This privacy policy relates to all services and communication by the International Association for the Study of the Commons (referred to in this privacy policy declaration as: IASC) related to the XVII Biennial IASC Conference, to be held in Lima, Peru, July 1-5, 2019 (referred to as: IASC2019). For the privacy policy of the IASC regarding non-IASC2019-related issues, we refer to the regular privacy policy of the IASC at https://www.iasc-commons.org/privacy/

Who are we?

The IASC is a US-based 501(c)3 non-profit organization, with its legal address at 513 North Park Avenue, in Bloomington, IN, USA. The IASC Secretariat currently is currently hosted by Utrecht University and is located at Drift 6, Utrecht, The Netherlands. As a significant number of IASC2019 participants will be EU-citizens, IASC will comply with the General Regulations on Data Protection (GRDP), which are in effect from May 26, 2018. For the full context of the GRDP, we kindly refer you to the official EU information website, https://www.eugdpr.org/.

The IASC can only be held responsible for the privacy policy regarding services and communication directly provided by the IASC. Other websites that may refer or are connected to the IASC website will have their own privacy policy. Wherever necessary, we will refer to the appropriate privacy policy.

What information do we collect?

We only collect and store the personal data that you permitted us to collect and store. We will only collect and store personal data that are absolutely required for the purpose these data should serve. The amount and the nature of these data depend on the services you allow us to use these data for; please see the table below.

Purpose Required data External party/parties involved
Abstract submission and registration
  • Name
  • E-mail address
  • Affiliation
  • Position
  • Dietary needs
  • Additional information provided by you
  • Order details
 Pontifical Catholic University of Peru, Universidad de los Andes (Bogotá, Colombia), reviewers
Payment by credit card
  • Name
  • Credit card details
 Stripe  (GRDP-compliant), PayPal (GRDP-compliant)
Membership payment by bank /wire transfer
  • Name
  • Bank account details
  • Invoice reference
 Chase Bank
Mailings
  • Name
  • E-mail address
 SendInBlue (GRDP-compliant)

 

Use of data by external parties

The IASC has selected well-known partners to support the services and activities of the IASC. The IASC has ascertained that these partners will be compliant with the GRDP.

Current partners are:

MailChimp

The IASC uses the MailChimp mailing system for sending general e-mails to distribution lists. The management of the mailing list lies however with the IASC Secretariat. For the terms and conditions as well as the privacy policy set by SendinBlue, see https://mailchimp.com/legal/privacy/

Stripe

The Stripe payment system is used for payments due via credit card. Name and credit card details are only used by Stripe to complete the payment and are not stored by the IASC. When performing payment via Stripe, you accept the policies set by Stripe (see https://stripe.com/nl/privacy).

PayPal

The PayPal payment system is used for payments due via credit card. Name and credit card details are only used by PayPal to complete the payment and are not stored by the IASC. When performing payment via PayPal, you accept the policies set by PayPal (see https://www.paypal.com/us/webapps/mpp/ua/privacy-full).

Chase Bank

When you pay any amount due via bank or wire transfer, data provided to complete the payment will be managed via Chase Bank, where the IASC bank account is located. As Chase Bank only has US-based customers, Chase Bank has no explicit GRDP-policy, but is compliant with all privacy conditions set by the US banking system. Any information will be used and stored in accordance with the conditions set by Chase (see https://www.chase.com/digital/resources/privacy-security).

Stichting Antenna

Stichting Antenna (Antenna Foundation) is a Dutch foundation that hosts the IASC2019 website on its servers. Although Stichting Antenna has server access for IT maintenance purposes, it is not provided with access to any personal data you provide. Also, Stichting Antenna has no login details that give direct access to any stored data. Stichting Antenna is GRDP-compliant.

Utrecht University

Utrecht University hosts the IASC Secretariat and as such provides the infrastructure to enable the IASC Secretariat to perform its duties. In consequence, Utrecht University’s IT-support staff will have access to the hardware used by the IASC Secretariat. The IT-support staff will however not be provided with access to any personal data of IASC-members and/or -contacts. Utrecht University is GRDP-compliant.

Pontifical Catholic University of Peru (PUCP)

As PUCP and the Universidad de los Andes are the host institutions of IASC2019, we will need to share your data to enable them to organize the conference and provide you with adequate communication on conference issues. We will however ensure that access to the information will only be on a need-to-know basis and will only include the data needed to organize the conference and provide you with adequate communication. Although PUCP and the Universidad de los Andes have no specific GRDP policy, we will ensure that data sharing with them is in accordance with the GRDP. Apart from that, PUCP also complies with its own Privacy Policy, which you can find at https://ares.pucp.edu.pe/pucp/lib/jsp/lpdp/PucpPoliticaPrivacidad.cv.en.jsp

Universidad de los Andes (Bogotá, Colombia)

As PUCP and the Universidad de los Andes are the host institutions of IASC2019, we will need to share your data to enable them to organize the conference and provide you with adequate communication on conference issues. We will however ensure that access to the information will only be on a need-to-know basis and will only include the data needed to organize the conference and provide you with adequate communication. Although PUCP and the Universidad de los Andes have no specific GRDP policy, we will ensure that data sharing with them is in accordance with the GRDP. Apart from that, PUCP also complies with its own Privacy Policy, which you can find at https://uniandes.edu.co/uso-de-datos-personales-uniandes

Right of disclosure / right of change

As the data we store are your own personal data, you of course have the right to ask which data we have stored and to request desired and/or required changes to the stored data. In order to execute this right, please send an e-mail to the IASC Secretariat (iasc@iasc-commons.org) stating the data it concerns. We will follow up on your request as soon as possible, but at the latest within 30 days after receiving your request.

Right to be forgotten

In case you want your data removed from our databases, please send an e-mail to the IASC Secretariat (iasc@iasc-commons.org) via the e-mail address you are registered with the IASC. We will follow up on your request as soon as possible, but in any case within 30 days after receiving your request.

How long will we keep your data?

We will keep your data no longer than necessary or as required by legal obligation. This means the following:

  • Data provided by you to the IASC for sending you the newsletter, sending you specific, tailored information, or for networking purposes will be removed from our databases within 30 days after we have received your request.
  • Data required to manage your membership of the IASC will be stored until ultimately 2 years after your membership expires.

Data security

  • Computers and internet connections used for handling your data are and will be secured as well as is feasibly possible against hacking, malware, and use by unauthorized persons. The IASC Secretariat will use all security measures provided by the host institution, i.e. Utrecht University.
  • All persons authorized to access any personal data will be bound by a confidentiality agreement not to disclose this information to persons not having authorization to access these data.
  • Daily server back-ups of all data are made in order to be able to restore any damage caused by material or technical incidents.

Audio-visual registrations

Please note that some events at IASC2019 may be recorded via video or photographs. As some of these recordings may be broadcasted or used on the internet and/or social media, you should be aware of the chance of being in one of these recordings; due to the size and logistics of the event it will be impossible to avoid this. We will however of course do everything possible to prevent any improper use of any recordings. In case of any problems, please contact the local organizers via conference@iasc2019.org, so we can find a suitable solution for all parties involved. Please do note that due to the massive use of cell phones IASC nor any of the hosting institutions can be held responsible and/or liable for any recordings made by other third parties.

Non-personal data

Our website automatically stores technical data when you use the website. These data are non-personal and anonymous and not retrievable to individuals.

Cookies policy

Our websites uses functional and analytic cookies. These cookies are used to improve the performance of the website and to analyze how the website is being utilized by its visitors. These cookies are anonymous. Cookies are also used anonymously in our newsletters to analyze the results of mailing campaigns. Please also note the references to social media cookies below.

Social media

The IASC2019 website uses buttons to share pages or information via social media like Facebook, Twitter, LinkedIn, et cetera. When you use one of these buttons, a cookie will be placed by the social media network on your computer; when using the social media buttons, the privacy policy of the related social media network will apply, the IASC has no control nor responsibility over the use of your personal data by any of these social networks.

Please also note that the IASC can not bear responsibility for any use by third parties of any information made public via the IASC website. In case of any alleged infringements or improper use, we suggest you to contact the IASC Secretariat via iasc@iasc-commons.org, so we can contact the parties involved.

In case of emergencies

As this privacy policy demonstrates, the IASC will do its utmost best to safeguard your privacy. However, in cases where security has been breached, we will inform you as soon as possible and will take any measure required to minimize the effects of such a breach. Security breaches will also be notified to the appropriate authorities. The IASC cannot be held liable for any data theft or security breaches other than in cases of willful misconduct or gross negligence.

Remarks, suggestions, complaints

In case of any suggestions, remarks, or complaints regarding the handling of your personal data, we kindly ask you to contact the IASC Secretariat via iasc@iasc-commons.org. We will then try to resolve the issue as soon as possible.

Changes to this policy

This privacy policy may be subject to changes. All changes intend to improve the protection of your privacy and to handle your data in a secure and transparent way. This policy has last been update on February 14, 2019.