1. IASC Privacy Policy

IASC emphasizes the safe processing and retention of personal data, and that processing of personal data is in accordance with current Icelandic personal data protection laws and the EU’s General Data Protection Regulation (GDPR).

The aim is always to limit the processing of personal data as much as possible and not to collect information beyond what is considered necessary.

This privacy statement describes how IASC processes personal data.

The Executive Secretary of IASC is the designated data controller for IASC’s processing of personal data when IASC is responsible for deciding the purpose of and means for carrying out such data processing alone or together with others.

IASC is the data processor when processing personal data on behalf of the data controller.

1.1. Data Protection Officer

The IASC Secretariat is hosted by The Icelandic Centre for Research (Rannis). The data protection officer at Rannis is Ragnhildur Gunnarsdóttir (see contact details under chapter 3.3).

The role of the Data Protection Officer is to ensure that the IASC Secretariat processes the personal data in compliance with the applicable data protection rules.

1.2 Collection of Personal Data and Purpose of Data Processing

IASC collects personal data to be able to fulfil its mission and purpose, and meet the secondary objectives, requirements, guidelines and principles established by its policies, and the subsequent routines and tasks set out in its procedures.
That includes processing of personal data for among others:

  • Keeping a record of IASC representatives in different IASC committees such as the Council, Working Groups, Action Groups, Secretariat and more.
  • IASC Committee Mailing Lists.
  • Evaluation of IASC grant proposal, grant payments and other financial support to individuals (e.g. travel support).
  • Processing applications / nominations for Fellowship programs (e.g. IASC Fellowships) or other Award programs (e.g. IASC Medal) offered by IASC.
  • Organising its annual Arctic Science Summit Week (ASSW) or other IASC-funded or supported events and activities.
  • Processing applications and making contracts with IASC employees or other voluntary members of the IASC Secretariat, including the IASC Working Group / Committee Secretaries
  • When IASC is obliged to process personal data to comply with Icelandic laws or regulations.
  • When an individual authorizes IASC to process personal data for a specific purpose.

1.3. What Type of Personal Data do we process?

The personal data collected by IASC can vary depending on the purpose of the data processing.

In most cases the data is submitted directly by the individuals themselves or, in the case of nominations for the IASC Medal, by the nominators. The data processed is often in connection with IASC funding, representation within different committees, and data for statistical purpose.

Examples of the types of personal data collected for processing include name, address, telephone number, email address, bank account information (for financial payments), CV, affiliation, gender, ethnic origin, university degrees, and photos.

Further processing of personal data may be done for the purpose of anonymous statistical analysis for IASC reports. The statistical analysis is based on the information provided by individuals but is in all cases anonymized for processing before being published.

1.4. Sharing Data with Others

IASC does not use personal data for other purposes than they were collected for. Data is not sent to 3rd party processors without a clear consent, in correspondence with agreements or legal requirements. In those cases, IASC ensures confidentiality as much as possible.

IASC shares some personal data with persons in various IASC committee when relevant for work within IASC, including but not limited to the sharing of funding proposals with IASC Working Group members, or the sharing of IASC Medal nominations with the IASC Medal Committee members.

1.5. Additional Information on Processing of Personal Data in Applications and Processing of Funded Projects

a) Personal information used to evaluate proposals or funding:

  • Name, address, e-mail address, affiliation and contact information

b) Information collected for payment of funds and support:

  • Banking details, such as account information and other payment information.

c) Information about previous communication:

  • Emails and other communication information may be recorded and saved for later reference purposes.

1.6 When and Why do we Collect Sensitive Personal Data

Data that are defined as sensitive personal data can be data such as gender, ethnic origin, profile pictures and minority groups.

IASC collects sensitive data about gender, ethnic origin and minority group for statistical purpose only or for a special grant / Fellowship available to those groups (e.g IASC Indigenous Fellowships). It is always voluntary for individuals to offer this information, and IASC ensures that statistics provided are anonymized and can never be used to identify individuals. The statistics are used to monitor equality and diversity within IASC’s work and to provide recommendations to the IASC member countries.

Profile pictures are published on IASC website of the members of IASC Council, IASC ExCom and IASC Secretariat.

1.7 Legal Dispute or Claim

IASC can use personal information in the event of a legal dispute or claim, e.g. in cases related to illegal activities or fraud.

1.8 Administrative Purposes

In individual cases, personal data, including information from applications, is stored for administrative purposes within the IASC Secretariat such as for accounting, auditing, fraud prevention (including financial due diligence by competent bodies).

 

2. Use of the IASC Website and Social Media

2.1. Website Statistics and Analyses

IASC uses Google Analytics to measure traffic on its websites. At each visit to IASC's website, items are recorded, such as time and date, keywords, country of visitor, type of browser and operating system used. This information can be used for market analysis, website improvements and development, such as regarding the content that users are most looking for. No attempt is, or will be made, to obtain further information regarding visits to IASC’s website or to link it to personally identifiable information.

2.2. Social Media

IASC webpages contain links to the IASC Facebook, Bluesky, LinkedIn, Instagram and X profiles. Use of these features is covered under the respective privacy statements of the companies supplying these services.

2.3. Newsletters

IASC uses MailChimp to manage its newsletter subscriptions. It is possible to subscribe to electronic newsletters from IASC. Email addresses and names are stored to ensure that the newsletters are sent to the correct subscribers. No other information is required but may be provided subject to the recipient’s consent (e.g. address, career stage, highest degree, affiliation). Users can unsubscribe from the service via the unsubscribe-link in the newsletter at any time.

2.4. Spam Protection

In Google Forms that users must fill out (e.g. in applications, call for proposals for various fundings, surveys or other forms), IASC has activated the ReCAPTCHA spam protection from Google. Users will notice this when they are asked to solve a problem that would be difficult for an automated program to solve.

ReCAPTCHA collects data about the browser and its use and analyses it to identify whether the form submitted comes from a real person or a digital application. Strictly speaking, this activity falls under the definition of privacy law. The data sent to Google is anonymous and does not contain any information submitted by the user.

This is necessary to prevent spam. If the user is not ready to consent to data collected by ReCAPTCHA please contact IASC at iasc@iasc.info.

 

3. Safeguarding Personal Data Security

We safeguard personal data to our best ability. To ensure the security of personal data, the following organizational and technical measures are in place:

  • Access controls, ensuring that access to personal data is only provided to those who need it for their work.
  • General computer protection, such as virus protection and firewalls, which are regularly updated.
  • Regular staff training on security issues as provided by Rannis.

3.1. Withdrawal of Consent

An individual who has given consent to the processing of personal data may revoke the consent at any time. To withdraw approval, contact the IASC Secretariat by sending an e-mail to info@iasc.info or send a regular mail to:

IASC Secretariat
Borgir, Norðurslóð
600 Akureyri
Iceland

3.2. Request for Copy of Data

According to the Icelandic Privacy Act, it is possible to request a copy of the personal data that has been processed. IASC will do its utmost to respond to the request within 30 days of receiving it.

The request must be in writing and contain the following information:

  • Name and address.
  • What information is requested.
  • All information that facilitates the compilation of the requested data, for example information on applications or correspondence that may be related to the personal information.
  • E-mail address, phone number and other contact information.
  • In addition, the following is requested:
    • Copies of documents such as a passport or driver's license. This is necessary to confirm the identity of the individual submitting the request.
    • Signature and date of the request.
  • If information is requested on behalf of a third party, a power of attorney must be signed from the relevant party.

Requests for copies of personal information should be sent to the e-mail address info@iasc.info or by sending a mail to IASC’s Secretariat:
IASC Secretariat
Borgir, Norðurslóð
600 Akureyri
Iceland

3.3. How to File a Complaint About IASC Processing of Personal Data

Those who believe that the processing of personal information by IASC violates their rights can send a complaint to the IASC Secretariat, Rannis or complaint to the Data Protection Authority (Persónuvernd) in Iceland.

The IASC Secretariat is hosted by The Icelandic Centre for Research (Rannis). The data protection officer at Rannis is Ragnhildur Gunnarsdóttir r, who can be contacted on phone +354 515 5800, or by email: personuverndarfulltrui@rannis.is.

You can also contact the Data Protection Authority by sending an e-mail to postur@personuvernd.is or by phone +354-510 9600. The institution is located at Raudarárstígur 10, 105 Reykjavík.

The privacy policy will be updated every 2 years or when necessary.

 

Designed & hosted by Arctic Portal