Last updated: October 2023

Given the New Swiss Federal Act on Data Protection (nFADP) that came into force on 1 September 2023 and to ensure conformity with its requirements, below is the new Privacy Notice effective as of 12th July 2023 and which replaces the previous one.

 

Scope

The International Organization for Standardization (ISO) (“ISO”, “we” or “us”) is an association constituted under the laws of Switzerland, with its seat at Chemin de Blandonnet 8, 1214 Vernier, Switzerland.

ISO acts, in relation to the processing operations mentioned in this notice, as a “data controller” in the meaning of the Swiss Federal Data Protection Act – which is applicable to ISO.  

In such a context, ISO is committed to protecting your privacy. This Privacy Notice addresses how ISO processes and safeguards your personal data as a data controller, when you are interacting with us, in particular by visiting our websites, contacting us, subscribing to our magazines and newsletters, or taking part in our activities, including as a member of one of ISO’s committees and/or working groups.

For any question or concern regarding this Privacy Notice, you can directly contact:

International Organization for Standardization (ISO)
Chemin de Blandonnet 8
1214 Vernier
DataProtection@iso.org

What personal data do we process and for what purpose?

ISO applies the minimization principle and only processes the personal data that is required for the purposes pursued.

The personal data processed by ISO in the context of its activities may be communicated directly by you (e.g. when you register to events, take part in working groups, subscribe to a newsletter or contact ISO), be communicated by your national member body (e.g. personal data related to roles and functions in the standardization field), be sourced from publicly-available information (e.g. public role within a national body) or originate directly from your activities within ISO (e.g. votes and participation to committees and working groups).

The following personal data is processed by ISO for the purposes provided, as and/or in addition to any personal data you would directly communicate us:

Gérer mes cookies

Modifiez les réglages relatifs aux cookies pour autoriser ou bloquer des cookies spécifiques.


Plus d'information sur notre page Politique relative aux cookies

General context Categories of personal data Purpose
Activities within ISO and in relation to standardization

Identification data (name, surname, etc.)

Contact details (email address, postal address, telephone number, etc.)

Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.)

Professional information (title, company, type of work, etc.)

Activity-related data within ISO (participation to committees and working groups, votes, etc.)

Organization and running of ISO’s standardization activities

Encouragement of standardization activities

Related documentation: Please see the Data Protection Policy for ISO members and the Declaration for participants in ISO activities for rules and principles you are required to respect.

 

Corporate activities of ISO

Identification data (name, surname, etc.)

Contact details (email address, postal address, telephone number, etc.)

Roles and functions in the standardization field (ISO affiliation and committee role, national role, member body affiliation, etc.)

Professional information (title, company, type of work, etc.)

Corporate-related data within ISO (participation to general assemblies, votes, etc.)

Organization and running of ISO’s activities as an association

Please note in this context that you are considered as a representative of your national standards body

Use of ISO’s websites or of other IT tools provided by ISO IP addresses, as all personal data collected through cookies, in accordance with ISO’s Cookie Policy. Enable, optimize and improve the performance of our websites and IT tools
Registration and use of our online store

Identification data (name, surname, etc.)

Contact details (email address, postal address, telephone number, etc.)

Professional information (title, company, type of work, etc.)

Payment information (invoices, payment data, etc.)

Cart content and purchases

Enable you to purchase standardization material and other elements from our online store

Segmentation in order to tailor ISO’s communication to your needs and interests

ISO’s email subscription services

Limited identification data (name)

Electronic contact details (email address)

Interests

Email open dates and links clicked

Approximate location based on IP address

Your purchases and incomplete purchases

Enable you to receive our newsletter and other general information material

Segmentation in order to tailor ISO’s communication to your needs and interests

ISO’s general communication and social network activities

Identification data (name, surname, etc.)

Electronic contact details (email address)

Interests and social network affiliation

Manage ISO’s communication activities and social networks

Answer any requests from you

 

To whom do we transfer personal data?

Type of transfer

Categories of personal data International transfers Applicable safeguards

ISO’s service providers that provide us with back-office or front-office applications as well as managed part of our IT-related tools or systems (including newsletters)
(Processors of ISO)

All the listed personal data in this Privacy Notice

See Appendix 1 to this Privacy Notice

Written data processing agreements or equivalent

For international transfers for non-adequate countries:

  • Formal review of the service-provider;
  • Signed Standard Contractual Clauses (SCCs);
  • Swiss appendix to the SCCs.

Members of ISO
(Independent controllers)

All the personal data related to ISO’s standardization and corporate activities Each country for its respective member Internal regulations on the use of personal data (see Data Protection Policy for ISO members and the Declaration for participants in ISO activities)

Other international organizations active in standardization
(Independent controllers)

All the personal data related to ISO’s standardization and corporate activities

See Appendix 1 to this Privacy Notice

Agreements with such other international organizations

 

In addition, if and when required to do so by law, to respond to any legal claims or defend our rights, we may disclose your personal data, in particular to the relevant regulatory or legal authorities.

What are your rights?

You can at any time request access to, correction of and deletion of your personal data, by contacting DataProtection@iso.org. Such right may be limited by our legal obligations.

Whenever the processing activity is based on your consent, you may at any time withdraw it. You may also, in other situations, have the right to object to the processing of your personal data.

ISO takes the security of your personal data very seriously and implements technical and organizational measures to protect your personal data from unauthorized access, improper use, disclosure, loss or destruction.

In relation to your online-store account, you can at any time consult, revise and correct the personal data that you have provided us directly through your webstore account. Alternatively, you can send an email to customerservice@iso.org, including if you wish to close your account.

In relation to the newsletters, you can at any time consult, edit, revise and correct your data (email, name, preferences) using a link in the footer of the email, as well as unsubscribe.

 


Appendix

List of countries to which your personal data may be processed:

Argentina, Australia, Austria, Belgium, Brazil, Canada, Chile, China, Colombia, Costa Rica, Croatia, Cyprus, Czech Republic, Denmark, England and Wales, France, Finland, Germany, Greece, Hong-Kong, India, Ireland, Israel, Italy, Japan, Kenya, Lithuania, Malaysia, Mexico, New Zealand, Norway, Peru, Philippines, Poland, Portugal, Romania, Singapore, Slovakia, Spain, South Korea, South Africa, Sweden, Switzerland, Taiwan, The Netherlands, Turkey, United Arab Emirates, United Kingdom, United States, Vietnam.

This list will be updated as necessary on a regular basis.