ISO - Privacy Notice

ISO - Privacy Notice
Scope
The International Organization for Standardization (ISO) (“ISO”, “we” or “us”) is an association constituted under the laws of Switzerland, with its seat at Chemin de Blandonnet 8, 1214 Vernier, Switzerland.
ISO acts, in relation to the processing operations mentioned in this notice, as a “data controller” in the meaning of the Swiss Federal Data Protection Act – which is applicable to ISO.
In such a context, ISO is committed to protecting your privacy. This Privacy Notice addresses how ISO processes and safeguards your personal data as a data controller, when you are interacting with us, in particular by visiting our websites, contacting us, subscribing to our magazines and newsletters, or taking part in our activities, including as a member of one of ISO’s committees and/or working groups.
For any question or concern regarding this Privacy Notice, you can directly contact:
International Organization for Standardization (ISO)
Chemin de Blandonnet 8
1214 Vernier
DataProtection@iso.org
What personal data do we process and for what purpose?
ISO applies the minimization principle and only processes the personal data that is required for the purposes pursued.
The personal data processed by ISO in the context of its activities may be communicated directly by you (e.g. when you register to events, take part in working groups, subscribe to a newsletter or contact ISO), be communicated by your national member body (e.g. personal data related to roles and functions in the standardization field), be sourced from publicly-available information (e.g. public role within a national body) or originate directly from your activities within ISO (e.g. votes and participation to committees and working groups).
The following personal data is processed by ISO for the purposes provided, as and/or in addition to any personal data you would directly communicate us:
For more information, visit our
cookie policy
page.
General context
Categories of personal data
Purpose
Corporate activities of ISO and activities within ISO
Identification data (name, surname, etc.)
Contact details (email address, postal address, telephone number, etc.)
Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.)
Professional information (title, company, type of work, etc.)
Corporate-related data within ISO (participation to general meetings, votes, etc.)
Organization and running of ISO’s activities as an association
Provision of administrative and IT support
Related documentation: Please see the
ISO Member Data Privacy Policy
and the
Declaration for participants in ISO activities
for rules and principles you are required to respect. In this context, you are considered as a representative of your national standards body.
Other activities
in relation to
standardization
Identification data (name, surname, etc.)
Contact details (email address, postal address, telephone number, etc.)
Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.)
Professional information (title, company, type of work, etc.)
Data related to standardization activities
Encouragement of standardization activities
Promotion of standardization products and services.
Research activities
Identification data (name, surname, etc.)
Contact details (email address, postal address, telephone number, etc.)
Roles and functions in the standardization field or other sectors of importance, relevance and/or impact for the research activities
Professional information (title, company, type of work, etc.)
Data related to standardization activities or other activities related to the research activities
Research purposes in relation with standardization activities, their impact and their promotion
Use of ISO’s websites or of other IT tools provided by ISO
IP addresses, as all personal data collected through cookies, in accordance with ISO’s
Cookie Policy
Enable, optimize and improve the performance of our websites and IT tools
Registration and use of our online store
Identification data (name, surname, etc.)
Contact details (email address, postal address, telephone number, etc.)
Professional information (title, company, type of work, etc.)
Payment information (invoices, payment data, etc.)
Cart content and purchases
Enable you to purchase standardization material and other elements from our online store
Segmentation in order to tailor ISO’s communication to your needs and interests
ISO’s email subscription services
Limited identification data (name)
Electronic contact details (email address)
Interests
Email open dates and links clicked
Approximate location based on IP address
Your purchases and incomplete purchases
Enable you to receive our newsletter and other general information material
Segmentation in order to tailor ISO’s communication to your needs and interests
ISO’s general communication and social network activities
Identification data (name, surname, etc.)
Electronic contact details (email address)
Interests and social network affiliation
Manage ISO’s communication activities and social networks
Answer any requests from you
To whom do we transfer personal data?
Type of transfer
Categories of personal data
International transfers
Applicable safeguards
ISO’s service providers that provide us with back-office or front-office applications as well as managed part of our IT-related tools or systems (including newsletters)
(Processors of ISO)
All the listed personal data in this Privacy Notice
See
Appendix 1 to this Privacy Notice
Written data processing agreements or equivalent
For international transfers for non-adequate countries:
Formal review of the service-provider;
Signed Standard Contractual Clauses (SCCs);
Swiss appendix to the SCCs.
Members of ISO
(Independent controllers)
All the personal data related to ISO’s standardization and corporate activities
Each country for its respective member
Internal regulations on the use of personal data (see
ISO Member Data Privacy Policy
and the
Declaration for participants in ISO activities
Other international organizations active in standardization
(Independent controllers)
All the personal data related to ISO’s standardization and corporate activities
See
Appendix 1 to this Privacy Notice
Agreements with such other international organizations
In addition, if and when required to do so by law, to respond to any legal claims or defend our rights, we may disclose your personal data, in particular to the relevant regulatory or legal authorities.
What are your rights?
You can at any time request access to, correction of and deletion of your personal data, by contacting
DataProtection@iso.org
. Such right may be limited by our legal obligations.
Whenever the processing activity is based on your consent, you may at any time withdraw it. You may also, in other situations, have the right to object to the processing of your personal data.
ISO takes the security of your personal data very seriously and implements technical and organizational measures to protect your personal data from unauthorized access, improper use, disclosure, loss or destruction.
In relation to your online-store account
, you can at any time consult, revise and correct the personal data that you have provided us directly through your webstore account. Alternatively, you can send an email to
customerservice@iso.org
, including if you wish to close your account.
In relation to the newsletters, you can at any time consult, edit, revise and correct your data (email, name, preferences) using a link in the footer of the email, as well as unsubscribe.
Appendix
List of countries to which your personal data may be processed:
Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, England and Wales, Europe, France, Finland, Germany, Greece, Hong-Kong, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Malaysia, Mexico, New Zealand, Norway, Peru, Philippines, Poland, Portugal, Romania, Singapore, Slovakia, Spain, South Korea, South Africa, Sweden, Switzerland, Taiwan, The Netherlands, Turkey, United Arab Emirates, United Kingdom, United States, Uruguay, Vietnam.
This list will be updated as necessary on a regular basis.
Privacy Notice
Add to cart