The International Association of Railway Operations Research (IAROR) respects the privacy and treats personal data we receive or have access to, in the strictest confidentiality and in accordance with the legislation in force, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter the “GDPR”).
We inform our members about the personal data we collect, the purpose for collecting it, the way we use it and the rights you have regarding the processing of such data.
1.WHO IS RESPONSIBLE FOR PROCESSING YOUR DATA AND HOW CAN YOU CONTACT US?
IAROR is an international non for profit association with address at Delft University of Technology, Stevinweg 1, 2628 CN Delft, The Netherlands. IAROR is the data controller of the personal data it collected from you. We are responsible for your personal data.
If you have any concerns, questions or comments about this privacy policy or your personal data you can contact us by e-mail to secr-tp-citg@tudelft.nl or in writing by sending us a letter at the address given above.
2. WHAT PERSONAL DATA DO WE COLLECT?
We might collect miscellaneous personal data from you, depending upon the reasons or the purposes for which your personal data are being shared with us (see point 3 below), such as general identifiable information such as your surname, first name, academic title, affiliation, phone number, e-mail address or similar.
3.WHY DO WE COLLECT YOUR DATA?
We collect your data for different reasons:
3.1 For any reason related to our statutory goal and our core activity as described on our website www.iaror.org, to keep you informed about IAROR, our activities and relevant sector related information and news, to duly perform the services that you require from us, to improve the quality of our products and services where possible, to answer to your reasonable expectations and more in general to facilitate communication with you where and when this necessary or deemed useful.
3.2 We may also use your data to carry out analysis with respect to the regional and professional origin of members.
3.3 We can also collect your personal data for pure administrative, organisational or operational purposes, e.g. to identify you as a contact person.
4. HOW DO WE COLLECT YOUR DATA?
4.1. Directly from you.
The personal data that we will obtain from you will be through your active intervention. We might collect your personal data via e-mail or the membership form, via our website, via telephone, via postal services, via your business card you have handed over to one of our representatives. Where required by law we will seek your prior consent before processing your personal data. We will not collect personal data directly from minors under 16 years old.
4.2. Indirectly via other sources.
We might collect personal data from you via other sources, such as website of the employer you work for, your colleagues, and in general any other source other than you.
In the cases where we obtain personal data from you through another source than yourself, we will seek sufficient guarantees from that source that your personal data have been collected by that third party in compliance with privacy legislation and that where necessary your consent has been obtained to share your personal data with us and allow us to use it for the purposes that we envisage.
5. HOW DO WE PROTECT YOUR PERSONAL DATA?
We have invested in a state-of-the-art IT infrastructure that allows us to protect your personal data to the maximum extent possible against theft, loss and any illegal use.
Access to your personal data is restricted to the president and vice-president of IAROR and the secretary in charge of the administration of the membership data base upon request of the president or vice-president of IAROR.
6.HOW LONG DO WE STORE YOUR DATA?
We will delete or anonymize your personal data completely and irreversibly:
- as soon as the goal for which your personal data have been collected and processed is fully achieved and/or
- at your specific request (see in this respect section 9 below on your rights with regards to the processing of your personal data).
Unless we are required to keep your personal data longer to:
- meet any applicable law, regulation, legal process or enforceable governmental request.
- detect, prevent, or otherwise address fraud, security or technical issues.
- protect against harm to the legal rights and interests of IAROR.
7.DO WE SHARE YOUR PERSONAL DATA WITH OTHERS?
We will not share any sensitive data about you with third parties without your explicit consent.
8. YOUR RIGHTS – OUR OBLIGATIONS: ACCES, CORRECTION, DELETION, RESTRICTION, OBJECTION
We take all reasonable steps to ensure that your personal data are kept accurate and up-to date for the purposes for which they were collected.
You have the right to be at all times and free of charge, be informed about your personal data.
You can at any time require access to your personal data, have them corrected and/or updated.
We will provide you with the ability to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
Where appropriate, we will also provide in an opt-out box or- link if you do not longer want to be included in our database. For example if you would not longer want to receive our newsletter.
Requests to restrict the use of your personal data and/or to delete your personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us.
You also have the right to ask us to transfer your personal data to another data controller.
If you wish to contact us regarding our use of your personal data or object to the processing of your personal data, please contact us at secr-tp-citg@tudelft.nl .
9. CHANGES AND UPDATES TO THIS PRIVACY POLICY
You are invited to carefully read this policy and to revisit this page periodically to stay aware of any changes to this privacy policy, which we may update from time to time to be able to comply with any changes in existing applicable legislation, decisions, recommendations, guidelines and best practices issued by the European Data Protection Board and/or other competent authorities with regard to the implementation or interpretation of applicable legislation.