Who is collecting your personal data?
IAS – the International AIDS Society – is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience.
References to “we”, “us” and “our” are to the IAS, an association registered in Switzerland (CHE-111.717.829).
The IAS is the registered data controller to which this policy refers.
This policy was last updated on 28 January 2022. The IAS will occasionally update it and encourages you to periodically review it to be informed of how the IAS is protecting your privacy.
By using the site, you consent to the data practices described in this policy.
This term covers “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Art.4 §1 GDPR).
Sensitive personal data
This term covers a subset of data for which even greater care should be taken, comprising “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” (Art. 9 §1 GDPR).
This term means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (Art.4 §2 GDPR).
This term covers individuals that are identifiable or identified by the processed personal data (Art.4 §1 GDPR).
The Data Controller “determines the purposes and means of the processing of personal data” (Art.4 §7 GDPR).
Anyone processing data on behalf of the Data Controller (Art.4 §8 GDPR).
A “natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data” (Art.4 §10 GDPR).
What personal data do we collect and how do we use it?
Personal data of data subjects that the IAS processes may include, depending on your relationship with the IAS, the following:
- Identification data: Names, addresses, telephone numbers, email addresses, business contact information
- Personal characteristics: Date of birth, country of birth
- Professional information: Employment and job history, title, representation authorities, job application information
- Identifiers issued by public bodies: Passport, identification card
- Financial information: Bank details
- Special categories: HIV status, sexual orientation, racial or ethnic origin
The IAS will process personal data:
- To administer certain programmes as identified to you at the time of collection
- For statistical and marketing analyses
- To undertake email actions or compile petitions
- To update you on our campaigns and activities
- To ask to get involved in our campaigns
- To action your expression of interest in joining the IAS
- To administer your IAS membership
- To administer and process your applications for employment or volunteering opportunities with us
- To monitor the diversity of applicants for employment or volunteering opportunities
- To contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered
- To create anonymized evaluation report
- To improve our websites
The IAS also automatically collects certain information about your computer hardware and software. This information can include your IP address, browser type, domain names, access times and referring website addresses. The IAS uses this information for the operation of the service, to maintain quality of the service and to provide general statistics regarding use of the site.
Please keep in mind that if you directly disclose your personal data or sensitive personal data through IAS public message boards, chat systems or any other data-sharing application offered by the IAS, this information may be collected and used by others. Note that the IAS does not read any of your private online communications.
The IAS keeps track of the websites and pages our customers visit in order to determine what IAS services are the most popular. This data is used to deliver customized content and advertising on IAS websites and pages to customers whose behaviour indicates that they are interested in a particular subject area.
We may also use your personal data to fulfil any legal obligations.
Legal basis for processing
Data protection law requires us to have a legal justification to process your personal information. We use the following depending on the type of data and the type of processing:
Your consent is our primary legal justification for processing your personal data. By registering on our site, you will consent to the use of your data for the purposes described in this policy.
We sometimes share your personal data with other branches or sister organizations. This is done to fulfil our legitimate interest in promoting our organization as effectively as possible and enabling our message to reach people who may be interested in our mission. Legitimate interest may also be used in relation to all aspects of our business, given that your rights do not override it.
We may process your personal data to fulfil any legal obligations placed upon us, such as the prevention of fraud or money laundering. We may also process your personal data if lawfully required to do so by a legal authority or a court of law.
Is your data shared with third parties?
On our site, we sometimes have links to third-party websites or applications. This policy does not apply to such pages or applications hosted or operated by other organizations. This includes the site or applications of the IAS sections or related organizations or third-party sites. These other websites may have their own privacy policies, which apply to them.
Your contact information (but not your email) is made available to other participants of the site. You can also be directly contacted through the IAS interface.
Sharing of your personal data
Except as specifically indicated in this policy, the IAS does not sell, rent or lease its customer lists to third parties. The IAS may contact you from time to time on behalf of external business partners about a particular offering that may be of interest to you.
We also use other third parties to process some of your personal data, including for the following purposes:
- To action all online expressions of interest to join the IAS or take actions and manage all related communications
- To process online payments
- To manage our partners’, affiliates’ and members’ information
- To process all information associated with applications for employment or volunteering opportunities and related recruitment processes
- To provide you with online conference applications (for example, a virtual conference platform and video communications such as Teams and Zoom, giving you access to web conferences, chats, exhibitors’ area and major industry sponsors’ micro sites)
- To provide you with the conference programme.
Third-party services providers process your personal data only on behalf of the IAS and are bound by contractual terms that are compliant with data protection law. They may contact you directly using our online contact platform only.
In addition, the IAS may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support or arrange for deliveries. All such third parties are prohibited from using your personal information except to provide these services to the IAS, and they are required to maintain the confidentiality of your information.
The site may disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the IAS or the site; (b) protect and defend the rights or property of the IAS; and (c) act under exigent circumstances to protect the personal safety of users of the site or the public.
The IAS does not use or disclose sensitive personal data without your explicit consent.
Hosting and processing arrangements
Third-party service providers host our site, and therefore any personal details you submit through them may be processed by that third-party service provider. In such cases, appropriate technical and organizational measures are in place to protect the information.
How long will your data be stored for?
We only hold your personal data on our systems for as long as is necessary for the purposes outlined above.
The length of time each category of data will be retained varies depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. After this time, the data will be deleted, but we may retain a secure anonymized record for research and analytical purposes.
What data privacy rights do you have?
You have the right, subject to applicable local data protection legislation, to:
- Request access to, and receive a copy of, your personal data we hold, as well as related information (‘Right to access’, Art. 15 GDPR)
- If appropriate, request rectification or erasure of your personal data that are inaccurate (‘Right to rectification’, Art. 16 GDPR)
- Request the erasure of your personal data, subject, however, to applicable retention periods (‘Right to be forgotten’, Art. 17 GDPR)
- Request a restriction of processing of personal data where the accuracy of the personal data is contested, the processing is unlawful or if the data subjects have objected to the processing (‘Right to restriction of processing’, Art. 18 GDPR)
- Receive the personal data in structured, commonly used and machine-readable format (‘Right to data portability’, Art. 20 GDPR)
- Object to the processing of personal data, in which case we will no longer process the personal data (‘Right to object’, Art. 21 GDPR)
How do we protect your personal data?
We take appropriate security measures to ensure that we keep your data secure, accurate and up to date. When data (such as a credit card number) is transmitted to another site, it is protected using encryption, such as the Secure Socket Layer (SSL) protocol.
How can we keep you up to date?
By subscribing to our mailing list, you will be the first to receive the latest news, updates and announcement from the IAS. The frequency of IAS emails will vary. If you no longer wish to receive our emails, you can unsubscribe at any time simply by clicking the “unsubscribe” link in the footer of any of our emails.
How can you contact us?
For any questions you may have in relation to this privacy notice or, more generally, the processing of your personal data, you may contact the IAS at:
International AIDS Society
Avenue de France 23