Last updated: August 2021
The ISIC application, website isic.org and mobile website m.isic.org (together: the “application”) are operated by ISIC ASSOCIATION (INTERNATIONAL STUDENT IDENTITY CARD ASSOCIATION) (“we“, “our“, “us“).
We are committed to protecting and respecting your privacy in accordance with the applicable privacy legislation, in particular the General Data Protection Regulation 2016/679 and any other applicable national data protection legislation. This Privacy Policy sets out how we collect, use and share information that identifies you or is associated with you (“personal data“).
You should also be aware that we use cookies to store and access information whilst providing access to our application. You can find out more about our use of cookies in our section on cookies below.
We are responsible for providing this application and for the processing of your personal data in relation to this. Note that the individual discounts are generally offered by and the responsibility of the companies and local ISIC partners. A small number of global discounts (as indicated in the application) are provided by us in combination with the respective companies offering the products and/or services.
For your other rights and obligations using our application, please see our Terms of Use.
By agreeing to this Privacy Policy, you give your consent to the processing of your personal data for the purposes mentioned in this Privacy Policy. This Privacy Policy will inform you:
- which of your personal data we will collect and process
- for which purposes your personal data will be processed
- how we will process your personal data, including to which third parties we may share your personal data
- your rights in relation to the processing of your personal data
1. PERSONAL DATA WE HOLD ABOUT YOU
1.1 We collect personal data from you when you voluntarily submit information directly to us or our application. This can include information you provide when you register to use the application, login to the application, complete a form, correspond with us, use discounts via our application or subscribe to our email lists.
1.1.1. Verifying ISIC Card: When you register to use our application, it may be necessary to verify the validity of your ISIC Card. We will also on a regular basis verify the validity of your ISIC Card, either at our own initiative or by your request. If your ISIC Card goes through a validation process, we will process your name, ISIC Card number, data of verification and IP Address. The verification, including the personal data necessary for it, will be stored for 5 years from the date of verification.
1.1.2. Application Profile: When you have completed your registration to our application, a profile will be created for you in our application. For managing your profile and enabling use of our application, we will process the personal data belonging to your ISIC Card and/or data you have provided us. The personal data collected and processed are your name, date of birth, ISIC Card Number, contact details, photo, country of residence, issuer organization of your ISIC Card, ISIC Card type, ISIC Card validity, ISIC Card status, your preferences and information about how you use and connect to the application, favourite discounts and password. This personal data will be stored for the validity of your ISIC Card + 6 months after the ISIC Card’s expiration.
1.1.3. Displaying ISIC Card: For physically displaying and using your ISIC Card in the application, an image of your ISIC Card will be generated and temporarily stored, including any information found on your ISIC Card
1.1.4. Direct Marketing: To send out newsletters and other direct marketing with your consent, we will process your name, e-mail address and phone number. This data processing will last as long as we have your consent to send direct marketing to you.
1.2 We also collect personal data indirectly from you, such as information about the pages you look at on the application and the device you connect to the application with. This personal data will be stored for the validity of your ISIC Card + 6 months after the ISIC Card’s expiration.
1.3 We may also collect personal data about you from third parties such as ISIC partners and ISIC members. This may be combined with other information you provide to us, as described above. Each ISIC Member is responsible for providing notice to its cardholders concerning the purpose for which it collects Personal Data and how this Personal Data is processed.
1.4 We will now describe a few of the aforementioned categories of personal data we collect in more detail:
(a) Contact details: Include data such as your name, your email address and your telephone number associated with your account.
(b) Account information: Include data such as your contact details (as above) and other any information you share when creating an account with our application.
(c) Your preferences: choices you make such as notification and messaging preferences or choices about how the application is set up.
(d) Information about how you use and connect to the application:
(i) We collect information about how you use the application such as the pages and links you access, the discounts you have selected, the time you access the application and duration you are on it, the website you come to the application from or go to after leaving the application and selections and choices you make when using the application.
(ii) We also collect information about the computer or other electronic devices you use to connect to the application such as details about the type of device (which can include unique device identifying numbers), its operating system, browser and applications connected to the application through the device, your Internet service provider or mobile network, your IP address and your device’s telephone number (if it has one).
(e) Information about your location: subject to your consent, we may collect your location or an approximation thereof to show nearby discounts/benefits or location on the map. We do not connect location data to concrete users.
(f) Information provided by other organisations: Other organisations may provide information that we associate with you where they are lawfully permitted to share it, such as contact details, demographic data, or Internet navigation information.
2. YOUR RIGHTS
2.1 We respect your privacy rights and provide you with reasonable access to the Personal Data that you have provided through your use of the application. You have the following rights:
(a) Right of access: To obtain confirmation as to whether or not we process your personal data, and if we do, information about the purposes of the processing, the categories of personal data, the recipients of your personal data, the period for which your personal data will be processed.
(b) Right of rectification: To rectify any of your personal data that is inaccurate and complete personal data that is incomplete.
(c) Right to be forgotten: To have your personal data erased, if you
(i) find that the data processing is no longer necessary for the purposes they were collected for, or
(ii) withdraw your consent to data processing, or
(iii) object to the data processing, or
(iv) find your personal data has been unlawfully processed
(d) Right to data portability: To receive your personal data in a structured, commonly used and machine-readable format
(e) Right to object: To object to the processing of your personal data if you find the processing contrary to the provision of the General Data Protection Regulation.
2.2. You can at any time update, correct, or delete your Account information (excluding your name) and preferences by accessing your Account settings page in the application. Please note that while any changes you make will be reflected in active user databases instantly or within a reasonable period, if we have a legitimate interest, we may retain all information you submit for backups, archiving, prevention of fraud and abuse, analytics, satisfaction of legal obligations, or where we otherwise reasonably believe that we have a legitimate reason to do so.
2.3. If you exercise your right to be forgotten or right to object, or withdraw your consent, or modify your personal data, data is retained for 6 months after the last activity, after which it is automatically shredded.
2.4. If you exercise your right to be forgotten or right to object, or withdraw your consent, or modify your personal data, you may not be able to use the functions and benefits of our application.
2.5. If there is information you would like to access, update, correct or delete, or if you would like to object to us processing your personal data, please contact us using the contact details set out in the “Contacting us” section below. Please provide as much information as you can about the information you are looking for and we will be happy to try and help you find it.
3. HOW WE USE YOUR INFORMATION
3.1 In this section, we will describe in more detail how we will use some of your personal data for the purpose of managing your profile and enabling use of our application (as described in section 1.1.2 of this Privacy Policy). We will use personal data from your profile in our application in the following ways:
(a) Contact details: we will use your contact details so that we can communicate with you directly about our organisation discounts and about queries, issues or concerns you or other users have.
(b) Account information: we use your account information to provide our service to you and ensure that you are able to interact with the application as permitted by the functionality of the application and your preferences.
(c) Your preferences: we will use your preference settings for the purpose of providing notifications, messages, displaying the application and following other choices you are able to make about how the application is displayed to you.
(d) Information about discounts you have looked at: we use this information to send you reminders and to determine discounts that may be of interest to you.
(e) Information about how you use and connect to the application: we use this information to present the application to you on your device. We will also use this information to determine products and services that may be of interest to you.
(f) Information about your location: we may use your location or an approximation thereof to ensure the content and deals on the application are relevant to the city, state or country you are using the application in. We will not collect or track your exact location without your consent.
3.2. We will also use all the personal data we collect to:
(i) monitor and improve the application and our procedures and processes; and
(ii) to help us develop new products and services. Our use of your personal data in this way will not result in information that was not previously publicly available being made public on the application.
3.3 We may anonymise and aggregate any of the information we collect (so that it does not directly identify you). We may use anonymised information for purposes that include testing our IT systems, research, data analysis, improving the application, developing new products and features or displaying information about the discounts used via our application such as the most popular discounts or discounts based on an approximate location.
4. INFORMATION WE SHARE WITH THIRD PARTIES
4.1 We share your personal data with the following parties:
(a) Companies and organisations that are subsidiaries of our organisation and with the ISIC Association: these companies and this organisation will only use your personal data in the same way as we can under this Privacy Policy. The subsidiaries we will share your personal data with:
Name and VAT/Company ID | Address | Purpose |
ISIC Service Office DOOID No. 21520209 | Starine Novaka 1, 11000, Belgrade, Republic of Serbia | ISIC Service Office is our service company, meaning they will administer and process your personal data on our behalf. |
(b) Service providers, partners and advisors: third parties who provide a service to us, partner with us on marketing and other business activities, advise us or that we work with in other business capacities. For example, we use a third party for the hosting of the application and your personal data. These third parties will only be allowed to use your personal data in accordance with our instructions or your marketing preferences (where applicable) and will be required to keep your information secure. The service providers, partners and advisors we will share your personal data with:
Name and VAT/Company ID | Address | Purpose |
Orchitech Solutions s.r.o. | Koněvova 2660/141130 00 Prague 3, Czech Republic | Development and support of IT systems |
Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy, L-1855 Luxembourg | Cloud services |
Google Ireland Limited | Gordon House, Barrow Street, Dublin 4, Ireland | Advertisement analytics, Cloud services and in-app messaging |
(c) Companies and organisations that are ISIC partners or ISIC members under contract with our organisation: By agreeing to this Privacy Policy, you give consent to us making your personal data in the application available to the local issuer in your country of residence for as long as we are permitted to store your data. These companies and organisations will mainly use your personal data to provide local support if you have any inquiries or feedback. These companies and organisation may also receive aggregated statistics on the metrics and use of deals. We will remain the data controller and be responsible for this data processing. The list of current ISIC members can be found at www.isicassociation.org/members. The list of current ISIC partners can be found at www.isic.org/discounts.
4.2 We may share your personal data with the following parties:
(a) Law enforcement, regulators and other parties for legal reasons: third parties who we are under a legal obligation to disclose your personal data to or who we need to disclose your personal data to protect our rights, property or safety or the rights, property or safety of others, detection and investigation of illegal activities and breaches of any agreement we have with you.
(b) We may provide third parties with aggregate statistical information and analytics about users of the application but we will make sure no one can be identified from this information before we disclose it.
5. MARKETING
5.1 If you sign-up to our newsletter or give your consent to receiving our newsletter in any other way, we may contact you from time to time by email with information about our organisation and our activities, products and services. If you do not want us to send you email marketing, you can unsubscribe from our emails by clicking on the unsubscribe link (where available) in the emails we send to you.
5.2 If you give permission on your device, we may send (push-)notifications directly to your device, for example to inform you about a nearby discount. If you do not want to get these notifications you can generally disable this through the settings on your device and/or your preferences in the application.
5.3 When signing up to the application, you may be asked if you want to receive an ISIC partner or ISIC member’s marketing. You will either be given information about such marketing directly at sign-up or be presented with direct links to the ISIC partner or ISIC member’s own legal documents. By agreeing to receive marketing from an ISIC partner or ISIC member, you give your consent directly to that partner or member. We will not be further involved in this data processing. We will therefore refer any inquiries, questions, or comments, including any requests for unsubscribing to the marketing, to the ISIC partner or ISIC member you have given consent to.
6. COOKIES
6.1 We may store information (which may include personal data) locally on your device using cookies and other browser and application storage methods. Cookies can be seen as text files, containing small amounts of information, which are downloaded to your browsing device (such as a computer or smartphone) when you visit a website or use an application. Cookies can be recognised by the website that downloaded them — or other websites that use the same cookies. This helps websites know if the browsing device has visited them before.
6.2 The types of cookies used on our site can generally be put into the categories described in the section below.
(a) Strictly Necessary Cookies: These cookies are essential to make our website work. They enable you to move around the site and use its features. Without these cookies, services that are necessary for you to be able to use our site such as accessing secure areas cannot be provided.
(b) Analytics Cookies: These cookies collect information about how people are using our website, for example which pages are visited the most often, how people are moving from one link to another and if they get error messages from certain pages. These cookies don’t gather information that identifies you. All information these cookies collect is grouped together with information from other people’s use of our site on an anonymous basis. Overall, these cookies provide us with analytical information about how our site is performing and how we can improve it.
(c) Functionality Cookies: These cookies allow us to remember choices you make and tailor our site to provide enhanced features and content to you. For example, these cookies can be used to remember your login details, language choice or country selection, they can also be used to remember changes you’ve made to preferences and other parts of pages that you can customise.
6.3 “First party cookies” are cookies that belong to us and that we place on your device. “Third-party cookies” are cookies that another party places on your browsing device when you visit our site. Third parties setting cookies from our website will be providing a service to us or a function of the site but we do not always control how third party cookies are used. You should check the third party’s website for more information about how they use cookies.
6.4 You can usually use the browser that you are viewing our website through to enable, disable or delete cookies. To do this, follow the instructions provided by your browser (usually located within the “Help”, “Tools” or “Edit” settings). Please note that if you set your browser to disable cookies, you may not be able to access secure areas of the website and other parts of the website may also not work properly. You can find out more information about how to change your browser cookie settings at www.allaboutcookies.org.
7. TRANSFERRING YOUR PERSONAL DATA
7.1 The local ISIC Card issuer in your country of residence will gain access to the personal data linked to your ISIC Card and profile within our application. Kindly see 4.1.c above.
7.2 International Transfers of your personal data: the personal data we collect may be transferred to and stored in countries outside of the jurisdiction you are in, including, in particular, outside the European Union. Some of these jurisdictions offer differing levels of protection in respect of personal data and may, in certain instances, be less protective than the jurisdiction you are typically resident in. We will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this Privacy Policy. By agreeing to this Privacy Policy, you agree that your personal data will be transferred to the following third parties outside the European Union, knowing the possible risks of such a transfer:
Name and VAT/Company ID | Address | Legal basis |
ISIC Service Office DOOID No. 21520209 | Starine Novaka 1, 11000, Belgrade, Republic of Serbia | Standard Contractual Clauses, cf. GDPR Art. 46(2), litra c. |
Orchitech Solutions s.r.o. | Koněvova 2660/141130 00 Prague 3, Czech Republic | Data subject consent, cf. GDPR Article 49(1), litra a. |
Amazon Web Services EMEA SARL | 38 Avenue John F. Kennedy, L-1855 Luxembourg | Data subject consent, cf. GDPR Article 49(1), litra a. |
Google Ireland Limited | Gordon House, Barrow Street, Dublin 4, Ireland | Data subject consent, cf. GDPR Article 49(1), litra a. |
7.3 If your ISIC Card is issued in a country outside the European Union, the local ISIC Card issuer in your country of residence will gain access to the personal data linked to your ISIC Card and profile within our application. The list of local ISIC Card issuers can be found at www.isicassociation.org/members.
7.4 If you use your ISIC Card or our application in a country outside the European Union, third parties in that country whom you share your ISIC Card may gain access to the personal data linked to your ISIC Card and profile within our application. This includes claiming benefits in a country outside the European Union.
8. LINKS TO THIRD PARTY SITES
8.1 The application may, from time to time, contain links to and from third party websites, including our partners, news publications, retailers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for their policies. Please check the individual policies before you submit any information or subject yourself to those websites.
9. CHANGES TO THIS POLICY
9.1 We may update this Privacy Policy from time to time and so you should review this policy periodically. When we change this privacy policy in a material way, we will update the “last modified” date at the top of this Privacy Policy. Changes to this privacy policy are effective when they are posted on this page.
10. CONTACTING US
10.1 Questions, comments and requests regarding this Privacy Policy are welcome and should be addressed to info@isic.org or ISIC ASSOCIATION (INTERNATIONAL STUDENT IDENTITY CARD ASSOCIATION, Nytorv 5, DK-1450, Copenhagen, Denmark. Attn: Privacy Officer.