At ISTO, we respect your privacy. We want to ensure that you get the information, content, and experiences that matter most to you. ISTO and our federation of member alliance programs are committed to protecting the privacy of its members, customers, volunteers, and other contacts. It is the policy of ISTO to not request, collect, or maintain personal data other than what is required for the reasonable and necessary conduct of its trade associations.
Scope
This privacy policy applies to all personal data processed by full-time and part-time employees, members and volunteers when acting on behalf of ISTO or our federation of alliance member programs, contractors and partners doing business on behalf of ISTO, as well as all legal entities, all operating locations in all countries, and all business processes conducted by ISTO.
What information do we collect?
ISTO collects the following personal data in line with the use purposes explained in a subsequent section:
- Your name and contact details
- Online profile data/usage
- IP Address
- Social media profile information
- Education and professional information
- Purchasing and payment information in relation to the processing of membership, event registration, product registration, certification or other requested services
- Registration and participation in ISTO federation events and activities
- Subscription preferences
- Information about the device(s) you use
- Information about service usage
- Cookies
- Authentication data
- Location information
- Author and peer review information
- Other information you upload or provide to us
How do we use your information?
ISTO uses (and, where specified, shares) your personal information for the following purposes:
To process transactions. ISTO uses personal information such as name, physical address, telephone number, email address, and company/institution to engage in interactions with you, including contacting you about your membership, subscription, event participation, certification, or product registration. We use financial/credit card and payment information to process your order and may need to share some of this information with delivery services, credit card clearing houses, and other third parties to complete the transaction.
To provide support or other services. ISTO may use your personal information to provide you with support or other services that you have requested. ISTO may also use your personal information to respond directly to your requests for information, including registrations for newsletters, webinars, or other specific requests, or pass your contact information to the appropriate ISTO participants, contractors, or processors for further follow-up related to your interests.
To provide information based on your needs and respond to your requests. ISTO may use your personal information to provide you with notices of new support offerings and service developments.
To provide online forums and social networks. Some services available on the websites permit you to participate in interactive discussions, post comments, opportunities, or other content to a bulletin board or exchange, or otherwise engage in networking activities. Some of these services are moderated; all may be accessed for technical reasons (for example, for improvements or fixes). ISTO does not control the content that users post to these forums or social networks. You should carefully consider whether you wish to submit personal information to these forums or social networks and tailor any content you submit appropriately and in accordance with the relevant terms of use. You should also review any additional terms and conditions that may govern your use of these services, including terms related to sharing your personal information and receiving communications.
To administer certifications and registrations. ISTO may use your personal information in relation to the administration and management of certification or production registrations.
To select content, improve quality, and facilitate use of the websites. ISTO may use your personal information, including the information gathered as a result of site navigation and electronic protocols and cookies (including third-party cookies), to help create and personalize website content, improve website quality, track marketing campaign responsiveness, evaluate page response rates, conduct usability testing, and facilitate your use of the websites (for example, to facilitate navigation and the login process, avoid duplicate data entry, enhance security, keep track of shopping cart additions, and preserve order information between sessions).
To communicate with you about a meeting, conference, or event. We may communicate with you about a meeting, conference, or event hosted or co-sponsored by ISTO or one of our member alliance programs. This may include information about the event’s content, event logistics, payment, updates, and additional information related to the event. Information you provide when registering for or participating in a conference managed or co-sponsored by parties, other than or in addition to ISTO may be shared with those parties, and the treatment of such information is further subject to the privacy policies of those parties. ISTO and its conference co-sponsors may contact you after the event about the event, subsequent iterations of the event and related events. Please note that ISTO conference, meeting or event organizers, co-sponsors, exhibitors, and other third parties may directly request your personal information at their conference booths or presentations. Providing your information to them is optional, and you should review their privacy policies to address your particular needs and concerns about how they will treat your personal information.
To provide access to member websites or portals. If you are or represent an active member of ISTO or an ISTO Program, we may, with your permission, use your personal information to provide you access to member restricted user portals, websites, or work group areas. We may, with your permission, include your information in member directories. We may also enable private member to member messaging. Member privacy and communication settings can be managed by users within each membership portal. Any additional questions related to access to, removal from, or custom communication settings can be sent to .
To include you in ISTO governance activities. If you are a Voting Member of ISTO, we may communicate with you regarding the election of members of the ISTO Board of Directors of the Corporation or on other such matters to be voted on in accordance with member programs’ participant agreements and the ISTO Bylaws.
To document and administer participation in a member alliance program. If you are a participant in an ISTO member alliance program, ISTO uses your personal information to facilitate member alliance program participation and membership. ISTO member alliance program participation is documented through various methods, e.g., rosters, submission documents, email reflectors, records of meeting attendance, responses to ballots, and participation lists.
To assist in your participation in ISTO activities. ISTO will communicate with you, if you are participating in certain ISTO activities such as ISTO conferences, authoring or reviewing a document, or other ISTO activities. ISTO may send you information such as newsletters related to those activities.
To update you on relevant ISTO benefits, programs, and opportunities. ISTO may communicate with you regarding relevant ISTO benefits, programs, and opportunities available to you, through your membership(s) with ISTO.
To engage with third parties. ISTO may share your personal data with third parties in connection with services that these individuals or entities perform for or with ISTO. These third parties are restricted from using this data in any way other than to provide services for ISTO or for the collaboration in which they and ISTO are contractually engaged (for example, hosting an ISTO database or engaging in data processing on ISTO’s behalf, or mailing you information that you requested). These third parties are carefully selected by ISTO and obligated to keep your data secure. From time to time, we may also share your information with third parties whom we think might provide content, products, or services of interest to you.
To protect ISTO content and services. We may use your information to prevent potentially illegal activities and to enforce our terms and conditions. We also use a variety of technological systems to detect and address anomalous activity and to screen content to prevent abuse, such as spam. These efforts may, on occasion, result in a temporary or permanent suspension or termination of some functions for some users.
To get feedback or input from you. In order to deliver products and services of most interest to our customers, from time to time, we may ask members, customers, volunteers, and website visitors to provide us input and feedback (for example through surveys, usability studies, focus groups).
To protect ISTO information assets as well as your own personal data. ISTO protects the confidentiality, integrity, and availability of ISTO information assets by following a risk management approach based on policies, standards, guidelines, and procedures to meet security objectives while supporting business and operational goals.
How can you control your information?
You can control the information we have about you and how we use it in several ways.
If you are a registered user of a member program alliance work space (e.g. Causeway, Sitebox, or Confluence), you can review, revise, and correct the personal data that you have provided via your account in that system.
Opt Out
If you wish to opt-out of newsletter emails from ISTO or a member program alliance, there is an unsubscribe option in each email. You can also email us at with a specific request to be removed from a newsletter list. Please understand that if you opt out of receiving email from ISTO, we may still contact you in connection with your membership, registrations, certifications, or other transactions with us.
Personal data about minors and children
ISTO does not knowingly collect data from or about children under 16 without the permission of parent(s)/guardian(s). If we learn that we have collected personal information from a child under 16, we will delete that information as quickly as possible. If you believe that we might have any information from or about a child under age 16, please contact us.
How will you know if the Privacy Policy is changed?
ISTO may update its Privacy Policy from time to time. If we make any material changes we will notify you by email if you have an ISTO subscription or user account, or by means of a notice on the ISTO website prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.
Technical and regulatory information
Logging practices
ISTO automatically records the Internet Protocol (IP) addresses of visitors. The IP address is a unique number assigned to every computer on the internet. Generally, an IP address changes each time you connect to the internet (it is a “dynamic” address). Note, however, that if you have a broadband connection, depending on your individual circumstance, the IP address that we collect may contain information that could be deemed identifiable. This is because, with some broadband connections, your IP address doesn’t change (it is “static”) and could be associated with your personal computer.
As well as recording the IP addresses of users, ISTO may also keep track of sites that users visited immediately prior to visiting ISTO’s website and the search terms they used to find it. We keep track of the pages visited on ISTO’s website, the amount of time spent on those pages and the types of searches done on them. Your searches remain confidential and anonymous. ISTO uses this information only for statistical purposes to find out which pages users find most useful and to improve the website.
ISTO also captures and stores information that you transmit. This may include:
- Browser/Device type/version
- Operating system used
- Media Access Control (MAC) address
- Date and time of the server request
- Volume of data transferred
External links behavior
Some of ISTO’s websites link to other sites created and maintained by other public- and/or private-sector organizations. ISTO provides these links solely for your information and convenience. When you transfer to an outside website, you are leaving the ISTO domain, and ISTO’s information management policies no longer apply. ISTO encourages you to read the privacy statement of each external website that you visit before you provide any personal data.
Cookies and web beacons
Cookies and web beacons are electronic placeholders that are placed on your device by websites to track your individual movements on that website over time. ISTO uses both session-based cookies (which last only for the duration of the user’s session) and persistent cookies (which remain on your device and provides information about the session you are in and waits for the next time you use that site again).
These cookies and web beacons provide useful information to ISTO, enabling us to recognize repeat users, facilitate the user’s access to and use of our sites, allows us to track usage behavior, and to balance the usage of our websites on all ISTO web servers.
Tracking cookies, third-party cookies, and other technologies such as web beacons may be used to process additional information, enable non-core functionalities on the ISTO website and enable third-party functions (such as a social media “share” link). We may also include web beacons and other similar technology in promotional email messages to determine whether the messages have been opened.
Do Not Track (DNT)
The online advertising industry has self-regulatory initiatives designed to provide consumers a choice in the types of ads they may see online and to conveniently opt-out from online behavioral ads served by some or all of the companies participating in these programs. Our websites do not respond to DNT consumer browser settings.
Collaboration with authorities
ISTO has appointed and mandated a privacy officer who represents the regulatory authorities inside the ISTO organization, and in return represents the ISTO organization to regulatory authorities.
The ISTO privacy officer will ensure proper communication with the relevant regulatory authority for privacy. The privacy officer will lead investigative action, complaint handling and data breach notification. The privacy officer will also monitor regulatory changes and consult the regulatory authority where implementation of a regulatory or technological change leads to doubt.
Transfer of information to other countries
As a global organization, ISTO engages in a number of international activities. In connection with the management of those activities, ISTO may transfer information to other countries. By submitting your information to ISTO via the websites, or in connection with your interactions with ISTO offline, you consent to such transfers and to the processing of this information in other countries.
Responses to legal requests
ISTO reserves the right to share your information to respond to duly authorized information requests of governmental authorities or where required by law.
In the event of bankruptcy, merger, acquisition, reorganization or sale of assets, your information may be sold or transferred as part of that transaction. The promises in this privacy policy will apply to your information as transferred to the new entity.
Your European Union privacy rights
Under the General Data Protection Regulation (Regulation EU 2016/679) (also known as GDPR), if you are an individual protected by the GDPR you may have certain rights as a data subject. To request information about or avail yourself of those rights, please send an email to with “GDPR Request” in the subject line. In the email please describe, with specificity, the GDPR right you are requesting assistance with. Please note additional information may be requested prior to initiation of a request and that ISTO reserves the right to charge a fee with respect to certain requests. Upon ISTO’s completion of its review you will be notified if your request has been granted, denied, or exemptions apply.
How do I contact you if there is an issue?
If you have any questions or concerns about this Privacy Policy or about the use of your personal information, please feel free to contact us by email at .
Date
15 May 2018
Ver 1.0