The security and protection of your personal information is very important to us. This policy sets out what we do with your information and what we do to keep it secure. It also explains where and how we collect your personal information, as well as the rights you have over the personal information we hold about you, in accordance with the General Data Protection Regulation (GDPR). It applies to all Data Subjects (whether current or former).
Any questions regarding this policy and our privacy practises should be sent by email to firstname.lastname@example.org
Who we are
When we say ‘we’ or ‘us’ in this policy we are referring to IFORS, the Federation of Operational Research Societies. The IFORS secretariat is at 5521 Research Park Drive, Suite 200, Catonsville, MD 21228 USA.
IFORS is a ‘data controller’. This means that we are responsible for deciding how we hold and use personal information about Data Subjects. We are required under data protection legislation to notify Data Subjects of the information contained in this privacy notice.
How we collect information from you
We obtain information through our member society’s annual returns, through payments, through submissions to our journal, through membership of a committee, through registration for a conference or sign-up to one of our mailing lists.
What type of information we collect
The personal information we collect might include your name, address, email address, IP address, and information regarding what pages on our website are accessed and when. If a payment is made to us, card information is not held by us, but collected by INFORMS, who have policies in place for the secure online capture and processing of credit/debit card transactions.
How we use your information
We may use your information to:
- Carry out obligations, where we need to comply with a legal obligation, arising from any contracts entered into by you and us;
- Seek your views or comments on the services we provide;
- Notify you of changes to our services;
- Send you communications which you have requested and that may be of interest to you;
- Any other circumstances where it is necessary for our legitimate interests (or those of a third party) and the interests and fundamental rights of the Data Subject do not override those interests;
- Where it is needed in the public interest.
We review our retention periods for personal information on a regular basis. We will only hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
Who we share your information with
We will not sell your information to third parties.
We will not share your information with third parties for marketing purposes.
We may have to share information with some third-party service providers in order to provide that service. Any third party that we have to share information with in this way will not use your information for their own business purposes, unless you have explicitly consented to the use of your personal information in this way.
We may transfer personal information about Data Subjects outside the EU. If we do, Data Subjects can expect a similar degree of protection in respect of their personal information.
Our journal, International Transactions in Operational Research (ITOR)
By submitting a manuscript to or reviewing for ITOR, your name, email address, and affiliation, and other contact details ITOR might require, will be used for its regular operations, including, when necessary, sharing with the publisher (Wiley) and partners for production and publication. We and the publisher recognize the importance of protecting the personal information collected from users in the operation of these services and have practices in place to ensure that steps are taken to maintain the security, integrity, and privacy of the personal data collected and processed. You can learn more at https://authorservices.wiley.com/statements/data-protection-policy.html. Some specific questions about the Scholar One Manuscripts (S1M) system are answered below.
You have a choice about whether or not you want to receive information from us. You can opt-out of any mailing list that you have joined by selecting the unsubscribe option.
Should you wish to receive a copy of the data we hold on you or to ask us to delete anything we hold on you please let us know by emailing us at email@example.com We will delete anything you ask us to unless there is an overriding legitimate interest.
Keeping information accurate
The accuracy of your information is very important to us and we will always try to keep it up to date. If the information we hold about you is incorrect please let us know by emailing us at firstname.lastname@example.org
We will always take steps to ensure the personal information you give us is treated securely. All of the information you give us will either be password protected or securely locked away. We ask you not to share your log-in details with anyone else.
Links to external websites
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
Cross Border Transfers
IFORS is an international organisation. The secretariat is based in the USA, and the website manager in The Philippines. Officers are based in many different countries. It is therefore necessary to transfer your personal information outside of your country of residence.
We do not process the personal data of any person under the age of 16.
Appendix: The Scholar One Manuscripts (S1M) system
The Scholar One Manuscripts (S1M) system collects data about the editor(s), such as name, email address, address, as this is stored in their user profile. As IFORS owns ITOR, IFORS has access to that data. The editor of the journal has access to author and reviewer data, for the purposes of editorial processes and decision making, but the editors are not owners of that data.
What is Data held
Prefix, First (Given) name, Last (Family) Name, ORCID iD (required for submitting authors, optional for other users), Email Address, Address, Country/Region, City, and Postal Code are required fields. Users can optionally provide Middle Name, Degree, Secondary Email Address, Institution, Department, State/Province, Phone, Fax, and user keywords.
If an author/reviewer asked to see the data S1M holds on them the journal editorial office or a member of the Wiley support team would be able to share this with the user.
If an author asks for their account to be removed, S1M would still hold a basic record of that user, marked as ‘do not contact’ – this would ensure the editors no longer contact that user to solicit review reports or new articles. It’s not possible to purge contact details from a published article, and the copyright transfer agreement/license they signed would specify that.
There is a required privacy acknowledgement section added to every user profile, and every user coming in to the system after the functionality is live will be intercepted and asked to confirm.
Location of that data
Clarivate is the Data Processor, but the ownership and usage rights to the data belong to IFORS. Wiley is also considered a Data Processor and has access to the data on behalf of IFORS to provide support and assistance.
How long is the data is held for?
Data is held in the system as long as it’s live for all users.
There is a separate consent question for marketing, and users will only be contacted for that purpose if they agree. Wiley does not use S1M information to solicit authors for new content, although IFORS can do so with ITOR data. Wiley may occasionally request reports of all users in all S1M sites for the purposes of rejection analysis, geographical breakdown analysis, etc., but only users that have agreed to be marketed to would ever be contacted as a result of these reports. Clarivate track usage and IP address that they do not share with their clients (be it a publisher or a society), but have no access or rights to user contact details.