This is the privacy policy (“policy”) for iccd.asia/ojs which is run and provided by ICCD Indonesia (we, us and our). ICCD Indonesia is located at Bina Nusantara University, West JakartaWe can also be contacted at sec@iccd.asia.

We will only use the personal data gathered over this website as set out in this policy. Below you will find information on how we use your personal data, for which purposes your personal data is used, with whom it is shared and what control and information rights you may have.

  1. Summary of our processing activities

We publish scholarly journals, books, news and data. Some of this material is freely available, some of it is only available to subscribers. The following summary offers a quick overview of the data processing activities that are undertaken on our website. You will find more detailed information under the indicated sections below.

  • When you visit our website for informational reasons without setting up an account, only limited personal data will be processed to provide you with the website itself (see III).
  • If you are identified as belonging to a customer organisation then we collect information in order to be able to provide usage reporting to that customer.
  • In case you register for one our services or subscribe to our newsletters, further personal data will be processed in the scope of such services (see IV and V).
  • Furthermore, your personal data will be used to provide you with relevant advertising for our services and products (see VII) and for statistical analysis that helps us to improve our website (see VIII). Additionally, we improve your website experience with third party content (see IX).
  • Your personal data may be disclosed to third parties (see X) that might be located outside your country of residence; potentially, different data protection standards may apply (see XI).
  • We have implemented appropriate safeguards to secure your personal data (see XII) and retain your personal data only as long as necessary (see XIII).
  • Under the legislation applicable to you, you may be entitled to exercise certain rights with regard to the processing of your personal data (see XIV).
  1. Definitions
  • Personal data: means any information relating to a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or an online identifier.
  • Processing: means any operation which is performed on personal data, such as collection, recording, organisation, structuring, storage, adaptation or any kind of disclosure or other use.

III. Informational use of the website

When you visit our website for informational reasons, i.e. without registering for any of our provided services listed under IV and without providing us with personal data in any other form, we may automatically collect additional information about you which will contain personal data only in limited cases and which is automatically recognised by our server, such as:

Examples might include:
- your IP address;
- your device type, name and IDs;
- the date and time of your requests;
- the content of your requests;
- information on your browser version;
- your screen resolution;
- information on your operating system, including language settings.

We use such information only to assist us in providing an effective service (e.g. to adapt our website to the needs of your device or to allow you to log in to our website), and to collect broad demographic information for anonymised, aggregated use.

If you are identified by IP or equivalent method as belonging to a customer organisation such as university or a company then we will also collect the identity of that organisation and use it to create usage reports which show the organisation how much of the content we publish is being read by their students, members or employees. This information does not contain anything related to a personal login unless (a) you are a nominated administrator for that organisation or (b) your organisation specifically requires it as a part of a usage-based access contract.

The personal data automatically collected is necessary for us to provide the website, Article 6 sec. 1 sent. 1 lit. b GDPR, and for our legitimate interest to guarantee the website’s stability and security, Article 6 sec. 1 sent. 1 lit. f GDPR.

  1. Registration for our services

Access to subscription content is provided via a variety of mechanisms such as IP site licenses, login via third party federated identity providers or by an personal account with us. If your access to our content is provided by an organisation or an institution like a university or a company then they choose the access method on your behalf. A personal account is required to purchase content directly from us, or to receive personal services like newsletters and alerts.

If you need to create a personal login with us then we will store and process the following:
- Information (such as your name, user name and email address) that is provided by registration;
- Information in connection with an account sign-in facility (e.g. log-in and password details);
- Communications sent by you (e.g. via e-mail or website communication forms).

The information that is necessary for the performance of the service is labelled accordingly. All further information is provided voluntarily.

We will process the personal data you provide to:
Examples might include:
- Identify you at sign-in;
- Provide you with the services and information offered through the website or which you request;
- Administer your account;
- Communicate with you;
- (behavioural) Advertising and profiling;
- Facilitate attendance of a conference;
- Manage manuscript submissions;
- Provide access (where appropriate) to other Springer Nature group content if you so request

For this, the legal basis is Article 6 sec. 1 sent. 1 lit. b GDPR. The use of your personal data for behavioural advertising and profiling is done for the legitimate interest to improve your experience while using the website, Article 6 sec. 1 sent. 1 lit. f GDPR.

We use the personal data and contact data you provide by registration to inform you directly about our additional products and services. The use of your personal data for directly advertising related products and services is a legitimate interest for us as a provider of this website, Article 6 sec. 1 sent. 1 lit. f GDPR.

You can object to the use of your personal data for direct marketing at any time. We will then refrain from any processing to the extent it is related to such purposes. You may opt-out of direct marketing via opt-out links in any marketing communication or via user profile pages on the website (where available). You can also inform us about your objection by contacting our Data Protection Office at sec@iccd.asia.

We offer notification services such as table-of-contents or new book alerts. This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. You can end this service by opting out via the link provided in each notification email. This notification service is based on your consent, Article 6 sec. 1 sent. 1 lit. a GDPR.

Registration data is kept until such time as an account deletion request is made. If such a request is received we will erase your data within 30 days. Statutory storage obligations or the need for legal actions that may arise from misconduct within the services or payment problems can lead to a longer retention of your personal data. In this case, we will inform you accordingly.

  1. Information about the specific uses that require registration
  2. Blog

You can publicly comment on our blog where we post a variety of articles to inform you about our activities. When posting a comment your name or user name will be made public. To be able to comment on our blog you will have to register as described in IV.

In addition to the extent of processing described under IV, when you post a comment we will retain some of your personal data such as your IP address and name and other metadata such as time of posting. This is necessary to defend ourselves from possible liability claims that may arise from unlawful comments posted by you and reflects our legitimate interest with regard to the legal justification of this processing activity in Article 6 sec. 1 sent. 1 lit. f GDPR.

We reserve the right to delete comments that are off-topic, spam, abusive, use excessive foul language, include ad hominem attacks or offend against legal regulations.

  1. Newsletters

With your email address you can subscribe to our newsletters that provide you with the latest news about our products and services if you consent to receiving such newsletters. The legal basis for this processing is Article 6 sec. 1 sent. 1 lit. a GDPR. Your email address will be retained as long as you subscribe to our newsletters.

This service is provided by means of a double-opt-in. Thus, you will receive an email containing a link by which you can confirm that you are the owner of the email address and wish to be notified via our email service. When your subscription is not confirmed within 96 hours after the confirmation mail has been requested, the personal data you provided will not be processed for any purpose and it will be automatically erased.

You can unsubscribe from this service by opting out via the link provided in each newsletter.

  1. ICCD Conferences

ICCD Indonesia collect personal data from attendees to ICCD conferences to facilitate registration and plan for the events. This includes data categories such as: Identification data (which may include name, address, telephone number, email address), entity type (e.g. academic, government, industry), position titles, curriculum vitaes, professional license information, dietary requirements, gender, information for travel arrangements (i.e., passport data, date of birth) and payment information. We also request information relating to requirements for reasonable accommodation where physical assistance may be needed to attend. The use of your personal data in relation to conference attendance is based on Article 6 sec. 1 sent. 1 lit. b GDPR and Art. 9 sec. 2 lit. a GDPR with regard to all health-related information you share with us in order to enable us to provide the required physical assistance to you.

With the consent of attendees, we may use personal data, specifically identification data such as name and email address, to share information with attendees about future Nature conferences or other products, services and special offers. We’ll continue to send you information and store your data until you ask us to be removed. This notification service is based on your consent, Article 6 sec. 1 sent. 1 lit. a GDPR.

  1. Automated decision making

We do not use your personal data for automated decision making which produces legal effects concerning you or similarly significantly affects you, however we do use your personal data to offer you content and services which we believe may be of interest.

VII. Analytics

For statistical analyses we use web analytics services such as Google Analytics, Webtrekk, and Webtrends to collect information about the use of this site.

General tracking information

The tools collect information such as:
- Device and browser information (operating system information, Mobile device identifier, mobile operating system, etc.)
- IP address
- Page accessed, URL click stream (the chronological order of our internet sites you visited)
- Geographic location
- Time of visit
- Referring site, application, or service

We use the information we get from the providers only to determine the most useful information you are looking for, and to improve and optimise this website. We do not combine the information collected through the use of the tools with personal data.

Depending on the provider the information generated about your use of the website may be transferred to and processed in third countries, e.g. the United States. For further information about the potential risks of a cross border data transfer please refer to section XI. The tools collect only the IP address assigned to you on the date you visit this site, rather than your name or any other identifying information. The provider will use this information in order to evaluate your use of the website, to compile reports on website activities and to provide other services relating to website and internet use to us.

The legal basis for this processing is Art. 6 sec. 1 sent. 1 lit. f GDPR and represents our legitimate interest to analyse our website’s traffic to improve the user’s experience and to optimise the website in general.

Google Analytics / Google Tag Manager

We use Google Analytics, a web analytics service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). On our behalf Google will use the information generated by a cookie for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet activity in connection with the use of the website.

We have activated the IP-anonymisation within the Google Analytics service, and your IP address will be truncated within the area of member states of the European Union or other parties to the Agreement on the European Economic Area. Only in exceptional cases the whole IP address will be first transferred to a Google server in the USA and truncated there. The IP-address your browser conveys within the scope of Google Analytics will not be associated with any other data held by Google.

You may refuse the use of cookies by selecting the appropriate settings on your browser; however please note that if you do this you may not be able to use the full functionality of this website. In addition to that you may prevent the collection of the information generated by the cookie about your use of the website (including you IP address) and the processing of this data by Google if you download and install the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout

VIII. Third party content and social media plug-ins

  1. Links to third party websites

This website may contain links to third party websites. We are not responsible for the content and the data collection on respective third party websites; please check the privacy policy of respective websites for information of respective websites’ data processing activities.

  1. Information sharing

Where personal data is disclosed to the following third parties for the purposes mentioned above the legal basis for the transfer of your personal data is Article 6 sec. 1 sent. 1 lit. b and f GDPR. Some of the recipients may reside outside the EEA. For further information about cross border transfer in general and transfers outside of the EEA see XI.

We may disclose anonymous aggregate statistics about users of the website in order to describe our services to prospective partners, advertisers and other reputable third parties and for other lawful purposes, but these statistics will include no personal data.

We may disclose your personal data to contractors who assist us in providing the services we offer through the website. Such a transfer will be based on data processing agreements. Therefore, our contractors will only use your personal data to the extent necessary to perform their functions and will be contractually bound to process your personal data only on our behalf and in compliance with our requests.

In the event that we undergo re-organisation or are sold to a third party, any personal data we hold about you may be transferred to that re-organised entity or third party in compliance with applicable law.

We may disclose your personal data if legally entitled or required to do so (for example if required by law or by a court order).

  1. Cross border data transfers

Within the scope of our information sharing activities set out above, your personal data may be transferred to other countries (including countries outside the EEA) which may have different data protection standards from your country of residence. Please note that data processed in a foreign country may be subject to foreign laws and accessible to foreign governments, courts, law enforcement, and regulatory agencies. However, we will endeavour to take reasonable measures to maintain an adequate level of data protection when sharing your personal data with such countries.

In the case of a transfer outside of the EEA, this transfer is safeguarded by privacy the Privacy Shield and EU Model Clauses. You can find further information about the aforementioned safeguards by following this link https://ec.europa.eu/info/law/law-topic/data-protection_en

  1. Security

We have reasonable state of the art security measures in place to protect against the loss, misuse and alteration of personal data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorised personnel have access to personal data. Whilst we cannot ensure or guarantee that loss, misuse or alteration of information will never occur, we use all reasonable efforts to prevent it.

You should bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via our website whilst it is in transit over the internet and any such submission is at your own risk.

XII. Data retention

We strive to keep our processing activities with respect to your personal data as limited as possible. In the absence of specific retention periods set out in this policy, your personal data will be retained only for as long as we need it to fulfil the purpose for which we have collected it and, if applicable, as long as required by statutory retention requirements.

XIII. Your rights

Under the legislation applicable to you, you may be entitled to exercise some or all of the following rights:

  1. require (i) information as to whether your personal data is retained and (ii) access to and/or duplicates of your personal data retained, including the purposes of the processing, the categories of personal data concerned, and the data recipients as well as potential retention periods;
  2. request rectification, removal or restriction of your personal data, e.g. because (i) it is incomplete or inaccurate, (ii) it is no longer needed for the purposes for which it was collected, or (iii) the consent on which the processing was based has been withdrawn;
  3. refuse to provide and – without impact to data processing activities that have taken place before such withdrawal – withdraw your consent to processing of your personal data at any time;
  4. object, on grounds relating to your particular situation, that your personal data shall be subject to a processing. In this case, please provide us with information about your particular situation. After the assessment of the facts presented by you we will either stop processing your personal data or present you our compelling legitimate grounds for an ongoing processing;
  5. take legal actions in relation to any potential breach of your rights regarding the processing of your personal data, as well as to lodge complaints before the competent data protection regulators;
  6. require (i) to receive the personal data concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and (ii) to transmit those data to another controller without hindrance from our side; where technically feasible you shall have the right to have the personal data transmitted directly from us to another controller; and/or
  7. not to be subject to any automated decision making, including profiling (automatic decisions based on data processing by automatic means, for the purpose of assessing several personal aspects) which produce legal effects on you or affects you with similar significance.

You may (i) exercise the rights referred to above or (ii) pose any questions or (iii) make any complaints regarding our data processing by contacting us using the contact details set out below.

XIV. Contacting us

Please submit any questions, concerns or comments you have about this privacy policy or any requests concerning your personal data by email to our Group Data Protection Officer. You can contact our Group Data Protection Officer via sec@iccd.asia

The information you provide when contacting us at sec@iccd.asia will be processed to handle your request and will be erased when your request is completed. Alternatively, we will restrict the processing of the respective information in accordance with statutory retention requirements.

XVI Amendments to this policy

We reserve the right to change this policy from time to time by updating our website respectively. Please visit the website regularly and check our respective current privacy policy. This policy was last updated on 16/9/2018.