© 2019. Aviation Information Sharing and Analysis Center. 

Privacy Policy Statement

 

  • Twitter Social Icon
  • LinkedIn Social Icon

YOUR PRIVACY is important to us. As of January 2019, we are compliant with the requirements of the U.S. Department of Commerce Privacy Shield Framework. The Privacy Shield provides us with a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the United States. 

This privacy policy explains our online information practices and the choices you can make about the way your information is collected and used. If you have any questions about the policy or how your data is being managed, please contact us

You may download a copy of this policy statement here

Aviation Information Sharing and Analysis Center, Inc.

U.S. Data Shield Policy Statement

The Aviation ISAC (A-ISAC) is committed to protecting the privacy of those who visit A-ISAC websites and our members. This Privacy Policy Statement details our policies and practices and the choices you can exercise concerning the way your information is collected and used.

The A-ISAC’s websites may contain links to other websites. The information practices or the content of such other websites is governed by the privacy policy statements of those websites.

The A-ISAC complies with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States.  The A-ISAC has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.  To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

The A-ISAC has certified that it complies with the Privacy Shield Principles of: (1) Notice; (2) Choice; (3) Accountability for Onward Transfer of Personal Data; (4) Security; (5) Data Integrity and Purpose Limitation; (6) Access; and (7) Recourse, Enforcement, and Liability with respect to all Personal Data we receive in the U.S. from European Union member countries and Switzerland in reliance on the respective Privacy Shield framework. This Policy Statement applies to all members of A-ISAC and anyone visiting the A-ISAC website, regardless of whether the personal data originated from an E.U. member country, Switzerland, or elsewhere around the globe, with the exception of data collected concerning threats to our member companies’ networks, products, and personnel.

1. Notice

The A-ISAC notifies Data Subjects covered by this Privacy Policy Statement about our privacy practices, including:
 

  • The types of Personal Data we collect about Data Subjects;

  • The purposes for which we collect and use Personal Data;

  • The types of third parties to which we disclose Personal Data and the purposes for which we make these disclosures;

  • The rights of Data Subjects to access their Personal Data;

  • The choices and means that we offer for limiting our use and disclosure of Personal Data;

  • How we enforce our obligations under the Privacy Shield; and

  • How Data Subjects can contact us with any inquiries or complaints

What We Collect and the Purposes of Collection:

The A-ISAC collects information about you when you request information regarding our services, inquire about membership, or sign up to attend an A-ISAC event. In order to communicate with you we only collect your email address and other contact information you provide to us when inquiring about our services or registering for our events.  Any information provided to us will be used solely for the purposes of fulfilling your request for information, registering you for an event, or communicating with you as a member or potential member of the A-ISAC.

Memberships are issued to and paid for by companies. Employees of member companies provide their names, email addresses, and other contact information, which is shared with other members to facilitate collaboration and identify the source of collaboration, unless the member specifically opts to anonymize a contribution of information.

When registering for a conference, the A-ISAC may require you to provide the Company or a 3rd party provider with financial and billing information, such as billing name and address, banking or credit card details, and food preferences or food allergies.  This information is necessary to assist the A-ISAC in tracking attendees for events, providing adequate facilities, post-event surveys, ensuring a safe experience and to provide notice of future events.

The A-ISAC may process human resources data for the purposes of recruiting and hiring job applicants. The A-ISAC may process employment data, such as name, tax identifiers, hours worked, etc. for the purpose of employing EU or Swiss Citizens.  Employment data will only be used for employment purposes and not for marketing. The AISAC uses third party providers for payroll, insurance and other employee benefits and back office processing of AISAC operations.  An employee’s data may be passed onto one or more of these third parties in order to facilitate operation of the A-ISAC.

The A-ISAC only collects and uses data as described in this Privacy Policy Statement. The A-ISAC does not process or use personal data that we collect or that is received from our members or from other third parties in a way that is incompatible with the purposes for which it was collected or received or subsequently authorized by you.

Except as noted in this Privacy Policy, personal data collected by the A-ISAC via our website or through our services is not shared with third parties without your consent.

Methods of Collection of Information:

We may collect information from you when you access the Site or use or access the Services.  Similarly, we may collect personal data from you through a number of voluntary sources on our website or through email or other communications as both a member, prospective member or visitor to our website. The personal data we may collect from you might include, by way of example: Email address; Domain name and Internet Protocol (IP) address; Contact information (including, name, phone number(s), business, address, zip code, and country); User-specific and aggregate information on areas of the Site accessed and the Services used; and Other information you volunteer to the site or via other means of communication, such as responses, registrations, surveys, reviews, comments, confirmations, emails, messages, telephone calls, written correspondence or other electronic submissions and communications sent by you to the Site or through a registration or contact initiated by you.

Our external facing public website is managed by a third-party provider which is Privacy Shield compliant.  The A-ISAC does not collect cookies from our external facing website hosting service.

We use cookies on our external, private-access portals to improve the browser experience and authentication.

The A-ISAC collects data concerning threats to our member companies’ networks, products, personnel and members.

2. Choice: Controlling Your Personal Information

You may opt-out from any future communications from us by emailing us at membership@a-isac.com. We will remove you from our contacts within ten (10) days. This will delete your personal data from our records, and we will make no further use of it. We may, however, retain copies of your personal data in secure backups.

Upon request, the A-ISAC will provide you with information about whether we hold any of your personal data. To request this information please contact us at privacy@a-isac.com.

You may access, correct, request deletion or request a copy of any or all of your personal data in our possession by emailing us at privacy@a-isac.com and we will honor your request within forty-five (45) days. If we incur expenses to comply with your request, we may charge you a reasonable fee to cover these expenses, if permitted by law. If you believe any of the personal data we have collected from you is inaccurate, you can email privacy@a-isac.com with a request to update this information. We will act on your request within 45 days. If you believe we have not resolved your complaint satisfactorily, you may dispute the resolution.  (See below, Section 7, “unresolved disputes.”)

3. Accountability for Onward Transfer: Information Sharing and Disclosure to Third Parties

Except for the limited situations listed here in this Privacy Policy Statement, we will not share your personal data with third parties. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event we are required to provide your personal data to third parties as part of legal process.

Agents and Third-Party Service Providers. To provide the A-ISAC’s Services to you, we may sometimes use other businesses to perform certain specialized services such as bulk emailing, event planning or other technology services. In such instances, we may provide some or all of your personal data to those businesses, but they are not permitted to retain or use your information for any other purpose. Members will utilize third party services for information sharing and communications.

 

Change of Control / Asset Transfer: In the event of a corporate change in control or sale of all or parts of the A-ISAC, the buyer or transferee will have to honor the commitments we have made in this Privacy Policy.

Communication From the A-ISAC: Member Service. Based upon the information you provide to us, we will communicate with you in response to your inquiries, to provide the information or services you requested. We may communicate with you by email or telephone.

Choice/Opt-out:

We may provide you the opportunity to opt-in to additional newsletters or promotional communications sent by email. If you have opted in to receive these forms of communication, and no longer wish to receive our newsletter or other promotional communications by email, you may opt-out of receiving them by following the instructions included in each communication.

If the A-ISAC is considering the use of personal information collected through the employment relationship for non-employment-related purposes, such as marketing communications, the A-ISAC will provide the affected individual(s) with the requisite choice before doing so, unless the employee(s) have already authorized the use of the information for such purposes.

4. Security and Information Protection

We take reasonable and appropriate measures to protect Personal Data covered by this Privacy Shield Policy from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the processing and the nature of the Personal Data.  The A-ISAC utilizes generally accepted industry standards to protect the information submitted to us, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100 percent secure. Therefore, while we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Privacy Policy for Children:

The A-ISAC offers business services. We do not knowingly collect information from children under the age of 13. If you are under the age of 13, please do not provide any information to us. In the event we become aware that we have collected information from a child under the age of 13, we will delete such information from our databases.

Legal Compliance:

The A-ISAC reserves the right to disclose your information in cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) A-ISAC’s rights or property, other visitors, members, or anyone else that could be harmed by such activities.

 

A-ISAC also reserves the right to disclose website visitor or member information when we believe in good faith that the law mandates such disclosure, and in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

5. Data Integrity, Purpose Limitation, and Retention of Personal Information

The A-ISAC limits the collection of Personal Data covered by this Privacy Shield Policy to information that is relevant for the purposes of processing. We do not process such Personal Data in a way that is incompatible with the purposes for which it has been collected or subsequently authorized by the Data Subject.

We take reasonable steps to ensure that such Personal Data is reliable for its intended use, accurate, complete, and current. We retain Personal Data in identifiable form only for as long as it serves a purpose that is compatible with the purposes for which the Personal Data was collected or subsequently authorized by the Data Subject, unless a longer period is required by law.

6. Access

Data Subjects whose Personal Data is collected by the A-ISAC have the right to access such Personal Data and to correct, amend, or delete such Personal Data if it is inaccurate or has been processed in violation of the Privacy Shield Principles (except when the burden or expense of providing access, correction, amendment, or deletion would be disproportionate to the risks to the Data Subject’s privacy, or where the rights of persons other than the Data Subject would be violated). Requests for access, correction, amendment, or deletion should be sent to privacy@a-isac.com.

7.  Recourse, Enforcement, and Liability and Unresolved Disputes

The A-ISAC is legally responsible and can be held liable both for the processing of personal data it receives, under the Privacy Shield, and subsequent transfers to a third party. The A-ISAC complies with the Privacy Shield for all onward transfers of personal data from the EU, including the onward transfer liability provisions. With respect to personal data received or transferred pursuant to the Privacy Shield, the A-ISAC is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

In compliance with the Privacy Shield Principles, the A-ISAC commits to resolve complaints about our collection or use of your personal information.  EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact the A-ISAC by sending an email to:

privacy@a-isac.com.

The A-ISAC has further committed to refer unresolved Privacy Shield complaints to JAMS, an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/file-an-eu-us-privacy-shield-claim for more information or to file a complaint.  The will adhere to JAMS binding arbitration.  The services of JAMS are provided at no cost to you.

Commitment to Cooperate with EU/Swiss Data Protection Authorities (DPAs):

The A-ISAC commits to cooperate with the DPAs.  The A-ISAC will cooperate with EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) and comply with the advice given by such authorities with regard to human resources data transferred from the EU and Switzerland in the context of the employment relationship and will comply with any advice given by the DPAs where the DPAs take the view the A-ISAC needs to take specific action to comply with the Privacy Shield Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.

Notification of Changes to this Privacy Policy Statement:

We agree to periodically review and verify our compliance with the Privacy Shield Principles, and to remedy any issues arising out of failure to comply with the Privacy Shield Principles. We acknowledge that failure to provide an annual self-certification to the U.S. Department of Commerce will result in the A-ISAC’s removal from the Department’s list of Privacy Shield participants.

The terms of this Privacy Policy Statement may change from time to time. We will notify you of any material changes to this Privacy Policy Statement by posting a notice on a-isac.com for a reasonable period of time after such changes are made, that this Privacy Policy Statement has been updated.  We encourage you to check this page periodically for any changes. Your continued use of the a-isac.com website and participation in following the posting of changes to these terms will mean you accept those changes.

Contact Information:

The Aviation ISAC may be contacted via email at privacy@a-isac.com

Our mailing address is:

1997 Annapolis Exchange Pkwy

Suite 300

Annapolis, MD  21401

 

Date of publication: January 2019