By completing this form and subscribing to our email list, you agree to the collection and use of your personal information as described in this statement.

1. What information we collect:

We collect the following personal information:

• Your first name

• Your last name

• Your email address

2. How we use your information:

We use the information you provide for the sole purpose of:

• Sending you the "ICS Advisory Project Weekly Summary Slides and Other CERT & Vendor Advisory Summaries" via email every Monday.

• Sending you copies of our Semi-Annual and Annual ICS Vulnerability Research Reports during their months of release.

3. Data protection and security:

We are committed to ensuring the security of your personal data. We have implemented appropriate technical and organizational measures to protect your information from unauthorized access, disclosure, alteration, or destruction.

4. Data retention:

We will retain your personal information for as long as you remain subscribed to our email list. If you unsubscribe at any time, your data will be permanently deleted from our records within a reasonable timeframe, unless otherwise required by law.

5. Your rights under the GDPR:

As a data subject, you have the following rights regarding your personal information:

• Right to Access: You have the right to request a copy of the personal data we hold about you.

• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate or incomplete.

• Right to Erasure: You have the right to request that we erase your personal data, subject to certain conditions.

• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data, subject to certain conditions.

• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

• Right to Object: You have the right to object to our processing of your personal data, subject to certain conditions.

6. Unsubscribing:

You can unsubscribe from our email list at any time by clicking the "Unsubscribe" link found at the bottom of every email we send you.

7. No selling or distributing your data:

ICS ADVISORY PROJECT WILL NEVER SELL, RENT, OR DISTRIBUTE YOUR EMAIL ADDRESS OR ANY OTHER PERSONAL INFORMATION TO ANY THIRD PARTY.

8. Contact Us:

If you have any questions about this privacy statement or wish to exercise any of your rights, please contact us at [Insert Your Contact Email Address Here].

Important Notes for Your Consideration:

• Legal Counsel: This is a general template and not a substitute for legal advice. It is highly recommended that you consult with a legal professional specializing in GDPR to ensure your privacy statement and practices are fully compliant with all applicable laws and regulations.

• Accuracy: Make sure the statements about what you do with the data are 100% accurate. For example, if you use a third-party email service provider (like Mailchimp, Constant Contact, etc.), that is a form of "processing" by a third party. The statement should be truthful about this, but you can still maintain that you don't "sell or distribute" the data. The draft above is written to be broad enough to cover this, but it's an important distinction.

• Transparency: The GDPR emphasizes transparency. By clearly stating what data you collect, why you collect it, and what rights the user has, you are demonstrating your commitment to this principle.

• Placement: This privacy statement should be easily accessible from the subscription form itself. A good practice is to include a checkbox that says, "I have read and agree to the Privacy Statement" with a clickable link to the full text. This is a key part of demonstrating "explicit consent" under the GDPR.