Privacy Notice

{iaps} Privacy Notice

Last updated: May 20, 2018

IAPS values its members and appreciates the privacy of their data, so accordingly we have implemented this Privacy Notice, which describes: how we collect and use personal information that you provide to us through your membership or through use of our services, what we do with the collected information, and how you can exercise your privacy rights.

Who we are

The International Association of Physics Students (IAPS) is an association of physics students and student societies from around the globe, working to promote peaceful collaborations amongst them. Our members are represented by national and local committees, who meet regularly to ensure the relevance of our activities. IAPS also includes individual members, in locations where no national or local committees exist.

Since 1987, IAPS has worked continuously to support friendly relations and collaboration between physics students. We support our members in their academic and professional work, as well as discussing and acting on scientific, social and cultural issues. IAPS is a recognised non-governmental organisation run entirely by students from around the world with a spirit of mutual understanding and equality. IAPS runs an annual International Conference for Physics Students (ICPS); an annual physics competition, Physics League Across Numerous Countries for Kick-ass Students (PLANCKS); visits to global research institutions, summer schools, exchange programmes, outreach activities, and multinational meetings all over the world.

What personal information do we collect?

Information you provide us

When applying for a membership of IAPS (whether as an individual member, a local committee, or a national committee), creating an account for the IAPS Member Network, subscribing to a newsletter or a mailing list, or at any other time you interact with IAPS and its volunteers we may ask you to provide personal information to us. For example, when creating an account for the IAPS Member Network, we will ask you for your email address and a password. We may also ask you for other personal information for purposes such as event registration. For billing purposes and to provide you with an invoice for membership, we may ask you for your physical address. At times we may ask you for other information such as your phone number for contact purposes.

During your interaction with IAPS, you may choose to provide us with personal information when you email us, chat with us, answer a survey, comment on our website posts, communicate with us through social media services like Twitter or Facebook, or through some other mean of communication with IAPS.

If you ask IAPS to contact another person on your behalf for purposes such as potential membership or sponsorships, we will ask you for their email address. IAPS will then contact them to determine whether they consent to us contacting them.

Information that we collect automatically

When you access any iaps.info website, we may collect certain information automatically from and about your device. This includes data about your browser, the operating system you use when accessing our services, your Internet Protocol address, and the date and time of each request you make to our services.

Collecting this information enables us to better diagnose problems with our services, provide support to our users more effectively, inform you about possible issues with certain software or operating systems, as well as ensure the continuous functionality of our services.

Information that we collect from third parties

We may collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer you to better serve you. Third party tools that we use for this include tools that are from: MailChimp, which IAPS uses to deliver our newsletter; Facebook, which informs IAPS about page likes and views, post reach and engagements; LinkedIn, which IAPS uses for professional outreach; Twitter, which provides similar information on tweets and account insights; Google, on whose platform (G Suite) most of the daily operation of IAPS is run on; and Google Analytics, which informs IAPS about page visits, which in turn helps us knowing which pages we should improve and update on our websites are based on.

What do we do with your personal information?

Under no circumstances do we rent, trade or share your contact details or other private information with any other organisation or company for their marketing or other purposes without your consent. We may use the information we collect through our services for a number of reasons, including:

  • To provide, operate, optimise, and maintain our online platforms, products, and services;
  • To understand how you use our services and customise your experience;
  • To set up online accounts;
  • To process and provide updates on membership invoices;
  • To send you marketing communications, where it is in accordance with your preferences and the IAPS regulations;
  • To provide support via online chat services, process your online enquiries and requests sent by email, and provide you with information and access to resources or services that you have requested from IAPS;
  • To improve the layout and content of our online services, and identify any IT or network issues;
  • To add information to a historical archive of IAPS;
  • To provide general statistics of our members;
  • To prevent abuse of the services we offer; and
  • To carry out any other lawful purposes, about which we will notify our users.

Email communications

From time to time, IAPS will communicate with you via email. The types of emails you may receive are:

  • Membership emails: These are membership related emails such as confirmations of password changes, emails related to membership fees, or a reply to an IT or another issue. The emails are a part of the services that IAPS provides you. You can adjust the emails you receive on some of our services, such as the IAPS Member Network. To stop receiving all membership emails, you must end your IAPS membership, and stop using any IAPS services. Providing an email address is not mandatory and consent does not have to be given for the collection and processing of, but will be used as the preferential method of contact for invoices in the case consent was provided.
  • Marketing emails: These will include emails through our newsletters about current IAPS events, collaborations, opportunities, and similar types of material. You will receive marketing emails only by subscribing to a newsletter or to a mailing list, and you will be able to unsubscribe at any time by using the unsubscribe link provided in any given email or by contacting our Data Protection Officer (DPO) at dpo [at] iaps.info.

We will only process personal information in ways that are compatible with the purpose we have collected it for, or for purposes you have later authorised us to. Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you have later authorised us to, we will ask you for reconfirmation of your consent for the additional purpose.

Who we share your information with

We may share and disclose your personally identifiable information and if we do it, it will only be in the limited circumstances described below:

  • To vendors and other third party service providers who require access to your personal information to assist in providing and improving our services. The third parties that access and use your information only on our behalf in limited capability include companies such as Google, Google Analytics, PayPal, BNP Paribas, Facebook, Twitter, LinkedIn and MailChimp. For example, we partner with PayPal to assist us in processing your membership payment, MailChimp allows us to send you our newsletter, and Facebook is used as one of our channels to reach out to our members.
  • We may also disclose your information to third parties:
    • where required by law or regulatory requirement, court order or other judicial authorisation,
    • in response to lawful requests by public authorities, including for the purposes of meeting national security and law enforcement requirements;
    • in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganisation of a business;
    • to protect or defend our rights, interests or property, or that of third parties;
    • to investigate any wrongdoing in connection with our products and services; and
    • to protect the vital interests of an individual.
  • We may share your information to any other person with your consent.
  • On some of our services, where you have set up an account, you may be able to give third parties the ability to access information and content in your account. When other services access and use your information, their conduct is governed by their own terms and policies. These services may also give you an opportunity to make information and content available to other people.
  • IAPS may disclose aggregate, non-identifying information about how our users use our services.
  • IAPS may disclose personally identifiable information to its member committees in order to ascertain a valid membership subscription to the said committee.

Legal basis for processing your personally identifiable information

We will collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate interests as an association. In some cases, we may also have a legal obligation to collect personal information from you.

If we ask you to provide personal information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible outcomes if you do not provide your personal information). Similarly, if we collect and use your personal information in connection to our legitimate interests for our operation as an association, we will make clear to you at the relevant time what those legitimate interests are and ask for consent.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided in the section “How to contact us” below.

Cookies and similar tracking technology

Like many websites, IAPS uses cookies and similar tracking technology (collectively “Cookies”) to collect and use personal information about you to provide better operation of our services and to help us troubleshoot our services where any issues may arise. A cookie is a text file that is placed on your hard disk by a web server. Cookies are not used to run programs or deliver viruses to your computer, but are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. One of the primary purposes of cookies is to provide a convenience feature to save you time. The purpose of a cookie is to tell the web server that you have returned to a specific page. For example, if you personalise information on our websites, or register for the IAPS Member Network, a cookie helps us to recall your specific information on subsequent visits.

When you return to the same website, the information you previously provided can be retrieved, so you can easily use the features that you customised. You have the ability to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer to do so. If you choose to decline cookies, you may not be able to fully experience the interactive features of our websites.

International data transfers

Your personal information is stored and processed by IAPS both within and outside the European Economic Area (EEA). Specifically, IAPS uses servers hosted by WebFaction in the European Union (EU), but data may be processed by people working outside of the EU. Additionally, for working with documents internally, IAPS uses Google’s G Suite, which uses servers hosted both in and outside the EU, and data may be processed by people working outside of the EU.

You can direct any questions or complaints about the use or disclosure of your personal information to IAPS at . We will investigate and resolve any complaints or disputes regarding the use of your personal information within thirty (30) days of receiving your complaint.

How we protect your information

The security of your personal information is important to us.

When you enter personal information on our services, we encrypt that information using secure socket layer technology (SSL) where possible. For monetary transfers made to IAPS and processed by the European Physical Society (EPS), we receive your contact and bank details given to complete the payment. For credit card payments, our treasurer will receive your credit card information to forward it to the EPS, after which IAPS deletes that data. Only the IAPS treasurer and president have access to this information within IAPS.

We use appropriate technical and organisational security measures to protect your personal information from loss, misuse, and unauthorised access, disclosure, alteration and destruction, both during transmission and once we receive it. However, although we seek to use the best available data security practices, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore we cannot guarantee its absolute security.

Your data protection rights & choices

You have the following rights:

  • If you wish to access your personal information that IAPS collects, you can do so at any time by contacting us using the contact details provided under the “How to contact us” heading below.
  • You can correct and update your details in your account by logging in to your account, where applicable. You can also contact us using the contact details provided under the “How to contact us” heading below in order to request that your data is deleted.
  • If you are a resident of the EEA, you can object to the processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible. You can exercise these rights by contacting us using the contact details provided under the “How to contact us” heading below. If you are not a resident of the EEA, you may also request to restrict the processing and collection of your data, however we are not legally required to do so.
  • Similarly, if we have collected and processed your personal information with your consent, you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect the processing of your personal information conducted in connection to the lawful processing grounds other than consent.
  • You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada) are available here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

We will ask for your consent to receive any marketing communications we may send to you before doing so. Additionally, you have the right to stop receiving said marketing communications we send to you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing emails we send to you. Alternatively, please contact us at . Please include your complete name and email address. Note that it may take up to 10 business days to remove you from our newsletter or mailing lists, after this point you may still receive membership emails from us.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

How we link to other websites

Our websites contain links to third party websites and third party plug-ins (such as social media sharing buttons) operated by other companies. We are not responsible for the privacy practices of such other websites. We encourage you to be aware that when you leave our website you read the privacy notices of such other websites. This Privacy Notice applies solely to information collected by IAPS.

Data retention

We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes.

When we have no ongoing legitimate need to process your personal information, we will either delete or anonymise it, or, if this is not possible (for example, because your personal information has been stored in backup archives), we will securely store your personal information and isolate it from any further processing until deletion is possible.

Some of your personal information may be securely stored in the IAPS Archive for historical and statistical reasons.

Changes to our Privacy Notice

Changes to this Privacy Notice will be made when required in response to the changing of legal or technical developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any Privacy Notice changes if and where this is required by applicable data protection laws.

You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. The new Privacy Notice will apply to all current and past users of the website and will replace any prior notices that are inconsistent with it.

How to contact us

If you have any questions or concerns regarding the use or disclosure of your personal information, you can contact us by sending an email to dpo [at] iaps.info or by contacting us at:

International Association of Physics Students
6 Rue des Frères Lumière
68200 Mulhouse / France
Tel: +33 389 32 94 40
Fax: +33 389 32 94 49
ec [at] iaps.info

Data Protection Officer:
Veli-Jussi Haanpää
dpo [at] iaps.info

Please note that for the purposes of EU data protection legislation, IAPS is the controller of your personal information.