The International Alliance of Dietary/food supplement Associations (IADSA) understands the importance of privacy to our members and other users of our websites and applications. We are committed to protecting all personally identifiable information we hold and fulfilling our obligations under the General Data Protection Regulation (GDPR) and other applicable data protection and privacy legislation.
Who we are
IADSA is the international expert association for food supplements. Bringing together food supplement associations from all continents, IADSA aims to build an international platform for debate and a sound legislative and political environment for the development of the food supplement sector worldwide.
IADSA acts as the data controller of personal data that we collect from you. We are responsible for your personal data and control the ways your personal data is collected and the purposes for which it is used.
Personal data that we collect
We strongly believe in minimizing the data we collect only to that which is necessary to deliver our services to our members and users of our website and other applications.
Personal data we collect and hold about you may include:
- your name
- your business address
- your email address
- your telephone number
- your position
- records of your communication with us (i.e. emails and phone calls)
- your dietary preferences/requirements
- details of your previous interactions with IADSA (e.g. events that you have attended)
- personal data provided by you within any forms or surveys you complete
- personal data that is about you but does not directly identify you, such as photos of group events
- information about your internet connection, the equipment you use to access our websites and applications, and usage details. This may include personally identifying information like your Internet Protocol (IP) address.
Purposes for which we process your personal data
The purposes for which we collect and hold your information are to:
- perform our relevant functions and the services expected of us by our members
- process applications for membership and membership renewals
- carry out our obligations arising from any contracts entered into by us and our members
- send you information related to the services we provide, or notify you of any changes to these services
- respond to any communication from you, and provide you with information that you request from us
- present our website and other applications to you, and facilitate access to member only resources and functions
- understand how you use our services, and improve and optimise these services (including our website and other applications)
- process events booking and manage events that we hold
- promote our organisation
- detect any misuse of our services, applications and systems
- comply with any court order, law enforcement, or legal process, including to respond to any government or regulatory request.
In the event that we collect any of your personal data for purposes besides those listed above, these purposes will be disclosed to you when you provide your information.
Processing activities are lawful on the basis of their necessity to contractual performance, or in serving legitimate interests pursued for IADSA and its members.
Who has access to your personal data?
Personal data that you provide is only accessed by the Secretariat and trusted third parties appointed to process your data on our behalf (who act as ‘sub-processors’ of this data e.g. website management company).
We only share your personal data with third parties as necessary to fulfil the purposes set out within this document. Any third parties with whom we share your data act only in accordance with our documented instructions and are prohibited from utilizing, sharing or retaining your personal data for any purposes besides those which they have been specifically intended for. We make every effort to ensure any third party sub-processers we use have implemented controls necessary for keeping personal data secure confidential and are compliant with GDPR and other applicable data protection and privacy legislation.
The suitability of third party sub-processors is reviewed on an ongoing basis taking into account:
- The level of risk the third party presents
- The third party’s data protection procedures and adherence with established standards
- Known incidents related to the third party’s services
- Security within the third party’s supply chain
- Disaster recovery and contingency arrangements
IADSA may, at its sole discretion, disclose your personal data to meet legal obligations or respond to any valid government or regulatory request; prevent or mitigate fraud to technical issues; protect against imminent harm to the rights, property or safety of IADSA, its members, and/or the wider community; or to prevent or stop any activity we consider to be illegal or unethical.
We will not sell or rent your information to third parties or share your information with third parties for their own marketing purposes.
For how long do we keep your personal data?
IADSA will retain your personal data only for as long as necessary to fulfil the purposes for which the information has been collected, and thereafter for as long as retention serves our legitimate interest, legal or business purposes. This might include retaining personal data:
- when mandated by law, contract or similar obligations applicable to our business operations
- for preserving, resolving, defending or enforcing our legal/contractual rights
- necessary for maintaining adequate and accurate business and financial records.
Personal data held is regularly reviewed to ensure its continued accuracy and necessity to our purposes. Inaccurate or redundant data is updated or deleted as appropriate.
Where do we process your personal data?
Your personal data will only be held and processed within the EEA, and outside of the EEA in countries deemed by the European Commission to be providing adequate protection for the rights and freedoms of data subjects in connection with the processing of personal data (‘adequate jurisdictions’) or to third party companies (eg Google) that are signatories to the EU-US Privacy Shield. The Privacy Shield ensures data is protected to the same standards as used within the EEA.
How do we keep your personal data secure?
We implement all necessary technical and organisational measures to ensure personal data you provide to us is held and treated securely, and to mitigate the risk or loss, misuse or alteration of this data.
Where you have been assigned (or chosen) a password to access certain parts of our website of applications, you are responsible for keeping this confidential.
We use functionality cookies in order identify and track your usage and website access preferences. Information collected may include the pages you visit; your interactions with features, functionality, content and links; your language
preferences; the operating system and web browser you use; and your network and IP information.
We use performance cookies in order to gather anonymous data that help us improve our services. Performance cookies are generally placed by third party analytics companies (e.g. Google Analytics) who gather this data on our behalf. Data gathered through third party performance cookies does not contain any personally identifiable information.
If you do not wish to have cookies placed on your browser, or wish to delete your existing cookies, you can do this from your browser preferences. You should be aware that if you delete or disallow cookies, many websites will not work properly and you will lose some functionality. We therefore do not recommend turning cookies off when using IADSA websites and applications.
Your rights as a data subject
Under the GDPR, you have the following rights in respect of your personal data:
- Right of access – you have the right to request a copy of information we hold about you.
- Right of rectification - you have a right to correct information that we hold about you that is inaccurate or incomplete.
- Right to be forgotten – in certain circumstances you can ask for the information we hold about you to be erased from our records.
- Right to restriction of processing – where certain conditions apply you have a right to restrict the processing.
- Right of portability – you have the right to have the information we hold about you transferred to another organisation.
- Right to object – you have the right to object to certain types of processing such as direct marketing.
If you wish to request access to, rectification or erasure of personal data we hold about you, or you wish to raise an objection to our processing activities, you can do so at any time by contacting us via the methods below.
Telephone: +44 7903 731099
Post: IADSA, Gridiron Building, One Pancras Square, London N1C 4AG, UK
Requests for erasure of personal data will only be honoured to the extent that it is no longer necessary for us to hold in order to provide services to you or meet our legal and contractual record keeping requirements. We reserve the right to refuse to change or erase data if doing so would violate any law or legal requirement or cause the information to be incorrect. In the event that IADSA refuses a request made by you, we will provide you with a reason why, which you have the right to legally challenge.
You also have the right to make a complaint about our processing activities with the supervisory authority responsible for the protection of personal data in the country where you live, or in which you think a breach of data protection laws might have taken place. The majority of IADSA’s processing activities take place in the United Kingdom, and so our lead supervisory authority is the Information Commissioner’s Office (ICO). You can contact the ICO by calling +44 1625 545 700, or emailing firstname.lastname@example.org.