Privacy Statement for the Entomological Society of America

Effective Date: November 12, 2018

 

Contents:

  1. Who we are and about this policy
  2. How to contact ESA
  3. How we collect personal data and the types of personal data we collect
  4. How we use personal data
  5. Lawful bases
  6. How we share and who can access your personal data
  7. Transfer of Personal Data outside of the European Economic Area (“EEA”) and International Users
  8. How long we store personal data
  9. Where we store personal data
  10. Cookies
  11. Children’s privacy
  12. Links to third party websites and services
  13. Your rights
  14. Changes to this policy
 
  1. Who we are and about this policy

The Entomological Society of America (“ESA”, “we”, or “Society”) is committed to protecting your privacy. We are a leading 501(c)3 not-for-profit professional organization serving the professional and scientific needs of entomologists and individuals in related disciplines.

This Policy provides an overview on how ESA collects and processes your Personal Data. Each time you use our “Websites” (www.entsoc.org, www.entocert.org, www.entfdn.org), or an ESA meeting app, the current version of this Policy will apply. Accordingly, whenever you use our Websites, or an ESA meeting app, you should check the date of this Policy (which appears at the top) and review any changes since the last version. “Personal Data” is any information relating to you where it is possible to identify you, directly or indirectly, from that information, by reference to an identifier such as your name, location data, online identifier or one or more factors specific to your identity.

By visiting our Websites, you acknowledge that you have read and understood the processes and policies referred to in this Policy. Please read this Policy carefully as it contains important information about your privacy rights.

We collect and use Personal Data of individuals in other jurisdictions, such as Member States of the EU – some aspects of this Policy will only apply when we are required to comply with some jurisdiction-specific laws. For the purposes of the General Data Protection Regulation 2016/679 (the “GDPR”), the controller of your Personal Data is the Entomological Society of America located in Anne Arundel County, Maryland USA, at 3 Park Place, Suite 307, Annapolis, MD 21401-3722 USA. In general, if you are interacting with us from the EU, the GDPR is likely to apply.

  1. How to contact ESA

If you have any comments or questions regarding this Policy or the ways in which we use your Personal Data, please direct them to data@entsoc.org.

You may also call ESA at (00) 1-301-731-4535 (Monday through Friday, from 8:00am to 5:00pm US Eastern Time) or contact us using the Contact ESA section on our Websites. Alternatively, you can contact us by mail at ESA, 3 Park Place, Suite 307, Annapolis, MD 21401-3722 USA.

  1. How we collect personal data and the types of personal data we collect

A. Personal Data that you give us directly
We may collect and process the following Personal Data which you provide to us directly:

  • Name and contact information, which you provide when corresponding with us by phone, e-mail, online, post or otherwise. This includes information you provide when you contact ESA with questions, participate in ESA discussion boards or other social media functions, or when you report a problem with our Websites. This information may include your ESA identification number, name, address, e-mail address, phone number, social media identification.
  • Membership information, about your membership including your login and password information, name, contact details (see above), affiliation, job title, member join date(s) or expire date(s), age, significant other’s name (for Family memberships), Student member attributes (expected graduation date and degree to be earned, major professor/advisor’s name and email, and university name), ESA Branch or Section information, and any other information related to your membership. Membership information may be provided by you during the join process, or by your employer or university on your behalf. It may also be collected when you join a committee or participate in any other volunteer activity.
  • Demographic information, which you voluntarily provide to ESA so that ESA can study trends in the entomological sciences and within the Society, and support ESA’s Diversity and Inclusion Initiative. This information is used only in aggregate for reporting purposes. This information may include your age, gender, ethnicity* (see below), field of work, position/specialty, role, professional interests (discipline specialties and order of insects).
  • Dues payment information, including financial information such as credit/debit card and account numbers used to join or renew your membership.
  • Job, award or other personal history, which you (or a nominator) provide when corresponding with us. This includes information submitted via forms, including application and nominations forms. This information may include your ESA identification number, name, address, e-mail address, phone number, affiliation, job title, job history, award history, age, gender, career stage, letters of recommendation, etc.
  • Purchase information, relating to purchases for event participation, books and other products, or journals subscriptions either in-person or via our Websites. This will include financial information as well as information concerning the content and time of the purchase.
  • Certification information, relating to certification programs, in which members and customers are granted ACE or BCE certification if they meet specified educational/employment experience requirements and/or pass necessary exams. This may include extensive information about the experience/performance of those applying for certification.
  • Resumes and job postings, relating to finding a job or searching for job candidates. This may include resumes and CVs, job history information, contact information, and credit card information.

B. Personal Data we collect when you visit the Websites
Each time you visit the Websites we may automatically collect the following information:

  • Technical information, including the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including search terms used by you, pages you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number; and
  • Location information, including the geographic location of your device’s IP address when accessing the Websites.

Social media

Our Websites also interface with social media websites or platforms that are owned and/or controlled by third parties, such as Facebook, LinkedIn, Twitter and others. If you choose to “like” or share information from a Website through any social media sites, if you are a member of a social media site, the interfaces on our Websites may allow the social media site to connect to your Personal Data. The information that you share with social media sites will be governed by the specific privacy policies and terms of service of the social media sites and not by this Policy. You should review the privacy policy of that social media site before choosing to access and use any social media sites, including interacting with our pages on those sites.

C. Personal Data we collect from other sources
We may receive information about you from a variety of databases or services that ESA uses to provide benefits and services to members and customers. These may include information you submit to ESA, including details on any presentation or event you submit to present or organize at an ESA meeting, or any research you submit to publish in any ESA publication or journal. The data that is collected about authors is that which is required to support the publishing and invoicing process. The data that is collected about meeting submitters and organizers is that which is required to support the meeting scientific review and scheduling process. The information may include full contact and credit card information.

D. Non-Personal Data
We collect information that is sent to us automatically by your web browser and we may use this information to generate aggregate statistics about visitors to our Website, including, without limitation:

  • IP addresses
  • Browser type and plug-in details
  • Device type (e.g., desktop, laptop, tablet, phone, etc.)
  • Operating system
  • Local time zone

We may use non-Personal Data for various business purposes such as providing customer service, fraud prevention, market research, and improving our Websites. Please check your web browser if you want to learn what information your browser sends or how to change your settings.

*Sensitive Personal Data
Certain jurisdictions have laws (for example, the GDPR in the EU) that recognize particular types of Personal Data as more sensitive and therefore requiring greater protection, for example information about your health, ethnicity, political opinions or religious beliefs. This is known as ‘special category data’ under the GDPR. We only collect these types of Personal Data in limited circumstances – for instance ethnicity data to support our diversity and inclusion policy.
 

  1. How we use personal data

We may use your Personal Data for the following purposes:

  • to carry out our obligations arising from your membership, or any other contract entered into between you and us and to provide you with the information, products and membership services that you request from us;
  • to organize events that you have purchased or registered for, and to provide you with information, and other materials, relating to the content of the event, the speakers, sponsors and other attendees;
  • to provide our member eNews, other e-publications and marketing messages, provided you have not opted out of receiving these via your email subscriptions selections.
  • to allow you to comment on our blog or online community, and to provide your feedback to ESA.
  • to respond to your questions and provide related membership services;
  • to provide you with information about other events, products and services we offer that are similar to those that you have already purchased, provided you have not opted-out of receiving that information;
  • to provide you, or permit selected third parties to provide you, with information about events, products or services we feel may interest you;
  • to allow the public to find ACE and/or BCE-certified individuals via an online roster;
  • to notify you about changes to our membership services;
  • to ensure that content from our Websites are presented most effectively for you and your computer or device;
  • to administer any financial transaction between us;
  • to administer our Websites and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to improve our Websites to ensure that content is presented most effectively for you and your computer or device;
  • as part of our efforts to keep our Websites safe and secure;
  • to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  • to make suggestions and recommendations to you and other users of our Websites about goods or services that may interest you or them;
  • to satisfy legal obligations which are binding on us;
  • for the prevention of fraud or misuse of services; and
  • for the establishment, defense and/ or enforcement of legal claims.

In general, we may combine your Personal Data from the different sources set out in section 3 above for the purposes set out in this Policy including those above (depending on the types of information we receive).
 

  1. Lawful bases

Under certain laws, we are required to rely on one or more lawful grounds to collect and use the Personal Data set out above. We consider the following grounds to be relevant:

  • Legal obligation.  Where the processing of your Personal Data is necessary for us to comply with a legal obligation to which we are subject e.g. because we have to provide information to tax authorities.

  • Contractual relationship.  Where it is necessary for us to use your Personal Data in order to perform a contract to which you are a party (or to take steps at your request prior to entering into a contact). For example if you purchase a publication in our bookstore or register for an ESA meeting.
  • Legitimate interests.  We rely on this ground where applicable law allows us to collect and use Personal Data for legitimate interests and that use is fair, balanced and does not unduly impact your rights. For instance, it is in our legitimate interests (and those of our members) to host the online member directory and ESA Community discussion board.

When we process your Personal Data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your Personal Data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).

  • Consent.  We may obtain your consent to use your Personal Data in certain circumstances e.g. to send you email marketing. We will ensure that when we obtain your consent you are free both to give it and to decline to give it.
     
  1. How we share and who can access your personal data

Non-exhaustively, we may share your Personal Data for the purposes described in this Policy with:

  • other members or customers via the member directory, volunteer directory, online community, or by other specific requests to ESA such as ESA Branch or Section volunteers.
  • partners, suppliers and sub-contractors, for the performance of obligations arising from processing or maintaining your membership, or any other contract we enter into with them or you or to provide you with the information, products and membership services that you request from us.
  • analytics and search engine providers that assist us in the improvement and optimization of our Websites.
  • trusted third-party companies and individuals to help us provide, analyze, and improve the Websites and our membership services (including but not limited to data storage, maintenance services, database management, web analytics and payment processing).


 

  1. Transfer of Personal Data outside of the European Economic Area (“EEA”) and International Users

Certain countries have rules around the transfer of Personal Data across borders and require us to ensure that Personal Data remains protected according to appropriate standards (for example, EU Member States under the GDPR).

Since we are headquartered in the United States, your Personal Data (including any that is collected in the EU) may be accessed by us or transferred to us in the United States or to our affiliates, partners, merchants, or service providers who are located worldwide. If you are visiting our Websites from outside the United States, and in particular if you are based in the EU, please note that certain countries outside the EU have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Be aware that your information may be transferred to, stored, and processed in the United States where our servers are located, and our central database is operated.  

If you have any questions about the transfer of your Personal Data, please contact us using the details at section 2.
 

  1. How long we store personal data

Retention
In some jurisdictions, there are limits on how long we may retain your Personal Data. We will retain your Personal Data for as long as your account is active, or as needed to provide you with access to our Websites or services, or to study membership or other trends. If you wish to cancel your account or request that we no longer use your information to provide you service(s), contact us at dataprivacy@entsoc.org. We will retain and use your Personal Data as necessary to comply with our legal or regulatory obligations, resolve disputes, and enforce our agreements and rights. We maintain one or more databases to store your Personal Data and, unless legal limits apply, may keep such information indefinitely. We will delete your Personal Data upon request if you validly exercise your right to erasure (see section 13 below).
 

  1. Where we store personal data

The Personal Data that you provide to us is generally stored on servers located in the United States. If you are located in another jurisdiction, you should be aware that once your Personal Data is submitted through our Websites, it will be transferred to our servers in the United States and that the United States currently does not have uniform data protection laws in place. See section 7 above for more information.
 

  1. Cookies

Cookies are text files placed on your computer or mobile device to collect standard internet log information and website visitor behavior information. This information is used to track the use of our Websites by members and customers and to compile statistical reports on website activity. ESA uses cookies to improve some of its online services. You can set your browser not to accept cookies and you may also remove cookies from your browser. However, in many cases, some of our Website features may not function properly if you do not allow cookies.
 

  1. Children’s privacy

Our systems (including our Websites, meeting application, and services included therein) are intended for a general audience and is not intended for use or view by children under 18 years of age. And we do not knowingly collect information about children or sell products to children, unless their parent or guardian processes a membership or meeting attendance for them through ESA – in which case we obtain the consent, where required, of their parent or guardian. If you are under the age of 18, you must ask your parent or guardian to assist you in using the System. If you are a parent or guardian and discover that your child or a minor under the age of 18 has posted, submitted or otherwise communicated Personal Data to our Websites without your consent, then please alert us at dataprivacy@entsoc.org so that we may take appropriate action to remove the minor's Personal Data from our systems. Furthermore, we may restrict entries to any elections, nominations, or promotions to entrants who are at least 18 years of age.
 

  1. Links to third party websites and services

Our Websites may contain links to third party websites, applications and services not operated by us. These links are provided for convenience and do not imply any endorsement by us of the activities or content of those third party websites, applications or services nor any association with their operators. ESA is not responsible for the privacy policies or practices of those third party websites, applications or services directly linked to our Websites and this Policy does not cover them. We encourage you to review the privacy policies of any third-party website that you link to from our Websites.

  1. Your rights
  • Correction and removal.  If any of the information that we have about you is incorrect, or you wish to have information (including Personal Data) removed from our records, you may do so by contacting us at dataprivacy@entsoc.org.
  • Opting Out.  Additionally, if you prefer not to receive specific e-marketing messages from us, please let us know by clicking on the email subscriptions link at the bottom of any marketing message that you receive and selecting which categories of messages you would like to subscribe to or unsubscribe to. You may also visit the ESA Websites and log into your ESA dashboard page to access this subscription page, or send a message to us at dataprivacy@entsoc.org.
  • Your European Rights 
    FOR INDIVIDUALS IN THE EUROPEAN UNION ONLY (these rights may only be available to you if you are located in the EU when you access our Websites or otherwise engage with us). You have the right to ask us not to process your Personal Data for marketing purposes. You can exercise the right by contacting us at dataprivacy@entsoc.org.

Under European data protection law, in certain circumstances and subject to exemptions, you have the right to:

  • Request access to your Personal Data. You may have the right to request access to any Personal Data we hold about you as well as related information, including the purposes for processing the Personal Data, the recipients or categories of recipients with whom the Personal Data has been shared, the period for which the Personal Data will be stored, the source of the Personal Data, and the existence of any automated decision making.
  • Request correction of your Personal Data. You may have the right to obtain without undue delay the rectification of any inaccurate Personal Data we hold about you.
  • Request erasure of your Personal Data. You may have the right to request that Personal Data held about you is deleted.
  • Object to processing of your Personal Data. You may have the right to prevent or restrict processing of your Personal Data where we (i) process on the basis of the legitimate interests ground; (ii) use it for direct marketing; or (iii) use Personal Data for statistical purposes.
  • Request restriction of processing your Personal Data. You may ask for us to restrict the processing of your Personal Data if there is disagreement about its accuracy or legitimate use.
  • Request transfer of your Personal Data. You may have the right to request transfer of your Personal Data directly to you or a third party in machine-readable format (‘right to data portability’).
  • Withdraw your consent. You have the right to withdraw or change any consent given to ESA (such as to promote services to you) at any time.

You can exercise any of these rights by contacting us at dataprivacy@entsoc.org. We may need to confirm your identity before we are able to fully respond.

Complaints
ESA regularly reviews our compliance with our Privacy Policy. All complaints and inquiries regarding data privacy should be sent via email to dataprivacy@entsoc.org. When we receive a formal written complaint, we will contact the person who made the complaint to follow up. We will work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of personal data that we cannot resolve with our users directly.
 

  1. Changes to this policy

If we make any changes to this Policy or the way we use, share or collect personal data, we will notify you by revising the “Effective Date” at the top of this Policy, by prominently posting an announcement of the changes on our Websites, and, where those changes are significant and it is reasonably possible for us to do so, by sending an email to the primary email address you most recently provided us (unless we do not have such an email address) prior to the new policy taking effect. Please check back frequently to see any updates or changes to this Policy.