ISC Privacy Policy
1. Introduction and definitions
The ISC Privacy Policy is periodically reviewed and updated. The last update was on 24 June 2024.
‘Personal Data’ in this policy means any information relating to you through which you can be identified either directly or indirectly, such as name and contact details, biographical information or information about your expertise.
‘You’ refers to the direct user or any other person on behalf of whom the user is using ISC services, including but not limited to the ISC website, and providing personal data.
For the purposes of this Policy, AI (Artificial Intelligence) is used broadly to include any machine-based technology that relies on large data sets to generate outputs mimicking human intelligence. This includes but not limited to Large Language Models (LLMs) and AI-enabled plugins.
2. The data we collect and how we use it
a. Website usage data
Usage Data is collected automatically from users of the ISC website (https://council.science), to help us analyse and improve our service.
Usage Data may include information such as your device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the website that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the website by or through a mobile device, we may collect certain information automatically, including, but not limited to, the type of device you use, your operating system and browser, broad location and other diagnostic data.
We may use third-party service providers to monitor and analyse the use of our website.
Tracking technologies and cookies
We use cookies and similar tracking technologies to track activity on the website and store certain information to improve and analyse our service.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some parts of the service.
Web analytics
This website is using Matomo and Google Analytics for collecting anonymous usage statistics for this website.
Use of AI in data processing
We may use AI to analyse data collected from our services to improve user experience, enhance security and provide personalized content (see Section VI on sharing of data).
b. Other types of data we collect
We collect data on our Member organizations, including contact data of Member liaison persons and the history of significant interactions with the Member, including financial transactions. We hold these data for administrative, legal and communication purposes and update them regularly.
We collect data on nominees and candidates for various types of selective process, including for governing body and committee membership, the ISC Fellowship, rosters of experts, whether self-nominated, nominated by others or directly invited by the ISC. We also collect personal data through recruitment processes.
If you are successful in any selection process or if you accept an invitation to serve the ISC in some capacity, we may need to request further personal information and may post some of your personal information on the ISC website with your explicit permission. Governing Board members are required by French law to provide specific personal data.
We collect personal data from contributors to our surveys, calls, activities and outputs and from registrants and participants in in-person and online meetings, in order to provide our services, monitor and improve their quality, and acknowledge contributions. We may publish the list of contributors to or participants in any ISC project or meeting in a report or other output, without contact information.
We use personal data to send newsletters, updates, invitations and other information that may be of professional interest to our users. You may opt-out of receiving these communications by following the ‘unsubscribe’ link or instructions provided in any email we send.
We collect data on our partners and on our actual or prospective sponsors and donors, including contact data of liaison persons and the history of significant interactions between the ISC and the organization, including financial transactions.
We collect data on experts in the domains of our activity for the purposes of building up a database of experts who may be interested in being involved in our work. This consists of publicly available data and will only be used to contact you for professional reasons.
We collect data on our service providers for the purpose of managing our service contracts.
If you are entitled to claim expenses under the ISC’s travel policy, we will collect personal data from you to enable us to process the payment, including your name, address and bank account details.
Any information you agree to provide relating to gender, age, disability, ethnic origin, or nationality will be used only for the purposes of monitoring and promoting diversity and equality and will be stored confidentially.
Data we collect on our Members, partners, sponsors, donors and individuals is stored on our CRM, Salesforce, via webforms on the content management system of our website, and on Office 365.
There will be no automated decision making based on information we collect through our online services.
3. Audio and visual recording
We document our events with photography and film and often record our online meetings, in pursuit of our legitimate interests.
Participants at in-person events will be forewarned that they may be captured in photograph or film and that they have the right to refuse that an image or film be used when they are clearly visible in any photograph or film.
We may use images and recordings to promote ISC events and activities, including on the website and on ISC social media sites, in promotional material and the media, email marketing and campaigns and in reports about the work of the ISC.
We may share images or recordings with partners in an event or activity.
We may use AI technologies to analyse audio and visual recordings to enhance our understanding of online event participation and engagement or to generate a summary of meetings (using programmes like Otter.ai), with the consent of participants.
4. Social media
Our online service contains links or plugins to social networks including, but not limited to, Facebook, LinkedIn, X (formerly Twitter), Instagram, Mailchimp, YouTube and Threads. This Privacy Policy does not apply to ISC pages/profiles on these platforms. Please refer to the relevant Privacy Policies of each of the providers.
5. Retention of information
We will retain your Personal Data only for as long as is necessary for the purpose/s that we collected it for, or for as long as we anticipate that follow-up communication might be necessary or desirable. We will retain and use your Personal Data to the extent necessary to provide our services, implement our agreements and policies, comply with our legal obligations, and resolve potential disputes.
We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our service, or we are legally obligated to retain such data for longer time periods.
6. Sharing and disclosure of data
We will never sell your personal information or share it for gain or advertising purposes. We may share your personal information with other parties in the following situations:
- With GDPR-compliant service providers, to provide our services and monitor and analyse their use. Service Providers have access to your Personal Data only to perform their tasks on our behalf and may not disclose or use it for any other purpose.
- In the framework of a selection process, with external reviewers or members of a selection panel, who are committed to confidentiality and discretion.
- With our affiliates or partners, including ISC Regional Focal Points, in the framework of joint activities, in which case we will require those affiliates to honour this Privacy Policy.
- If the ISC is involved in a merger process, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.
- If required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency).
- In the good faith belief that such action is necessary to:
- Comply with a legal obligation
- Protect and defend the rights or property of the ISC
- Prevent or investigate possible wrongdoing in connection with the services
- Protect the personal safety of Users of the services or the public
- Protect against legal liability.
7. Legal basis for processing personal data under the GDPR
In accordance with the GDPR, we process Personal Data under the following conditions:
- When you have given your consent for processing Personal Data for one or more specific purposes.
- When it is necessary for the performance of an agreement with you and/or for any pre-contractual obligations thereof.
- When it is necessary for compliance with a legal obligation to which the ISC is subject.
- When it is necessary in order to protect your vital interests or those of another natural person.
- When it is related to a task that is carried out in the public interest or in the exercise of official authority vested in the ISC.
- When it is necessary for the purposes of the legitimate interests pursued by the ISC.
In any case, the ISC will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
8. Your rights and choices
The ISC undertakes to respect the confidentiality of your Personal Data and to guarantee you can exercise your rights.
You have the right under this Privacy Policy, and by law if you are within the EU, to:
- Access, update or delete the information we have on you.
- Request correction of the Personal Data that we hold for you.
- Object to processing of your Personal Data. This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation which makes you object to our processing of your Personal Data on this ground.
- Request the transfer of your Personal Data to you, or to a third party you have chosen, in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- Withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain parts or all of our services.
9. Exercising of your GDPR data protection rights
You may exercise your rights of access, rectification, cancellation and opposition by contacting us. We will try our best to respond to you as soon as possible. Please note that we may ask you to verify your identity before acting on such requests.
You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority.
10. Data security
The security of your Personal Data is important to us, but no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, through the use of two-step secure authentication processes, we cannot guarantee its absolute security.
Our service may contain links to other websites that are not operated by us. If You click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
11. International transfer of data
Your information, including Personal Data, is processed at the ISC’s offices and in any other places where the parties involved in the processing are located. It means that this data may be transferred to – and maintained on – computers located outside your local jurisdiction, where the data protection laws may differ from those in your jurisdiction.
Your consent to this Privacy Policy followed by your submission of data represents your agreement to that transfer.
We will take all reasonable steps to ensure that your data is treated securely and in accordance with this Privacy Policy and the GDPR and that no transfer of your Personal Data will take place to an organization or a country unless there are GDPR-compliant controls in place for the security of your data.
12. Contact us
If you have any questions about this Privacy Policy or wish to exercise your rights regarding your personal data, you can contact our Data Protection Officer by email at [email protected].