IASC Privacy Policy

This privacy policy relates to all services and communication by the International Association for the Study of the Commons (referred to in this privacy policy declaration as: IASC). The IASC is a US-based 501(c)3 non-profit organization, with its legal address at 513 North Park Avenue, in Bloomington, IN, USA. The IASC Secretariat is currently hosted by Arizona State University, 1031 S Orange St ECA307, Tempe, AZ, USA. As a significant number of IASC-members are based in Europe, and the IASC will provide services to EU-citizens, IASC will comply the General Regulations on Data Protection (GRDP), which will be in effect from May 26, 2018. For the full context of the GRDP, we kindly refer you to the official EU information website, https://gdpr.eu/what-is-gdpr/.

The IASC can only be held responsible for the privacy policy regarding services and communication directly provided by the IASC. Other websites that may refer or are connected to the IASC website will have their own privacy policy. Wherever necessary, we will refer to the appropriate privacy policy.

What information do we collect?

We only collect and store the personal data that you permitted us to collect and store. We will only collect and store personal data that are absolutely required for the purpose these data should serve. The amount and the nature of these data depend on the services you allow us to use these data for; please see the table below.

Purpose	Required data	External party involved
Membership subscription	Name E-mail address Income category (a membership with no income category disclosure is available)	No
Membership payment by credit card	Name Credit card details	Stripe (GRDP-compliant)
Membership payment by bank /wire transfer	Name Bank account details Invoice reference	Chase Bank
Event registration	Name E-mail address Income category (in some cases; a membership with no income category disclosure is always available)	No
Event payment by credit card	Name Credit card details	Stripe (GRDP-compliant)
Event payment by bank /wire transfer	Name Bank account details Invoice reference	Chase Bank
Newsletter registration	Name E-mail address	SendInBlue (GRDP-compliant)
Providing specific, tailored information regarding your field of expertise, or region of research focus and activity	Name E-mail address Research region Research topics	No
Networking purposes	Name E-mail address Research region Research topics Affiliation Country Position	No

Use of data by external parties

The IASC has selected well-known partners to support the services and activities of the IASC. The IASC has ascertained that these partners will be compliant with the GRDP.

Current partners are:

SendinBlue

The IASC uses the SendinBlue mailing system for collecting subscriptions to and distributing the IASC Newsletter. The management of the mailing list lies however with the IASC Secretariat. By signing-up for the IASC Newsletter, you will also accept the terms and conditions as well as the privacy policy set by SendinBlue (see http://www.sendinblue.com/legal/termsofuse/ and http://www.sendinblue.com/legal/privacypolicy/)

Stripe

The Stripe payment system is used for the payment of membership dues via credit card. Name and credit card details are only used by Stripe to complete the payment and are not stored by the IASC. When performing payment via Stripe, you accept the policies set by Stripe (see https://stripe.com/nl/privacy).

Chase Bank

When you pay your membership via bank or wire transfer, data provided to complete the payment will be managed via Chase Bank, where the IASC bank account is located. As Chase Bank only has US-based customers, Chase Bank has no explicit GRDP-policy but is compliant with all privacy conditions set by the US banking system. Any information will be used and stored in accordance with the conditions set by Chase (see https://www.chase.com/digital/resources/privacy-security).

Stichting Antenna

Stichting Antenna (Antenna Foundation) is a Dutch foundation that hosts the IASC website on its servers. Although Stichting Antenna has server access for IT maintenance purposes, it is not provided with access to any personal data you provide. Also, Stichting Antenna has no login details that give direct access to any stored data. Stichting Antenna is GRDP-compliant.

Utrecht University

Utrecht University hosts the IASC Secretariat and as such provides the infrastructure to enable the IASC Secretariat to perform its duties. In consequence, Utrecht University’s IT-support staff will have access to the hardware used by the IASC Secretariat. The IT-support staff will however not be provided with access to any personal data of IASC-members and/or -contacts. Utrecht University is GRDP-compliant.

Third party access

We will not provide your data to any other third party without your explicit written prior consent.

Right of disclosure/right of change

As the data we store are your own personal date, you, of course, have the right to ask which data we have stored and to request desired and/or required changes to the stored data. In order to execute this right, please send an e-mail to the IASC Secretariat (iasc@iasc-commons.org) via the e-mail address you are registered with the IASC. We will follow up on your request as soon as possible, but at the latest within 30 days after receiving your request.

Right to be forgotten

In case you want your data removed from our databases, you can use two options:

If you only want your e-mail address removed from our newsletter mailing database, you can use the Unsubscribe-link in the footer of any IASC-Newsletter.
If you also want any additional data you provided us with removed from our databases, please send an e-mail to the IASC Secretariat (iasc@iasc-commons.org) via the e-mail address you are registered with the IASC. We will follow up on your request as soon as possible, but in any case within 30 days after receiving your request.

Please note that removing your data from the membership database will also end your membership; however, this will not imply any right of restitution of membership fees nor the cancellation of membership fees due at that moment.

How long will we keep your data?

We will keep your data no longer than necessary or as required by legal obligation. This means the following:

Data provided by you to the IASC for sending you the newsletter, sending you specific, tailored information, or for networking purposes will be removed from our databases within 30 days after we have received your request.
Data required to manage your membership of the IASC will be stored until ultimately 2 years after your membership expires.

Data security

Computers and internet connections used for handling your data are and will be secured as well as is feasibly possible against hacking, malware, and use by unauthorized persons. The IASC Secretariat will use all security measures provided by the host institution, i.e. Utrecht University.
Access to personal data is only allowed to IASC-functionaries on a need-to-know basis and access will be limited to only the data required to perform the action and/or to deliver the requested service, provided this use has been permitted by you.
All persons authorized to access any personal data will be bound by a confidentiality agreement not to disclose this information to persons not having authorization to access these data.
Daily server back-ups of all data are made in order to be able to restore any damage caused by material or technical incidents.

Non-personal data

Our website automatically stores technical data when you use the website. These data are non-personal and anonymous and not retrievable to individuals.

Cookies policy

Our websites use functional and analytic cookies. These cookies are used to improve the performance of the website and to analyze how the website is being utilized by its visitors. These cookies are anonymous. Cookies are also used anonymously in our newsletters to analyze the results of mailing campaigns. For more information about cockies follow this link. Please also note the references to social media cookies below.

Social media

The IASC website uses buttons to share pages or information via social media like Facebook, Twitter, LinkedIn, et cetera. When you use one of these buttons, a cookie will be placed by the social media network on your computer; when using the social media buttons, the privacy policy of the related social media network will apply, the IASC has no control nor responsibility over the use of your personal data by any of these social networks.

Please also note that the IASC cannot bear responsibility for any use by third parties of any information made public via the IASC website. Please note that the major part of the IASC website is published via Creative Commons license CC BY-NC-SA 4.0. However, in case of any alleged infringements or improper use, we suggest you contact the IASC Secretariat via iasc@iasc-commons.org, so we can contact the parties involved.

In case of emergencies

As this privacy policy demonstrates, the IASC will do its utmost best to safeguard your privacy. However, in cases where security has been breached, we will inform you as soon as possible and will take any measure required to minimize the effects of such a breach. Security breaches will also be notified to the appropriate authorities. The IASC cannot be held liable for any data theft or security breaches other than in cases of willful misconduct or gross negligence.

Remarks, suggestions, complaints

In case of any suggestions, remarks, or complaints regarding the handling of your personal data, we kindly ask you to contact the IASC Secretariat via iasc@iasc-commons.org. We will then try to resolve the issue as soon as possible.

Changes to this policy

This privacy policy may be subject to changes. All changes intend to improve the protection of your privacy and to handle your data in a secure and transparent way. This policy has last been updated on July 18, 2018.