YOUR PRIVACY is important to us. As of January 2019, we are compliant with the requirements of the U.S. Department of Commerce Privacy Shield Framework. The Privacy Shield provides us with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States.
You may download a copy of this policy statement here.
This statement and document were updated in February 2020.
Aviation Information Sharing and Analysis Center, Inc.
U.S. Data Shield Policy Statement
The types of Personal Data we collect about Data Subjects;
The purposes for which we collect and use Personal Data;
The types of third parties to which we disclose Personal Data and the purposes for which we make these disclosures;
The rights of Data Subjects to access their Personal Data;
The choices and means that we offer for limiting our use and disclosure of Personal Data;
How we enforce our obligations under the Privacy Shield; and
How Data Subjects can contact us with any inquiries or complaints.
What We Collect and the Purposes of Collection
The A-ISAC collects information about you when you request information regarding our services, inquire about membership, or sign up to attend an A-ISAC event. In order to communicate with you we only collect your email address and other contact information you provide to us when inquiring about our services or registering for our events. Any information provided to us will be used solely for the purposes of fulfilling your request for information, registering you for an event, or communicating with you as a member of the A-ISAC.
Memberships are issued to and paid for by companies. Employees of member companies provide their names, email addresses and other contact information which is shared with other members to facilitate collaboration and identify the source of collaboration, unless the member specifically opts to anonymize a contribution of information.
When registering for a conference, the A-ISAC may require you to provide the Company or a 3rd party provider with financial and billing information, such as billing name and address, banking or credit card details, and food preferences or food allergies. This information is necessary to assist the A-ISAC in tracking attendees for events, providing adequate facilities, post-event surveys, ensuring a safe experience and to provide notice of future events.
The A-ISAC processes human resources data for the purposes of recruiting and hiring job applicants via the third party website. The A-ISAC may process employment data, such as name, tax identifiers, hours worked, etc. for the purpose of employing EU Citizens. Employment data will only be used for employment purposes and not for marketing.
Methods of Collection of Information
We may collect information from you when you access the Site or use or access the Services. Similarly, we may collect personal data from you through a number of voluntary sources on our website or through email or other communications as both a member, prospective member or visitor to our website. The personal data we may collect from you might include, by way of example:
Email address; Domain name and Internet Protocol (IP) address; Contact information (including, name, phone number(s), business, address, zip code, and country); User-specific and aggregate information on areas of the Site accessed and the Services used; and other information you volunteer to the site or via other means of communication, such as responses, registrations, surveys, reviews, comments, confirmations, emails, messages, telephone calls, written correspondence or other electronic submissions and communications sent by you to the Site or through a registration or contact initiated by you.
Our external facing public website is managed by a third-party provider which is Privacy Shield compliant. The A-ISAC does not collect cookies from our external facing website hosting service.
The A-ISAC collects data concerning threats to our member companies’ networks, products, personnel and customers.
2. Choice: Controlling Your Personal Information
You may opt-out from any future communications from us by emailing us at firstname.lastname@example.org. We will remove you from our contacts within 10 days. This will delete your personal data from our records, and we will make no further use of it. We may, however, retain copies of your personal data in secure backups.
Upon request, the A-ISAC will provide you with information about whether we hold any of your personal data. To request this information please contact us at email@example.com.
You may access, correct, request deletion or request a copy of any or all of your personal data in our possession by emailing us at , and we will honor your request within forty-five (45) days. If we incur expenses to comply with your request, we may charge you a reasonable fee to cover these expenses, if permitted by law. If you believe any of the personal data we have collected from you is inaccurate, you can email with a request to update this information. We will act on your request within 45 days. If you believe we have not resolved your complaint satisfactorily, you may dispute the resolution. (See below, Section 7, “unresolved disputes.”)
3. Accountability for Onward Transfer: Information Sharing and Disclosure to Third Parties
Agents and Third-Party Service Providers. To provide the A-ISAC’s Services to you, we may sometimes use other businesses to perform certain specialized services such as bulk emailing, event planning or other technology services. In such instances, we may provide some or all of your personal data to those businesses, but they are not permitted to retain or use your information for any other purpose. Members will utilize 3rd party services for information sharing and communications.
Change of Control / Asset Transfer
Communication From the A-ISAC
Customer Service. Based upon the information you provide to us, we will communicate with you in response to your inquiries, to provide the information or services you requested. We may communicate with you by email or telephone.
We may provide you the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in to receive these forms of communication, and no longer wish to receive our newsletter or other promotional communications by email, you may opt-out of receiving them by following the instructions included in each communication.
If the A-ISAC is considering the use of personal information collected through the employment relationship for non-employment-related purposes, such as marketing communications, the A-ISAC will provide the affected individual(s) with the requisite choice before doing so, unless the employee(s) have already authorized the use of the information for such purposes.
4. Security and Information Protection
We take reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data. The A-ISAC utilizes generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.
The A-ISAC offers business services. We do not knowingly collect information from children under the age of 13. If you are under the age of 13, please do not provide any information to us. In the event we become aware that we have collected information from a child under the age of 13, we will delete such information from our databases.
The A-ISAC reserves the right to disclose your information in cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) A-ISAC’s rights or property, other visitors, members, or anyone else that could be harmed by such activities. A-ISAC also reserves the right to disclose website visitor or member information when we believe in good faith that the law mandates such disclosure, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
5. Data Integrity, Purpose Limitation, and Retention of Personal Information
The A-ISAC limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. We do not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.
We take reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. We retain Personal Data in identifiable form only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Data Subject, unless a longer period is required by law.
Data Subjects whose Personal Data is collected by the A-ISAC have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to firstname.lastname@example.org.
7. Recourse, Enforcement, and Liability
The A-ISAC is legally responsible and can be held liable both for the processing of personal data it receives, under the Privacy Shield, and subsequent transfers to a third party. The A-ISAC complies with the Privacy Shield for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield, the A-ISAC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.
Under certain conditions, more fully described on the Privacy Shield website at you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third-party dispute resolution provider. Under certain conditions, more fully described on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted. The dispute resolution services under the Privacy Shield are free of charge to individuals.
European employees with unresolved complaints about violations of their employment data protection rights and are not satisfied with the results of internal review, complaint, and appeal procedures (or any applicable grievance procedures under a contract with a trade union), are directed to file a complaint with the state or national data protection authority (DPA) or labor authority in the jurisdiction where the employees work.
“The A-ISAC commits to cooperate with the DPAs. The A-ISAC will cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship and will comply with any advice given by the DPAs where the DPAs take the view the A-ISAC needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.”
We agree to periodically review and verify our compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. We acknowledge that failure to provide an annual self-certification to the U.S. Department of Commerce will result in the A-ISAC’s removal from the Department’s list of Privacy Shield participants.
The A-ISAC has certified that it complies with the Privacy Shield Principles of: (1) Notice; (2) Choice; (3) Accountability for Onward Transfer of Personal Data; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement, and Liability with respect to all Personal Data we receive in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework. This Policy Statement applies to all members of A-ISAC and anyone visiting the A-ISAC website, regardless of whether the personal data originated from an E.U. member country, Switzerland, or elsewhere around the globe, with the exception of data collected concerning threats to our member companies’ networks, products, and personnel.
The Aviation ISAC may be contacted via email at email@example.com
Our mailing address is:
1997 Annapolis Exchange Pkwy
Annapolis, MD 21401
Date of publication: February 2020