Data Protection Declaration of the European Cetacean Society (ECS)
presented by the ECS Chair Mario Acquarone and webeditor Michael Dähne (firstname.lastname@example.org)
(as of: January 2019)
The ECS as an open society respects and protects your private data. During use of our web based services, we will only collect individual related data that is necessary to
- organize conferences,
- to submit, review and judge abstracts submitted,
- to administer your membership credentials and payment,
- publish newsletters,
- to collect registration fees,
- and to assure in general that the ECS serves its constitutional purpose of promoting scientific study and conservation of marine mammals in Europe and facilitating cooperative marine mammal science.
When visiting our Internet site, technical data regarding your usage is neither collected nor saved on any server. Cookies are used on your own computer to save your login credentials and number of revisits of the website and to controls administrative features of the website, that are only accessible as administrator. Furthermore the has_js cookie is used. You are accepting that during the cookie use opt in.
We therefore comply with the General Data Protection Regulation (GDPR) as called for by the European Commission for all web based services. This Data Protection Declaration shall explain to you in detail which data are collected and saved, how they are used and how you can exercise your rights in accordance with the provisions of the General Data Protection Regulation (GDPR).
Insofar as you have provided us with personal data, we shall collect, save and use these data only as this is required in order to respond to your enquiries, in order to substantiate, process and implement the contractual agreements concluded with you and/or in order to render the services and for the technical administration. The policy describes the data that ECS collects as part of those activities, how the ECS uses those data, under what conditions it may share them, and how it protects them. It also explains how a member or participant in an ECS activity may access and update her/his data and make choices about how their data are used.
The European Cetacean Society was first internet-enabled in the pre-web days of 1992. It has been present ever since with mail, mailing lists and this web site.
1. Use of the website and information security
Security and confidentiality user information is important to the ECS and the society takes a number of steps to safeguard any personally identifiable information provided to it. For example, www.europeancetaceansociety.eu uses data encryption technology (i.e., Secure Socket Layers, or SSLs) to help protect against loss, misuse or alteration of user login data and personal information.
The ECS ensures, to technically sound level, that all security measures are reasonable and robust, that the website is updated and necessary server patches are applied. However, no method of transmitting or storing electronic data is ever completely secure, and therefore the ECS cannot warrant or guarantee that such information will never be accessed, used, or released in a manner that is inconsistent with this policy. In any case of a security breach that exposes personal data we will inform the user according to EU GDPR.
Furthermore, during each visit to our website, data are collected by the enquiring computer which serves to facilitate the technical processing of the inquiry, but also enables inferences to be drawn about the inquiring computer. We save these data exclusively for the technically-required duration of the connection’s existence. Moreover, because our information offering is free-of-charge, no user or connection data are saved, except when necessary to facilitate payments.
1.1. Data types
1.1.1. Personally identifiable information
Data that is not personally identifiable information can be linked to personally identifiable information and is then treated as personally idetifiable information.
1.1.2. Non-personally identifiable information
Data that is not linked to a specific person (e.g., education, affiliation, expertise) is considered non-personally identifiable information. The ECS may collect such information through various sources and use such information for various analyses and descriptions and, generally, to make its websites and activities more informative and useful. As noted above, such information becomes personally identifiable if it is linked to other personally identifiable information. One example could be an IP-address which is non-personal identifiable information. If it linked to a user it becomes personal identifiable information and will be treated as such.
1.2. Council members, Reviewers, Conference Organizers
Council members, reviewers and conferences organizeres will have only access to the data that they need to facilitate the organisation of the ECS and the conference organizations. When the ECS transmits personal information (e.g., name, email address, billing and physical address, and phone number) to ECS Council, committee members and conference organizers, it states in its transmission message that such records may only be used for the intended purpose that will advance the ECS’s constitution and serve the membership and are not to be retained, shared, or used in any other way.
1.3. Data security officer
We ensure that at no time more than 5 trusted and listed people have access to personally identifieable user data and therefore comply with GDPR regulation. However, if it becomes necessary that more people within the organisation acquire access, we will incorporate a data security officer.
1.5. Information Selling, Exchanging, Sharing and Use
The ECS does not sell or exchange its members’ personal identifiable information to any other organizations with the exception noted below:
- The ECS may exchange its email lists with scientific societies (e.g., the Society for Marine Mammalogy) and organizations with which it has developed a formal relationship through a Letter of Agreement. Such an exchange would be for conference planning. Exclusively for the world marine mammal conference 2019 in Barcelona data will need to be shared with the X-CD conference support site of the Society of Marine Mammalogy.
- The ECS does share its membership data with outside consultants who provide the ECS technical conference management and web support. It does so with the understanding that the data will be used exclusively for the purpose of supporting the conference attendee’s experience at a specific conference and will not be shared or made visible to other individuals or organizations.
- The ECS may use the personally identifiable information of a website user to deliver the products and services that said user requests, enhance their experience on an ECS website, or for internal analysis and other purposes described in or consistent with this policy.
1.6. Email communications
Members and users may communicate with the ECS council and committee members through a variety of methods, including email communication. Such communication may be essential if a member/user is interested in obtaining information, products, or services from the ECS, or in participating in certain activities on one of its websites (e.g., making an online purchase; reading Marine Mammal Science; becoming an ECS member; making an online donation to ECS; or participating in voting, surveys, or certain special initiatives). ECS newsletters have been circulated in the past and may eventually start to be circulated in regular intervals again, but are currently not planned for. All email communication serves constitutionally defined purposes.
1.7. Past memberships
The ECS retains past membership information in its database so that it can invite previous members to renew and alert previous conference attendees about upcoming ECS conferences. The ECS does not make any membership information available or share it with other organizations or individuals unless listed under 1.5.
To delete the personal information that the ECS has collected from them, members should contact the ECS at email@example.com. The ECS may still retain copies of that information for database backup files, but the information will not be used in any way other than as described here. The ECS membership data includes records starting in 2013.
2. Online registration
The ECS offers you the opportunity to purchase memberships and registration online which will enroll you in our membership list and gives you a discount on registration fees for our annual conferences. Details of all these transactions are transferred to you directly via e-mail. We do not save any data on paypal account, credit card details or bank transfer details on the website and associated server. All payment data are retransferred to your preferred payment system and handled outside of the ECS website and associated server. Neither we nor our service provider will have access to your data during this process. It is however not possible to enroll anonymously for the membership and conference fees, since we have to process your order and enroll you for the conference. In order to implement the ordering process, only a verified e-mail address is needed to electronically sent out the membership messages and potential inquiries in the future. In order to prevent and track fraudulent transactions from being charged to you with stolen credit card data, we save this e-mail address for the duration of the membership and according to Belgian Tax Office necessities. We keep your identification and the e-mail address only for the purposes outlined in the ECS constitution and use these data exclusively for criminal prosecution if fraud is suspected.
3. Web Shop
The ECS will offer you the opportunity to shop online for merchandise articles that were not sold during the conferences. For the implementation of these contractual agreements, we need your name, affiliation, postal address and e-mail address.
4. Subscribing to membership, newsletter and mailing lists
You shall have the opportunity to register via the website for the ECS newsletter and for membership. In order for us to process your inquiry, we need your surname, your forename and your e-mail address. Only then after the successful completion of a double opt-in process will we send our newsletter to you or register you as a user. At any time, you will have the option of reviewing your Declaration of Consent or unsubscribing from the newsletter. Corresponding links are provided in each accompanying e-mail to our newsletter, but also in the footer of the website. In the event that you unsubscribe from the newsletter, we shall promptly delete your data from our newsletter recipient list. The European Commission imposes certain requirements for the effectiveness of an electronic consent as it is used for registering for the newsletter. This also includes the logging of your Declaration of Consent. Thus, we log the date and time of day of the consent, the text of the Declaration of Consent, whether the check box was ticked, your e-mail address, your surname and your forename and affiliation. We likewise log the date and time of day of the click on the confirmation link as well as the link in the confirmation e-mail. We collect and save these data exclusively for fulfilling the prescribed legal standards for the electronic consent of the General Data Protection Regulation.
As a service the ECS offers mailing lists ECS-TALK and ECS-STUDENTS. Both are hosted by jiscmail. The ECS does not hold any data of these lists on our servers and therefore these personal information are given to jiscmail on a voluntary basis by each user and have to be treated independent of the ECS website data.
5. Tracking and web analysis
This website does not use any tracking nor google analytics or other software to analyze your behavior on the website. If we want to know more about, how you like our web services, we will contact you via e-mail after consent and ask directly.
6. Contact Form
Via our contact form, we shall collect data such as your name, your e-mail address and, and if required for efficient communication, your telephone to. Your data are then provided on a voluntary basis. The transmission of the contact data is undertaken in encrypted form.
7. Third party involvement
In the event that we have to transfer your data to a third party we will contact you directly. This will only happen if absolutely necessary in encrypted form. There is one exception: For the WMMC conference you agree, during transfer between websites, that your data is sent to the webpage of the society of marine mammalogy (www.marinemammalscience.org) and the X-CD software. This serves the purpose of enabling the associated discount to be automatically accounted for in the X-CD software that is used during registration for the conference.
The ECS uses the social log-in (“Facebook Plug-Ins”) of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) which links this web site with Facebook’s social network.
By activating the Facebook Plug-Ins, your browser creates a direct link to Facebook’s servers. The content of the Facebook Plug-Ins shall be transmitted by Facebook directly to your browser. Certain data are simultaneously transmitted by your browser to Facebook. This occurs regardless of whether you click on the Facebook Plug-In or not. We have no control over the scope of the data which Facebook collects in this manner. Based upon our current level of knowledge, it concerns the following data:
- Visited page on our website which the FacebookPlug-In contains,
- The data (IP address, browser type and browser version, operating system, time of day) which are generally transmitted by your browser,
- For registered and logged-in Facebook users, the respective Facebook ID no.
The purpose and scope of the data collection and the additional processing and use of the data by Facebook as well as your related rights and setting options for protecting your private data can be reviewed in Facebook’s Data Protection Guidelines: www.facebook.com/policy.php.
If you are a Facebook member and would not like for Facebook to collect data about you via our Internet site and link them to your member’s data saved at Facebook, you must first log out of Facebook before visiting our Internet site and possibly delete any existing Facebook cookies. Moreover, the Facebook Plug-Ins can be blocked by using add-ons for one’s own browser. Additional information in this regard can be found on the add-on pages of your browser.
In order to link to Twitter, ECS uses the tweet button from Twitter Inc., 795 Folsom St., Suite 600, San Francisco, CA 94107, USA (“Twitter”).
By activating the tweet button, your browser will create a direct link to Twitter’s servers. The content of the plug-in will be transmitted by Twitter directly to your browser. Certain data shall be simultaneously transmitted by your browser to Twitter. This occurs regardless of whether you click on the tweet button or not. We have no control over the scope of data which Twitter collects in this manner. Based upon our current level of knowledge, it concerns the following data–particularly regarding the displaying of the tweet button:
- Visited page on our website which contains the button,
- The data (IP address, browser type and browser version, operating system, time of day) which are generally transmitted by your browser.
The tweet button can likewise be hidden via browser add-ons so that no data collection is done by Twitter.
This website contains plug-ins of YouTube LLC, which is owned by Google Inc., 901 Cherry Ave., San Bruno, CA 94066, USA (“YouTube”). As soon as you visit one of our web site’s pages which is equipped with a YouTube plug-in, a link will be created to YouTube’s servers. In doing so, the YouTube server will be notified of the specific page of our Internet site you want to visit. If you are logged in to your YouTube account at this time, you will then enable YouTube to classify your surfing behaviour directly to your personal profile. You can forego this classification option by logging out of your account in advance. Additional information regarding the collection and use of your data by YouTube can be found here: https://www.google.de/intl/de/policies/privacy/
11. Information, Blocking, Correction, Deletion
Upon reasonable request, you can receive all information about the data stored about your person from us by contacting firstname.lastname@example.org. With regards to the data we have collected about you, you can have such data blocked, corrected or deleted. The deletion of the saved personal data shall be undertaken if a) You withdraw your consent for the saving of your data, b) the knowledge of such data is no longer required for the purpose being pursued through the saving of such data or c) the saving of such data is not permitted for other legal reasons. All data are stored for up to 10 years to allow for membership statistics and to ensure that your profile is accessible to you upon return to the ECS website. However, all data can be deleted upon request.
12. Responsible Authority
The responsible authority is the European Cetacean Society.
13. Directory of Procedures
Please also feel free to submit any inquiries and comments directly to our webmaster email@example.com.
14. Server Log-Files
The website www.europeancetaceansociety.eu has an automated system to create log-files to allow for security analysis of the server.
Ewin Y Don
16. Links to other Websites
On its websites the ECS may provide links to other sites that it believes members and users will find useful or informative. Those sites operate independently of the ECS and have established their own privacy and security policies. The ECS encourages users to note when they leave an ECS website to go to another website and to read the privacy policies at any site they visit.
17. Changes in privacy statement