The International Association of Railway Operations Research (IAROR) respects the privacy and treats personal data we receive or have access to, in the strictest confidentiality and in accordance with the legislation in force, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter the "GDPR").
We inform our members about the personal data we collect, the purpose for collecting it, the way we use it and the rights you have regarding the processing of such data.
IAROR is an international non for profit association with address at Delft University of Technology, Stevinweg 1, 2628 CN Delft, The Netherlands. IAROR is the data controller of the personal data it collected from you. We are responsible for your personal data.
We might collect miscellaneous personal data from you, depending upon the reasons or the purposes for which your personal data are being shared with us (see point 3 below), such as general identifiable information such as your surname, first name, academic title, affiliation, phone number, e-mail address or similar.
We collect your data for different reasons:
3.1 For any reason related to our statutory goal and our core activity as described on our website www.iaror.org, to keep you informed about IAROR, our activities and relevant sector related information and news, to duly perform the services that you require from us, to improve the quality of our products and services where possible, to answer to your reasonable expectations and more in general to facilitate communication with you where and when this necessary or deemed useful.
3.2 We may also use your data to carry out analysis with respect to the regional and professional origin of members.
3.3 We can also collect your personal data for pure administrative, organisational or operational purposes, e.g. to identify you as a contact person.
4.1. Directly from you.
The personal data that we will obtain from you will be through your active intervention. We might collect your personal data via e-mail or the membership form, via our website, via telephone, via postal services, via your business card you have handed over to one of our representatives. Where required by law we will seek your prior consent before processing your personal data. We will not collect personal data directly from minors under 16 years old.
4.2. Indirectly via other sources.
We might collect personal data from you via other sources, such as website of the employer you work for, your colleagues, and in general any other source other than you.
In the cases where we obtain personal data from you through another source than yourself, we will seek sufficient guarantees from that source that your personal data have been collected by that third party in compliance with privacy legislation and that where necessary your consent has been obtained to share your personal data with us and allow us to use it for the purposes that we envisage.
We have invested in a state-of-the-art IT infrastructure that allows us to protect your personal data to the maximum extent possible against theft, loss and any illegal use.
Access to your personal data is restricted to the president and vice-president of IAROR and the secretary in charge of the administration of the membership data base upon request of the president or vice-president of IAROR.
We will delete or anonymize your personal data completely and irreversibly:
Unless we are required to keep your personal data longer to:
We will not share any sensitive data about you with third parties without your explicit consent.
We take all reasonable steps to ensure that your personal data are kept accurate and up-to date for the purposes for which they were collected.
You have the right to be at all times and free of charge, be informed about your personal data.
You can at any time require access to your personal data, have them corrected and/or updated.
We will provide you with the ability to object to the processing of your personal data if such processing is not reasonably required for a legitimate business purpose as described in this policy or our compliance with law.
Where appropriate, we will also provide in an opt-out box or- link if you do not longer want to be included in our database. For example if you would not longer want to receive our newsletter.
Requests to restrict the use of your personal data and/or to delete your personal data will be subject to any applicable legal and ethical reporting or document filing or retention obligations imposed on us.
You also have the right to ask us to transfer your personal data to another data controller.
If you wish to contact us regarding our use of your personal data or object to the processing of your personal data, please contact us at firstname.lastname@example.org .