Privacy Policy

The Hague, June 2024

Introduction ISI

For the purpose of this Privacy Policy , "ISI," "we," "us" or "our" means the ISI and its seven Associations:

  • Bernoulli Society (BS)
  • International Association for Official Statistics (IAOS)
  • International Association for Statistical Education (IASE)
  • International Association of Survey Statisticians (IASS)
  • International Association for Statistical Computing (IASC)
  • International Society for Business and Industrial Statistics (ISBIS)
  • The Environmetrics Society (TIES).

The ISI's mission is to lead, support and promote the understanding, development and good practice of statistics worldwide, by providing the core global network for statistics. This is reflected in our slogan 'Statistical Science for a Better World'. The ISI has individual and organizational members, like national statistical offices, central banks, universities research institutes, national statistical societies and private companies . We support statisticians and statistical organizations worldwide, organize congresses, conferences and workshops, and issue extensive publications, including a variety of journals. We also manage a range of Awards and Prizes.

ISI Privacy Policy

At ISI we understand the importance of maintaining the privacy of our members and others who entrust us with their personal data. Our servers, computers and contractors employ security procedures to protect all our/your information from unauthorized access. All ISI processing activities are documented and kept in an up-to-date register, providing the full details of the records kept, the purpose of the processing, the access to data and the retention periods.

This Privacy Policy applies when providing and performing our services, or receiving your services and when you visit our website. It explains what we do with your personal data and how we process your data and it outlines the policies and procedures concerning information gathering and dissemination practices for the ISI membership and other data collected by ISI and through the website www.isi-web.org. The ISI fully adheres to the EU General Data Protection Regulation.

  • In this Privacy Policy we describe what activities we perform and for what purpose, how we collect, use and process your personal data in that context, and how we comply with our legal obligations in doing so.
  • For the purpose of relevant data protection legislation, (including but not limited to the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”)), the controller, the company responsible for your personal data, is the ISI office located in The Hague (hereinafter referred to in this Privacy Policy as "ISI" or "we") located at Henri Faasdreef 312, 2492 JP The Hague, Netherlands, to be reached at telephone number +31 (0)70 3375737, by e-mail at [email protected].
  • The ISI is committed to protecting the data that concern you and your right to privacy.
  • This Privacy Policy applies to personal data we process within the following categories: Members, Suppliers, Third Parties, Website Visitors. Individuals registered for the ISI newsletters, individuals registered for ISI events. It is important to remind you that it is possible that we may change this Privacy Policy. We request that you visit this page on our website to stay informed of possible changes.
  • The activities described in this Privacy Policy are aimed at providing you with a service that is as focused and efficient as possible. 

Description of processing of personal data by the ISI

Below we have listed by category, what personal data we process, how we process it, for what purposes we need it and with whom we may share personal data.

Membership Data

What personal data do we collect from Members

The ISI collects information from ISI and/or Associations' Members (individual and organizational) in order to keep an efficient and up to date membership administration and inform the Members about the ISI's activities, meetings and events such as ISI Congresses. 

If you are a Member of the ISI and/or an ISI Association, we are required to process information about your organization or individuals within your organization as we provide services to you. The amount of data we collect about Members is very limited. The ISI does not ask for more personal information and details from Members than absolutely necessary for the processing of the membership. 

Generally, we only need your contact information, or the information of individual contacts within your organization (such as their names, phone numbers and e-mail addresses) to ensure that our relationship runs smoothly. Individual data are processed by the designated staff in the ISI Permanent Office (PO) and by designated ISI and/or Association officials.

What?
  1. Title, Name, First name, Initials
  2. Position, Department/Section, Organisation
  3. Address (private/corporate), Country/Region
  4. Telephone landline/fax (private/corporate),Telephone mobile
  5. Email address
  6. Date of birth, If retired, Gender, Nationality
  7. ISI / Association memberships, Subscriptions, Membership fees and status of payment
  8. Website URL 

The ISI does not collect any sensitive information (race, religion, health status) about ISI and its Associations members.

How do we collect personal data from Members

We collect personal data from Members in two ways: 

  1. Personal data we receive directly from you as an individual member:

    1. If you in any form communicate with us, subscribe to ISI newsletters, or register for ISI events, usually by phone or e-mail, or through our websites; and/or specific registration forms

    2. If we contact you, either by phone or email

  2. Personal data about individuals employed by or associated with a Member organization

What do we need Members' personal data forThe main reason for using Member data is to ensure that the contractually agreed arrangements between us can be properly fulfilled and in order to keep an efficient and up to date membership administration and inform the Members about the ISI's activities, meetings and events.
With whom we share Members' personal data. Data transfers outside of the EEA (European Economic Area)

We only share Member personal data with third parties if this is necessary, such as our external IT administrators or hosting party. Processing agreements have been concluded with such parties. It also happens that we may need to share Member personal data with third parties who are responsible for processing, this is only done based on necessity for the execution of the membership-agreement, or your consent. Or on the basis of legitimate interest, which is always weighed up beforehand. The purpose is always in the context of providing our services to Members.

Address information from individual membership data is only shared with publishers as necessary for providing subscriptions to journals or similar services. 

Other personal details of Members, such as postal addresses, email addresses, and telephone/fax numbers, are stored in the ISI membership system (protected by login and password and compliant with GDPR). This type of information will not be displayed in the public domain. If contact information of a Member needs to be shared publicly for ISI operations, it shall be shared via email aliases or secure methods. Any other dissemination of such information requires the consent of the individual Member.

On what basis do we process the data. 

Members are requested to give their explicit consent to processing of their data and the publication of their name, country of residence and affiliation, when applying for membership, or in the Membership System. 

And Article 6 paragraph 1b GDPR: the processing is necessary for the performance of a contract to which the data subject is a party, or in order to take measures at the request of the data subject prior to the conclusion of a contract. Or pursuant to article 6l id 1g our legitimate interest or that of a third party.  

 

Supplier data

What personal data do we collect from suppliersWe need personal data from our Suppliers to ensure that our organization runs smoothly. We need contact details of relevant individuals within your organization so that we can communicate with them, such as names, phone numbers and email addresses. We also need other information, such as bank details, so that we can pay you for the services you provide (if this is part of the contractual agreements between us). We may also store additional information that someone within your organization has shared with us; we do so only if necessary and relevant to maintaining our supplier relationship.
How do we collect personal data from suppliersWe collect the personal data during our cooperation.
What do we need supplier personal data forThe main reason for using your personal data is to ensure that the contractually agreed arrangements between us can be properly fulfilled.
Legal basis for processing supplier dataWe use and store the personal data of individuals within your organization under the legal basis article 6 paragraph 1f GDPR. We hereby have a legitimate interest for the performance of the contract to facilitate the receipt of the services as one of our Suppliers.

 

Third Party

What personal data do we collect from third partiesWe may process name, email address, contact information of contact persons of the member. Or other third parties involved, for example personal data from individuals subscribed to ISI newsletters and/or registered for ISI events, who are not a member of ISI
How do we collect personal data from third partiesWe obtain this personal data either from a Member organization or from the Third Party itself.
Legal basis for processing third-party dataArticle 6 paragraph 1 a, f, consent or on the basis of our legitimate interest namely the correct exercise of our services.


ISI and/or Association Mailings

Mass mailings are sent without disclosing individual email addresses. You may opt out of receiving the ISI news items/newsletters at any time.

Other Data and dataprocessing

Surveys and polls are sometimes used to collect opinions and views of members. The data obtained from such surveys are anonymised before they are processed and analysed, and are used only for each survey's specified goals. Responses to operations conducted for voting procedures are processed in the ISI PO and results are reported only in aggregated and non-identifiable form. Individual data collected by these means are not disclosed by the ISI. 

Individual data collected in application procedures, including membership applications, funding requests, award and prize applications, are processed by the ISI PO and shared with the responsible officers as necessary to consider or process applications (i.e. chairs and members of the relevant committees). All recipients, like committee members, are required to agree to appropriate confidentiality clauses and sign a non-disclosure agreement. 

A contact form is available for visitors to the ISI website to request information and services. We use the visitors' contact information (e.g. name and email address) only for answering their requests/questions, responding to enquiries or sending materials. The information from these contact forms is not disclosed to third parties unless the visitor has given his/her consent to do so.

International transfer of personal data

ISI Officers and officials. As an international organization with a global membership, it could be necessary for ISI to share your (membership) data with our officers (President and Executive Committee members, Nominations Committee for Officer elections, Awards and Prizes Committees, ISI Association Presidents). Our Officers and Officials may be based inside or outside the EU/EEA and only an authorized official/officer will have access.  

Due to the fact that the data will stay within the organization of ISI, also when accessed by an ISI Association Official, and is not transferred to a third party, any access and internal processing by any of our officers/officials from outside the EU/EEA does not constitute an international data transfer as stipulated in Chapter 5 GDPR (Transfer of personal data to third countries). ISI officers and ISI Association officials receiving (membership) data are required to sign a confidentiality statement before. 

Third parties. Data could also be shared with Publishers for publication subscriptions (if you subscribed to those), Congress and Conference organizers for distributing information and checking your membership status (for entitlements to reduced rates) and third-party partners both inside and outside of the European Union/EEA.   
Third party organizations are organizations with which ISI has a working or cooperative agreement (for example, the web shop developer, the website and web shop host and the external auditors), or contractual in order for us to fulfil our duties and responsibilities to our members. ISI shares only the absolute minimum data necessary with external parties.

International transfer of personal data to a third party in a third country  
In the case of an international data transfer by us to a third party based outside of EU/EEA in a third country, we will, when after careful assessment we conclude it necessary, contract with the party the (European Commission) standard clauses, obligations and provisions for the international transfer of data to third countries.

Or when required we will arrange the applicable conditions of article 49.1a GDPR (your informed and explicit consent). And/or the data transfer is based on Article 49.1b (to perform the contract we have with you), and/or article 49.1c GDPR (to conclude a contract with a third party in your interest).

ISI on Social Media

ISI has several social media accounts such as but not limited to LinkedIn, Facebook, X, YouTube, Vimeo. However ISI does not have access to your social media accounts if you would use any social media when you interact with our pages on the social media platforms. Please refer to the applicable Privacy & Security policies of the specific Social media platform, so you can inform yourself about their policies, procedures and the consent settings before you communicate using the platform as these and the processing are outside the control of ISI. 

Website users

What personal data do we collect from website users

When you visit our website or read or click on an email from us, we may collect certain information automatically, or we may collect information because you provide it to us by the use of our website. We do this to improve your experience of our website, to administer our services and/or to monitor user behavior on our website. This includes, for example, information about how you use our website, your pseudonymized IP address, some elements of this data we need so that we can fulfill our contractual obligations to you or others. You can simply use our website without providing any personal data to us. 

What are cookies and how do we use them? Cookies are small (text) files that a website places on your computer, tablet or cell phone when you visit the website. They are used to store information about your website visit. The use of cookies allows a website to recognize you the next time you visit. Cookies are used by almost all websites and do not harm your system. Our website uses functional cookies, which are necessary for the website to work.  If you want to control what type of cookies you accept, you can do so in your browser settings. Cookies are collected in order to ensure proper functioning of the ISI website and for further improvement of the functionality. Cookies from www.isi-web.org and its subsites are safe. Most cookies disappear when you close your browser but some remain for a few days or longer. If you wish, you can always remove or disable the use of cookies in your browser. Information about adjustments in the settings for cookies can be found in the help function of most browsers. However, if you disallow cookies, you may disable access to advanced functionality on our web site.
How can you delete cookies?If you do not wish to receive cookies that are not strictly necessary to carry out the basic functions of our site, you can refuse cookies by changing your browser settings. Most web browsers will accept cookies, but if you prefer that we do not collect data from you in this way, you can choose to accept all cookies, accept some cookies or reject all cookies in your browser's privacy settings and through our cookiebanner. However, rejecting all cookies means that you may not be able to take advantage of all the features of our website. Each browser is different, so check your browser's "Help Menu" to learn how to change your cookie preferences. 
How do we collect personal data from website usersWe collect your data automatically through cookies when you visit our website, in accordance with our cookie notification on the website. In  our cookie notification/banner you can choose for which type of cookies you give your consent.  
Legal basis for processing website user dataWe process your personal data from website usage based on our legitimate interest to operate a good, safe and reliable website. Or we process personal data based on your prior explicit consent, all as stated in our cookie banner and cookie statement. 

 

How do we protect your personal data?

Protecting your information is important to us. Therefore, we have taken appropriate measures to prevent unauthorized access to and misuse of your personal data. We have ensured that your data can only be accessed by employees for whom it is necessary for our services and who actually need access to the information. Whenever it is necessary for contractors working for the ISI to access data, such as for work on the ISI's website and associated IT infrastructure, the agreement with the contractor will contain the necessary provisions to protect privacy and non-disclosure.

How long do we keep your personal data?

We keep your personal data 2 years after the completion of our services in question. We keep the personal data that we need to keep longer due to financial and tax laws for 7 years. Personal data of non-member participants to ISI events, which data is not required to retain under tax and financial laws, will be kept for 2 years from the moment you have last logged on to your account. 

How do you access, modify or withdraw personal data you had shared with us?

To protect your personal data, you have various legal rights regarding this data. To speak with us about this, please contact our Privacy Officer at our phone number +3170 337 5737 or [email protected]. We will do our best to respond to your request as quickly as possible. Please note that we may keep a record of our communications with you to help us resolve any issues you may raise.

Right to withdraw consent

Where we have obtained your consent to process your personal data for certain activities, you have the right to withdraw your consent at any time.

Data subject's request for access to data

You have the right at any time to ask us what information we process about you and may ask us to amend or update that information. In such a case, we may comply with your request or, in addition, do any of the following: 

  • We might ask you to verify your identity, or ask for more information about your request; and 
  • Where we are legally entitled to do so, we might refuse your request. In that case, we will always explain why we do so.

Right of removal

In certain cases (such as where we may have unlawfully processed your data), you have the right to request that we "erase" your personal data. We will respond to your request within 30 days (although we may extend this period in certain cases) and will only be unable to comply with your request if certain restrictive conditions apply. If we agree to your request, we will delete your data, but generally assume that you want us to put your name on a list of people who prefer not to be contacted by us. In this way, we minimize the chances that you will be contacted in the future should your data be collected in isolated circumstances. If you prefer that we do not do this, you can indicate this.

Right to data portability

If you wish, you have the right to transfer your data from us to another data controller. We will help you do this - either by transferring the data directly for you, or by providing you with a copy in a commonly used machine-readable format.

Right of objection and complaint

If we use your data because we consider it necessary for our legitimate interests, without consent or performance of a contract, and you disagree, you have the right to object. We will respond to your objection within 30 days. You also have the right, if there is reason to do so, to submit a complaint to us about the way we handle your personal data. We will give you a motivated answer as soon as possible.

Right to file a complaint with a supervisory authority

Of course we are happy to help you if you have a complaint about the processing of your personal data. If, despite this, you are not satisfied with our response and/or solution offered you also have the right under privacy legislation to submit a complaint to the privacy regulator, the Authority for Personal Data. You can contact the Dutch Supervisory Authority (the Autoriteit Persoonsgegevens). More details can be found in the contact details below.

Security

The ISI website and Webshop are only available through encrypted SSL connections (https), and we have security measures in place to protect against the loss, misuse and alteration of the information. In case of a credible threat of a security breach, the ISI will inform the members affected and will take the necessary measures to prevent misuse of the data. The contract with the website and webshop hosting company contains the necessary provisions and procedures in order to be GDPR compliant. The ISI Protocol for Security Incidents and Data Breaches is applied. 

Several of the Associations' websites are not hosted by the ISI website hosting company. For these websites different security regimes might be in place. 

If any knowledge or suspicion about a breach of the ISI's security arises, please contact the ISI Permanent Office

The ISI Permanent Office (PO) is located in the premises of Statistics Netherlands (CBS) and works in CBS's IT environment, which complies with the highest standards of data protection. Check out more information about CBS's IT infrastructure and Privacy Protection

The ISI PO staff are actively informed about this Privacy Policy and the safety measures. The staff work on remote PCs, and only with two-factor authentication protected access.

Links to other websites

The ISI website contains links to other websites. The ISI is not responsible for the privacy practices or content of other websites. We recommend that you read the Privacy Policies of each website that requests any personal information.

Contact details

The ISI is the entity responsible for processing personal data. Through this contact information you can contact to:

  • access your personal data that you have provided to us and/or that we process;
  • amend or revoke them; 
  • filing complaints, or if you suspect misuse or loss of or unauthorized access to your personal information; 
  • To withdraw your consent to the processing of your personal data (when consent is the legal ground on which we process your personal data);
  • comments or suggestions regarding this Privacy Policy.
  • In the event of a suspected data breach

ISI Privacy Officer:

Telephone: +3170 337 5737    
E-mail: [email protected]  
Website: https://isi-web.org/privacy-policy 

How to contact the supervisory authority in the Netherlands.

If, after making an objection and/or filing a complaint with ISI, you are not satisfied with the way we have handled your complaint, you can file a complaint with the Personal Data Authority at any time. You can do so through the website of the Authority.   

The Personal Data Authority. You can contact them in the following ways:  

Phone: + 31 (0) 88 1805 250   
Website:   
Dutch Supervisory Authority

 

Version control

This is version June 2024 of the external ISI Privacy Policy. This policy may be revised over time as new features are added to the website, new technologies emerge, or changes in legislation require the ISI to do so. We invite you to visit the ISI Website regularly to be informed of any changes.