NSO Privacy and Data Security Policy

NSO Privacy and Data Security Policy

 

Last updated: 1 June 2020

 

About | How personal information is collected | What personal information is collected | How the NSO uses personal information | How long personal information is kept | Email addresses | Disclosure of information to third parties | Right of access to, rectification and/or erasure of your NSO information | Data security | Use of cookies and other tracking technologies | External Links NSO membership account’ - Managing your contact with the NSO 

 

About


The Nordic Society Oikos (hereafter “NSO”, “Society”, “we”, or “us”) is a Public Benefit organisation registered in Sweden under the registration number: 802453-6040. NSO is registered at Geocentrum II, Sölvegatan 12, SE-223 62 Lund, Sweden. The NSO office can be reached by email info@nordicsocietyoikos.org or by mail to NSO c/o Oikos Editorial Office, Geocentrum II, Sölvegatan 12, SE-223 62 Lund, Sweden. The official website of the NSO is available at https://nordicsocietyoikos.org.

The Nordic Society Oikos complies with the General Data Protection Regulation (GDPR) 2016/679 and the data protection laws in Sweden, and takes all reasonable care to prevent any unauthorised access to your personal data. The NSO respects your privacy and is committed to safeguarding the confidentiality of your personal information. This policy explains how and why the NSO collects and uses the personal information of its members, customers and website visitors, and how the NSO protects your privacy. It also explains how you can manage your own personal information held in the NSO system through the ‘NSO membership account’ on the NSO membership platform.

When disclosing your personal information to us by using the ‘NSO membership account’ on our platform or by completing and submitting paper or electronic forms to us, you consent to the collection, storage and processing of your personal information as stated in this policy. If you are under 18 years of age, you must first seek the consent of your parent or guardian prior to submitting any personal information to us.

The NSO acts as the controller of the personal data you provide to us. The personal information that we collect from you shall be obtained, processed and transmitted in compliance with applicable data protection legislation – European Regulation 2016/679 (GDPR). Per the European Regulation 2016/679 (GDPR), "Personal Information" means any information relating to an identified or identifiable natural; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This general policy is in addition to any specific policies concerning specific products or services. It may be amended at any time so we invite you to visit this page regularly for updates.

 

How the NSO collects personal information


The NSO is a non-profit association which combines a wide range of activities in the field of ecology, including:

  • Provision of membership services
  • Collection and dissemination of scientific information
  • Organisation of scientific meetings (conferences, workshops) and courses
  • Provision of other educational products and services

This may require the handling of personal information of the individuals involved in these activities and hence the NSO collects personal information in a number of ways from a number of sources. This information may be communicated to the NSO on paper forms received through the postal services or electronically through registration on the NSO platform and use of the NSO’s online services (‘NSO membership account’) or through other electronic forms made available through partner websites.

The sources of personal information received by the NSO are:

  • The individuals themselves
  • Third parties acting on behalf of individuals (e.g. an agent arranging registration or hotel accommodation for an NSO organised congress)
  • Affiliated societies providing details of their members (Note: members of the national Nordic societies (Swedish Oikos Society, Danish Society Oikos, Icelandic Ecological Society, Norwegian Ecological Society, Oikos Finland) are also members of the NSO by virtue of their society’s affiliation to the NSO).

As per Article 14 of the European Regulation 2016/679, where we receive personal information about individuals from sources other than the individuals themselves (e.g. for NSO membership or congress registrations), we will take all practical steps to contact the person concerned to advise of their rights.

The principal ways in which the NSO collects personal information are:

  • When you register personal details when creating or updating a ‘NSO membership account’ on the NSO platform
  • When you, or an agent or other third party acting on your behalf, enter personal details on a form requesting an NSO product or service (e.g. when registering for an NSO organised conference)
  • When you, or someone on your behalf, submits proposals or content in connection with scientific sessions at an NSO organised conference or meeting (e.g. abstracts submission)
  • When you participate in NSO surveys (e.g. about the functionality of the member services or to provide feedback to a NSO organized conference)
  • When you communicate with other NSO members through the NSO platform (e.g. when using the NSO membership app during a conference)
  • When your National Society provides us with your details for you to benefit from NSO membership

 

What personal information is collected by the NSO


Personal information you provide us with

Mandatory personal information

As a general rule, the following minimum information must be provided in order for your order, request, application, etc. to be processed.

  • Nominative information - First Name(s), Family Name(s): Your nominative details are needed to properly identify you, to communicate with you, to provide you with the products and services you have requested and to ensure that items are properly labelled as yours (e.g. congress badges and scientific contributions such as abstracts and presentations, etc).
  • Email address: Your email address is needed because it is used as part of the login information (to access your ‘NSO membership account’ personalised area on the NSO platform) and is necessary in order to communicate with you and provide you with order/request confirmations. Additionally, because we only permit a particular email to be used once in our system, it reduces the possibility of duplicates. Finally, it permits “Forgot Password” to be handled in an automated secure way.

 

Other personal information

Other information may be requested which is necessary or relevant for specific activities.

Mandatory information for specific purposes

  • Credit card information is required for anyone wishing to make payment by this method.
  • Affiliation information (to an organisation) is required for all persons wishing to submit an abstract.
  • Professional status (together with proof) is requested for all persons requesting certain fees (e.g. specific registration fees for congresses and events)

Optional information is

  • Emailing preference: We ask you to advise us whether or not you wish to receive marketing emails from the NSO (e.g. email campaigns regarding upcoming NSO conferences or meetings). This is so that we can respect your privacy as regards electronic communications, as required by European laws.
  • Profile information: We ask you for information about your
    • Professional activity,
    • Place of work, institution
    • Fields of interest
    • Areas of expertise
    • Telephone information – to enable us to contact you rapidly in case of need
  • Subscriptions to eNews and email notifications enable you to request to receive regular NSO newsletters and email alerts on selected ecology topics

This information enables us to provide you with more relevant information and to better understand the preferences of our audience so that we can give a better service generally. Information such as professional activity or areas of expertise may be used to connect you with members of similar interest or to recruit you for NSO target activities (conference sessions or symposia, special interest groups, editorial boards for our journals, etc).

 

Information we collect automatically

When you visit the NSO website and platform, information is collected in an automated manner about your computer/device, your IP address, the referring website, what pages you visit, how long you stay on them and the general use you make of the website.

When you make use of our services (purchase a subscription, registration or product or consume an educational product), we keep track of this activity in logs on your NSO membership account on the NSO platform (e.g. participation at NSO meetings, opened newsletters etc). This information is collected using various technologies which includes saving cookies to your computer or device. For more information on our use of cookies, see below.

During an NSO conference or event, attendees may be photographed and videotaped by NSO or its partners capturing the event. Some of these photographs or videos may be displayed by the NSO or its partners in future publications or materials connected with the event as well as social media. The legal basis of the Legitimate Interest is used when photos and/or videos of speakers or the audience are taken, in compliance with article 3 and 4 of the Society’s Statutes. In case of photos and/or videos of individual participants, the consent of the interested party is required before publishing them. If you do not wish for your image to be displayed by the NSO, please go to the information desk or one of the registration desks onsite during the event and inform the staff. You can also contact the event organizer through the registration page. Without contradictory instructions from your side, you hereby grant the Nordics Society Oikos (NSO), the irrevocable rights to record and use free of charge, on a worldwide basis and for the entire duration of protection of the rights thereto, on any and all supports or forms of media, your image, voice, name, photographs, and video on which you appear for purposes related to scientific, educational or promotional purposes. You hereby release, waive and discharge the NSO, its employees and independent contractors from any and all demands, claims, causes of action, damages and liabilities directly or indirectly arising out of any use of your image, voice or name pursuant to the foregoing rights grant.

 

Information we collect from third parties

Agreements made between the NSO and the National Nordic Societies (Swedish Oikos Society, Danish Society Oikos, Icelandic Ecological Society, Norwegian Ecological Society, Oikos Finland) state that the NSO must provide up to date information on their members. This information is used to either create a NSO membership account or update an existing account with the NSO membership status.

We also work with third parties including, for example, publishers, and professional congress organizers from whom the NSO may receive information about you.

 

Cross border transfers

The NSO may transfer your personal information outside of your country of residence for the following reasons:

  • In order to process your transactions, we may store your personal information on our system which may reside outside the country where you live. NSO has physical or virtual data storages and office location distributed in several countries, including Sweden and the United States. Such processing may include, among other things, the processing of your payment details and the provision of support services.
  • In order to satisfy global reporting requirements, NSO may be required to provide your personal information to NSO affiliates in other countries.

By submitting your personal information, you agree to this transfer, storing or processing of your information. We will take all steps reasonably necessary to ensure that your personal information is treated securely and in accordance with this Privacy Notice and all applicable data protection laws.

 

How the NSO uses personal information


The NSO may use your personal information in the performance of any contract we enter into with you, to comply with legal obligations, or where the Society has a legitimate business interest in using your information to enhance the services and products we provide. Personal information is needed by the NSO to enable it to properly manage its members and customers.

The personal information which you supply may also be specifically used to:

  • Setup your personal NSO membership account
  • Provide you with a NSO membership space where you can provide/review/edit your personal information
  • process a registration for an NSO conference, meeting, course and other event (both at a physical location or online). Congress badges, online access to courses, etc and certificates of attendance also require the nominative information supplied.
  • handle attendance at a social event at an NSO conference, meeting or other event.
  • process registration(s) or hotel request(s) for another person(s) if you are acting on behalf of a third party or parties.
  • handle scientific programme activities in connection with NSO conferences and meetings. These include abstract submission and grading process, speaker and chairperson management, handling of agreement forms, preparation of the scientific programme, presentation management onsite, publication of the scientific content on the NSO website.
  • handle specific processes for NSO leadership and volunteers representing the NSO, including hotel accommodation, expense claims and Declarations of Interest.
  • manage access to restricted content on the NSO website (certain resources are only available to members of the NSO).
  • enable individual communications with you about specific matters - e.g. sending confirmations, receipts, requesting further information to solve queries, responding to NSO helpdesk requests, etc and sending emails to you with information about NSO activities which we believe will be of interest to you (subject to your prior consent to receive NSO generated emails).
  • send electronic newsletters and notifications (alerts) to you (where you have subscribed to receive them).

The information we collect automatically is used to:

  • Enable us to improve our website and ensure the content is presented to you in the most optimal way. We analyse our user’s activities on the websites to deduce what works well, what needs to be improved on and what is of little value to our visitors which allows us to focus on the main areas to ensure you have a pleasant experience on our websites.
  • Provide you with personalised suggestions and recommendations on our websites and e-communications customised to your usage of our website.
  • Promote our activities in a coherent and adequate manner.

 

How long personal information is kept


Your personal NSO membership account is only kept for a reasonable period of time, dependent upon the nature of the information and its intended use, but subject to a maximum of five years after your last use of an NSO product or service. Personal information will be destroyed, put beyond use or erased from NSO’s systems when it is no longer required or, where applicable, following a request from you to destroy or erase it.

For accounting purposes, invoices and expense claims are kept for 10 years in our systems.

 

Email addresses


Electronic communication is for most purposes the NSO’s preferred method of communication because it is generally convenient, rapid, effective and efficient. In order to be able to communicate with you directly electronically, the NSO needs your email address. You are therefore required to supply your email address when you create your ‘NSO membership account’ on the NSO platform, which enables you to access a variety of services online.

 

Unique email address

For your convenience and security, your email address is unique to you in the system. (The NSO does not permit two different persons to have the same email address in the system).  You are strongly recommended to use an email address which is personal to you and that is not shared with others. This is to ensure that communications which are sent to you personally are not read by others, and that others do not gain access to the information in your ‘NSO membership account’. Additionally, the unique email permits handling of “Forgot Password”, enabling you to reset your password in an automated and secure way using your personal email address.

 

Email privacy

The NSO respects the privacy of personal email addresses and complies with the current European legislation on email communication. The objective is not to send you unwanted messages, and your email details will not be passed on to any other individual or organisation without your permission for marketing purposes.

You can manage the extent to which the NSO communicates with you by using the email preferences section in your ‘NSO membership account’. Here you are asked to indicate whether or not you wish to receive NSO generated emails. If you decide that you do wish to receive email communications from the NSO you can select which categories of news interest you. All mailings sent to you offer the possibility to unsubscribe.

If you indicate that you do not wish to receive NSO generated emails you will only receive emails directly related to the transactions you have with the NSO (e.g. confirmations of registrations, due payments etc.) and other necessary individual communications.

 

Disclosure of information to third parties


The NSO does not sell, trade, or rent your personal information to others. The NSO may supply your information to its contractors to perform specific services such as, for example, to the publishers who deliver NSO journals, the mobile app suppliers who supply guidelines, recommendations and congress applications, and our CRM and email service provider and banking partner (EventBank; to read the EventBank privacy policy go here).

The NSO may also disclose or share your personal information with an unaffiliated third party under the following circumstances:

  • where the NSO is required to disclose personal information in response to lawful requests by public authorities and government agencies, including to meet national security or law enforcement requirements; to comply with a subpoena or other legal process; when we believe in good faith that disclosure is necessary to protect our rights or to protect the rights, property or safety of our services, users or others; and to investigate fraud
  • where all or substantially all of the business or assets of the NSO relating to our services are sold, assigned, or transferred to another entity.

Otherwise, the NSO does not disclose personal information to any other person or organisation without your consent. In this context, your personal data may be disclosed to the following external partners of the NSO in the circumstances described below:

  • Agencies handling NSO managed hotel bookings: Nominative information is provided to local agencies where the NSO handles hotel bookings for a particular congress or event. 
  • Professional congress organisers (PCO) managing the organisation of certain meetings: Nominative information and email is provided to PCOs managing the organisation of some of our conferences and meetings so they can proceed to scientific programme and faculty management (send invitations, manage acceptances and permissions).
  • Groups representatives and agencies handling your congress or event registration: Where your registration is handled by someone other than yourself, your confirmations, badges or vouchers may be sent to this third party. These contain nominative details about you.
  • Travel agency handling flight and hotel bookings on behalf of NSO leadership and volunteers engaged in NSO business: Appropriate personal information is transferred to the travel agency handling these bookings.

 

Right of access to, rectification and/or erasure of your NSO information


In accordance with the chapter 3 of the European Regulation 2016/679 with regards to data protection, you have the right to request from NSO, access to and rectification or erasure of your personal data or restriction of processing concerning your data or to object to processing as well as the right to data portability.

For such, please contact info@nordicsocietyoikos.org (note: you must contact NSO with the email that is registered with your account as a proof of identity).

You have the right to lodge a complaint with a supervisory authority, and for information, you can reach NSO staff at info@nordicsocietyoikos.org.

When you visit your ‘NSO membership account’ you have direct control over the information in your personal profile. You can access and change this information at any time from your ‘NSO membership account.

Note that an opposition or deletion request once treated will not delete all trace of financial transactions which need to be kept, for accounting purposes, for a duration of 10 years.

 

Data security


To protect your information, the NSO uses an industry standard security protocol called Secure Sockets Layer (SSL) to encrypt the transmission of sensitive information between you and our Websites. To know if transmissions are encrypted, look for the lock on your web browser or check that the URL starts with https://.

Unfortunately, no company or service can guarantee complete security. Your account is protected by a password for your privacy and security. We strongly suggest you prevent unauthorized access to your account by selecting and protecting an appropriate password and limiting the access to your computer and devices.

Please note that the NSO will never ask you for your personal details, password or credit card details by email. We advise you to be vigilant and apply caution. All transactions should go through your secure NSO membership account area.

 

Payment collection

Payment collection is made securely through our service provider EventBank and their payment partner Braintree, a Payment Card Industry Data Security Standard (PCI-DSS) certified organization. PCI-DSS is an information security standard that has been created by the major credit card companies (American Express, Discover, JCB, MasterCard and Visa) to improve controls around credit card data handling and to reduce fraud.

The NSO and the service provider EventBank do not store any credit cards details. The full details are only kept by Braintree, the payment partner, on their secure servers.

 

Use of cookies and other tracking technologies


Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes. They are small text files that a website can use to recognise repeat users and facilitate their ongoing access to, and use of, the site. They do not pose a threat to your system or files.

Our websites only use strictly necessary cookies. These cookies are necessary for the website to function and cannot be switched off in our systems. They are triggered by an action you made such as setting your cookies preferences, filling in forms, etc.

Our websites do work without cookies, but you will lose some features and functionality if you choose to disable cookies. In particular, if you do choose to disable cookies, you will not be able to enjoy the full range of online services available through the NSO membership account or any of the restricted content.

We also use clear gifs in our email marketing communications which is used to track the emails that are opened by the recipients. This information allows us to have accurate reports and improve the effectiveness of our marketing and make our services and Websites better for you.

 

External links


The NSO Web Site contains links to other websites. Please be aware that the NSO is not responsible for the privacy policies of other sites. You are therefore encouraged to read the privacy policies of any other site that collects personally identifiable information. This privacy policy applies solely to information collected by the NSO.

 

‘NSO membership account’ - Managing your contact with the NSO


Access to personalised services

You do not need to register to access most of the NSO Websites, but you do have to register to use personal services online and access certain web content.

The details you supply the NSO may be combined with information from other NSO records to:

  • provide you with online services like abstract submission, registration for congresses, etc.
  • save you having to keep giving the same information for different NSO services
  • allow you to access specific web content reserved for NSO members
  • help you to get more out of the NSO by keeping you up to date about NSO activities, scientific developments, and products and services by email. (Note: This is an ‘opt-in’ service only – for more information, please go to the section email addresses)
  • Access to your personal information

The ‘NSO membership account’ enables you to manage your personal information held by the NSO. If you are a Member of the NSO, or have used NSO products and services, a record will already exist for you which you can potentially access by logging in online through:

  • use of your existing login details (email and password), if you have already used the NSO online services (‘NSO membership account’) previously.
  • the ‘Retrieve your Login’ feature which, if your email address is recognised, will send an email to the address given which will guide you through a process to set a password for yourself.