Internet Society Statement of Privacy – August 2017

Note: This is an archived copy of a past privacy statement. Please see the current version for our latest privacy statement.

Internet Society Statement of Privacy Policy (“Privacy Statement”)

Effective date: 17 August 2017

Previous versions: 15 December 2011

The Internet Society’s Commitment to Responsible & Ethical Privacy Practices

In keeping with the goals and objectives of The Internet Society (ISOC), we are committed to the highest degree of respect for the privacy of our members, visitors to our websites and attendees of our events. In this Privacy Statement, we use “we,” “us” or “our” to refer to The Internet Society and “you” or “your” to refer to you, the user, member or visitor to our web sites. This Privacy Statement applies to all of our web sites (the “Sites”), including otalliance.org. For additional provisions of this Privacy Statement applicable to ISOC members (“Members”) scroll down or click here.

By accessing any of the Sites, you expressly and knowingly consent to the information collection and use practices described in our Privacy Statement.

Our commitment to your privacy, is based on the following principles which we apply to our use of your personally identifiable data (“Personal Data”):

  • We will describe the Personal Data we will collect;
  • We will inform you clearly about our collection and use of Personal Data;
  • We will seek your express informed consent to the use of your Personal Data;
  • We will give you control over the privacy preferences that apply to your Personal Data, including the right to change your mind about our use;
  • We will not sell, share or rent your Personal Data to others, without your separate express informed consent;
  • We endeavor to maximize the protection of your Personal Data, and provide you with prompt notice in the unlikely event that a data loss incident or breach occurs; and
  • We will endeavor to be completely transparent and open about our data privacy policies and practices.

Cross Border Transfers

If you visit our Sites from a country other than the United States, your communications will likely result in the transfer of your Personal Data across national borders. Our servers or offices may be located in countries other than the country from which you access our Sites, also resulting in the transfer of your Personal Data across international borders. If you provide your Personal Data when visiting one of our Sites from outside of the United States, you acknowledge and agree that this data may be transferred from your then current location to our offices and servers and to those of our affiliates, agents, and service providers located in the United States and in other countries. The United States and such other countries may not have the same level of data protection as those that apply in the jurisdiction where you live.

For site visitors who reside in the European Union, we will only transfer your Personal Data outside of the European Union to those (a) jurisdictions with “adequate protection” as used in the General Data Protection Regulation governing transfer of personal data outside of the European Union (the “GDPR”), or (b) those entities that have instituted appropriate safeguards as contemplated by the GDPR. In the absence of either of the matters described above, we will only transfer your Personal Data outside of the European Union with your express informed consent.

How Do We Collect Information?

We collect Personal Data in four basic ways:

  • You give it to us when you set up an account with us or register for an event including but not limited to webinars, signing up for a newsletter or making a comment on a blog or social media;
  • Responding to email inquiries or public calls for comments;
  • We automatically collect certain technical information when you visit our Sites, such as type of browser, operating system version and Internet protocol or IP address; and
  • We obtain legally available information from outside sources, including commercially available geographic and demographic information along with other publicly available information, such as public posts to social networking sites.

What Information Do We Collect?

As indicated above, certain information is automatically collected and reflected in our web server logs. We make no attempt to link this information with you or any other individual visitors to the Sites.

On the Sites, we give you the option of providing certain personally identifiable information, for purposes such as joining our organization, renewing your membership, participating in discussion groups, submitting inquiries and comments, or registering for a webinar or our conferences or events. This is your Personal Data and may include name, title, company/organization name, postal address, email address, work, home and mobile phone numbers and other pertinent data. This information is used only for the purposes and permitted uses described at the time of collection and for purposes permitted under this Privacy Statement.

How Do We Use Your Personal Data and Other Data Collected at Our Sites?

We do not sell, rent, or share any Personal Data supplied by you unless we first obtain your express informed consent. We may occasionally share Personal Data with third party subcontractors to perform services on our behalf, but only on contractual terms requiring compliance with the obligations under this Privacy Statement and other contractual terms that protect against misuse and unauthorized disclosure of Personal Data. Members may choose whether or not to receive these services.

We may use Personal Data to provide you with more effective customer service and to improve the Sites and any related products or services we may provide or make available. We may use your Personal Data to provide you with important information about the product or service that you are using, including critical updates and notifications. We occasionally hire other companies, consultants, and contractors to provide limited services on our behalf, such as website hosting, public relations, mailing, answering customer questions about products and services, and sending information including but not limited to our research, white papers, policy positions and events. We will only provide those companies the Personal Data they need to deliver the relevant product or service. They are required by contract to maintain the confidentiality of the Personal Data and are prohibited from using Personal Data for any other purpose. Except as set forth in this Privacy Statement, we do not sell or share any Personal Data to or with third parties. We may disclose Personal Data if required to do so by law or in the good faith belief that such action is necessary to (a) conform to the edicts of the law or comply with legal process served on us or the Sites; (b) protect and defend our rights or property, (c) act in urgent circumstances to protect the personal safety of our employees and staff, agents, users of our products or services, or members of the public, or (d) effect any merger, acquisition, or sale of all or a portion of our assets, in which case you will be provided notice of the following via email and/or a prominent notice on the relevant Site, (i) the change in ownership, (ii) the uses of your Personal Data in the transaction, and (iii)choices you may have regarding your Personal Data.

In addition to your Personal Data, we may also collect non-personally identifiable information, and anonymous analytics such as how many visitors we have to the Sites, when those visitors used the Sites, browser types and other information that is either aggregated or otherwise not associated with any individual visitor.  We may use this information to periodically analyze Site logs to assess aggregate usage trends in order to better serve the needs of visitors to the Sites and maximize the user viewing experience. Under some circumstances this information may be used for purposes of systems administration, fraud prevention or server troubleshooting and security.

The Sites may collect certain anonymous information about your visit, such as the name of the Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the date and time you access the Site; pages that you access while at the Site, and the Internet address of the website from which you linked directly to the Site. We may combine this automatically collected log information with other information we collect about you. This information is used to help improve the Site, analyze trends, and administer the Site.

In addition to the other uses specifically set forth in this Privacy Statement, with your consent, we will use Personal Data to:

  • Provide information or a service requested or consented to by you.
  • Assist in the performance of our activities and public interest functions.
  • Comply with relevant contractual obligations with you and other third parties.
  • Improve Site performance and content.
  • Improve your engagement and interaction with other members of our community.
  • Improve our engagement and interaction with you.
  • Confirm your identity.
  • Process a request or payment / donation submitted to us.
  • Comply with legal requests.

Can I Choose Not to Receive Email Communications?

We realize that unwanted and non-relevant email notices and communications can be unwelcome. Every promotional, event or related communication we send to you via email contains instructions and an easily discoverable link that will allow you to unsubscribe and stop all subsequent messages and/or direct you to a preference center to select topics of interest to you.

All of our practices are designed and intended at a minimum to satisfy state, national, provincial and federal legal requirements limiting email communications. In addition to these laws and regulations governing email marketing there are other laws and regulations governing telemarketing and direct mail. As a general rule, we do not engage in those types of targeted marketing activities including but not limited to device finger printing, profiling and or cross device tracking.

Credit Card Information

Credit card information is not collected or stored on our servers. When you conduct transactions through a Site, payment and payment card information for transactions with us is entered directly into a third-party processor’s systems and is not transmitted through or stored by us. The card processor provides us with an authorization code which is securely stored with the payment record on our servers.

Use of Cookies

Our Sites use third parties for web analytics services.  These third parties do or may use “cookies”, which are text files placed on your computer, to help analyze how you use a Site. The information generated by the cookie about your use of a Site (including your IP address) will be transmitted to and stored by these service providers servers in the United States. They will use this information for the purpose of evaluating your use of a Site, compiling reports on website activity for website operators and providing other services relating to website activity and Internet usage. They may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf.

You may refuse and block the use of all of our (and third party) cookies by selecting the appropriate settings on your browser. However please note that if you do this you may not be able to use the full functionality of our Sites and it might impact your overall experience.

Data Security

While no data transmission over the Internet can be guaranteed to be 100 percent secure, we take reasonable and appropriate measures designed to protect the security of data transmitted to us upon receipt. ISOC is a strong advocate of privacy enhancing technologies including our efforts with respect to encryption (see https://www.internetsociety.org/encryption). By default, the Sites encrypt connections between client devices and our servers to minimize the ability of any third party to “eavesdrop” on your Personal Data. In addition, where feasible, data is stored encrypted. If your browser does not support HTTPS encryption, you are encouraged to contact us by phone or in writing.

Our databases and system administration logs, are restricted to access by authorized and authenticated users. We use reasonable industry security standard safeguards (which may include physical, procedural and technical measures) to protect against the unauthorized disclosure of Personal Data. We take reasonable steps to ensure that Personal Data is complete and relevant to its intended use. We will take reasonable and appropriate security measures to protect against unauthorized access, disclosure, alteration or destruction of Personal Data. As required by GDPR, ISOC has a Data Protection Officer, and routinely reviews our data incident response plan.

Links

The Sites contain links to other sites, organizations and resources. Please be aware that we cannot be and are not responsible for the privacy or security practices of such other sites. We encourage you, when you leave our Site(s), to read the privacy statements of those other sites that collect personally identifiable information and have up-to date security and anti-virus software on all of your devices. This Privacy Statement applies only to the Sites.

Accessing and Updating Personal Data

Users may request access to their Personal Data collected and stored by us (if any) to verify if it is complete and accurate. At a minimum, we will respond to your request within any applicable timeframe required by law and will otherwise take reasonable steps to respond to legitimate requests to access, correct or update any such information retained by us. Requests may be sent by email to privacy at isoc.org.

Data Retention

We will only retain Personal Data stored on our servers in accordance with the legitimate needs of our business and as required or permitted by applicable law.  We will not retain any unused Personal Data on our systems longer than 13 months.

Social Media, Blogs & Discussion Groups

Please note that this Privacy Statement does not apply to any posting by you in any of our discussion groups, blogs, discussion threads, elists, chat areas or similar interactive areas of our Sites. Your participation in those discussion areas and anything you post in those areas constitutes your public disclosure and may be attributed to you and displayed, republished and otherwise disseminated by us in accordance with the terms of use agreement you agree to abide by in order to participate in those areas.

Compliance

Our collection and use of any of your Personal Data is subject to the laws and regulations of the countries and political subdivisions in which our users and Members reside.  We are and remain committed to complying with all such legal obligations and use these legal requirements as the minimum beginning point for our use and collection of Personal Data. Included in these laws and regulations are (a) the GDPR, which governs among other things, consents, uses and cross-border transfers of personal data concerning European Union residents, and (b) the California Online Privacy Protection Act, governing such matters with respect to California residents. If you have any questions regarding this Privacy Statement or you feel that the Sites are not following these legal requirements or our stated information policy, please contact us by email to privacy at isoc.org or at either of the addresses or phone numbers listed in the Contact Us section of the Sites. You may also contact us at that address if you have any concerns about the accuracy of, or wish to correct, your Personal Data we have collected from you.

Control of Your Personal Information “Do Not Track” Notice:

We respect enhanced user privacy control and support the development and implementation of a standard “Do Not Track” (DNT) browser feature, designed to provide users universal and persistent control over the collection, sharing and use of information by third parties regarding their web-browsing activities. Once the specification is finalized we intend to honor user’s requests with respect to browser tracking.

To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide your personal information to third parties as part of legal process.

Children / Minors

The Sites are not targeted at, directed to or intended for the use of children under the age of thirteen.  No person under the age of thirteen should use any Site or under any circumstances provide any Personal Data or other information at a Site.  If you become aware that any individual under the age of thirteen has used any Site, please contact us immediately at privacy at isoc.org.  By use of any Site you represent and warrant that you are over the age of thirteen.

Your California Privacy Rights

California Civil Code Section 1798.83 entitles California residents to request information concerning whether a business has disclosed Personal Data to any third parties for their direct marketing purposes. As stated in this Privacy Statement, we will not sell your Personal Data to other companies and we will not share it with other companies for them to use for their own marketing purposes without your consent.  For further information concerning your California Privacy Rights including “Do Not Track,” visit https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf

California Web Site Data Collection

We do not knowingly allow other parties to collect personally identifiable information about your online activities over time and across third-party web sites when you use the Sites. We provide information about the opt-out or opt-in choices available to users.

Contact Us

Any user, including California residents, who wish to request further information about our compliance with these requirements, or have questions or concerns about our privacy practices and policies, may contact us at privacy at isoc.org or by mail at:

Internet Society
Attn: Data Protection Officer
1775 Wiehle Avenue
Suite 201
Reston, VA 20190-5108

Member Personal Data, Communication & Database

“Members” are defined as individuals, companies, organizations and/or institutions that choose to have an agreed membership relationship with us.  We may collect additional information from those who make this choice. All Member data is covered by this policy.

Upon becoming a Member, we give you the option of providing certain personally identifiable information, for purposes such as joining our organization, renewing your membership, participating in discussion groups, submitting inquiries and comments, or registering for a webinar or our conferences or events. Your Personal Data may include your name, title, company/organization name, postal address, email address, work, home and mobile phone numbers and other pertinent data.

Some member types include voting rights.  In the case of online balloting for our elections, our voting Members are supplied with a unique identification that ensures only a single vote is registered per voting Member. The details of the actual votes are maintained only during the election process and solely to allow proper verification and audit of the election.

By joining ISOC, Members opt-in to the inclusion of their email contact information in our Member email communication and Member newsletter lists. Members can manage their email preferences including opting in and out of working groups, committees and special interest group (SIG) communications through the ISOC membership portal at https://portal.isoc.org/membership/membership-management-centre and through the OTA member preference center at https://otalliance.org/user/login.

Members may receive periodic email or postal mailings from us with information about us, upcoming events, or issues related to the Internet including but not limited to news, public policy and emerging best practices and standards. We offer you the opportunity to select which, if any, of these communications you would like to receive. Members may review or update their Personal Data by logging into the membership portal(s) and reviewing or changing their Personal Data directly.

You may also inform us by email, phone, or postal mail directed to the contact information provided on our Sites or, Members may also adjust these settings or change or correct their Personal Data by email to membership at isoc.org, or by contacting Us by phone using the Contact Us information available on our Sites.

Changes to This Privacy Statement

We routinely update this Privacy Statement to provide additional explanation and clarification of our practices and to reflect new or different privacy practices, such as when we add new services, functionality or features to our Sites. You can determine when this Privacy Statement was last revised by referring to the Effective Date above on this page. We will also provide an archive of our past privacy policies with the ability to plainly see the changes from one to another. Any changes to this Privacy Statement will also be announced on our home page.