Code of Ethics & Privacy Policy

Echoing the view expressed by EASST President Maja Horst, we believe it is vital to acknowledge and respect people’s experiences. At the same time, it is essential that our STS community is a space that does not address harm through exclusion alone, but that also fosters learning, remediation and growth, particularly when we are discussing more nuanced questions about what constitutes appropriate academic conduct.

Conference Code of Ethics

The EASST-4S 2024 conference adheres to the EASST Code of Ethics, as this code is compliant with European norms and regulations, including General Data Protection Regulation (GDPR). Naturally, the principles of the EASST Code of Ethics align with the 4S Code of Ethics.

The EASST Code of Ethics anticipates and accommodates ethical challenges that may arise during the EASST-4S 2024 conference. It is not meant to provide specific guidance on every situation. It is a principle-based guidance meant to help us think about ethical concerns, promote mutual support, and encourage everybody to speak up if circumstances require.

The guiding principle is that the conference should be a respectful, generous, open, and welcoming space, where everyone is treated in a helpful, considerate, and supportive manner. As participants, we listen to each other and take our actions seriously and how they affect others.

Event Ethics Committee

The Event Ethics Committee is a confidential advisory team constituted in order to offer prompt support to conference participants who might need it. They will handle all queries or concerns with the utmost discretion. The advisory team consists of two members of the local organizing committee, two EASST ethics committee members, two 4S ethics committee members and one NomadIT administrator:

Renate Baumgartner (Chair of the Event Ethics Committee)
Vivian Choi (4S)
Michela Cozza (EASST)
Brice Laurent (EASST)
Anne Loeber (local organizing committee)
Nassim Parvin (4S)- Ombuds
Triinu Mets (NomadIT)- Ombuds 

If you or your colleague has experienced misconduct, please write to ethicscom(at)easst4s2024.net, or call +31631165349 and ask for Triinu, or come to the NomadIT office in room Forum 2 (first floor, main building) and ask to speak to Triinu.

All written communications received by the confidential advisory team will be erased six months after the conference.

NomadIT Privacy Policy

This section explains the issues relating to NomadIT holding your data on behalf of EASST-4S. Information on membership/conferences is held centrally in a secure online database, providing greater data security, cheaper more efficient administration, and the potential for enhanced membership/conference facilities – such as searchable online directories, live editing of personal entries, a fully-feature abstract management and registration system.

Link to the website (easst4s2024.net) privacy policy can be found at the bottom of this page.

GDPR

NomadIT complies with the requirements and principles of GDPR (transparency, purpose limitation, data minimisation, accuracy, storage limitation, confidentiality and accountability) in its approach to your data. NomadIT is registered with the Information Commissioner’s Office (ICO) in the UK.

Data Held and its Sensitivity

The NomadIT system holds individual and organisation contact information, membership subscriptions, conference registrations, academic background/interests, panel/paper abstracts, and a record of payments made.  The only ‘private’ data held is a contact’s mobile phone number which is not made publicly available, and is held in order to facilitate contact by SMS during/en route to conferences – a function which has proved useful in past events. We only hold physical address data where required for journal mailings that are part of membership. The only sensitive data held is the date of birth, and this only in records created before 2020.

Date of Birth (DOB)

Prior to changes made in 2020, our system requested a date of birth to facilitate login. The DoB did not have to be the real DoB, nor was it made public, nor considered in any decision-making/admin processes.  We have since updated our login to use a more conventional email and password pair, so DoB is no longer gathered, and as older accounts are upgraded, it is being removed.

Purpose of Holding Data

The data collected will only be used for the purpose for which it is provided. This is deemed to be for invoicing/receipting of subscriptions/registration fees; and for mailings/email, relating either directly to the organisation/conference itself, or occasionally to news deemed of potential interest to the membership/conference (such as jobs, upcoming conferences, book releases, academic publishing promotions).  The data is held on behalf of our clients and is not disclosed to third parties. Personal data is not shared between NomadIT clients, unless there is a relevant agreement (for example when running a bilateral conference), and NomadIT are instructed to do so by the agreeing parties.

Data Subjects (Access and/or Removal)

Data subjects may request a copy of the personal information held about them, by emailing the organisation/conference concerned (or info(at)nomadit.co.uk), putting ‘Subject Access Request’ in the subject line.
Data subjects may request that their personal information be removed from our system, by emailing the organisation/conference concerned (or info(at)nomadit.co.uk), putting ‘Subject Date Removal Request’ in the subject line.
If Data subjects have any concerns about their data security they may write about these to info(at)nomadit.co.uk.

Server Locations

NomadIT currently uses two servers located in California, an Amazon email server located in Eire, and a NextCloud server located in the Germany; and makes use of other software such as Zoom, which of uses servers in the US. In all cases we look for compliance with GDPR or the principles of GDPR. We are migrating our main server use to Germany.

Data Relating to Funding Applications for Conferences

We gather Funding application data via NextCloud forms hosted on our own server in Germany. The information is held for up to two years after the conclusion of a conference, in order that we can answer questions regarding due process within funding allocation, from sponsors/funders/executive committees/applicants. After that it is deleted, and all that remains stored in conference accounts is a list of names, affiiliations, and email addresses of those funded and the amounts received.

Backups

NomadIT backs up its main database and all websites and retains backup data for up to three years, after which those backups are destroyed.

The Data Controller

NomadIT functions as the data controller on behalf of the organisation/conference with whom the membership/conference registration is made. NomadIT is registered with the Information Commissioner (No. ZA811094), and follows both GDPR and the Data Protection Act of 1998. The essence of that Act is detailed below.
If you have any complaints/enquiries, please email the relevant organisation/conference directly (see their specific websites for contact info); alternatively you can contact info(at)nomadit.co.uk if you wish to discuss issues relating to Data protection.

The eight principles

The Data Protection Act 1998 sets out eight rules that data controllers must follow for protecting personal information. Personal data must be:

  • processed fairly and lawfully
  • processed only for one or more specified and lawful purpose
  • adequate, relevant and not excessive for those purposes
  • accurate and kept up to date – data subjects have the right to have inaccurate personal data corrected or destroyed if the personal information is inaccurate to any matter of fact
  • kept for no longer than is necessary for the purposes it is being processed
  • processed in line with the rights of individuals – this includes the right to be informed of all the information held about them, to prevent processing of their personal information for marketing purposes, and to compensation if they can prove they have been damaged by a data controller’s non-compliance with the Act
  • secured against accidental loss, destruction or damage and against unauthorised or unlawful processing – this applies to you even if your business uses a third party to process personal information on your behalf
  • not transferred to countries outside the European Economic Area – the EU plus Norway, Iceland and Liechtenstein – that do not have adequate protection for individual’s personal information, unless a condition from Schedule four of the Act can be met

If a data controller’s processing of personal information does not comply with the principles, the Information Commissioner can take enforcement action against that data controller.

Membership Directories

Contact and membership data (but no important financial data) is held within our bespoke online membership databases, which hold details of over 8000 members on behalf of seven associations, and are fully GDPR-compliant.

NomadIT 2023