Last updated: October 2023
Given the New Swiss Federal Act on Data Protection (nFADP) that came into force on 1 September 2023 and to ensure conformity with its requirements, below is the new Privacy Notice effective as of 12th July 2023 and which replaces the previous one.
Scope
The International Organization for Standardization (ISO) (“ISO”, “we” or “us”) is an association constituted under the laws of Switzerland, with its seat at Chemin de Blandonnet 8, 1214 Vernier, Switzerland.
ISO acts, in relation to the processing operations mentioned in this notice, as a “data controller” in the meaning of the Swiss Federal Data Protection Act – which is applicable to ISO.
In such a context, ISO is committed to protecting your privacy. This Privacy Notice addresses how ISO processes and safeguards your personal data as a data controller, when you are interacting with us, in particular by visiting our websites, contacting us, subscribing to our magazines and newsletters, or taking part in our activities, including as a member of one of ISO’s committees and/or working groups.
For any question or concern regarding this Privacy Notice, you can directly contact:
International Organization for Standardization (ISO)
Chemin de Blandonnet 8
1214 Vernier
DataProtection@iso.org
What personal data do we process and for what purpose?
ISO applies the minimization principle and only processes the personal data that is required for the purposes pursued.
The personal data processed by ISO in the context of its activities may be communicated directly by you (e.g. when you register to events, take part in working groups, subscribe to a newsletter or contact ISO), be communicated by your national member body (e.g. personal data related to roles and functions in the standardization field), be sourced from publicly-available information (e.g. public role within a national body) or originate directly from your activities within ISO (e.g. votes and participation to committees and working groups).
The following personal data is processed by ISO for the purposes provided, as and/or in addition to any personal data you would directly communicate us:
Manage my Cookies
Change cookies settings to allow or block specific cookies
For more information, visit our cookie policy page.
| General context | Categories of personal data | Purpose |
|---|---|---|
| Activities within ISO and in relation to standardization |
Identification data (name, surname, etc.) Contact details (email address, postal address, telephone number, etc.) Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.) Professional information (title, company, type of work, etc.) Activity-related data within ISO (participation to committees and working groups, votes, etc.) |
Organization and running of ISO’s standardization activities Encouragement of standardization activities Related documentation: Please see the Data Protection Policy for ISO members and the Declaration for participants in ISO activities for rules and principles you are required to respect.
|
| Corporate activities of ISO |
Identification data (name, surname, etc.) Contact details (email address, postal address, telephone number, etc.) Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.) Professional information (title, company, type of work, etc.) Corporate-related data within ISO (participation to general assemblies, votes, etc.) |
Organization and running of ISO’s activities as an association Please note in this context that you are considered as a representative of your national standards body |
| Use of ISO’s websites or of other IT tools provided by ISO | IP addresses, as all personal data collected through cookies, in accordance with ISO’s Cookie Policy. | Enable, optimize and improve the performance of our websites and IT tools |
| Registration and use of our online store |
Identification data (name, surname, etc.) Contact details (email address, postal address, telephone number, etc.) Professional information (title, company, type of work, etc.) Payment information (invoices, payment data, etc.) Cart content and purchases |
Enable you to purchase standardization material and other elements from our online store Segmentation in order to tailor ISO’s communication to your needs and interests |
| ISO’s email subscription services |
Limited identification data (name) Electronic contact details (email address) Interests Email open dates and links clicked Approximate location based on IP address Your purchases and incomplete purchases |
Enable you to receive our newsletter and other general information material Segmentation in order to tailor ISO’s communication to your needs and interests |
| ISO’s general communication and social network activities |
Identification data (name, surname, etc.) Electronic contact details (email address) Interests and social network affiliation |
Manage ISO’s communication activities and social networks Answer any requests from you |
To whom do we transfer personal data?
|
Type of transfer |
Categories of personal data | International transfers | Applicable safeguards |
|---|---|---|---|
|
ISO’s service providers that provide us with back-office or front-office applications as well as managed part of our IT-related tools or systems (including newsletters) |
All the listed personal data in this Privacy Notice |
See Appendix 1 to this Privacy Notice |
Written data processing agreements or equivalent For international transfers for non-adequate countries:
|
|
Members of ISO |
All the personal data related to ISO’s standardization and corporate activities | Each country for its respective member | Internal regulations on the use of personal data (see Data Protection Policy for ISO members and the Declaration for participants in ISO activities) |
|
Other international organizations active in standardization |
All the personal data related to ISO’s standardization and corporate activities | Agreements with such other international organizations |
In addition, if and when required to do so by law, to respond to any legal claims or defend our rights, we may disclose your personal data, in particular to the relevant regulatory or legal authorities.
What are your rights?
You can at any time request access to, correction of and deletion of your personal data, by contacting DataProtection@iso.org. Such right may be limited by our legal obligations.
Whenever the processing activity is based on your consent, you may at any time withdraw it. You may also, in other situations, have the right to object to the processing of your personal data.
ISO takes the security of your personal data very seriously and implements technical and organizational measures to protect your personal data from unauthorized access, improper use, disclosure, loss or destruction.
In relation to your online-store account, you can at any time consult, revise and correct the personal data that you have provided us directly through your webstore account. Alternatively, you can send an email to customerservice@iso.org, including if you wish to close your account.
In relation to the newsletters, you can at any time consult, edit, revise and correct your data (email, name, preferences) using a link in the footer of the email, as well as unsubscribe.
Appendix
List of countries to which your personal data may be processed:
Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, England and Wales, France, Finland, Germany, Greece, Hong-Kong, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Malaysia, Mexico, New Zealand, Norway, Peru, Philippines, Poland, Portugal, Romania, Singapore, Slovakia, Spain, South Korea, South Africa, Sweden, Switzerland, Taiwan, The Netherlands, Turkey, United Arab Emirates, United Kingdom, United States, Vietnam.
This list will be updated as necessary on a regular basis.