Privacy Statement

1. Introduction

This website (informationcard.net) and the accompanying wiki websites (wiki.informationcard.net) and mailing lists are developed and maintained in the public interest by the international non-profit Information Card Foundation (ICF). The design and operation of this website is intended to be consistent with that of Information Card technology itself, of which a primary goal is to protect the privacy and security of the user.

2. Notice Regarding Children

Our websites and email discussion lists are not designed for children, and we do not monitor postings or communications among participants in discussion groups for content that would be inappropriate for minors. We will not knowingly communicate with a child under the age of 13 without parental permission. Any questions concerning this policy should be directed to the address: privacy ---at--- informationcard.net.

3. Fair Information Practices

ICF models its treatment of personal information on internationally accepted principles of “Fair Information Practices.” The various conventions, laws, and guidelines around the world dealing with Fair Information Practices are very similar in principle and intent, even though they differ somewhat in details and terminology. The common principles can be summarized as these:

• Purpose and collection limitation: Personal information should be collected by fair and lawful means, preferably with the knowledge of the individual, and it should be used and disclosed only for legitimate, announced purposes.
• Data quality and accuracy: The personal information collected should be relevant, complete, and not excessive for the intended purpose. The information should come from reliable sources. The information should be kept as accurate and up-to-date as needed for the intended purposes, and it should be retained no longer than needed for those purposes.
• Notice and awareness: Individuals normally have a right to know when personal information about them is being collected, stored, used, or disclosed to others. They should be told what kinds of information are collected, who has access to it, how it will be used, how it will be protected, and what options they have with regard to its collection and use.
• Choice and consent: Individuals should be given choices, wherever feasible, as to what personal information is collected and how it is used. To illustrate, there are legal and business requirements as to what information must be collected, stored, and disclosed to banks or intermediaries when they order a service and pay for it by credit card, but further use of some of those personal details (for example, to create a marketing mailing list) should be subject to an opt-in or opt-out choice by the individual.
• Access and objection: Individuals should be given a reasonable opportunity (a) to review the information that has been collected about them, (b) to challenge its accuracy or completeness, and (c) to object to its further processing.
• Security: The personal information should be protected at all times by appropriate technical and organizational security safeguards to prevent loss or misuse, destruction or alteration of the data, or unauthorized access or disclosure.
• Accountability, enforcement, and recourse: Organizations that handle personal information should appoint responsible persons to develop privacy and security policies, train relevant staff and contractors, and take appropriate steps to ensure that their privacy and security policies are effective and enforced. They should provide contact points for questions and complaints by individuals and ensure that there is some practical form of recourse and redress for persons injured by privacy lapses or abuses.

4. ICF Practices

ICF's specific privacy practices, described in the following sections, are designed to take account of the principles of Fair Information Practices listed above. We encourage your questions and comments so that we can ensure that these privacy practices are as comprehensive and effective as possible.

5. Websites

We use log files, as most website servers do, to record certain technical information about visits to our website, including the IP address and the DNS name of the access provider (such as your Internet Service Provider), the type of browser used, referring and exit pages, platform type (where available), a date and time stamp, and possibly the number and sequence of pages visited. Unless your IP address or associated DNS name identify you specifically, none of this information reveals who you are, and we do not link it to other data in an effort to discover the identity of a site visitor. ICF staff and consultants use this information solely to administer the site, analyze trends, and track the use of the site in the aggregate so that we can make improvements to better meet user needs. Any log data that we publish, such as the total number of hits or users in a given period, is disclosed only in an aggregate form that does not reveal personally identifiable information. ICF purges its log files on a regular basis.

The informationcard.net and wiki.informationcard.net websites use HTTP “cookies” [see http://en.wikipedia.org/wiki/HTTP_cookie] only for the duration of a user session to maintain the integrity of the session as the visitor navigates the site, conducts searches, and posts comments or documents.

ICF may record information about queries submitted to ICF website search facilities to better understand how visitors use the website's search features. As with other forms of Web access, this information generally cannot be associated with any particular user. In any case, search query information is not disclosed to anyone outside the relevant ICF staff, except in an aggregate or anonymized form.

Please remember that any comments or documents that you post on an ICF website, including the wiki website, should be considered public and may ultimately be viewed by site visitors and also accessed by spiders, web crawlers, or search engines. Use care in posting comments and documents, because any personal information that you post on a website is likely to become public information.

6. External Links

ICF websites may contain links to websites operated by other parties. ICF does not control those external websites and cannot be responsible for their privacy practices.

7. Email

Please use discretion in sending email messages to ICF staff or role accounts (such as “postmaster”). ICF will endeavor to store, use, and disclose email only as needed to answer your requests and perform our oversight, administrative, standards-development, and educational functions. But electronic mail is not a reliably secure medium of communication, and ICF cannot guarantee the confidentiality of email messages in transit or stored on the servers of ISPs, employers, or others to whom emails may be manually or automatically routed and who are outside the direct control of ICF. If you feel a message is particularly sensitive, you might consider sending it from a private email account or device, addressing only known individuals, and perhaps protecting the contents by using a strong public key encryption technology such as PGP.

To receive an ICF publication or subscribe to an ICF email list, you must provide your email address -- without it, you won't receive anything from us. Although ICF does not require subscribers to provide their names, your email program or Internet Service Provider may automatically include your name with the email containing your subscription request. If so, ICF will record your name with your email address, only for the purpose of ensuring that you are not confused with someone else when we have to manually sort out subscription problems. We will delete your name from the email list database at your request, and we will delete your email address at any time from the email list database if you follow the posted instructions for “unsubscribing” (please allow a few days for an unsubscribe request to take effect).

ICF holds the names and email addresses of correspondents and email list subscribers in the strictest confidence and will not disclose personal information about email senders or email list subscribers without their permission, unless required by law. ICF email servers and archives, email subscription lists, and email subscriber databases are accessed by only a few ICF staff members or contractors for the purpose of maintaining them, and we take every reasonable precaution to protect them against unauthorized access, theft, tampering, and misuse (electronic or otherwise).

The ICF email lists use “cookies” only if you choose to change the default subscriber options for email list participation, and then only to ensure that those options are given effect.

Aggregate information about ICF email subscription lists (such as the total number of subscribers) may be published to promote ICF , but ICF will not publish identifying information about individual subscribers without their permission.

8. Discussion Lists & Archives

ICF maintains discussion lists with Web-based archives. Although ICF keeps email list subscriber information in the strictest confidence, as discussed above, participating in discussion lists may reveal some information about you to all subscribers. This will include your email address and name (if the name is automatically displayed with your emails or revealed by the email address itself), as well as the content or your email message and email signature (if any). (You could, of course, participate using an email address and server that do not reveal your name.)

Users should consider any discussion list a public forum and exercise caution in disclosing any personal information. You are not likely to know all the other subscribers to an email discussion list, and subscribers may disclose messages to others. And although ICF takes steps to prevent automated programs from harvesting email addresses and other information, third parties may still find a way to access email addresses or messages sent to an email discussion list.

9. Surveys

ICF may ask website users or email list subscribers to participate in surveys. In all cases, participation will be voluntary. If a survey asks for personal information, answering those questions will be optional. Survey responses will be seen only by ICF personnel and any contractors or consultants assisting ICF in conducting the survey. Survey results will be made public only in the aggregate, without reference to individuals, unless an individual gives us permission to quote and attribute his or her response.

10. Personal Information Held by ICF

To the extent that any ICF website or mailing list collects Personal Information, ICF employs technical and organizational safeguards, including password access controls and physical security, to protect Personal Information as long as it is in our possession, and we retain Personal Information only as long as needed for our governance and development purposes.

Unless you give us permission, ICF will not share your Personal Information with third parties except as necessary to fulfill its governance and development responsibilities. The categories of third parties that might receive Personal Information from ICF for these purposes include ICF's contractors and consultants, law enforcement agencies, arbitrators, and parties to litigation.

ICF will not use, sell, rent, or otherwise disclose Personal Information for marketing purposes without your permission.

11. Legal Requests for Personal Information

Please be advised that CIF could be legally compelled in some circumstances to disclose Personal Information that we may hold to law enforcement authorities or to parties in civil litigation.

12. Contacting ICF about Personal Information

To review, correct, or ask for the deletion of any Personal Information that ICF itself may have, please email the address privacy ---at--- informationcard.net or send a letter to Information Card Foundation, 56 Kearney Road, Needham MA 02494. We may ask for additional information to establish who you are and to facilitate our search for relevant data, which we will do to the extent it is indexed or reasonably searchable by name or i-name.

Please send an email to the address: privacy ---at--- informationcard.net to report any privacy policy concerns or suspected violations. We will correct any errors on our part, notify third parties that obtained relevant data from us concerning any necessary corrections or deletions, and try to reach a reasonable accommodation with you with respect to any unusual privacy concerns you might have.

In the event of litigation over alleged privacy breaches by ICF, we submit to personal jurisdiction in the courts of general jurisdiction in our state of incorporation (currently the State of Delaware, USA) and in the Commonwealth of Massachusetts, USA.