The International Council of Onomastic Sciences, in short ICOS, is an international non-profit organization with its registered seat in Uppsala, Sweden. The ICOS statutes define the aim of the organization as the advancement, representation, and co-ordination of onomastic sciences on an international level and in an interdisciplinary context, and the promotion of World Congresses at reasonable intervals. ICOS members are found all over the world.
The purpose of the ICOS Personal Data Protection Policy is to ensure that personal data is always handled carefully within the organization, in line with current laws and regulations such as the European law GDPR (General Data Protection Regulation), and that the processing of personal data is transparent to ICOS members. This policy describes the principles we use when processing personal data within ICOS. The policy has been formed by the Executive Board in 2018 and will be discussed by the General Assembly at the ICOS congress in 2020. The policy will be updated regularly and the latest version is found on the ICOS website.
Personal data means all types of information that can be directly or indirectly (together with other information) linked to a specific individual, such as name, email, photo, IP address etc.
How and why does ICOS process personal data?
In order to fulfill the purpose of the organization, we need to process certain personal data. We never process more personal data than necessary for the purpose. Neither do we use collected personal data for any other purpose than the ones stated below. We do not store personal data longer than necessary and do not share personal data with any third party (unless this is necessary to fulfill our legal obligations, such as demands from legislative authorities). The Treasurer and Secretary are controllers of personal data at ICOS and responsible for processing it in accordance with the European law GDPR and other relevant laws and regulations.
Members’ personal data
All new members of ICOS are informed about our personal data policy and asked for active consent when making the membership registration. We process personal data about members of ICOS in the following forms:
Contact information to all members (name and email) is collected in order to be able to reach members on different matters of importance to the organization. This data is stored on the ICOS webpage and accessible only to the ICOS Board of Directors. For extra security, an offline copy of current emails is kept by the Treasurer as well as the Secretary of ICOS. Email letters to members are always sent in a way that ensures that individual email addresses are not visible to other members. Contact information is not shared with other members of ICOS unless necessary for the organization of ICOS (for example, contacting members for the forming of working groups, etc.).
Postal addresses of members are collected in order to enable shipment of volumes of the scientific journal Onoma, as part of the ICOS membership. This data is stored on the ICOS webpage and accessible only to the ICOS Board of Directors. When volumes of Onoma are shipped, members’ postal addresses are shared with the publisher and/or printing company who organizes the shipment.
Membership payment data
Years of paid membership for each member are recorded in order to enable an overview of membership flows over time and in order to send out reminders of membership payment. This data is stored on the ICOS webpage and accessible only to the Board of Directors. It will also be regularly revised by auditors. When the membership fee is paid through the ICOS webpage, no personal data (or credit card information) will be stored by ICOS. Instead, the payment is safely administered by the widely used payment module Stripe/Paypal who use a highly encrypted channel. When the membership fee is paid by sending credit card information directly to the Treasurer, this personal data is processed by the Treasurer in order to go through with the payment and will be completely deleted afterwards (including any mail or email containing text or links with such data). When a member chooses to pay the membership fee by bank transfer, bank account data may be processed by the bank and visible in the ICOS bank accounts in order to go through with the payment.
ICOS launched a survey regarding members’ research interests in 2008, 2014 and 2017, thereby facilitating ICOS members to get acquainted with one another and their research activities. One question in the survey also investigated members’ willingness to review papers submitted for publication in Onoma, the official publication of ICOS. Initially, the results of the survey were meant to be published on the ICOS website, provided the members gave their consent in this respect upon filling in the survey. In the context of the GDPR adopted by the EU, ICOS decided to reissue the survey to be in full agreement with the provisions of this legal framework. The aim is to create a new section on the ICOS website, which will
include the following data collected through the survey: members’ names, research interests and 5-10 of the most important publications of the last 5 years. We will only publish information for those members who submit a complementary signed consent in this respect, via regular mail or email. Moreover, this data will be available to ICOS members alone, upon registering on the ICOS website and logging in, respectively.
Users of the ICOS website and social media accounts
We may process personal data from users of the ICOS website through technical tools, such as cookies. A cookie is a small file with data that is sent from a website and stored on the user’s computer/tablet/smartphone. This enables us to collect information on how visitors use our website and to enhance its functions. Normally this data is deleted when the browser is closed. The web server which hosts our website also collects users’ IP addresses in order to be able to load the website into users’ web browsers. This data is stored for two weeks only and then deleted.
We do not process personal data from users of ICOS social media accounts. However, note that if you choose to follow the ICOS Facebook-account or share or like posts from this account, your personal Facebook profile may be visible to ICOS as well as other followers.
How long is members’ personal data stored?
In order to be able to send reminders of membership payment, we keep members’ personal data for three years after the last received membership payment. After that all membership data is deleted and the individual can no longer be contacted by ICOS (unless the individual makes contact and wishes to renew the membership). When a member notifies membership resignation or when a member dies, all membership data is immediately deleted from ICOS accounts. However, certain personal data (such as name, dates of payment and methods of payment) may still be available to the Treasurer through the bank records. The Swedish tax agency dictates that all financial records of the organization must be stored for at least seven years. We may store personal data about previous members longer than stated above if this is demanded to follow laws, legislative regulations or requested from a supervising authority or court.
You have the right to receive information on which personal data about you we process within ICOS and to which purpose. Such a request should be written, signed by yourself and sent to: firstname.lastname@example.org or email@example.com. The information we give you will be structured and readable. If any faults in your personal data are detected, you have the right to have these corrected. You also have the right to complete partial data if this is necessary for a specific purpose (such as shipment of volumes of Onoma).
If you have any questions on how ICOS processes personal data or want to exercise your rights, contact us by email: firstname.lastname@example.org or email@example.com
If you consider that your personal data is processed against relevant laws and regulations, you also have the right to complain to the Swedish authorities by emailing Datainspektionen (The Swedish Data Protection Authority): firstname.lastname@example.org