Data Protection Policy
The Hague, 2 May 2018
ISI understands the importance of maintaining the privacy of you, our members. We believe very strongly in preserving your privacy on the Internet. Our servers, computers and contractors employ security procedures to protect all our/your information from unauthorized access.
Where ISI holds such personal data, we respect your privacy and understand the necessity to keep the data you disclose to us safe and secure, in accordance with Dutch Law and adhering to the EU General Data Protection Regulation (GDPR). Members may inspect their own personal data through the online ISI webshop and, if incorrect, may modify or remove it.
The following questions and answers seek to clarify what information we collect and for what purposes.
This document is tailored towards the individual data (natural persons) of members of the ISI and its Associations:
- Bernoulli Society (BS)
- International Association for Official Statistics (IAOS)
- International Association for Statistical Education (IASE)
- International Association of Survey Statisticians (IASS)
- International Association for Statistical Computing (IASC)
- International Society for Business and Industrial Statistics (ISBIS)
- The Environmetrics Society (TIES)
1. What kind of Personal Data do ISI collect?
The ISI collects different types of personal data:
- ISI and Associations’ Member data.
- Data relating to participants of ISI and Associations’ congresses, conferences and workshops.
- Data submitted on application forms and nominations for funding, prizes and awards.
This document deals explicitly with membership data.
2. For what purposes do ISI and its Associations collect personal data from members?
The ISI and the ISI Associations collect personal data from individual members for the following purposes:
- Keeping an adequate and up-to-date membership administration and management.
- Informing members about events (congresses, conferences, workshops, courses) and related information, including social events.
- Informing members about news and developments in the profession, and about strategic discussions.
- Invitations to participate in meetings (for example the General Assembly).
- Invitations to take part in surveys about the organisations’ strategies and operations.
- Approaching members for committee membership or other official functions.
- Subscriptions to journals/magazines.
3. Which Data are Collected?
The following data are collected from members:
- First name
- Department / section
- Address (private / corporate)
- Telephone landline / fax
- Telephone mobile
- Email address
- Date of birth
- If retired
- ISI / Association memberships
- Membership fees and status of payment
These data are the minimum required for administration of the membership. The ISI does not collect any sensitive information (race, religion, health status) about ISI and its Associations members.
4. What is the Legitimate Basis for the ISI to Process my personal Data (lawfulness processing)?
Since the end of 2017, new members have been requested to give their explicit approval for the processing of their personal data for the purposes as described in this document. We also ask them for their consent to publish their name, country and membership type in the public domain of the website.
From 15 April 2018, all members who access their information through the webshop, will be asked to give their explicit consent for processing their personal data by ticking the appropriate boxes in the webshop. Without this approval, it will not be possible to process the membership.
In case you would like to make an inquiry of purpose of the data processing, please feel free to exercise your rights as described in #7.
5. What is Meant by ‘Collect, Store and Process’? Why it is it done?
The membership data are stored and processed in our membership database, which is in the secured and protected environment of Statistics Netherlands (CBS), where the ISI Permanent Office is located. The database is accessible only by authorized staff of the ISI Permanent Office for the purpose of office processes and the checking and updating of membership status.
The membership data in the database is transmitted to the online webshop through a secure channel. Your data in the webshop is accessible only by you with your username and password and by the ISI Membership Officer. If you customise your password then only you can access the webshop. The webshop is in an https environment.
6. Who does ISI Share this Information with?
As an international organisation with a global membership, it is often necessary for ISI to share your data with our officers (President and Executive Committee members, Nominations Committee for Officer elections, Awards and Prizes Committees, Association Presidents), Publishers for publication subscriptions (if you subscribed to those), Congress and Conference organisers for distributing information and checking your membership status (for entitlements to reduced rates) and third-party partners both inside and outside of the European Union. Third party organisations are organisations with which ISI has a working or cooperative agreement (for example, the webshop developer, the website and webshop host and the external auditors), or contractual in order for us to fulfil our duties and responsibilities to our members. ISI shares only the absolute minimum data necessary with external parties (for example, name, country, membership number, membership status and email address).
The ISI and/or Association Officials may be based outside the EU/EEA. ISI and Association officials receiving membership data are required to sign a confidentiality statement. Contracts with third parties (processors, webhosts) contain the necessary confidentiality clauses.
Any information shared with parties outside the ISI Permanent Office is sent in an encrypted format.
7. What are My Rights as a Member?
As an ISI/Association member, you have the following rights:
- Right to access your data: Every member has access to their data through the ISI webshop with their unique username and password.
- Right to be informed about the processing of data and who has access to the data: you can ask for access to the ISI register of processing activities, which contains detailed information.
- Right of correction. Corrections can be made either in the webshop or by sending a request to the ISI Membership Officer.
- Right of erasure of data (right to be forgotten).
You may exercise this right, which will mean termination of your membership and deletion of all your information from the ISI and Associations’ membership database, archives and webshop.
- Right to obtain your data (data portability). You may send a request for your data in a portable format to the ISI Permanent Office.
8. How Long will ISI Keep Personal Data in its Files?
Financial information will be held for no more than seven years, in accordance with Dutch law. Personal data will be held for no more than two years following the cancellation or deletion of membership. For historic reasons we will keep only a record of names, countries, date of start and end of membership.
9. Within the Organisation, Who is Responsible for the Data Protection Policy?
Under Dutch law, ISI hereby declares that in relation to this Data Protection Policy the responsible body is the ISI Executive Committee. The executive administrator is the ISI Director.
ISI Permanent Office
P.O. Box 24070
2490 AB The Hague
Tel. + 31 70 3375738