This statement sets out the privacy and data protection policy of the following related organizations and groups: the Internet Engineering Steering Group (“IESG”) representing the IETF; the Internet Research Steering Group ("IRSG") representing the IRTF; the Internet Architecture Board ("IAB"); and the common supporting organizations of the IETF Administration LLC ("LLC") and the RFC Editor, which are collectively referred to in this policy as the IETF/IRTF/IAB and individually as a Party and whose collective activities constitute a single privacy context.
For the avoidance of doubt, the Internet Society (“ISOC”) is not a Party and their activities constitute a separate privacy context. ISOC should be regarded as a third-party for the purposes of this statement.
The IETF/IRTF/IAB operates in an open and transparent fashion. As a part of this transparency, any contributions, submissions, statements or communications that you make to any Party including any Personal Data, other than as expressly excepted in this statement, will be made public through electronic and other means.
You should be aware of our transparent operation when communicating with us.
The data that we collect and process (“Personal Data”) includes the following information that you provide to us when we specifically request that you do so in specific situations:
Your Personal Data also includes the following data generated in your interactions with us:
Examples of Personal Data include:
By providing us with your Personal Data, you are consenting to our disclosure and use of it for the purposes as described in this Statement.
By subscribing to a mailing list managed by the IETF/IRTF/IAB or submitting a contribution to the IETF/IRTF/IAB, you consent to us using your Personal Data to communicate with you about your participation in our activities.
We also collect audio, pictorial and video recording, during and in connection with our events, meetings and conferences. All such information may be made public and used by us in connection with the activities of the IETF/IRTF/IAB.
For some meetings we provide red lanyards for attendees to wear to indicate that they do not wish to be photographed individually or in small groups. Official IETF/IRTF/IAB photographers comply with this indication and we use reasonable efforts to ensure that all other photographers also comply. Photographs of large groups may contain incidental images of attendees in red lanyards and individuals wearing red lanyards will still be included in official video recordings.
Due to the nature of the Internet and our international operations, your communications and submissions may result in the transfer of your Personal Data and other information across national boundaries and outside of your country of residence. By communicating with a Party and submitting information to us, you consent to these transfers and to the use of your Personal Data and other information as described in this Statement.
We do not sell your Personal Data nor do we monetize it in any way.
Technical data will be collected in our web server logs such as, operating system, browser version, and IP address. We do not make such information available to the public.
We do not enable or participate in any third-party tracking of your website activity. As no third-party tracking is enabled on our website, our websites do not alter their behavior according to the value of a browser Do Not Track (DNT) setting.
We do not use browser storage, for example flash cookies, or other local storage.
As an exception to the IETF/IRTF/IAB’s general policy of releasing information to the public, there are certain limited types of Personal Data that we do not share in the ordinary course of our operations ("Non-Public Information"). The categories of Non-Public Information that we currently recognize are described below.
The IETF/IRTF/IAB operates a number of processes where individuals may submit Personal Data about themselves or others and where all information is kept confidential, including any reviews, assessments, deliberations, interviews or other discussions, except as specified below. These processes are:
Payment information is not collected or stored on any servers operated by the IETF/IRTF/IAB. If you conduct transactions using our websites (e.g., meeting registration), payment and payment card information will be entered directly into a third-party processor's systems and is not transmitted through or stored by our websites. We make reasonable efforts to ensure that our third-party processors handle your non-public information responsibly.
We collect information from people who register for meetings. The attendee lists which are published in the meeting proceedings include the registrants, name, organization and ISO country code, a profile link (if provided in the registration) and whether the registration was local or remote. All other information we collect is only published, if at all, in summary form.
We may ask you to provide demographic information (e.g. age, sex, country of residence) in surveys or other information gathering activities. You are not required to provide that information and your disclosure of that information to us is voluntary. We do not disclose the demographic information of individuals. We may publish aggregated information using demographic data as one dimension, in which case we will aggregate at a sufficient level to prevent disaggregation or deanonymization.
A small number of the mailing lists we operate are not available or disclosed to the public, nor are their contents made available to the public. These mailing lists are clearly indicated as non-public in their registration materials.
Email sent directly to an individual member, employee, contractor or director of a Party generally will not be made available to the public.
We delete the personal information that we collect to generate letters of invitation in a timely fashion after each meeting. We request that local organizations with whom we share this data to generate the letters also delete it in a timely fashion.
We have implemented commercially reasonable precautions that we believe are appropriate to prevent the unauthorized use, disclosure and alteration of Non-Public Information. However, no data security measures can guarantee complete data security, and we do not guarantee the confidentiality of anything that you submit to us. Please contact us if you believe that the security or integrity of any non-public information that you have submitted to us has been compromised.
We may at times be required by law to release Non-Public Information, and we will do so if we believe in good faith that such release is required by applicable law, regulation or judicial order.
Our online services are not intended for use by children under 13 years old. We do not knowingly collect personally identifiable information from, or target our online services at, children under the age of 13. If we discover that a child under 13 has provided us with personally identifiable information, without the consent and participation of a parent or guardian, we will remove it from our systems.
Occasionally, our website or communications will link to websites or services operated by third parties, for example, to conferencing services. We make no representation about the privacy policies of such sites.
If you have any questions regarding this Statement or believe that we are not following the procedures described in this Statement, please contact firstname.lastname@example.org. You can also contact us if you have any concerns about the accuracy of, or wish to correct, your Personal Data, or if you wish us to cease processing your Personal Data. We reserve the right to decline any request to remove or alter information or to cease processing your Personal Data except to the extent that we are legally required to do so.
Updated December 23, 2019