AIDS 2022 Data Privacy Policy
Who is collecting your personal data?
AIDS 2022, the 24th International AIDS Conference, is committed to protecting your privacy and developing technology that gives you the most powerful and safe online experience.
This Data Privacy Policy applies to the AIDS 2022 websites, as well as any other media form, media channel, mobile website or mobile application related, linked, or otherwise connected thereto (collectively, the “Site”), and governs data collection and usage. This policy represents our commitment as an organization to your right to privacy, giving you a clear explanation about how we use your information and your rights over that information.
References to ‘we’, ‘us’ and ‘our’ are to the Site and online conferences, organized by IAS – the International AIDS Society –, an association registered in Switzerland (CHE-111.717.829).
IAS is the registered data controller to which this policy refers.
This policy was last updated on 19 November 2021. AIDS 2022 will occasionally update it and encourages you to periodically review it to be informed of how AIDS 2022 is protecting your privacy.
By using the Site, you consent to the data practices described in this policy.
Definitions
Personal data
This term covers “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” (Art.4 §1 GDPR).
Sensitive personal data
This term covers a subset of data for which even greater care should be taken, comprising “personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation” (Art. 9 §1 GDPR).
Processing data
This term means “any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction” (Art.4 §2 GDPR).
Data subject
This term covers individuals that are identifiable or identified by the processed personal data (Art.4 §1 GDPR).
Data controller
The Data Controller “determines the purposes and means of the processing of personal data” (Art.4 §7 GDPR).
Data processor
Anyone processing data on behalf of the Data Controller (Art.4 §8 GDPR).
Third party
A “natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data” (Art.4 §10 GDPR).
What personal data do we collect and how do we use it?
AIDS 2022 collects personal data such as your email address, name, home or work address or telephone number. AIDS 2022 also collects anonymous demographic information, which is not unique to you, such as your ZIP code, age, gender, preferences, interests and favourites. AIDS 2022 collects and uses your personal information to operate the Site and deliver the services you have requested.
AIDS 2022 also uses your personal data to inform you of other products or services available from the IAS and its affiliates. AIDS 2022 may also contact you via surveys to conduct research about your opinion of current services or of potential new services that may be offered.
There is also information about your computer hardware and software that is automatically collected by AIDS 2022. This information can include your IP address, browser type, domain names, access times and referring website addresses. This information is used by AIDS 2022 for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the Site.
Please keep in mind that if you directly disclose your personal data or sensitive personal data through AIDS 2022 public message boards, chat systems, or any other data sharing application offered by AIDS 2022, this information may be collected and used by others. Note: AIDS 2022 does not read any of your private online communications.
AIDS 2022 keeps track of the websites and pages our customers visit within AIDS 2022, in order to determine what AIDS 2022 services are the most popular. This data is used to deliver customized content and advertising within AIDS 2022 to customers whose behaviour indicates that they are interested in a particular subject area.
We may also use your personal data to fulfil any legal obligations.
Legal basis for processing
Data protection law requires us to have a legal justification to process your personal information. We use the following depending on the type of data and the type of processing:
Consent
Your consent is our primary legal justification for processing your personal data. By registering to our Site you will consent to the use of your data for the purposes described in this policy.
Legitimate interest
We sometimes share your personal data with other branches or sister organisations. This is done to fulfil our legitimate interest in promoting our organisation as effectively as possible and enabling our message to reach people who may be interested in our mission. Legitimate interest may also be used in relation to all aspects of our business given that your rights do not override it.
Legal obligation
We may process your personal data to fulfil any legal obligations placed upon us, such as the prevention of fraud or money laundering. We may also process your personal data if lawfully required to do so by a legal authority or a court of law.
Is your data shared with third parties?
Third party websites
On our Site, we sometimes have links to third party websites or applications. This policy does not apply to such pages or applications hosted or operated by other organisations. This includes the Site or applications of the IAS sections or related organisations or third-party sites. These other websites may have their own privacy policies, which apply to them.
Contact information
Your contact information (but not your email) is made available to other participants of the Site. You can also be directly contacted through the AIDS 2022 interface.
Sharing of your personal data
Except as specifically indicated in this policy, AIDS 2022 does not sell, rent or lease its customer lists to Third Parties. AIDS 2022 may contact you, from time to time, on behalf of external business partners about a particular offering that may be of interest to you.
We also use other Third Parties to process some of your personal data including for the following purpose:
- To process online payments;
- To provide you the online conference applications (for example: lobby, web-conferences, chats, exhibitors area, major industry sponsors micro sites…);
- To provide you the conference programme.
Third Party services providers process your personal data only on the IAS’s behalf and are bound by contractual terms that are compliant with data protection law. They may contact you directly using our online contact platform only.
In addition, AIDS 2022 may share data with trusted partners to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. All such Third Parties are prohibited from using your personal information except to provide these services to AIDS 2022, and they are required to maintain the confidentiality of your information.
The Site may disclose your personal information, without notice, only if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on AIDS 2022 or the site; (b) protect and defend the rights or property of AIDS 2022; and, (c) act under exigent circumstances to protect the personal safety of users of AIDS 2022, or the public.
AIDS 2022 does not use or disclose sensitive personal data without your explicit consent.
Hosting and processing arrangements
Third party service providers host our Site and therefore any personal details you submit through them may be processed by that third-party service provider. In such cases, appropriate technical and organizational measures are in place to protect the information.
How long will your data be stored for?
We only hold your personal data on our systems for as long as is necessary for the purposes outlined above.
The length of time each category of data will be retained varies depending on how long we need to process it for, the reason it was collected and in line with any statutory requirements. After this time, the data will be deleted but we may retain a secure anonymised record for research and analytical purposes.
What data privacy rights do you have?
You have the right, subject to applicable local data protection legislation, to:
- Request access to, and receive a copy of, your personal data we hold as well as related information (‘Right to access’, Art. 15 GDPR);
- If appropriate, request rectification or erasure of your personal data that are inaccurate (‘Right to rectification’, Art. 16 GDPR);
- Request the erasure of your personal data, subject however to applicable retention periods (‘Right to be forgotten’, Art. 17 GDPR);
- Request a restriction of Processing of personal data where the accuracy of the personal data is contested, the Processing is unlawful, or if the Data Subjects have objected to the Processing (‘Right to restriction of processing’, Art. 18 GDPR);
- Receive the personal data in structured, commonly used and machine-readable format (‘Right to data portability’, Art. 20 GDPR);
- Object to the Processing of personal data, in which case we will no longer process the personal data (‘Right to object’, Art. 21 GDPR).
How do we protect your personal data?
We take appropriate security measures to ensure that we keep your data secure, accurate and up to date. When data (such as a credit card number) is transmitted to other Site, it is protected using encryption, such as the Secure Socket Layer (SSL) protocol.
How can you contact us?
For any questions you may have in relation to this privacy notice or more generally the processing of your personal data, you may contact AIDS 2022 at:
International AIDS Society
Avenue de France 23
1202 Geneva
Switzerland
[email protected]