International Safe Transit Association Privacy Policy

International Safe Transit Association Privacy Policy

Last updated: April 30, 2018

Introduction

We at International Safe Transit Association ("International Safe Transit Association ", "we", "us", and "our") know that your privacy is important. This Privacy Policy (the “Policy”) is designed to assist you in understanding how we will process your personally identifiable information (“Personal Data”) on our website located at ista.org (the “Website”).

Please read this Policy to learn more about the ways in which we collect and use your Personal Data. If we make any material changes to this Policy, we will notify you in accordance with the process described in the Changes to This Policy section below. By signing up for our services and by using our Website, you consent to our collection, use, disclosure, and all other types of processing of your Personal Data, as described in this Policy.

Data Controllership

In the context of this Policy, we act as a data controller for the Personal Data that we process.

Basis of Processing

Within the scope of this Policy, we may rely on one or more of the following legal grounds for processing of your Personal Data:

  • your consent;
  • the need to perform our obligations under a contract or to perform related pre-contractual duties;
  • the legitimate interests pursued by us, such as to recruit new members, as well as to retain the data of previous members to facilitate re-enrollment; and
  • any other ground, as required or permitted by law in the specific respective context.

Please note that you may withdraw your consent at any time by visiting https://www.memberleap.com/members/contactus_page.php?org_id=ISTA&gdpr=Y. This will not affect the lawfulness of processing, based on consent before the withdrawal.

Where you provide us Personal Data with regard to the performance of a contract, we require this information to be able to enter into a contract with you.

Categories of Personal Data

Personal Data collected by us could include:

  • contact information, such as first and last name, e-mail address, phone number, and residence address;
  • events attendance data;
  • online store purchases;
  • sponsorship commitments;
  • proposal system submissions; and
  • any other type of information we may ask you for or that you may choose to provide us with.

How We Receive Personal Data

We may receive your Personal Data through our Website. In particular, we receive Personal Data when:

  • you sign up as a member of our association using our Website;
  • you interact with our Website when, for example, registering for an event; or
  • your information that you have provide to us by any other means is entered into our system by us, e.g., for the purpose of sending email newsletters.

We may also receive your personal data from third parties, in which case, we will notify you, where required by applicable laws, without undue delay.

Purposes of Processing

We may process your Personal Data for the purposes of:

  • registering you as a member of our association;
  • enabling your use of the features of our Website;
  • handling dues and fee billings for membership, events, and other association business;
  • retaining statistical information about your involvement, activity, and dues/fee payment;
  • tracking donations and store purchases;
  • tracking event attendance and committee membership;
  • listing your contact details so that other members can connect with you [if applicable for association]
  • scheduling volunteer activity;
  • tracking proposal submissions for a call-for-proposals;
  • tracking online learning participation;
  • recording of continuing education credits;
  • featuring news articles/press releases related to your association activity;
  • accounting;
  • responding to your inquiries, and/or other requests or questions; and
  • periodically sending you newsletters and other marketing materials.

Data Retention

When the purposes of the processing are satisfied, we will purge/anonymize your Personal Data within 6 months.

Sharing Personal Data with Third Parties

We may share your Personal Data with other entities. Such third parties may include those providing:

  • association management software;
  • web development services;
  • association management software;
  • hosting services;
  • cloud storage services;
  • IT support services;
  • analytics services;
  • customer support services;
  • payment services; and
  • any other type of external services we might need for us to be able to operate our Website and to provide you with our services.

We may share your Personal Data with these third-party vendors, solely to enable them to perform the services for us. In providing such Personal Data, we require that those third-party vendors maintain at least the same level of security that we maintain for such Personal Data.

If we would need to transfer your Personal Data to third countries, we will ensure that this will be subject to appropriate safeguards and other requirements, as stated in the applicable laws.

Other Disclosure of Your Personal Data

We may disclose your Personal Data:

  • to the extent required by law or if we have a good-faith belief that such disclosure is necessary, in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
  • if we sell or transfer all or a portion of our company’s business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; and
  • to our subsidiaries or affiliates, only if necessary for business and operational purposes.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data, about our Website users as a group for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose your Personal Data, in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.

Use of Cookies

A "cookie" is a small file stored on your device which potentially contains (or may be linked to) information about you, your device, and your use of our Website. We may use cookies to enable your use of the Website. The use of cookies is industry standard, so your browser may be set to accept cookies. If you would prefer not to accept cookies, you can alter the configuration of your browser to reject all cookies or some cookies. Note, if you reject certain cookies, you may not be able to access all of the features of our Website. For more information, please visit https://www.aboutcookies.org/.

Automated Decision-Making

We do not perform automated decision-making activities, such as profiling.

Data Integrity and Security

We have implemented and will maintain technical, organizational, and physical security measures that are reasonably designed to help protect your Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

Access, Correction, and Deletion

If you are a data subject about whom we store Personal Data, you may have the right to request access to, and the opportunity to update, correct, or delete such Personal Data. You may always e-mail us at the e-mail address found in the Contact Us section of this Policy. We will implement your requested changes, as soon as we reasonably can.

Restriction and Objection to Processing, Portability

If you are a data subject whose Personal Data we process, you may have the right to ask that we limit our processing of your Personal Data, as well as the right to object to our processing of your Personal Data. You may also have the right to ask to have your Personal Data exported in a machine-readable format. To exercise such rights, where applicable, please contact us using the information in the Contact Us section of this Policy.

Privacy of Children

Our Website is not directed at, or intended for use by, children under the age of 13. We do not knowingly allow anyone under 18 to provide any Personal Data on our Website. Children should always get permission from a parent or guardian, before sending personal information over the Internet. If you believe your child may have provided us with Personal Data, you can contact us using the information in the Contact Us section of this Policy and we will delete that Personal Data.

Supervisory Authority Oversight

If you are a data subject whose Personal Data we process, you may also have the right to lodge a complaint with a data protection regulator in one or more of the European Union Member States.

Changes to This Policy

We may update this Policy from time to time by posting a new version on this web page. You should visit this page occasionally to ensure you agree with any changes. We will post our revised Policy on this web page and update the “Effective” date above to reflect the date of the changes. By continuing to use our Website after we post any such changes, you agree that you accept the Policy as modified.

Contact Us

If you have a complaint, dispute, or questions regarding this Policy or our treatment of your Personal Data, please contact us at:

General Contact

Elizabeth Webb

ewebb@ista.org

Please allow up to 30 days for us to reply.