Privacy Policy 

Privacy & Cookies Statement (version 1 updated May 2018)

This statement (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting our website (“our site”) you are accepting and consenting to the practices described in this statement.

This statement will be updated from time to time and the most current version will always be available on our site. 

Who are we?

We are the International Society for Organizational Development and Change and this privacy statement applies to users and members of the International Society for Organizational Development and Change ISODC both in the UK, Europe and internationally. 

For the purpose of the General Data Protection Regulation (Regulation (EU) 2016/679) (the GDPR), the data controller is ISODC or the relevant subsidiary as detailed above.

What is the purpose of this statement?

We are committed to protecting the privacy and security of your personal information.

This privacy statement describes how we collect and use personal information about you during and after your working relationship with us, in accordance with the General Data Protection Regulation (GDPR) as updated from time to time. It applies to all clients, candidates and contractors.  Employees of ISODC should refer to the Group’s Employee Privacy Statement, which is available on the website.

We will comply with data protection law. This says that the personal information we hold about you must be:

1. Used lawfully, fairly and in a transparent way.
2. Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
3. Relevant to the purposes we have told you about and limited only to those purposes.
4. Accurate and kept up to date.
5. Kept only as long as necessary for the purposes we have told you about.
6. Kept securely.

Our legal basis for using your personal data

For ISODC members, we will only collect, store, use, process, transfer and disclose personal data in so far as it is necessary for our legitimate interests in that we need the information in order to assess suitability for membership, to find potential candidates for director and officer roles and to contact clients.

For clients we may also rely on the need for us to perform a contract for you, for example in contacting you to discuss organizational development projects and initiatives.

What personal data will we collect from you?

We may collect, store and process the following categories of personal data:

1. Personal data you give us

You may give us personal data by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to become a member of the ISODC and when you report a problem with our site. Throughout your dealings with us, calls may also be monitored for training and quality purposes.

Here are some examples of the type of personal data you may give us:

• personal contact details such as name, title, addresses, telephone numbers, and personal email addresses;
• date of birth;
• gender;
• country or origin and occupation
• education history and level
• publications

2. Special category personal data

Special category data is any of the following:

• information about your race or ethnicity, religious beliefs, health or sex life, sexual orientation and political opinions; 
• trade union membership; and
• information about criminal convictions and offences.

NOTE at ISODC we will never collect this information.

3. Information automatically collected

We may also collect the following type of personal data when you visit our site(s):

• technical information, including the internet protocol (IP) address used to connect your computer to the internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
• information about your visit, including the full uniform resource locators (URL) clickstream to, through and from our site (including date and time); page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our consultants.

For more information about the data we collect from you when you visit our site(s), please see below section on our cookie policy.

How will we use your personal data?

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

• to make it (including your CV) available to our directors in connection with the recruitment process, unless you request otherwise;
• if you have applied for a job the information you provide, including your CV identifying you by name, will be used to determine your suitability for the position and, if applicable, in determining terms of employment or engagement; 
• if your application is progressed further, details may be disclosed to third parties (such as educational institutions, present and past employers, our employees and directors.
• if required by law or for the purposes of our business requirements (e.g. to auditors or third party service suppliers);
• to provide you with information about other services and opportunities we offer that are similar to those that you have already enquired about;
• to contact you about industry and sector specific information that might be of interest to you;
• to notify you about changes to our service;
• to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
• to allow you to participate in interactive features of our service, when you choose to do so;
• to personalise the content displayed on our website in order to present you with more relevant jobs and content based on your interests;
• as part of our efforts to keep our site safe and secure;
• to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you; and
• to make suggestions and recommendations to you and other users of our site about services that may interest you or them.

Where is your personal data stored?

All information you provide to us is stored on our secure servers and is protected using industry standard Secure Layer (SSL) Encryption Technology.

We will do our best to protect your personal data, although as the transmission of information via the internet is not completely secure we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access, misuse or loss.

If you suspect any unauthorised access to or misuse or loss of your data, please contact us immediately using our contact details within the 'How can you contact us?' section lower down on this web page. 

How long do we keep your personal data?

We keep your personal data in accordance with the following data retention periods:

Member personal data – 5 years since the last contact with you, where contact means addition of your personal data to our database.

We will endeavour to permanently erase your personal data once it reaches the end of its retention period or where we receive a valid request from you to do so. However some of your data may still exist within our systems. For our purposes, this data will be put beyond use, meaning that while it still exists on a system, it cannot be readily accessed by operational systems, processes or staff.

Use of automated profiling tools

We do not carry out any automated profiling in our recruitment or membership process.

Transfer of data outside of the EEA

Your personal data may be transferred internationally in the following circumstances: 

• between and within our the ISODC;
• to third parties (such as advisers or other suppliers to our Group);
• to overseas clients;
• to clients within your country who may, in turn, transfer your data internationally; and
• to a cloud-based storage provider.

We want to make sure that your personal data is stored and transferred in a way which is secure. We will therefore only transfer data outside of the EEA where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:

• by way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by data controllers in the EEA to data controllers and processors in jurisdictions without adequate data protection laws; 
• by signing up to the EU-U.S. Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the United States of America or any equivalent agreement in respect of other jurisdictions; 
• transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country's levels of data protection via its legislation; 
• where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer data outside the EEA in order to meet our obligations under that contract if you are a client of ours); or
• where you have consented to the data transfer.

Access to and correction of your information

Your duty to inform us of changes

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us.
 

Your rights in connection with personal data

Under certain circumstances, by law you have the right to:

• request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected; 
• request erasure of your personal information. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below);
• object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes;
• request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it; and
• request the transfer of your personal data to another party.

If you want to verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal data to another party, please contact us using the details in the 'How can you contact us?' section lower down on this web page in writing.

You also have the right to:

• request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• If you want to access your personal data, please email info@isodc.org detailing what information you require, and confirming your full name and postal address as a way of confirming your identity.

We will confirm with you what the response date will be, which will usually be within one month. We are entitled to refuse the request if it is deemed excessive or a repetition of a previous request.

Changes to our privacy statement

Any changes we may make to our privacy statement in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy statement.

Links to other sites

Our site may, from time to time, contain links to and from the sites of our partner networks, advertisers and affiliates. If you follow a link to any of these sites, please note that these sites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these sites.

Passwords

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Cookie policy

Our sites use cookies to distinguish you from other users of our sites. This helps us to provide you with a good experience when you browse our sites and also allows us to improve our sites. By continuing to browse our sites, you are agreeing to our use of cookies.

A cookie is a small text file that is stored by your browser on your device or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer's hard drive or device.

We use the following cookies:

• essential cookies: these are cookies that are required for the operation of our site. They include, for example, cookies that enable you to log into secure areas of our site;
• analytical/performance cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily;
• functionality cookies: these are used to recognise you when you return to our site. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of region); and
• targeting cookies: these cookies record your visit to our site, the pages you have visited and the links you have followed. We will use this information to make our site and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose.

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

How will we contact you?

We may contact you by phone or email.

You can update your contact preferences for the ISODC click here.

To update your contact preferences for the ISDOC click here.

Any changes to your preferences will be updated within 30 days of your request.

How can you contact us?

To contact us with any queries around data or this privacy statement, you can contact us in the following ways:

Post: The ISODC, P.O. Box 50827, Colorado Springs, CO  80949, USA

Email: admin@isodc.org

Please note we may keep a record of your communications to help us resolve any issues which you raise.

How can you contact the supervisory authority?
The supervisory authority in the UK is the Information Commissioner's Office (ICO).  

You can contact them in the following ways:

Phone: 0303 123 1113

Email: casework@ico.org.uk

Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF