Effective date: 9 January 2022
The Internet Society and the Internet Society Foundation (“ISOC Foundation”) (collectively, “ISOC,” “we,” or “us”) is a global organization that supports and promotes the development of the Internet as a global technical infrastructure, a resource to enrich people’s lives, and a force for good in society.
In keeping with our goals and objectives, we recognize that individual privacy is an important consideration in all facets of the Internet, and that your choice to share information with us is a critical part of how we can try to achieve our mission. We’ve developed this Privacy Notice to explain how and why we collect, use, share and otherwise process your personal information.
This Privacy Notice is not a contract and does not create any legal rights or obligations.
Our Services: When we use the term “Services”, we are referring to all the services that we offer on our own behalf, including our membership offerings, events, mailing lists, trainings, policy work and the websites that post or link to this Notice. This Privacy Notice does not cover or address personal information and privacy practices relating to job applicants, employees and other personnel.
Personal Information: When we use the term “personal information” in this Privacy Notice, we mean information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, to you. It does not include aggregated or anonymized deidentified information that is maintained in a form that is not reasonably capable of being associated with or linked to you.
We collect personal information in a variety of different ways:
A. Information you provide to us.
We collect and use personal information you provide in the following ways:
- Registration. If you register as a member or for an event, we may collect your name, account credentials, contact information, demographic information and billing information, including email and physical address, username, password, and payment card information. We use this information to administer your account, provide you with the relevant Services and information, communicate with you regarding your account and your use of the Services, and for member support purposes. Please note that we work with a third-party payment processor for the collection and use of payment card information and do not receive such data directly.
- If you represent a company or organization interested in registering for an organizational membership, we will collect your name, company name, and email address. We collect this information to facilitate your organization’s members, respond to any inquiries, communicate with you and to help facilitate our organizational relationship, including any sponsorship or grant activities.
- Communications. If you communicate with us through any paper or electronic form, including through public comments on social media sites, we may collect your name, email address, mailing address, phone number, date of birth, or any other personal information you choose to provide to us. We use this information to investigate and respond to your inquiries, and to communicate with you to enhance the Services to our users and to manage and grow our organization. If you register for our newsletters or updates, we will communicate with you by email. To unsubscribe from promotional messages, please follow the instructions within our messages and review the Online privacy choices section below. We may also send you transactional and Service-related messages by email, push notification, or – if you provide your phone number – by text message.
- Events. If you participate in any of our events, conferences, webinars, or discussion groups, we may collect your name, title, company/organization name, postal address, email address, work, home, and mobile phone numbers. We use this information to administer the event, communicate with you regarding the event, record your feedback about the event and to help improve our operations.
- Voting data. Some member types include voting rights. The details of any votes are maintained only during the election process and solely to allow proper verification and audit of the election.
- Sponsorships and gifts. If you choose to donate to ISOC or its Foundation, we will collect your name, member information, email address and billing information, including physical address and payment card information.
- Grants. If you apply for a grant through ISOC, we may collect your name, title, company/organization name, postal address, email address, work, home and mobile phone numbers and any information you submit along with your grant proposal submission. We will use this information to determine the recipients of our grants, to administer the grant program and to communicate with you about your application. If you are offered a grant, we may collect additional information about you, including financial account information and tax identification information, and about your work over the course of the grant program.
B. Information we collect online automatically
We use various technologies to collect information about the device or browser you use to navigate our websites or from your use of our Services, including:
- Web logs. Like many websites and email communications, we automatically collect certain information about your device and store it in log files. This information may include IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp and/or clickstream data. We then analyze patterns on our Services, manage and administer the content, improve the performance of the Services, for fraud protection and to protect our rights and the rights and safety of individuals.
- Google Analytics. We use “Google Analytics” to collect information about your use of the Website. Google Analytics collects information such as how often users access the Services, what pages they access when they do so and what other sites they used prior to using the Services. Google uses the data collected to track and examine the use of the Services to prepare reports on its activities and share them with other Google services. To learn more about the use of data collection technologies by Google for analytics and to exercise choice regarding those technologies, please visit the Google Analytics Opt-Out browser add-on page.
C. Information from third party sources
We may receive personal information about you from other users or our business partners and service providers and combine this information with other information that we have.
- Referrals. We may obtain information about you from other users who think you may be interested in the Services, including our articles. If so, we will collect your name and contact information, which we will use to reach out to you with information about our Services.
- Payment processors. If you donate, we will receive confirmation about the transaction from the applicable payment processor. We will not receive any payment card information or account numbers. We may use this information to complete transactions, to provide receipt information to you, for recordkeeping purposes, to prevent fraud or to protect our rights or the rights of others.
- Background check information. For grant applicants, we may collect information about you from references or third-party information sources, which we will use to determine your eligibility for the grant and making grant decisions.
D. Other uses of personal information
In addition to the uses described above, we may collect and use personal information for the following purposes:
- To create, maintain, improve, and operate the Services.
- To personalize your user experience.
- To communicate with you to provide technical or administrative support.
- To conduct, manage, and grow our organization.
- To enable, analyze, research, investigate and improve the use of our Services and interactions with our chapters.
- To manage, administer and grow the Foundation.
- To prevent, investigate, and provide fraud notifications, unlawful or criminal activity, unauthorized access to or use of personal information, our data system services, and to meet governmental and institutional policy obligations.
- To investigate and resolve disputes and security issues and to enforce our Terms of Service.
- For any other lawful, legitimate business purpose.
We may share your personal information in the following ways:
- Within ISOC. We are a global network of affiliated organizations and function together to promote the development of the Internet. ISOC entities disclose personal information to other ISOC entities for purposes and uses that are consistent with this Privacy Notice. For example, we may disclose your contact information to the Foundation, which will process and fulfill your donation or facilitate the review of your grant application.
- Service providers. We share personal information with third-party service providers who perform services on our behalf, such as technology providers (including web platforms and hosting providers, email communications providers, analytics providers, our member database and data storage providers) and our payment providers for any donations you may make.
- Chapters. If you choose to register for a local or regional chapter, we will share information about your registration with that chapter, including your name, contact information and member account information. Each local and regional chapter is an independent entity. Please see the websites of your chapter for more information about their processing of your personal information.
- Regulatory or legal requirements, safety and terms enforcement. We may disclose personal information to governmental regulatory authorities as required by law, including for tax or accounting purposes, in response to their requests for such information or to assist in investigations. We may also disclose personal information to third parties in connection with claims, disputes, or litigation, when otherwise required by law, or if we determine its disclosure is necessary to protect the health and safety of you or any other person, to protect against fraud or credit risk, or to enforce our legal rights or contractual commitments that you have made.
- Business transfers. We may disclose personal information as part of an organizational business transaction, such as a merger, acquisition, joint venture, financing, or sale of organizational assets and may transfer personal information to a third-party as one of the business assets in such a transaction. We may also disclose personal information in the event of insolvency, bankruptcy, or receivership.
- Publicly. At your direction, we may make your information publicly available, for example, if you post public comments on our sites or provide product testimonials.
You have some choices regarding how we use your personal information, including the following:
- Modifying or deleting your information. If you have questions about reviewing, changing, or deleting your information, you can contact us directly at [email protected]g. If you are inquiring about information collected by one of our chapters, please contact the chapter for more information. We may not be able to change or delete your information in all circumstances.
- How to control your email communications preferences. You can stop receiving promotional email communications from us by clicking on the “unsubscribe link” provided in the email. You can always change your email preferences by visiting our membership portal and clicking through to the preferences page. You may not opt-out of Service-related communications (e.g., account verification, transactional communications, changes/updates to features of the website, technical and security notices).
Our websites and online services are not directed to, and we do not intend to, or knowingly, collect or solicit personal information from children under the age of 13. If you are under the age of 13, please do not use our websites or online services or otherwise provide us with any personal information either directly or by other means. If a child under the age of 13 has provided personal information to us, we encourage the child’s parent or guardian to contact us to request that we remove the personal information from our systems. If we learn that any personal information we collect has been provided by a child under the age of 13, we will promptly delete that personal information.
Our Services may include links to third-party websites, plug-ins, and applications. Except where we post, link to, or expressly adopt or refer to this Privacy Notice, this Privacy Notice does not apply to, nor are we responsible for, any personal information practices of third-party websites and online services or the practices of other third parties. To learn about the personal information practices of third parties, please visit their respective privacy notices.
We may choose or be required by law to provide different or additional disclosures relating to the processing of personal information about residents of certain countries, regions, or states. Please refer below for disclosures that may be applicable to you:
- If you are a resident of the State of Nevada in the United States, Chapter 603A of the Nevada Revised Statutes permits a Nevada resident to opt out of future sales of certain covered information that a website operator has collected or will collect about the resident. To submit such a request, please contact us at [email protected] with an email using the subject line “Nevada Opt Out Request”.
- If you are based in the European Economic Area (“EEA”), please find additional EEA-specific privacy disclosures, below.
Any user who wishes to request further information about our compliance with these requirements, or has questions or concerns about our privacy practices and policies, may contact us at [email protected] or by mail at:
Attn: Legal Department
11710 Plaza America Drive
Reston, VA 20190
We will update this Privacy Notice from time to time. When we make changes to this Privacy Notice, we will change the “Last Updated” date at the beginning of this Privacy Notice. If we make material changes to this Privacy Notice, we will notify you by email to your registered email address, by prominent posting on this website or our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided.
Additional EEA Privacy Disclosures
Effective Date: 9 December 2021
Scope of Disclosures
These Additional European Economic Area (“EEA”) Privacy Disclosures supplement the information contained in our Privacy Notice. In addition, these Disclosures apply only to our processing of your personal data where you are based in the EEA.
Internet Society (“ISOC,” “we,” or “us”)is the data controller responsible for the collection and use of such personal data.
Unless otherwise expressly stated, capitalized terms in these Disclosures have the same meaning as defined in the Privacy Notice.
When we use the term “personal data” in these Disclosures, we mean any information relating to an identified or identifiable natural person.
Legal Basis for Processing
Our legal basis for collecting and using the personal information described in our Privacy Notice depends on what the information is and the context in which we collect it.
However, we will normally collect information from you only where we need it to perform our contract with you (i.e., our Terms of Service), where the processing is in our legitimate interests (provided that these are not overridden by your interests or rights), or if we otherwise have your consent.
In some cases, we may also have a legal obligation or need to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person (for example, another Member or event attendee).
If we ask you to provide personal data to comply with a legal requirement or to perform a contract with you, this will normally be clear from the context in which we are asking you to provide your information (for example, when we ask you to provide a username to access our Services, this will be to create an account for you in accordance with our Terms of Service), and, if not, we will provide an explanation to you at the relevant time. We will also make clear whether providing information is mandatory.
Similarly, if we collect and use your personal data in reliance on legitimate interests (or those of any third party) which are not listed above, it will be made clear to you at the relevant time what those legitimate interests are (such as personalizing our services and marketing, for example).
If you have questions or need further information about the legal bases on which we collect and use your personal data, you may contact us using the contact information in the Contact Us section below.
We retain personal data about you for as long as is necessary for the purposes set out in these Disclosures unless a longer period is required under applicable law or is needed to resolve disputes or protect our legal rights.
The criteria used to determine the period for which personal data about you will be retained varies, depending on the legal basis under which we process the personal data:
- Legitimate Interests: Where we are processing personal data based on our legitimate interests, we generally will retain such information for a reasonable period of time based on the particular interest, taking into account the fundamental interests and the rights and freedoms of data subjects.
- Consent: Where we are processing personal data based on your consent, we generally will retain the information for the period of time necessary to fulfill the underlying agreement with you, subject to your right, under certain circumstances, to withdraw consent and to have certain parts of your data erased (please see the Your Privacy Rights section).
- Contract: Where we are processing personal data based on contract, we generally will retain the information for the duration of the contract plus some additional limited period of time that is necessary to comply with law, or that represents the statute of limitations for legal claims that could arise from the contractual relationship.
- Legal Obligation: Where we are processing personal data based on a legal obligation, we generally will retain the information for the period of time necessary to fulfil the legal obligation.
- Legal Claim: We may need to apply a “legal hold” that retains information beyond our typical retention period where we face threat of legal claim. In that case, we will retain the information until the hold is removed, which typically means the claim or threat of claim has been resolved.
In all cases, in addition to the purposes and legal bases, we consider the amount, nature and sensitivity of the personal data, as well as the potential risk of harm from unauthorized use or disclosure of your personal data.
International Data Transfers
We may transfer personal data about you among us and to our subsidiaries or affiliates, as well as to the categories of third parties identified in the Privacy Notice. Personal data may be transferred to, stored and processed in a country other than the one in which it was collected, including, but not limited to, the United States. The country to which personal data is transferred may not provide the same level of protection for personal data as the country from which it was transferred.
We may transfer personal data about you outside the EEA and when we do so, we rely on appropriate or suitable safeguards recognized under the GDPR, including adequacy decisions and standard contractual clauses.
Adequacy Decisions. We may transfer personal data about you to countries that the European Commission has deemed to adequately safeguard personal data.
Standard Contractual Clauses. The European Commission has adopted Standard Contractual Clauses which provide safeguards for personal data transferred outside of the EEA. We may use these Standard Contractual Clauses when transferring personal data from a country in the EEA to a country outside the EEA that has not been deemed to adequately safeguard personal data.
Your Privacy Rights
You have the following rights in relation to your personal data (subject to certain limitations at law):
- Access: The right to access and obtain a copy of personal data about you, as well as information relating to its processing.
- Rectification: The right to correct or update any personal data about you that is inaccurate or incomplete.
- Restriction of Processing: The right to require us to limit the purposes for which we process your personal data if the continued processing of the personal data in this way is not justified, such as where the accuracy of the personal data is contested by you.
- Erasure: The right to request the deletion or erasure of personal data about you without undue delay if the continued processing of that personal information is not justified.
- Portability: The right to obtain a copy of personal data about you in an easily accessible format and the right to transmit that personal data to another controller.
- Objection to Processing: You also have the right to object to any processing based on our legitimate interests where there are grounds relating to your particular situation. There may be compelling reasons for continuing to process your personal data, and we will assess and inform you if that is the case. You can object to marketing activities for any reason.
Please note that if the exercise of these rights limits our ability to process personal data, we may not be able to provide our products or services to you, or otherwise engage with you going forward.
Right to Withdraw Consent. Where we rely on your consent for processing of your personal data, you also have the right to withdraw your consent to such processing, subject to certain limitations at law.
You may withdraw your consent by contacting us at [email protected] or by following the instructions outlined in the initial consent notice.
Submitting Requests. To submit a request, please contact us as set forth in the Contact Us section. We may need to verify your identity before processing your request, which may require us to obtain additional personal data from you. In certain circumstances, we may decline a request to exercise the rights described above.
Right to Lodge a Complaint. If you have any complaints regarding our privacy practices, you have the right to lodge a complaint with your national data protection authority (i.e., supervisory authority).
Updates to These Disclosures
We may update these Disclosures from time to time. When we make changes to these Disclosures, we will change the “Effective Date” date at the beginning of these Disclosures. If we make material changes to these Disclosures, we will notify you by email to your registered email address, by prominent posting on our online services, or through other appropriate communication channels. All changes shall be effective from the date of publication unless otherwise provided in the notification.
If you have any questions or requests in connection with these EEA Disclosures or other privacy-related matters, please send an email to legal at isoc.org.
Alternatively, inquiries may be addressed to:
Attn: Legal Department
11710 Plaza America Drive
Reston, VA 20190