Last Updated: December 10, 2018
If you are in the European Union, including the UK, then we may, as a result be subject to the “GDPR”, Regulation (EU) 2016/679 of the European Parliament and Council on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation), in relation to you. Where that is the case, we refer to you in this Policy as an “EU Individual” and as such this Policy provides you with the information required by GDPR. GRC is the data controller of your PII for GDPR purposes which is “personal data” as defined in GDPR.
If you are an EU Individual, you can contact us at: 512 Liberty Lane, West Kingston, RI 02892, or email@example.com in relation to our processing of your PII or any other data protection or data privacy matters. For these purposes, processing means any operation, including collection, organization, storage, use, disclosure and erasure.
VeraSafe has been appointed as GRC's representative in the European Union for data protection matters, pursuant to Article 27 of the GDPR. VeraSafe can be contacted in addition to firstname.lastname@example.org, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative
Alternatively, VeraSafe can be contacted at:
|Matthew Joseph |
| VeraSafe Ireland Ltd. |
Unit 3D North Point House
North Point Business Park
New Mallow Road
|VeraSafe Netherlands BV |
Keizersgracht 391 A
1016 EJ Amsterdam
Information Collected by GRC and How it is Regularly Used and Shared
A. Why, When and What Personally Identifiable Information is Collected, Legal Basis
GRC collects information that individual visitors provide voluntarily. Some of this information is collected because it is useful in connection with GRC’s objectives, which include:
1. organizing scientific conferences;
2. providing an application and registration process for attendance at GRC conferences;
3. providing a forum for career networking and career advancement; and
4. supporting and encouraging young scientists as they establish initial scientific and personal contacts.
(For more information, feel free to read the GRC Mission Statement.)
If you are an EU Individual, these are the purposes for which we process your PII.
GRC may collect and store PII in various places throughout the Website, including in connection with an application to attend a conference, or your services on a GRC board or committee (e.g., the Board of Trustees, the Finance Committee, the Conference Evaluation Committee), each as described in further detail below. PII may also be collected and stored if you provide it elsewhere in the course of a visit to the Website, such as while making a contribution to GRC, or in connection with a request for information from GRC.In addition to the uses described above, we may use your PII to:
- notify you of upcoming conferences, meetings and other events;
- contact you to respond to your questions and requests for information; and
- provide you with other information that we believe may be of interest to visitors to our website.
i. Conference Application and Admission Processes
If you apply to attend a conference, we will collect PII to facilitate that process. Such information may include your contact details, such as your name, employer, physical address, email address, telephone number and fax number. This is so that we can contact you and process your application. In addition, the PII requested may include your educational background and work history (including degrees received, positions held, awards and honors received) and publications in the relevant field. This is so that you can be considered for admission to the conference.
If your conference application is approved, you are expected to register and pay immediately to confirm your attendance and accommodations. To facilitate payment, GRC uses a third-party payment processor who collects your payment and billing information — e.g., your credit card number and billing address — who will use such information to process your payments.
If you are accepted to a conference, we will use your PII to:
1. process your registration and facilitate your attendance at the conferences;
2. process your payments related to conference attendance as aforesaid;
3. provide you with information regarding the conference, including scheduling and logistics; and
4. provide you with other information that we believe may be of interest to conference attendees.
With your consent, we also may share PII (other than payment information) of conference attendees with the other persons attending the same conference. The purpose of this is to enable conference attendees to contact each other prior to and after the conference, for networking purposes, in furtherance of one aspect of the GRC's mission.
ii. Service on a GRC Board or Committee, or as a Speaker
If you agree to serve on a GRC board or committee, to chair, vice chair or speak at a GRC conference, whether from the podium, as a poster presenter or otherwise, PII we collect may include your name, employer, physical address, email address, telephone number and fax number. We also usually request more detailed information regarding your educational and professional background, and we may also request a photograph.
We collect this information to make it available to conference applicants and attendees, and to those interested in learning more about GRC and the conferences it organizes.
Accordingly, if you agree to serve on a GRC board or committee, to chair, vice chair or speak at a GRC conference, whether from the podium, as a poster presenter or otherwise, we may post your PII on the relevant page of the Website, such as your name, employer, physical address, email address, telephone number and fax number, and your photograph if you have provided one. This is so that visitors to the Website, including conference applicants, attendees and speakers, and those interested generally in the GRC, can contact you with questions and requests for more information, and to provide feedback.
If you are an EU Individual, the legal basis on which we process your PII, depending on the purpose of the processing, as described above, is one of the following:
- Performance of a contract – we will often we need to process your PII to perform a contract with have with you, such as a contract to attend a conference, or to take steps at your request prior to entering into a contract.
- In certain circumstances described below (in the section headed Additional Ways Your PII may be Used and Shared and with Whom) , exceptionally, we may need to process to comply with a legal obligation in the EU to which we are subject.
- Consent - in certain specific situations, we may process your data with your specific freely given consent. When doing so, we will inform you of the purpose of the processing and you can withdraw consent at any time.
B. Why, When and What Usage Data is Collected
In addition to the information that users of the Website provide voluntarily, GRC may automatically collect certain information when you visit or use our Website. This information may include your IP address (or other unique device identifier, including one that we may assign); certain details about your browser, operating system, and hardware; your location, if available; the URL that referred you to the Website; your activities on the Website, including your preferences; and other logging information, such as the date and time of your visit. We may use a variety of tracking technologies to automatically collect information, such as cookies, web beacons, embedded scripts, browser fingerprinting, GPS, iBeacons, and ETags (or “entity tags”).
“Cookie” technology helps GRC to simplify visitors' interactions with the Website. A cookie is a very small amount of information that is placed on your computer's hard drive by your browser on GRC's behalf. It is sent by your browser back to GRC when your return to the Website.
All web servers log certain technical information from visitors each time they request a page. We may aggregate such logged information anonymously to assist in designing enhanced user experiences and easier access to our information and services.
C. Third-Party Tracking and Do Not Track
Additional Ways Your PII May Be Used and Shared and With Whom
A. Use and Sharing Required by Law, to Prevent Harm and/or in Investigations
In addition to the uses and dissemination of PII described above, GRC may disclose your PII, the contents of your communications with us, and/or other information you have provided to us if required to do so by law, or with your consent, or in the good faith belief that such action is necessary: (1) to conform to applicable law or comply with legal process served on GRC; (2) to protect or defend the rights or property of GRC or others; (3) to assist, under exigent circumstances, in the investigation of possible violations of law or other investigations; and/or (4) to assist law enforcement in preventing harm to anyone. If you are an EU Individual, the above will only apply to legal obligations imposed on us under UK or EU law.
B. Sale of PII
GRC does not sell or rent visitors' PII to anyone. GRC may provide visitors' PII to the American Association for the Advancement of Science (“AAAS”) to assist the AAAS in its mission. The AAAS is an international non-profit organization whose mission is to “advance science and innovation throughout the world for the benefit of all people.” To fulfill this mission, the AAAS seeks, among other things, to:
- Foster communication among scientists, engineers and the public;
- Enhance international cooperation in science and its applications; and
- Foster education in science and technology for everyone.
- (The executive officer of the American Association for the Advancement of Science, or such officer's delegate, serves as a Trustee of GRC.)
If you are an EU Individual, please be aware that in addition to the AAAS we may also transfer your PII to the following types of recipients:
- Third-party service providers for the purposes of completing tasks and providing services to you on our behalf (for example to process payments and send you email confirmations).
Notice to Non-U.S. Website Users
If you are from a non-U.S. country, please be aware that the information you submit, including information provided in an online conference application, is being sent by you directly to a location operated by us in the United States for collection and further processing by us. Please note that since we are collecting the information directly from you, this does not involve our transferring your information to the United States.
If you are an EU Individual, upon request, free of charge, you have the right to:
- obtain confirmation as to whether we process your PII;
- access and obtain a copy of the PII we hold about you;
- obtain information about the purposes for which we process your PII and the categories of PII concerned;
- obtain information on the recipients or categories of recipients (including international recipients) to whom your PII has been or will be disclosed;
- request the correction of inaccurate PII we hold about you;
- request that we delete your PII, or stop processing it or collecting it, in some circumstances;
- transfer of your PII from us to another data controller;
- lodge a complaint to the supervisory authority in your jurisdiction in respect of our collection or use of your PII; and
- withdraw your consent to our collection, use, storage, and dissemination of your data at any time.
Please be aware that any request for withdrawal of consent under item (I) above will not affect the lawfulness of PII collected, processed, and transferred prior to the date of such withdrawal of consent.
To make any of the requests above, contact us at email@example.com.
How You Can Control the Use of Your PII
You may indicate certain preferred restrictions on our use of your PII by contacting us by e-mail at firstname.lastname@example.org. In that e-mail, you should indicate which of the following options you prefer:
- (I understand that my PII will always be provided to other members of the conference that I attend, subject to my having opted in to this where I am an EU Individual)
- GRC should not send me postal mail with newsletters or other information regarding upcoming conferences and events;
- GRC should not send me electronic mail with newsletters or other information regarding upcoming conferences and events;
- I understand that GRC may send me any information about third-party products and services, subject to my having opted in to this where I am an EU Individual).
To request access to, or notify us of changes to, PII we have collected, contact us at email@example.com.
How Your PII is Protected
GRC implements reasonable technical and organizational measures designed to protect your PII from accidental loss and from unauthorized access, use, alteration or disclosure. Regardless of any such precautions taken in good faith by visitors or by us, security on the Internet is imperfect, and we cannot warrant the protection of any information visitors transmit to us, which visitors do voluntarily and at their own risk.
How Long Do We Store Your Personal Information?
If you are an EU Individual, we will delete your personal information once it is no longer proportionate for us to store it for the purposes of the processing in accordance with our applicable data record retention period. Our general record retention period is seven (7) years. This means that if you make a booking with us we will usually retain your personal information for seven (7) years from the latest of: the date on which you last attend one of our conferences, the last date on which we receive your booking or other active communication from you. Personal data of scientific or historical significance may be kept indefinitely subject to appropriate measures. This is subject to any legal or regulatory requirement to retain the information for a minimum period.
Linking to Other Web Sites
About Children's Privacy
The Website is intended for general audiences, and we do not knowingly seek or collect personal information from children under the age of eighteen (18). In accordance with the Child Online Privacy Protection Act, in the event that we learn that we have collected personal information from a child under age thirteen (13) without verification of parental consent, we will delete that information as quickly as possible. If you believe that we might have any personal information from or about a child, please contact us at firstname.lastname@example.org