Information

3.1 Our Services

Any data that you include on your profile will be seen by others, consistent with your settings.

Profile

Your profile is fully visible to all Members. Subject to your settings.

Viewing and Sharing Information

Our Services allow viewing and sharing information.

Related Services

We share your data across our different Services. We will share your personal data to provide and develop our Services. We may combine information internally across the different Services covered by this Privacy Policy to help our Services be more relevant and useful to you and others.

3.2 Service Providers

We may use others to help us with our Services. We use others to help us provide our Services (e.g., maintenance, analysis, audit, payments, fraud detection, marketing and development). They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.

3.3 Legal Disclosures

We may need to share your data when we believe it’s required by law or to help protect the rights and safety of you, us or others. It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we have a good faith belief that disclosure is reasonably necessary to (1) investigate, prevent or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you; (3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of our Services (such as by sharing with companies facing similar threats); or (5) exercise or protect the rights and safety of our website, our Members, personnel or others. We attempt to notify Members about legal demands for their personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our discretion, that the requests are overbroad, vague or lack proper authority, but we do not promise to challenge every demand.

4. Your Choices & Obligations

4.1 Data Retention

We keep most of your personal data for as long as your account is open. We generally retain your personal data as long as you keep your account open or as needed to provide you Services. This includes data you or others provided to us and data generated or inferred from your use of our Services. In some cases, we choose to retain certain information (e.g, insights about Services use) in a depersonalized or aggregated form.

4.2 Rights to Access and Control Your Personal Data

You can access or delete your personal data. You have many choices about how your data is collected, used and shared. We provide many choices about the collection, use and sharing of your data, from deleting or correcting data you include in your profile . We offer you settings to control and manage the personal data we have about you. For personal data that we have about you, you can:

  • Delete Data: You can ask us to erase or delete all or some of your personal data (e.g., if it is no longer necessary to provide Services to you).
  • Change or Correct Data: You can edit some of your personal data through your account. You can also ask us to change, update or fix your data in certain cases, particularly if it’s inaccurate.
  • Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if your personal data is inaccurate or unlawfully held).
  • Right to Access and/or Take Your Data: You can ask us for a copy of your personal data and can ask for a copy of personal data you provided in machine readable form.

You may contact us using the contact information below, and we will consider your request in accordance with applicable laws.

4.3 Account Closures

We keep some of your data even after you close your account. If you choose to close your account, your personal data will generally stop being visible to others on our Services within 24 hours. We generally delete closed account information within 30 days of account closure, except as noted below. We retain your personal data even after you have closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse), enforce our User Agreement, or fulfill your request to “unsubscribe” from further messages from us. We will retain de-personalized information after your account has been closed.

5. Other Important Information

5.1. Security

We monitor for and try to prevent security breaches. Please use the security features available through our Services. We implement security safeguards designed to protect your data, such as HTTPS. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot warrant the security of any information that you send us. There is no guarantee that data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.

5.2. Cross-Border Data Transfers

We store and use your data outside your country. We process data both inside and outside of the Centre’s location – Thailand and rely on legally-provided mechanisms to lawfully transfer data across borders. Countries where we process data may have laws which are different from, and potentially not as protective as, the laws of your own country.

5.3 Lawful Bases for Processing

We have lawful bases to collect, use and share data about you. You have choices about our use of your data. At any time, you can withdraw consent you have provided by going to settings. We will only collect and process personal data about you where we have lawful bases. Lawful bases include consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you and “legitimate interests.”

Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object

5.4. Contact Information

You can contact us or use other options to resolve any complaints. If you have questions or complaints regarding this Policy, please contact us via contact@ajccbc.org.