Last Modified: November 28, 2018
ISCT, International Society for Cell & Gene Therapy respects your privacy and is committed to protecting your Personal Information (defined below). This privacy notice will let you know how we collect, use, process, maintain, and share your Personal Information on and offline, as well as your choices regarding the use, access, and correction of your Personal Information. What Personal Information we collect may vary based on your interaction with us and requests for our services.
We encourage you to read this privacy notice together with any other privacy notice we may provide on specific occasions when we are collecting or using Personal Information about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.
This privacy notice is provided in a layered format so you can click through to the specific areas set out below.
I. Important Information And Who We Are
II. What Categories Of Personal Information Do We Gather About You?
III. How Is Your Personal Information Received, Collected, And Used?
IV. How Might We Use Your Personal Information?
V. With Whom Do We Share Your Personal Information?
VI. International Transfers (EU/EEA, UK, And Other Applicable Jurisdictions)
VII. Data Integrity And Security
VIII. Minimization, Retention, And Deletion Of Personal Information
IX. EU/EEA AND UK Specific Clauses
X. Acceptance And Changes To This Policy
XI. Who Should You Contact If You Have Questions?
I. Important Information And Who We Are
As a not for profit organization, ISCT, International Society for Cell & GeneTherapy ("ISCT", "we", "us" or "our") uses Personal Information to advance our mission to drive the translation of all cellular therapies for the benefit of patients worldwide and improving patients’ lives through safe and effective cellular therapies. This privacy notice aims to give you information on how ISCT receives, collects and processes your Personal Information in connection with our website www.celltherapysociety.org, our annual and regional meeting websites, mobile applications or “apps” (including our apps for our conferences and events), social media channels, electronic newsletters and other ISCT digital properties (the “Digital Properties”), the ISCT journal and our other print publications, our sponsorship recruitment, volunteering, grants, and any of our other products or services (for example, podcasts, our meetings, conferences, and other events, marketing and promotions, surveys, research projects, and other products and services advancing our mission). These are collectively referred to as “Services” throughout this privacy notice. Data and privacy law in certain jurisdictions differentiates between the “controller” and “processor” of information. ISCT is the controller and responsible for its websites.
“Personal Information” is information that can be used to identify you, directly or indirectly, alone or together with other information. Personal Information may include, but is not limited to, your name, physical addresses, telephone numbers, e-mail addresses, company affiliations and associated interests. It may also include your history of transactional activities that you had on our Digital Properties. It does not include data where the identity has been removed (anonymous data). Certain information may not be personally identifiable when standing alone (e.g., your age), but may become so when combined with other information (e.g., your age and name).
Children’s Online Privacy Protection.
Our Digital Properties and Services are not designed or intended for children under the age of 13. We do not knowingly collect or store any Personal Information for children under the age of 13. If you are under 13, please do not provide us any personally identifying information.
Third party links and applications.
Our Digital Properties may include links to third party websites, platforms, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites, platforms and applications and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications, or leave our Digital Properties.
II. What Categories Of Personal Information Do We Gather About You?
We may collect, use, store and transfer different kinds of Personal Information about you which we have grouped together follows
- Identity Data (for example, your first name, maiden name, last name, username or similar identifier, birth year, gender, title, government issued IDs, or other demographic information).
- Contact Data (for example, your billing address, delivery address, email address and telephone numbers).
- Financial Data (for example your bank account and payment card details).
- Transaction Data (for example, details about payments to and from you and other details of Services you have purchased from us, taxes, spending habits).
- Technical Data (for example, your internet protocol (IP) address, internet service provider (ISP), your login data, browser type and version, browser language, referring/exit pages, operating system, date/time stamp, clickstream data, time zone setting and basic geolocation, device type, unique device identifiers, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our Services and Digital Properties).
- Location Data (for example, if a meeting lanyard has a QR code and you permit us to scan that, or if you use our mobile applications and permit certain precise location settings and permissions, you consent to providing us with access to your precise geolocation information—such as information based on your GPS coordinates—so that we can deliver customized content to you based on your current location. You may withdraw this consent at any time by turning off those same settings and permissions in your app and mobile device, but such withdrawal will not affect the lawfulness of processing the previously collected information).
- Usage Data (for example, information about how you use our Digital Properties and Services, including, for example, if you contact ISCT, we may log information about the means through which you contacted us and our interaction with you).
- Profile Data (for example, your username and password, purchases or orders made by you, your interests, preferences, feedback and identified-survey responses; country of origin; source of wealth; job information; preferences; behavioral; character; professional; social status; demographics; ownership, e.g. cars, houses, apartments, personal possessions).
- Marketing and Communications Data (for example, your preferences in receiving marketing from us and our third parties, if any, and your communication preferences).
- Employment Information. (for example, you may be asked to provide your past and current employment history when applying or volunteering for a position with ISCT.
- Image and Voice Recordings. (for example, if you attend or participate at one of our conferences or meetings, you may be photographed).
- Educational & Training Data. (for example, you may be asked to provide information about your education and training when applying or volunteering for a position with ISCT, or participating on our committees.
- Health Information (for example, you may share with us your dietary requirements or access needs/accommodations when attending one of our events)
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your Personal Information but is not considered Personal Information in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. Or, we may aggregate information about our members or supporters to provide materials and external reports, or to better fundraise. However, if we combine or connect Aggregated Data with your Personal Information so that it can directly or indirectly identify you, we treat the combined data as Personal Information which will be used in accordance with this privacy notice.
Personal Information does not include, and this privacy notice does not cover, data from which individual persons cannot be identified, where the identity of an individual has been irretrievably removed, or situations in which personal information is anonymized.
Special Categories of Data (EU/EEA, UK, and Other Applicable Jurisdictions)
Generally we do not collect any Special Categories of Personal Information about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data), nor any information about criminal convictions and offences, in connection with our Services and Digital Properties. However, there may be times where we do need such information. For example, we may need to run a background check if you when applying or volunteering for a position with ISCT. Or, for example, if you attend one of our conferences and have accessibility requests or dietary restrictions, which requires us to use that information. Where required to do so under applicable data protection laws, we will rely upon the appropriate lawful basis for using such Special Categories of Personal Information, and we will either notify you and do so on the basis of your explicit consent or another legal basis afforded to us under law.
If you fail to provide Personal Information
Where we need to collect Personal Information by law, under the terms of an agreement we have with you, for our legitimate interests, or other applicable lawful bases and you fail to provide that information when requested, we may not be able to perform our Services with or for you, process a donation being made by you, or otherwise fulfil or meet your request. We will notify you if this is the case at the time.
III. How Is Your Personal Information Received or Collected?
There are different ways that we may collect information about you, but generally we will collect your Personal Information from either you (directly or indirectly), third parties, or public resources. For example:
1. Directly from You. We may collect your Personal Information directly or indirectly from you, offline or online. For example, you may provide us with your information when you set up a membership account or register for and/or attend an event, or to volunteer or work with us, apply for and join a committee, use our Services, participate in a survey, request information or order products from us, or otherwise communicate with us. You may also provide us with your Personal Information when you submit an abstract for an ISCT publication or event, inquire about or apply to speak, sponsor or exhibit at an ISCT event, or purchase space for a job posting on our career center page. Depending upon your device and browser settings, we collect your personal information, including information about your device, via cookies and tracking mechanisms. This is further described here.
2. Information from Third Parties. We may receive your Personal Information from third parties, offline or online. As is the case with most organizations, ISCT uses subcontractors and vendors to assist with our technology, security, payment processing, order-fulfillment, delivery, advertising/marketing, analytics, mobile app-development and –deployment, and other business services who, in the course of acting on our behalf, may provide us with your Personal Information. We may receive your Personal Information if you are a researcher, clinician, or other industry professional that a third-party recommends to us for involvement with ISCT, such as an event speaker, a member, researcher, exhibitor, or the like. For example, you may be recommend by your institution, an ISCT member or volunteer, or one of our event or conference partners. Another third party source of your Personal Information may be through social media, which depends upon your privacy settings with that third-party platform (as explained further, here).
3. Public resources. We may also collect your Personal Information from public resources, which is usually used to supplement Personal Information we have received from our members, supporters, volunteers, research partners, and staff, but may also be of prospective supporters, volunteers, or research partners in order to efficiently fundraise or to identify individuals who will help advance our mission. For example, we may collect Personal Information from corporate or university websites, society or research websites and curated databases, annual reviews, mailing change of address lists, electoral registers, news or journal websites, or other similar publicly available resources.
IV. How Might We Use Your Personal Information?
1. To Provide Services/Products. We may use your Personal Information to advance our mission, maintain, support, personalize, and improve our Services (including products and Digital Properties), deliver and provide the requested Services, communicate with you about those Services (including to request feedback) or participation in surveys, discuss your account, process your membership application or renew your membership, and comply with and enforce contractual obligations. This includes, for example, to help manage transactions (including webinar and event registrations), set up or renew user accounts, reporting, invoices, subscription renewals, payment processing, and other operations related to providing Services. This also includes helping us delivering relevant print and Digital Properties’ content to you and measure or understand the effectiveness of the content we serve to you. And, it may also enable us to send you notifications about product and service changes, updates, fixes, patches, or other similar operational (non-marketing) communications.
2. To Provide Relevant News and Developments about ISCT Services that may be of interest to you. When you sign up to receive our Services (for example, memberships, our newsletters or journal, job postings, webinars, mobile apps, events and conferences, we may use your Personal Information necessary to provide you information about a new or improved Service (including products) similar to what you may already receive, major changes to ISCT properties, an upcoming event, or other necessary marketing communications on our behalf. We may share your Personal Information with third party service providers (such as Email Campaigner) to facilitate these communications on our behalf and at our direction. We may also obtain and use information about you from other companies or organizations that have your permission to share that information, as well as from other online and offline sources, which we may then combine with information that we collect directly and indirectly from you, for these purposes.
Opting Out: If you wish to discontinue receiving these marketing messages sent by us, simply a) follow the unsubscribe options at the bottom of the email, b) manage your profile settings in your member profile settings, here, or c) email us at email@example.com. If you wish to opt out of receiving any direct mail or telephone solicitations from ISCT, you may notify us by calling 604-874-4366 or emailing firstname.lastname@example.org]. Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so they can suppress your name, from future solicitations. Also, if you are a member or subscriber to our products or services, you will continue to receive information and communications pertaining to your ISCT account and/or ISCT services even where you have opted out of marketing communications.
3. To Provide Information about different ISCT Services and third party marketing. When you sign up to use our Services, with your consent, we may use your Personal Information to communicate with you about different products and services that may be of interest to you, and which may be provided by ISCT, or by our partner organizations, Marketing Partners (defined below), event and conference sponsors, exhibitors, and partners, or other third parties. These marketing communications may come from the ISCT or from the third parties. Unless otherwise required by applicable law, we will not use your phone number to initiate a call or text message exchange for direct marketing purposes with you, without your express prior consent.
Withdrawing Consent: You can manage which communications you would prefer to receive, or elect to not receive these direct marketing communications, or have your Personal Information not shared with third party partners providing the marketing communications, by: a) not initially selecting the option provided to receive such communications, b) using the unsubscribe link in a direct marketing email, c) manage your profile settings in your member profile settings, here, or d) email us at email@example.com . If you wish to opt out of receiving any direct mail or telephone solicitations from the ISCT, you may notify us by calling 604-874-4366 or emailing firstname.lastname@example.org. Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so they can suppress your name, from future solicitations. Also, if you are a subscriber to our products or services, you will continue to receive information and communications pertaining to your ISCT account and/or ISCT services even where you have opted out of marketing communications.
4. Inquiry/Request Response. For example, we may use your Personal Information when you contact us for information or support for our Digital Properties, Services, or other information (such as meeting exhibition or sponsorship enquiries), in order to respond and provide the appropriate assistance and response.
5. Processing of Orders. We may use Personal Information when you submit an order, purchase, or other transaction through our Digital Properties or by other means, such as over the phone or mail, or otherwise intend to take advantage of our Services. In order to process these orders and manage your payment methods, it may be necessary for us to share your information with a third party service provider and/or to combine your information with other information we have collected from you, third parties, or public sources. For example, in order to confirm and verify the information you are providing us is current and accurate, or to securely process your payment information.
6. Processing applications for fundraising/funding/grants and for administration of our role in the projects we fund.
7. Administer donation, legacy, or support fundraising.
8. Building and maintaining sponsor/supporter/sponsor profiles. Successful sponsor and supporter recruitment is critical to our operations and the advancement of our mission. This requires us understanding not just our past and existing supporters and members, but prospects as well—which is accomplished by the thoughtful and effective process of building supporter profiles using the information that we receive from our supporters and members and combining it with information from third parties and public resources. We may enter your personal information into a secure database to keep track of previous sponsorship commitments, as well as present and future sponsorship commitments or interests. We will always take into consideration our supporters’ and members’ communication preferences when undertaking this process.
Opting Out: You are free to opt-out of this activity at any time. If you wish to do so, email us at email@example.com or call 604-874-4366. Please note that, in such cases, it will remain necessary for us to process your Personal Information to the extent it is needed to maintain a suppression list, and we may also be required to disclose your opt-out information to third parties so they can suppress your name, from future profiling building.
9. Conduct due diligence and ethical screening. We may use your Personal Information to conduct due diligence when reviewing your application for membership, registration for a meeting, application to sponsor or exhibit, or any other forms of activity with the Society.
10. Generate reports on work, services and events provided. We may use your Personal Information to generate a post-event report or project report that will enable the Society to assess attendance, delegate demographics, project outcomes and deliverables to advance the mission of ISCT.
11. Apply for grant(s) or funding. We may use your Personal Information to support a grant or funding application in which details regarding our membership base or attendee profile is required. This information is anonymized and only includes information necessary (geographic location, area of expertise, organization type, job level) to support certain metrics or criteria set as per grant or funding guidelines.
12. Surveys, Feedback, Reviews, Testimonials, and Exemplars. For example, we may use your Personal Information when you choose to engage with us in an interview panel, online reviews, survey, or otherwise give us feedback. Also, we may use member or volunteer testimonials or exemplars in or on our Digital Properties, publications, or other ISCT marketing materials, which may require the inclusion of Personal Information, such as your name, photograph, or other identify or Profile Data.
13. Monitor Digital Properties Usage, Trends, and Experience. As is true with most websites and digital properties, when you interact with our Digital Properties, or by email, we may automatically collect, or facilitate the collection of, Personal Information on your interactions with us and our Digital Properties and about your equipment. For example, we may collect Personal Information by using first and third party cookies, Flash cookies, HTML5 local storage, server logs, web beacons, clear gifs, and other similar technologies.
We use these automated technologies and the Personal Information collected for different purposes. For example, some are strictly necessary for the core functionality of our Digital Properties and providing our Services, including performance analytics, personalization, and in order to provide secure Digital Properties and Services, and automatically deployed. We may tailor your interactions with our Digital Properties when you are logged in using your member account by remembering information you entered on our websites or to provide information you requested on our Digital Properties, including member content access. They also help us know where you have indicated certain cookie preferences, including refusals, to ensure your preferences are honored.
We also use functional cookies and technologies to help us improve our Digital Properties and Services, as well as member, donor and visitor relationships and experiences. For example, we may use third party applications and automated technologies, like Google Analytics and New Relic, to determine how often our members and visitors access or read our content, so we can enhance our Services, provide the most interesting content and events, and increase engagement and membership. You can learn more about Google Analytics here.
14. Vendors, Consultants, and other Service Providers. We, and third party subcontractors acting on our behalf, may use your Personal Information in connection with the operation of our business and the Services we provide you, including for the functionality and security of our Digital Properties and other ISCT properties, to satisfy legal obligations or enforce legal rights, to enhance and otherwise improve our Digital Properties, Services and content, to provide you with enhanced experiences, and to advance the ISCT mission. These third parties and public sources could include: our research and not-for-profit partner organizations], subcontractors in technical, payment, delivery, meeting, event and conference, marketing, recruiting, and survey services, analytics providers, marketing partners, search information providers, social media platforms, or (if you are applying for a job) background checking agencies.
Some third parties gather Personal Information on our behalf for the purpose of understanding how users are using our sites, making improvements to our sites, services, content, and products, and for providing or delivering the Services. We do not control third party service provider websites, platforms and applications collecting your Personal Information, in this regard, and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications, or leave our Digital Properties. You may also be able to manage the automated technologies being used for these purposes, and your preferences, through your device and browser settings.
15. Third Party Sites. We may allow you to interact with a third party's website, mobile application, or digital property (collectively "Third Party Sites") through our own websites, apps, or digital properties. When doing so, we may collect Personal Information that you share with Third Party Sites depending upon that Third Party’s privacy practices and, possibly, your privacy settings with that Third Party. We do not control these third party websites, platforms and applications collecting your Personal Information and are not responsible for their privacy statements. We encourage you to read the privacy notice of every website you visit or application you use when you use or enable these platforms and applications, or leave our Digital Properties. Some sections of our websites are operated by third parties.
16. Marketing Research/Statistics. We may use your Personal Information as necessary to help us and our third party marketing partners acting on our behalf (“Marketing Partners”) fundraise, research and develop new products, services, updates, generate support and research, or the like on our behalf. For example, we may analyze statistical, demographic, and marketing information for areas of research development or study, meeting topics, or to understand usage and traffic trends to grow our membership, supporters, visitor traffic, services reach or the like, or to improve our relationship with you. Or we may collect and use your Personal Information to gauge the effectiveness of our communications, marketing, and fundraising campaigns. We may also obtain certain data about you from third party sources including our Marketing Partners or other vendors, consultants and Service Providers to help us provide and improve our content, products, events, Services, and Digital Properties, as well as for marketing and fundraising. We may combine that data with information we obtain from our products, Services and Digital Properties, or third parties to enhance your experience and improve our content, products and services.
17. Marketing and Advertisers. We may use your Personal Information and share that information with third party advertisers or sponsors, for example, at our conferences, in order to support and grow our membership and advance our mission as well as bring you relevant content, information, and events. For example, your Personal Information may be used to inform sponsors or prospective event partners about the nature of our membership and attendee base and the number of unique members affiliated with a particular area of expertise, or geographical location. We may also use your Personal Information to publish summary information regarding, for example, our membership base, volunteers, researchers, or the like for promotional purposes and as a representative supporter base for prospective supporters or sponsors.
18. When we provide you geographically relevant Services, offers, or marketing. With your consent, which may be provided when you enable certain features on your mobile or electronic device, we may collect and use your location data, and use such information to improve our Digital Properties, content, and Services. You may have the right to withdraw your consent at any time by changing the settings on your app or by deleting the app, but such withdrawal will have no impact on the lawfulness of the prior processing. Please note some features and functions may not work properly if location services is/are disabled.
20. Events. For example, we may use your Personal Information when you register for and/or attend a conference, presentation, seminar, or other in-person or online (e.g. a webinar) event hosted or sponsored by us, which attendance is in a business to business capacity. If you are an ISCT member, your Personal Information will include information already in your membership account. We may use your Personal Information if you are submitting an abstract for one of our events. We may also use and share your Personal Information if you are speaking or presenting at our event, or are interested in doing so. Regardless of whether you are a presenter/speaker, attendee, sponsor, or exhibitor (e.g. a “delegate), we will retain and use your Personal Information as a record of your involvement to provide you with additional associated Services, inform you about other events and Services of interest, and to assist ISCT and our event partners in improving our services and advancing our mission. Depending upon your permissions, we may include your information on attendee lists to provide service providers, delegates, exhibitors, and sponsors pre- and/or post-event. Additionally, our events may be photographed and recorded, in which case your Personal Information (e.g. your likeness) may be processed. If you have any questions or concerns in this regards, you may email firstname.lastname@example.org. Please include in the subject line: "Personal Information Photo and Video Question". We may also use Personal Information that you provide us which includes health information if, for example, you have dietary or access needs at the event. Our events and conferences may also make use of lanyard or badge tracking to, for example, facilitate access to educational sessions, the exhibit and poster hall, and meals, and connecting with exhibitors.
Our events provide significant business and professional networking opportunities. So, some of our events may have a dedicated mobile app associated with the event that will help you make business connections with fellow delegates (including sponsors and exhibitors), and them with you, using meeting request and messaging features. The app may also help you with your schedule, getting around the event and locating sessions, accessing speaker bios, and other useful tools. We need to share your Personal Information with our event app developer for your app account setup and to verify that you are a delegate to the particular event. Unless otherwise specified, all your Personal Information that we use for an app is mandatory and failure to provide this information may make it impossible for the app to function in alignment with the services we provide. When you download the app, it is necessary for us to share with fellow delegates using the app some of your business Personal Information (e.g. name, organization, title, and city/country) in order to help facilitate your in-app connections. No contact information (e.g. email, telephone number, mailing address) will be displayed. If you do not want this Personal Information shared within the app, please contact us with your questions and concerns at email@example.com. Please include in the subject line: "Personal Information in Mobile Application". In order to enable meeting requests and messaging features, your profile must remain unhidden and the appropriate settings selected. Also, please be careful when messaging any other Personal Information to someone within the app, as we cannot control how they may use the Persona Information you choose to share.
In some cases, you may sign up directly with the third party that is facilitating the event (or certain aspects of the event) on our behalf and we are then provided your Personal Information from them. If you are interested in learning more, you may email firstname.lastname@example.org. Please include in the subject line: "Persona Information Shared with Third Parties" and include the event that you are referring to.
21. Online Forum Engagement. We may use your Personal Information when you engage with our websites, digital properties and online communities. We may provide on our websites and digital properties the ability to use your Member profile to post comments and messages in discussion boards, comments, online forums, and other interactive technologies that may be tied to your membership and/or username and email. Please be careful when posting Personal Information, as information you post in such community forums is public information and we cannot control how third parties may use the Personal Information you choose to share. This may also include when you interact with our social media pages, submit content, leave reviews, or otherwise enter information into comment fields, blogs, message boards, events, and other online and digital forums (including our event apps) sponsored by or affiliated with ISCT. Please note that our online forums are public within the ISCT community, so we recommend that you exercise care in deciding what information and content you wish to disclose.
22. Government Reporting/Audit/Requests Requirements. We may use or share Personal Information in order to satisfy governmental reporting, tax, and other requirements (e.g., import/export), as required by law. This may include having to meet national security or law enforcement, regulatory, or self-regulatory requirements.
23. To verify and/or authenticate an identity, access rights, privileges, etc. For example, we may use Personal Information to authenticate and permit access to donor, member, meeting delegate, and/or user account information.
24. At your Direction. We may collect and use your Personal Information at your direction or as otherwise needed to fulfill the purposes for which you provided the Personal Information or that were distributed when it was collected.
25. Security. In order to protect the security and integrity of ISCT systems, facilities, and business operations, or that of locations where we have events, Personal Information may be used by us and shared with relevant non-ISCT parties. For example, if you visit an ISCT location or attend an event, we may be required to share your name and other Personal Information with security at the location or you may appear on CCTV.
26. Other Business-Related Purposes. For other business-related purposes permitted or required under applicable local law and regulation or to enforce our agreements, policies, and terms of service.
27. As otherwise obligated by law. For example, subpoena or similar legal process compliance, if we have a good faith belief the disclosure is legally necessary for the protection of rights, safety, or fraud investigations, to protect ISCT, you, our members, supporters, volunteers, researchers, partners and other pertinent parties, or the public from harm or illegal activities.
28. Emergency. To respond to an emergency which we believe in good faith requires us to assist in preventing the death or serious bodily injury of any person.
29. Consent. If we otherwise notify you and you consent to the sharing.
30. Staff Administration.
31. ISCT Job and Volunteer Application Administration. For example, if you apply for a position with ISCT, your Personal Information will be used for us to process your application. We may also use your Personal Information to analyze, determine, and improve the effectiveness of our hiring or volunteering initiatives, which is usually done in the aggregate. We will provide you with additional information and notice about how your Personal Information is used in connection with employment and volunteer opportunities at the point of collection.
32. Internal Audits and Compliance Reviews.
Third Party Personal Information.
Please keep in mind, before you disclose to use the Personal Information of another person, you must obtain that person’s consent to both the disclosure and the processing of that information in accordance with this Privacy Notice. If you choose to provide us with that Personal Information, you represent that you have that other person’s permission to do so.
Change of purpose.
We will only use your Personal Information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us, as set forth in Section XI of this privacy notice.
V. With Whom Do We Share Your Personal Information?
Except as set out in this privacy notice or as required by law we do not sell, license, rent, or swap your Personal Information without your permission. We may have to share your Personal Information with the categories and types of parties set out herein for the purposes outlined in Section IV. For example, we may share your Personal Information between not-for-profit partner organizations, with our service providers and vendors, with our social media platform providers, other ISCT members and online forum visitors, or research and analytics solution providers. We require all third parties to respect the security of your Personal Information and to treat it in accordance with the applicable law. Here are some examples of how we may share your information:
1. Within ISCT. For example, our Personal Information may be shared within ISCT, including our various committees, and (depending upon your account settings) among ISCT members, to provide our Services and to better understand our business, analyze our operations, improve the Services, to develop new Services and areas of interest, to support our organization and advance our mission’s goals. In addition, we share Personal Information to provide our members with information on the Services that we think are most relevant to them and to enable us to measure the success of our marketing activities.
2. Service Providers and Vendors. For example, we contract with service providers to help us with credit card and bill processing, shipping and delivery, email distribution, list processing, analytics, promotions management, fundraising, event facilitation, and other services to advance our mission. We provide service providers only with the information they need to perform their services. [For example, if you are an ISCT donor or member, we may share your email address with a service provider necessary to send you emails (including newsletters) on our behalf. That service provider may not share your email address or Personal Information with other companies, and may only send you emails on behalf of ISCT. Other service providers may help us with delivering or shipping to you our print publications, or other products you may order, and to ensure fulfillment of your orders, purchases, and registrations. Another we may share, or facilitate the sharing of, your Personal Information is with third party retail or payment processing platforms or vendors in order to process and confirm payment. Or, we may share your Personal Information with third party customer service providers and vendors that allow us to assist in answering and addressing your technical issues, complaints, or inquiries, as well as to receive and collect your feedback on our Services, etc. As described in Section IV, we may also engage service providers to collect and analyze information about your use of our Digital Properties in order for us to improve our Services and grow our business.
3. Social Media Platforms. We may use widgets and tools from third party social media platforms on our Digital Properties to enable sharing and other functions through social media platforms, which facilitates the collection and sharing of your Personal Information by these social media platforms.
4. Promotions, Contests, Surveys, and Events. We may facilitate the collection of, or share your Personal Information with a third party service provider, vendor, co-host, co-sponsor, event exhibitor, or the like when we conduct, administer, host, or co-sponsor promotions, contests, surveys, or events.
5. Marketing Partners. We may share personal data with third parties, so they can assist us in promoting our Services and our mission on and off our Digital Properties to current and future members, event partners and attendees through targeted marketing campaigns.
6. Research or Industry Partners.
7. Event partner-organizations, sponsors, attendees, exhibitors, and service providers. As also explained above, we may share your Personal Information with delegates (including attendees, sponsors, co-sponsors, exhibitors, and speakers), service providers and other third parties involved with our events that you are attending or participating in. For example, we may provide our event sponsors and co-sponsors, partners, exhibitors, and fellow-attendees with an attendee list so they know who is attending and, if permitted by you, to contact you with information related to the event. If you do not wish to have your information included on the attendee list or to receive information from our sponsors, co-sponsors, partners, and exhibitors, you may express your preference upon registration or contact us directly at email@example.com with a clear subject line description. We will not share your information with them for their marketing purposes without your consent, which may be obtained at the time of your registration or through a supplemental privacy notice, but will not be required in order to attend.
8. External Grant Reviewers.
9. Academic and commissioned commercial researchers.
10. Auditors and Due Diligence.
11. The Public (e.g. publishing a grant-holder name and application title on website).
12. Merger or Acquisition Partners. We may share your Personal Information with third parties to whom we may choose to sell, transfer, or merge parts of our organization or our assets. Alternatively, we may seek to acquire other organizations or merge with them. If a change happens to our organization, then the new owners may use your Personal Information in the same way as set out in this privacy notice.
13. With other third parties, as required for legal compliance, law enforcement, public safety, or security purposes. For example, we may disclose your Personal Information if we have a good faith belief that disclosure is necessary to comply with the law or with legal process, such as to comply with a subpoena, protect and defend our rights and property, to protect against misuse or unauthorized use of our websites, or to protect the personal safety or property of our users or the public. Or, for example, we may release Personal Information to comply with a court order or subpoena. Or, if you provide false information or attempt to pose as someone else, we may release Personal Information as part of any investigation into your actions.
California Privacy Rights.
If you are a California resident, you have the right, under California Civil Code Section 1798.83, to request and obtain from us, once a year and free of charge, a list of the third parties to whom we have disclosed Personal Information for their direct marketing purposes in the prior calendar year. Please email requests for such information to firstname.lastname@example.org.
VI. International Transfers (EU/EEA, UK, And Other Applicable Jurisdictions)
ISCT is a nonprofit, tax-exempt 501(c)3 organization under United States law and many of our external third parties are based outside the EU/EEA. If you are a resident of the EU/EEA and the UK, in order to perform our contractual obligations with you, if any, as well as for operational and other legitimate interest reasons, we may process, store, and transfer Personal Information in a country which may be outside of your own, such as the United States and Canada. By providing us with your Personal Information you acknowledge such transfer of information out of your jurisdiction. If you do not wish for certain Personal Information to be so transferred, please do not provide your Personal Information to us and/or take such steps described herein to prevent the collection of your Personal Information. Please note in your doing so, and without such information, we may be unable to provide this Service to you. If you have any questions, please contact us.
VII. Data Integrity And Security
We have put in place commercially appropriate security measures to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed, and to maintain its accuracy and integrity. While no security is impenetrable, we implement and maintain commercially appropriate technical, physical, administrative and organizational measures to ensure a level of security appropriate to the risk for our use of the Personal Data, taking into account the state of the art, the costs of implementation, and the nature, scope, context and purposes of processing. For Personal Information of EU/EEA and UK residents, we also take into account the risk of varying likelihood and severity for the rights and freedoms of natural persons. We maintain, monitor, test, and upgrade information security policies, practices, and systems to assist in protecting the Personal Information that we knowingly collect from you, and to maintain the ongoing confidentiality, integrity, availability and resilience of our systems and services. ISCT personnel receive training, as applicable, to effectively implement our privacy policies. We also employ access restrictions, limiting the scope of employees who have access to Personal Information and are subject to a duty of confidentiality. Only employees who need the information to perform a specific job are granted access to personally identifiable information and/or Personal Information.
ISCT has implemented physical and technical safeguards, online and offline, to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alternation, or destruction. Despite these precautions, no data security safeguards guarantee 100% security all of the time. We have put in place procedures to deal with any suspected personal information breach and will notify you and/or any applicable regulator of a breach where we are legally required to do so.
VIII. Minimization, Retention, And Deletion Of Personal Information
We will only retain your Personal Information for as long as necessary to fulfil the purposes we collected it for, including, for example, for so long as we provide you with Services, and for the purposes of satisfying any legal (including but not limited to enforcement of agreements or resolving disputes), accounting, or reporting requirements.
To determine the appropriate retention period for Personal Information, we consider the amount, nature, and sensitivity of the Personal Information, the potential risk of harm from unauthorized use or disclosure of your Personal Information, the purposes for which we process your Personal Information and whether we can achieve those purposes through other means, and the applicable legal requirements. In some circumstances you can ask us to delete your data: see Request Erasure below for further information. When we have no ongoing legitimate business need to process your Personal Information, we will either delete or anonymize it, or, if this is not possible (for example, because your Personal Information has been stored in backup archives), then we will securely store your Personal Information and isolate it from any further processing until deletion is possible. If you wish to cancel your account or request that we no longer use your information to provide you Services, contact [email@example.com].
In some circumstances we may anonymize your Personal Information (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
IX. EU/EEA And UK Specific Clauses
Lawful Basis for Processing (EU/EEA; UK)
Regardless of your jurisdiction, we will only use your Personal Information when the law allows us to. That said, if you are a resident of the EU/EEA or the United Kingdom, our lawful basis for collecting and using your Personal Information will depend on the Personal Information concerned and the specific context in which we collect it. Generally we will not collect or access any Personal Information other than under the following circumstances:
- Where we need to perform an agreement we are about to enter into or have entered into with you.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal, regulatory, or self-regulatory obligation.
What we mean by legitimate interests is the interest of our business in conducting, managing, and growing our organization to enable us to advance the ISCT mission, to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your Personal Information for our legitimate interests. For example, Personal Information which may be necessary for the daily operation of the ISCT’s services, handling our supporters’, members’, volunteers’ and visitors’ inquiries, direct marketing of products and services, completing transactions, making disclosures under the requirements of any applicable law, and the provision of our services and products to our supporters, members,, volunteers, and visitors, and prospective supporters, members, volunteers and visitors (and which may be further described in Section IV above). Without such information, the ISCT may be unable to provide its services and products to you, our supporters, members, and volunteers and prospective supporters, members, and volunteers. We do not use your Personal Information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need additional details about the specific legal ground we are relying on to process your personal data.
Where we rely upon your consent to process the Personal Information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal.
We recognize and respect that your privacy and Personal Information is important, and that under circumstances you can make decisions about the Personal Information collected by us. Please keep in mind, though, that if you decide to not provide information required by us in order for us to provide a service or product, your use, and our provision, of our Digital Properties or Services may be limited or impossible to facilitate.
Your Data Subject Rights (EU/EEA and UK)
Under certain circumstances, you have rights under applicable data protection laws with respect to Personal Information we knowingly collected. Please click on the links below to expand and find out more about those rights .
- Request erasure of your personal data
We will try to comply with any of these requests pertaining to your Personal Information in accordance with applicable law. Please recognize that we may in certain circumstances be unable to provide the access or information sought, or correction or deletion requested. For example, we may be unable to fulfil a request if it requires us to release commercial confidential information, the disclosure of Personal Information relating to another person that is not the requestor, or would result in impracticability, excessive redundancy, and/or an undue burden or expense to ISCT. We may need to verify your identity before acting on your request. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
You will not have to pay a fee to access your Personal Information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- Choice. ISCT enables you to have the ability to determine certain privacy preferences that can serve to modify your Personal Information collected. For example, through email marketing preferences, browser cookies, settings, and location settings. However, cookies are very important for our Digital Properties to properly function and disabling or limiting their use may limit or interfere with your experiences or ability to access website features, functions and customizations, particularly user accounts.
- Right to Access. A person who has provided his or her Personal Information directly to us may have certain access to their Personal Information and to check that we are lawfully processing it.
- Correction. You may request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. In making modifications to your Personal Information, you must provide only truthful, complete, and accurate information. In your request, please be as clear as possible what Personal Information you have provided to us and what Personal Information you would like edited and/or updated. Additionally, you may review and update your membership or account information and access your transactions history in your member account profile here, a centralized area where you can manage your relationship with ISCT
- Right to Request Erasure. In certain circumstances, you may request that ISCT delete or remove your personal data as permitted by applicable law. For example, when your personal data is no longer needed by ISCT, here you have successfully exercised your right to object to processing, if we processed your information unlawfully or where we are required to erase your personal data to comply with applicable law. Please note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing. You may object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- Restriction. You may request restriction of processing of your personal data which enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- Transfer.You can request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw consent. You may withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our privacy manager at:
Phone: 604-874-4366 (between 08:30am PT and 05:00pm PT)
Mail: 325-744 West Hastings Street, Vancouver, BC, Canada V6C 1A5, Attention Privacy Manager
X. Acceptance And Changes To This Policy
This Privacy Notice may be amended from time to time, consistent with the applicable data protection and privacy laws and principles. We will make employees aware of changes to this Privacy Notice either by posting to our intranet, through email, or other means. We will post those changes on our websites and in our apps so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it. We reserve the right to modify this Privacy Notice at any time, so please review it frequently. We will also notify you by email or a means of a notice on our websites and apps prior to the changes becoming effective, if we make changes that materially affect the way we handle Personal Information. If you do not wish your information to be subject to the revised Privacy Notice, you will need to deactivate with us and stop using our Digital Properties and Services. Your use of our Digital Properties and Services after the posting of such changes will constitute your consent to such changes.
By using ISCT’s Services and our Digital Properties, and/or submitting any of your Personal Information to us, you agree to the terms of this Privacy Notice. Please do not send us any Personal Information if you do not want that information used in this way.
XI. Who Should You Contact If You Have Questions?
For questions or concerns about this Privacy Notice or our security practices: We have appointed a data privacy manager who is responsible for overseeing questions in relation to this privacy notice and our security practices. If you have any questions or concerns about this privacy notice, or seeking to exercise any of your statutory rights, please contact the data privacy manager using the details set out below.
Phone: 604-874-4366 (between 08:30am PT and 05:00pm PT)
Mail: 325-744 West Hastings Street, Vancouver, BC , Canada V6C 1A5, Attention Privacy Manager
EU/EEA, UK Residents.
Subject to applicable law, EU/EEA residents, including the United Kingdom, who believe we maintain their Personal Information within the scope of the applicable privacy laws have a right to make a complaint at any time to their local supervisory authority or to [the Information Commissioners Office, the UK Supervisory Authority (www.ico.org.uk), for data protection issues. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
Updates to Personal Information: If you would like to update the Personal Information that we have about you, or if you no longer desire our Services, you can update your preferences at the member profile settings or contact our privacy manager at the above contact information.
Unsubscribe Requests: If you would like to contact us about unsubscribing from our email lists, you can do so by managing your member profile settings, by using the unsubscribe link in a direct marketing email, or emailing firstname.lastname@example.org and providing all of your email addresses that could appear on our email lists, as well as the name of the list, newsletter, or communication category from which you would like to unsubscribe.