MESA is committed to protecting your privacy. This privacy policy governs the manner in which MESA collects, uses, maintains and discloses information collected from users of the mesana.org website and the myMESA membership portal.

Introduction General Data Protection Regulation (GDPR)

We are committed to safeguarding the privacy of all our website visitors. These protections apply to individuals who reside in the European Union. This policy applies where we are controlling the personal data of our website visitors. By using our website and agreeing to this policy, you consent to our use of cookies in accordance with the terms of this policy. Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can specify whether you would like to receive direct marketing communications and limit the publication of your information. You can do this by editing your Personal Info in your myMESA account, accessed here. In this policy, "we", "us" and "our" refer to the Middle East Studies Association. For more information about GDPR, visit this site. 

How we use your personal data

We may process your personal data that are provided in the course of the use of our services (service data"). The service data may include your name, address, telephone number, email address, profile pictures, educational details, employment details, and demographic details. The source of the service data is you or your employer. The service data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back‐ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.

Data Tracked on the Website

We may process data about your use of our website and services ("usage data"). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analyzing the use of the website and membership services. The legal basis for this processing is consent, namely monitoring and improving our website and services to better serve our members. This consent is implied through your usage of our website(s).

Information that we may process may include your:

• Internet Protocol (“IP”) addresses used to connect your computer to the Internet;
• Tracking codes such as cookies;
• Comments, feedback, posts and other content you provide to us (including through our list serves and otherwebsites);
• Communication preferences;
• Location‐aware services, the physical location of your device in order to provide you with more relevant content for your location; and
• Communications with other users of our services.

Data Tracked in the Database

In order to fulfill our contractual obligation to our members and customers, certain information will be retained. 

The personal information that we may collect may include your: 

• Contact details, such as your name, email address, postal address and telephone number;
• Educational and professional interests;
• Usernames and passwords;
• Payment information, such as a credit or debit card number; (Note that the MESA is PCI compliant)
• Comments, feedback, posts and other content you provide to us (including through our section and other websites);
• Communication preferences;
• Purchases;
• Information about your personal preferences and interests; and
• Communications with other users of our services.

The profile data may be processed for the purposes of enabling and monitoring your use of our website and services. The legal basis for this processing is contractual. The personal data will not be kept for longer than is necessary to comply with our legal obligations.

In addition to this, we may process information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website (“transaction data”). The transaction data may include your contact details, your credit card details and the transaction details. We do not collect credit card information. The transaction data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.

We may process information that you provide to us for the purpose of subscribing to our email notifications and/or newsletters (“notification data”). The notification data may be processed for the purposes of sending you relevant notifications and/or newsletters. The legal basis for this processing is contractual.

You should not supply any other person’s personal data to us, unless it is required to fulfill a service obligation and then only with the permission of individual(s).

PROVIDING YOUR PERSONAL DATA TO OTHERS

We may disclose your personal data to any member of our Board of Directors, Board Committees, Task Forces, and Working Groups insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.

Your personal data may also be shared with our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice, or the establishment, exercise or defense of legal claims, whether in court proceedings or in administrative or out-of-court procedure.

In order to provide services you have contracted for, we may disclose specific personal date category or categories to our suppliers or subcontractors insofar as reasonably necessary to deliver services and products, including our Publisher.

Financial transactions relating to our website and services are handled by our payment services provider. We will share transaction with our payment services provider only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. In sharing any financial data, MESA follows all PCI requirements to maintain compliance.

In addition to the specific disclosures of personal data set out in this Section, we may disclose your personal data where such disclosure is necessary for compliance with the legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defense of legal claims, whether in court proceedings or in administrative or out-of-court procedure.

CHANGES to this PRIVACY POLICY

We may update this policy from time to time by publishing a new version on the website. You should check this page occasionally to ensure you are aware of changes to this policy. We may notify you of changes to this policy by email.

YOUR RIGHTS

In this Section, we have summarized the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under data protection law are:

• Request that we provide you with details of your personal information that we process, the purpose for which it is processed, the recipients of such information, the existence of any automated decision making involving your personal information, and what transfer safeguards we have in place;
• Request that we rectify any errors in your personal information;
• Request that we delete your personal information if our continued processing of such information is not justified;
• Request that we transfer your personal information to a third party;
• Object to automated decision‐making and profiling based on legitimate interests or the performance of a task in the public interest (in which event the processing will cease except where there are compelling legitimate grounds, such as when the processing is necessary for the performance of a contract between us);
• Object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.;
• Object to processing for purposes of scientific, historical research and statistics.
• The right to data portability;
• The right to complain to a supervisory authority (up‐to‐date list of data authorities); and
• The right to withdraw consent.

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee. You can access your personal data and make modifications when you are logged into your myMESA account.

Cookies

A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies.

We use cookies for the following purposes:

• Authentication ‐ we use cookies to identify you when you visit our website and as you navigate our website;
• Status ‐ we use cookies to help us to determine if you are logged into our website;
• Personalization ‐ we use cookies to store information about your preferences and to personalize the website for you;
• Security ‐ we use cookies as an element of the security measures to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally;
• Analysis ‐ we use cookies to help us to analyze the use and performance of our website and services; and
• Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

Cross Border Transfers

In order to satisfy global reporting requirements, we may be required to provide your personal information to our affiliates in other countries.