Internet Systems Consortium Statement of Privacy
Effective date: 13 December 2018
ISC’s Commitment to Responsible & Ethical Privacy Practices
We are committed to the highest degree of respect for the privacy of our users, visitors to our websites and attendees of our events. In this Privacy Statement, we use “we,” “us” or “our” to refer to ISC and “you” or “your” to refer to you, the user, subscriber or visitor to our web sites. For certain purposes of this Privacy Statement, we distinguish between individuals who choose to subscribe and participate on our user mailing lists, fora, or our open code collaboration sites (“Subscribers”) and users of our websites (the “Sites”) who simply visit the Sites (“Visitors”) and do not choose to register as Subscribers. Unless indicated otherwise, all provisions of this Privacy Statement apply to Visitors and Subscribers. This Privacy Statement applies to all of our Sites.
By accessing and using any of the Sites as a Visitor, you expressly and knowingly consent to the information collection and use practices as described in this Privacy Statement.
Our commitment to your privacy is based on the following principles which we apply to our use of both your personally identifiable data (“Personal Data”) and to certain anonymous information we collect when you visit our Sites (“Technical Information,” and together with Personal Data, “Your Data”):
- We will describe Your Data which we collect;
- We will inform you clearly about our collection and use of Your Data;
- We will not sell or rent Your Personal Data to others;
- We will endeavor to be completely transparent and open about our data privacy policies and practices.
- How Do We Collect Information?
- What Information Do We Collect?
- How Do We Use Your Data Collected at Our Sites?
- Can I Choose Not to Receive Commercial Email Communications?
- Credit Card Information
- Data Security
- Cross-Border Transfers
- Accessing and Updating Personal Data
- Data Retention
- Social Media, Blogs & Discussion Groups
- Control of Your Personal Information (“Do Not Track” Notice)
- Children / Minors
- Your California Privacy Rights
- California Website Data Collection
- Contact Us
- Subscriber Personal Data, Communication & Database
- Changes to This Privacy Statement
We collect Your Data in the following basic ways:
- You give it to us when you register as a Subscriber, or if a Subscriber or a Visitor registers for an event including but not limited to webinars, signing up for an ISC mailing list, or making a comment on a blog or social media;
- You give it to us in email inquiries or in your public comments on our mailing lists or social media sites;
- We automatically collect Technical Information when you visit our Sites;
- We sometimes purchase commercially available lists for marketing purposes.
- On the Sites, we request certain Personal Data, for purposes such as registering to become a Subscriber, renewing your membership in our lists, participating in discussion groups, responding to surveys, submitting inquiries and comments, requesting a quote for services, submitting code patches, making feature requests or logging technical issues, or registering for a webinar. This may include name, title, company/organization name, postal address, email address, work, home and mobile phone numbers, plus other relevant information you provide. See our Frequently Asked Questions (FAQ) list for specific data elements we may request and collect.
- We or our authorized vendors may collect Technical Information that we do not associate with any individual Site user. This information includes – how many visits we have to the Sites, when those Sites are visited, browser types used for Site visits, name of the Internet service providers, the Internet Protocol (IP) address through which you access the Internet, pages that you access while at one of the Sites, Software you downloaded from any of the Sites, How you found the Site (e.g. via search, Google Ads or referral from another web site), and the Internet address of the website from which you linked directly to one of the Sites.
- We do not sell or rent any Personal Data supplied by you.
- We work with other companies, consultants, and contractors to provide services on our behalf, such as Site and service hosting, survey hosting, audio and video conferencing, public relations, order processing and fulfillment, and mailing, sending information including but not limited to our software, services, and events. We will provide those companies only the Personal Data they need to perform the service for which they are retained and they agree to treat information confidentially and to only use it for the purposes of providing services under our agreement with them.
- We may use Your Data to provide you with more effective customer service and to improve the Sites and any related products or services we may provide or make available.
- We may use your Personal Data to provide you with updates on your list subscription or issues you have followed, submitted or commented on.
- If you contribute to our open source or significantly help us in identifying and fixing an issue, we may identify and credit you publicly, in our source code logs, release notes, social media, and blog posts. We do typically contact you and ask how you would like to be identified, but in some cases your information will appear automatically (e.g. in a commit lot or issue tracker).
- If you make a charitable donation to ISC of $10 or more, we normally recognize you on our www.ISC.org site.
- We may use Technical Information to periodically analyze Site logs to assess aggregate usage trends in order to better serve the needs of Visitors and Subscribers and maximize the user viewing experience. Under some circumstances this information may be used for purposes of systems administration, fraud prevention, or server troubleshooting and security. This information may also be used to help improve the Sites, analyze trends, and administer the Sites. We may use data about software downloads in aggregate form to determine usage and upgrade patterns and trends.
- We may disclose Your Data if required to do so by law or in the good-faith belief that such action is necessary to (a) conform to the requirements of the law or comply with legal process served on us or the Sites; (b) protect and defend our rights or property, or (c) act in urgent circumstances to protect the personal safety of our employees and staff, agents, users of our products or services, or members of the public. To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event that we are required to provide Your Data to third parties as part of legal process.
In addition, we will use Your Data to:
- Provide information or a service requested or consented to by you.
- Assist in the performance of our activities and public interest functions.
- Comply with relevant contractual obligations with you and other third parties.
- Improve Site performance and content, including troubleshooting and diagnostics.
- Improve your engagement and interaction with other Subscribers of our community, including notifying you of network compatibility, possible abuse, and service interruptions that we believe you may want to address.
- Improve our engagement and interaction with you.
- Facilitate your attendance at and participation in our events, communities, open source projects, or blogs.
- Confirm your identity.
- Process a request or payment / donation submitted to us.
- Comply with legal requests.
We use unsolicited bulk email for marketing purposes very infrequently because we are aware of the problems and annoyance caused by spam email. Every bulk email we send to you contains an easily discoverable link that will allow you to unsubscribe and stop all subsequent unsolicited commercial or marketing messages from ISC delivered via our marketing mailing list. Unless you subsequently consent (opt in) to the receipt of commercial or marketing emails, we will not use your email address for such purposes. Please note that the public mailing lists for open source support and discussion do occasionally include messages that may be construed as “marketing,” but those lists are not primarily maintained for marketing purposes, and you will never get email via those lists unless you explicitly subscribed. If you need help in unsubscribing from any ISC mailing list, please email our sales team at firstname.lastname@example.org.
Subscribers to our mailing lists will receive email from us with information about us, upcoming events, or issues related to the Internet, as well as posts by other Subscribers. Subscribers to updates from our various collaboration sites, including Github, gitlab.isc.org, and others will also receive updates to issues they create or subscribe to.
We do not engage in targeted marketing activities including but not limited to device finger printing, profiling, and/or cross-device tracking.
Credit card information is not collected or stored on our servers. When you conduct transactions through a Site, payment and payment card information for transactions with us is entered directly into a third-party processor’s systems and is not transmitted through or stored by us. The card processor provides us with an authorization code which is securely stored with the payment record on our servers. In rare cases, when you explicitly request that we directly process a credit card transaction on your behalf, and you personally transmit that information to an ISC employee, we may enter it into a third-party system for you with your explicit consent.
Our Sites use third parties for web analytics services to collect Technical Information. See our FAQ for a current listing of such third parties. These third parties do or may use “cookies” or similar technologies, which are text files placed on your computer, to help analyze how you use a Site. The information generated by the cookie about your use of a Site (including your IP address) will be transmitted to and stored by these service providers’ servers. They will use this information for the purpose of evaluating your use of a Site, compiling reports on website activity for website operators, and providing other services relating to website activity and Internet usage. They may also transfer this information to third parties where required to do so by law, or where such third parties process the information on their behalf. You may refuse and block the use of all of our (and third-party) cookies by selecting the appropriate settings on your browser.
We take reasonable and appropriate measures designed to protect the security of data transmitted to us upon receipt. ISC is a strong advocate of privacy-enhancing technologies. By default, the Sites encrypt connections between client devices and our servers to minimize the ability of any third party to “eavesdrop” on Your Data.
Our DNS entries are signed using DNSSEC, so that if you use a DNS resolver that validates DNSSEC signatures, you can be assured that the site you are reaching is in fact published by ISC.
Our databases and system administration logs are restricted to access by authorized and authenticated users. We use reasonable industry security standard safeguards to protect against the unauthorized disclosure of Personal Data. We take reasonable and appropriate security measures to protect against unauthorized access, disclosure, alteration, or destruction of Your Data.
If you visit our Sites from a country other than the United States, your communications will likely result in the transfer of Your Data across national borders. Our servers or offices may be located in countries other than the country from which you access our Sites, also resulting in the transfer of Your Data across international borders. If you provide Your Data when visiting one of our Sites from outside of the United States, you acknowledge and agree that this data may be transferred from your then-current location to our offices and servers and to those of our affiliates, agents, and service providers located in the United States and in other countries. The United States and such other countries may not have the same level of data protection as those that apply in the jurisdiction where you live.
The Sites contain links to other sites, organizations, and resources. Please be aware that we cannot be and are not responsible for the privacy or security practices of such other sites. We encourage you, when you leave our Site(s), to read the privacy statements of those other sites that collect personally identifiable information, and to have up-to date security and anti-virus software on all of your devices. This Privacy Statement applies only to the Sites.
Users may request access to their Personal Data collected and stored by us (if any) to request that it be deleted. Requests may be sent by email to info at isc.org.
We will only retain Your Data stored on our servers in accordance with the legitimate needs of our business and as required or permitted by applicable law. We will not retain any unused Personal Data on our systems longer than necessary for legitimate business purposes.
Our collection and use of any of Your Data is subject to the laws and regulations of the countries and political subdivisions in which our Visitors and Subscribers reside. We are and remain committed to complying with all such legal obligations and use these legal requirements as the minimum beginning point for our use and collection of Your Data. Included in these laws and regulations are (a) the GDPR, which governs, among other things, consents, uses, and cross-border transfers of personal data concerning European Union residents, and (b) the California Online Privacy Protection Act, governing such matters with respect to California residents. If you have any questions regarding this Privacy Statement or you feel that the Sites are not following these legal requirements or our stated information policy, please contact us by email to info at isc.org or at the addresses or phone numbers listed in the Contact Us section of the Sites. You may also contact us at that address if you have any concerns about the accuracy of, or wish to correct, your Personal Data we have collected from you.
We respect enhanced user-privacy control and support the development and implementation of a standard “Do Not Track” (DNT) browser feature, designed to provide users universal and persistent control over the collection, sharing, and use of information by third parties regarding their web-browsing activities. Once the specification is finalized we intend to honor users’ requests with respect to browser tracking.
The Sites are not targeted at, directed to, or intended for use by children under the age of thirteen. No person under the age of thirteen should use any Site or under any circumstances provide any Personal Data or other information at a Site. If you become aware that any individual under the age of thirteen has used any Site, please contact us immediately at info at isc.org. By use of any Site you represent and warrant that you are over the age of thirteen.
California Civil Code Section 1798.83 entitles California residents to request information concerning whether a business has disclosed Personal Data to any third parties for their direct marketing purposes. As stated in this Privacy Statement, we will not sell your Personal Data to other companies and we will not share it with other companies for them to use for their own marketing purposes without your consent. For further information concerning your California Privacy Rights including “Do Not Track,” visit https://oag.ca.gov/sites/all/files/agweb/pdfs/cybersecurity/making_your_privacy_practices_public.pdf
We do not knowingly allow other parties to collect personally identifiable information about your online activities over time and across third-party web sites when you use the Sites.
Any user, including California residents, who wishes to request further information about our compliance with these requirements, or who has questions or concerns about our privacy practices and policies, may contact us at info at isc.org or by mail at:
Internet Systems Consortium
Attn: Chief Administrative Officer
PO Box 360
Newmarket, NH 03857 USA
“Subscribers” are defined as individuals, companies, organizations and/or institutions that choose to register with and have an agreed relationship with us. All of Your Data as a Subscriber is covered by this Privacy Statement.
As a Subscriber to an ISC mailing list, you may review or update your Personal Data by logging into the Mailman portal (https://lists.isc.org/mailman/listinfo) and reviewing or changing your Personal Data directly.
You may also inform us by email, phone, or postal mail directed to the contact information provided on our Sites.
We routinely update this Privacy Statement to provide additional explanation and clarification of our practices and to reflect new or different privacy practices, such as when we add new services, functionality, or features to our Sites. You can determine when this Privacy Statement was last revised by referring to the Effective Date above on this page.
This Privacy Statement was adapted from the excellent privacy statement published by the Internet Society (ISOC). While we take full responsibility for ISC’s Privacy Statement, we want to acknowledge that we benefited extensively from their document.