Statement Concerning Personal Data
Updated May 24, 2018
Scope- This statement applies to the Internet Engineering Task Force (“IETF”), the Internet Architecture Board (“IAB”) and the Internet Research Task Force (“IRTF”) (each a "Party" and collectively the "Parties"). Herein referred to as “the Parties”.
General –Most Personal Data Submitted to the Parties Will Become Public
The Parties operate in an open and transparent fashion. As a part of this transparency, any contributions, submissions, statements or communications made to us, including postings or other contributions you make to the Party’s websites, most mailing lists operated by the Parties, jabber chat rooms, all Internet-Drafts or other contributions that you submit, comments you send to the parties regarding the Parties or the Party’s documents, intellectual property disclosures and updates, requests for document authentication, subpoenas, registrations for meetings of the Parties or mailing list registrations, and most other information that you send, submit or post to the Parties, and any information that we collect about you through your use of any IETF web site, mailing list or other resource, as well as your signing the Blue Sheet for an in-person or electronic meeting run by the Parties (collectively, your “Personal Data”), other than as expressly excepted in this Statement, will be made public through electronic and other means. Personal Data includes, for example,(a) first and last name, (b) postal address if included in postings or submissions (e.g., Internet Drafts,)(c) e-mail address, or (d) any other identifier that permits the physical or online contacting of a specific individual. In addition, lists of the subscribers to IETF-managed mailing lists are available to subscribers of the lists. You should be aware of our transparent operation when communicating with us.
By providing us with your Personal Data, you are consenting to our disclosure and use of it for the purposes as described in this Statement. By subscribing to a mailing list managed by the Parties or submitting a
contribution to the Parties, you consent to our using your Personal Data to communicate with you about your participation in activities of the Parties. The parties may also share some Personal Data with the Internet Society so that it can fulfill its role of ensuring financial support for the Parties by exploring sponsorship or hosting possibilities.
The Parties also collect information, including through audio, pictorial and video recording, during and in connection with its events, meetings, mailing lists and conferences, and automatically through its web sites. All such information may be made public and used by the Parties in connection with the activities of the Parties.
Certain visitor characteristics may be reflected in our web server logs (such as, operating system, browser version, and Internet Protocol (IP) address). We do not make such information available to the public. When you interact with our web sites we may use cookies to uniquely identify you during a session to allow us to process your online transactions and requests and to verify your identity, after you have logged in to a web site and to track user activity between sessions. We do not use browser storage, for example flash cookies, or other local storage. Web site visitors who disable their web browser’s ability to accept cookies or alter user tracking will be able to browse the site; but some web site features may not function well if you disable cookies. The parties use services from Cloudflare to support some of their websites. Please refer to the Privacy Policy on the Cloudflare home page (https://www.cloudflare.com) for information on Cloudflare’s tracking policies.
The Parties do not engage in tracking behavior, as that term is defined by the Do Not Track (DNT) specification. Consequently, IETF web sites do not alter their behavior according to the value of browsers' DNT requests.
You Consent to International Transmission of Your Data
Due to the nature of the Internet and our international operations, your communications and submissions may result in the transfer of your information across national boundaries and outside of your country of
residence. By communicating with the Parties and submitting information to us, you consent to these transfers and to the use of your information as described in this Statement. If you provide Personal Data to the Parties, you acknowledge and agree that such Personal Data may be transferred from your current location to others in any country in the world.
Exceptions –Information That We Do Not Share
As an exception to the Party’s general policy of releasing information to the public, there are certain limited types of Personal Data that we do not share in the ordinary course of our operations (“Non-Public Information”). The categories of Non-Public Information that we currently recognize are described below.
Payment Information
Payment information is not collected or stored on any servers operated by the Parties. If you conduct transactions using our web sites (e.g., meeting registration), payment and payment card information will be entered directly into a third-party processor’s systems and is not transmitted through or stored by our web sites. We make reasonable efforts to ensure that our third-party processors handle your non-public information responsibly.
Registration Information
The parties collect information from people who register for meetings. The attendee lists which are published in the meeting proceedings includetheregistrants’name, organization and ISOcountry code,a profile link (if provided in the registration)and whether the registration was local or remote. All other information we collect is only published, if at all, in summary form.
Non-Public Mailing Lists and direct mail to individuals at the Parties
A small number of mailing lists operated by the Parties, including the NomCom, IAB, IAOC, IESG and RFC Editor mailing lists, are not available or disclosed to the public. These mailing lists are clearly indicated as non-public in their registration materials. We do not make the contents of these mailing lists available to the public. In addition, email sent directly to individuals at the Parties will not generally be made available to the public.
Passwords
Some areas of the web sites and some mailing lists operated by the Parties require you to create and enter a password. The Parties store these passwords and do not make them available to the public.
Information for letters of invitation
We delete the personal information that we collect to generate letters of invitation in a timely fashion after each meeting. We request that local organizations with whomwe share this data to generate the lettersalso
delete it in a timely fashion.
Security
We believe that we have implemented commercially reasonable precautions that we believe are appropriate to prevent the unauthorized use, disclosure and alteration of Non-Public Information. However, no data security measures can guarantee complete data security, and Parties do not guarantee the confidentiality of anything that you submit to the Parties. Please contact us at privacy@ietf.org if you believe that the security or integrity of any non-public information that you have submitted to the Parties has been compromised. Additionally, we may at times be required by law to release Non-Public Information, and we reserve the right to do so if we believe in good faith that such release is required by applicable law, regulation or judicial order.
Children
Our websites are not intended for use by children under 13 years old. We do not knowingly collect personally identifiable information from, or target our websites to, children under the age of 13. In accordance with the United States Children’s Online Privacy Protection Act of 1998, if we discover that a child under 13 has provided us with personally identifiable information, without the consent and participation of a parent or guardian, we will remove it from our systems.
Inquiries
The Parties do not share Personal Data with third parties for marketing purposes except for the Internet Society as mentioned above. If you would like to request information regarding our disclosure of your Personal Data to the Internet Society, please email your request to privacy@ietf.org. We will provide information of whether your Personal Data was shared with the Internet Society free of charge. If your Personal Data was shared with the Internet Society, this information includes a list of the categories of Personal Data that were shared with the Internet Society in the immediately preceding calendar year.
Compliance
If you have any questions regarding this Statement or believe that the Parties are not following the procedures described in this Statement, please contact privacy@ietf.org. You also may contact us if you have any concerns about the accuracy of, or wish to correct, your Personal Data, or if you wish us to cease processing your Personal Data. We reserve the right to decline any request to remove or alter information on the web sites operated by the Parties or in our records except to the extent that we are legally required to do so. Notwithstanding the above, we may disclose non-public information about your activities if required by the law or by a lawful order.
Other Organizations
For the avoidance of doubt, this Statement relates solely to the activities of the Parties, and does not cover any non-Party activities of the Internet Society or any other organization that maybe affiliated with the Parties.
Links to other sites
Occasionally, the Parties will link to websites or services operated by third parties, for example, to conferencing services. The Parties make no representation about the privacy policies of such sites.
Consent
Subject to the above provisions, by communicating information (including Personal Data), you consent to the collection, public disclosure and use of information by us in accordance with this Statement.
