(Verein Internationale Konferenz für Assistierende Technologien und Barrierefreiheit, kurz: ICCHP)
Context and overview
- Policy prepared by: Priska Feichtenschlager
- Approved by the chairman on: 4/05/2019
- Policy became becomes operational on: 25/05/2019
- Next review date: May, 2020
ICCHP is a non-profit association to run conferences, workshops and seminars on the topics of Assistive Technology and Accessibility.
ICCHP needs to gather and use certain information about individuals.
These can include delegates and other customers, suppliers, business contacts, volunteers, committee members and other people the organisation has a relationship with or may need to contact.
This policy describes how this personal data is collected, handled and stored to meet the association’s data protection standards – and to comply with the law.
Why this policy exists
- This data protection policy ensures ICCHP:
- Complies with data protection law and follows good practice
- Protects the rights of its committee members, customers and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
This policy applies to:
- Organisation team of ICCHP
- Volunteers of ICCHP
- All contractors, suppliers and other people working on behalf of ICCHP
It applies to all data that the association holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:
- Names of individuals
- Postal addresses
- Invoice addresses
- e-Mail addresses
- Phone Number
- …plus any other information in connection with individuals (e.g. food choice, specific needs (yes/no))
- Abstracts & papers plus all relevant information given therein
The person provides this data on a voluntary basis to ICCHP via the online conference management system (www.icchp.org). ICCHP will not sell, rent, trade or lease any of the collected personal information. All information shall be kept absolutely confidential unless consent is obtained from the data subject authorising a different use of his or her personal data. In other words, ICCHP will not share your personal information with others, unless it has obtained your consent to do so.
Data protection risks
- ICCHP in processing personal information uses secure data networks that are protected by firewalls and password protection systems that are consistent with industry standards.
- In case of voluntary subscriptions by the natural person to online communities initiated or endorsed by ICCHP, such as Facebook, LinkedIn, Twitter or other so called social media, the responsibility of your data treatment remains with the service provider and ICCHP declines any responsibility of the use that may be made of your data.
- ICCHP does not collect any genetic or biometric related data.
Everyone who works for or with ICCHP has some responsibility for ensuring data is collected, stored and handled appropriately.
Each member of the organisation team must ensure that it is handled and processed in line with this policy and data protection principles.
The ICCHP board is ultimately responsible for ensuring that ICCHP meets its legal obligations. This includes:
- To be updated about data protection responsibilities, risks and issues.
- Reviewing all data protection procedures and related policies, in line with an agreed schedule.
- Arranging data protection training and advice for the people covered by this policy.
- Handling data protection questions from organisation team and anyone else covered by this policy
- Dealing with requests from individuals to see the data ICCHP holds about them (also called “subject access requests”).
- Checking and approving any contracts or agreements with third parties that may handle ICCHP’s sensitive data.
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
- Performing regular checks and scans to ensure security hardware and software is functioning properly.
- Evaluating any third-party services ICCHP is considering using to store or process data. For instance, cloud computing services.
- Approving any data protection statements attached to communications such as emails and letters.
- Addressing any data protection queries from journalists or media outlets like newspapers.
General guidelines for the organisation team
- The only people able to access data covered by this policy are those who need it for their work
- Data are not shared informally.
- ICCHP provides training to the organisation team.
- The organisation team will keep all data secure, by taking sensible precautions and following the guidelines below.
- In particular, strong passwords are used and they are never shared.
- Personal data are not disclosed to unauthorised people, either within the association or externally.
- Data are regularly reviewed and updated if it is found to be out of date. If no longer required, it is deleted and disposed of.
- People working with the data will request help from the board if they are unsure about any aspect of data protection.
Questions about storing data safely can be directed to the board.
When data is stored on paper, they are kept in a lockable filing cabinet in a lockable room where unauthorised people cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
- When not required, the paper or files are kept in locked filing cabinet.
- Whilst this data is being used it is ensured that paper and printouts are not left where unauthorised people could see them, like on a printer.
- Data printouts are shredded and disposed of securely when no longer required.
When data is stored electronically, it is protected from unauthorised access, accidental deletion and malicious hacking attempts:
- Data is protected by strong passwords that are changed regularly and never shared.
- If data is stored on removable media (like a CD or DVD), these are kept locked away in a drawer when not being used.
- Data are only stored on designated drivers and servers and they are only uploaded to approved cloud services.
- Servers containing personal data are sited in a secure location, away from general office space.
- Data are backed up frequently. Those backups are tested regularly, in line with ICCHP’s standard backup procedures.
- Data are never saved directly to laptops or other mobile devices like tablets or smart phones.
- All servers and computers containing data are protected by approved security software and a firewall.
Personal data is of no value to ICCHP unless the conference business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss corruption or theft:
- When working with personal data, we ensure the screens of our computers are always locked when left unattended.
- Personal data are not shared informally. In particular, they are never sent by email.
- Data are encrypted before being transferred electronically.
- Personal data are never transferred outside of the European Economic Area.
- People working with the data never save copies of personal data to their own computers.
- Data might be made available to providers of services such as the editor Springer.
Server Log Files
Information on this website is automatically ascertained and stored in server log files which your browser then transmits to us without our assistance. These are:
- Browser types / browser versions
- IP addresses
- Time of server request
This information does not allow us to identify a specific individual. ICCHP does not link this data with other data sources. However, in the event of any specific indication regarding any illegal use of our website, we reserve the right to retrospectively review the collected data.
It is the responsibility of all people who work with data of ICCHP to take reasonable steps to ensure it is kept as accurate and up to date as possible.
- Data are held in as few places as necessary.
- People working with data take every opportunity to ensure data are updated. For instance, by confirming a customer’s details when they call.
- ICCHP makes it easy for data subjects to update the information ICCHP holds about them. For instance, via the ICCHP-website.
- Data are updated as inaccuracies are discovered. For instance, if a customer can not longer be reached on their stored telephone number, it will be removed from the database.
Subject access requests
All individuals who are the subject of personal data held by ICCHP are entitled to:
- Ask what information the association holds about them and why.
- Ask how to gain access to it.
- Be informed how to keep it up to date.
- Be informed how ICCHP is meeting its data protection obligations.
If an individual contacts ICCHP requesting this information, this is called a subject access request.
Subject access requests from individuals should be made by email, addressed at firstname.lastname@example.org.
ICCHP will aim to provide the relevant data within 14 days.
The responsible person will always verify the identity of anyone making a subject access request before handling over any information.
Disclosing data for other reason
In certain circumstances, the Data Protection Act allows personal data to be disclosed to law enforcement agencies without the consent of the data subject.
Under these circumstances, ICCHP will disclose requested data. However, the responsible person will ensure the request is legitimate, seeking assistance from the board where necessary.
ICCHP aims to ensure that individuals are aware that their data is being processed and that they understand:
- How the data is being used
- How to exercise their rights