Last updated: 18.03.2020
This Privacy Notice explains who we are and how we collect, share and use your personal data when you use the International Lipidomics Society ry website https://lipidomicssociety.org in accordance with the General Data Protection Regulation (EU) 679/2016. We also give you information on which privacy rights you hold as a data subject and how you may exercise your rights.
1. Name and address of the controller
The controller of the personal data file is:
International Lipidomics Society ry
References in this notice to “Lipidomics”, “we”, “us” or “our” are references to International Lipidomics Society ry.
Contact person for data protection related matters:
Phone: +358 40 744 8997
Please be in contact with the contact person if you have any questions related to data protection at Lipidomics.
2. Personal data processed by Lipidomics
Your personal data is processed by the Lipidomics website when you access the website, register as a user on the website, become a member of International Lipidomics Society ry, use the blog function and subscribe to newsletters.
We process the following personal data about you:
- Information about your system, including: the type of your web browser, your operating system, the referrer website, sub-websites, date and time of access, your IP address, your internet service provider, and other similar information.
- Your contact information: your first and last name, e-mail address, telephone number, street address, the organisation you are affiliated with, and your username.
- Your payment information: details concerning your payment card.
- Your subscription information: information concerning your subscription to our newsletter.
- Your activity information: information concerning your activity in the blog section of our website, including your comments and the time and date of their submission, information on whether you have opened the newsletter, when you have opened it and what links of the newsletter have you accessed.
Information about your system and your activity is collected automatically when you access our website/newsletter and, e.g., when you submit a comment on our blog. All other personal data is provided to us by the data subject – you.
The are no other sources of personal data processed in connection with the use of our website.
3. Purposes of and lawful bases for processing
|Purposes of processing||Categories of personal data||Lawful bases for processing|
|Delivering the website content, optimisation of the content, ensuring the operation of IT systems and cooperation with law enforcement authorities||System information||Our legitimate interest to provide you with access to our website and to protect our IT systems|
|Creation of a user account on the website||Contact information||Performance of an agreement (the terms and conditions of our website and the creation of a user profile)|
|Processing related to payments||
|Performance of an agreement (e.g. you becoming a member of International Lipidomics Society ry)|
|Our legitimate interest to inform our members about relevant matters concerning our activity|
|Newsletter optimisation||Activity information||Our legitimate interest to develop and optimise the content of our newsletter|
|Social and interactive functions of our website||
|Our legitimate interest to enable social and interactive functions on our website and make it possible for you to use them|
Where the processing is based on an agreement between you and International Lipidomics Society ry, it is not possible to use the services concerned without the provision of the requested personal data.
Some of our cookies are associated with the analytics service provided by Google. These cookies are used to collect information about how visitors use our website and helps us improve our website. It is not possible to identify specific visitors by the information collected by cookies. For additional information concerning Google Analytics cookies, see https://support.google.com/analytics/answer/6004245.
5. Retention of personal data
Your personal data is stored only as long as it is necessary for the purposes described above and as long as it is required in order to comply with statutory requirements.
Should you require additional information concerning the retention periods related to personal data, please do not hesitate to contact us at the telephone number or the e-mail address mentioned above.
6. Automated decision-making and profiling
We do not use automatic decision-making or profiling in the processing of personal data.
7. The recipients of personal data
Our website is hosted on the servers of Cloud City Oy, which acts as a processor for all of personal data processed in connection with the use of our website. For the purpose of membership payments, we use Stripe as our payment service provider. For this reason, Stripe receives your contact and payment information when you make a membership payment through our website. We have data processing agreements in place with our contractual partners who process personal data on our behalf to ensure the safe transfer and disclosure of personal data.
Our site has integrated social plugins from Twitter and LinkedIn. If you are logged into Twitter or LinkedIn, some of your personal information will be transferred to these companies (e.g., the information concerning you visiting our website), and the content of the plugins will be customised personally for you. This privacy notice does not cover how Twitter and LinkedIn process your personal data. You can find additional information concerning your privacy in these services below:
8. Transfers outside the EU/EEA
When submitting your payment information, this information may be transferred by Stripe to the United States based on the EU-US Privacy Shield Framework. You can find more information on the Privacy shield framework here: https://www.privacyshield.gov/welcome.
There are no other transfers of personal data outside the EU/EEA.
9. Rights of the data subject
Under the General Data Protection Regulation, you are granted the rights listed below. The rights granted to you in each specific case depend on the legal basis used for each of the processing activities.
Should you wish to use your rights as a data subject, please be in contact with us and we are happy to assist you further. We may have to request some additional information in order to confirm your identity and fulfil your rights.
- Right to be informed about the processing – you have a right to be informed about how we store and use your personal data.
- Right to access personal data – you have a right to obtain information about whether we are processing your personal data. If your personal data is being processed, you have the right to access to your personal data.
- Right to have inaccurate personal data rectified – should any of your personal data be inaccurate or incomplete, you have a right to have it rectified. If your data has been shared with third parties, we will take reasonable steps to inform them of the rectification, where possible.
- Right to withdraw data protection consent – you may, at any time, withdraw your consent to processing of your personal data.
- Right to have personal data erased (the right to be forgotten) – in certain cases, you have a right to request that some of your personal data processed by us is erased.
- Right to object to processing of personal data –in certain cases, you have a right to object to processing of your personal data being carried out by us (for instance, if we are processing personal data based on legitimate interests).
- Right to restrict processing of personal data in certain circumstances – in certain cases, you have a right to block the processing of your personal data (for instance, if you are contesting the accuracy of the personal data that is being processed).
- Right to data portability – in certain cases where you have provided us with your personal data, you can request to receive a copy of your personal data in a commonly used electronic format.
- Right to lodge a complaint with a supervisory authority – you have a right to lodge a complaint with a supervisory authority in the Member State of your habitual residence, place of work, or place of the alleged infringement if you consider that the processing of your personal data infringes the EU General Data Protection Regulation.