Privacy Policy

How we handle your personal data

Last updated: March 1, 2026

SIOE – Society for Institutional and Organizational Economics (hereinafter "SIOE") is an international scholarly society. This policy applies to users worldwide and explains how we process personal data on sioe.org and extranet.sioe.org.

We provide a global baseline in plain language and regional notes where local laws grant specific additional rights (for example in the EU/EEA, UK, and certain US states).

1. Scope and Data Controller

SIOE – Society for Institutional and Organizational Economics
Contact: secretary@sioe.org

If local law uses specific legal terms (for example, "data controller" or "business"), SIOE acts in the corresponding role for the processing activities described below.

2. Types of Data Collected

2.1 Public Website (sioe.org)

The SIOE public website does not use tracking cookies and does not collect personal data from users during browsing. Analytics tools such as Google Analytics are not active.

The only data submitted voluntarily is through the contact form, which collects:

  • Name
  • Email address
  • Message content

This data is used solely to respond to your enquiry and is not stored in a database.

2.2 Conference Extranet (extranet.sioe.org)

The SvelteKit-based extranet for managing SIOE conferences collects and processes the following categories of personal data:

User registration data:

  • First and last name
  • Email address
  • Password (encrypted with bcrypt)
  • University/institution affiliation
  • Country
  • Profile photo (optional)

Conference registration data:

  • Dietary preferences and requirements
  • Guest names
  • Badge preferences

Paper submission data:

  • Paper titles and abstracts
  • Author information
  • PDF files of contributions

Technical data:

  • IP address (for security and audit purposes)
  • Session data (encrypted, stored for 120 minutes)

Payment data:

  • Order ID, PayPal payer ID and email, amount, currency, payment status

Important: SIOE does not directly store credit card data. Payments are processed exclusively by PayPal.

3. Why We Process Data

  1. Conference registration management – participant registration, badges, logistics
  2. Scientific contribution management – collection, review, and publication of papers
  3. Payment processing – registration fees via PayPal
  4. Communications – information related to conferences and SIOE activities
  5. Security – protection against unauthorized access and fraud

4. Legal Grounds by Region

Global baseline: We process personal data where needed to provide requested services, operate securely, communicate with participants, and comply with legal obligations.

EU/EEA and UK users:

  • Contract necessity (conference registration and participation)
  • Legitimate interests (security, fraud prevention, and service integrity)
  • Consent (for example, contact form submission when required)
  • Legal obligation where applicable

Users in other regions: Equivalent legal grounds apply as required by local law (for example, consent, contractual necessity, legitimate interests, or legal obligations).

5. Data Recipients

Hosting providers:

Payment processors:

6. Retention Period

  • User accounts: Retained while the account is active; users may request deletion at any time
  • Conference registrations and paper submissions: Retained per conference year
  • Session data: 120 minutes, then automatically deleted
  • System logs: Maximum 12 months

7. Your Rights by Region

All users: You may contact us to request access, correction, or deletion of your data, subject to applicable law and identity verification.

EU/EEA and UK: You may have rights including access, rectification, erasure, restriction, objection, and portability under applicable data protection law.

US states with privacy laws (where applicable): You may have rights such as access, deletion, correction, and portability. SIOE does not sell personal data.

To exercise rights, contact secretary@sioe.org. We respond within the timeframe required by applicable law (typically within 30 days for GDPR-based requests).

8. Security Measures

  • HTTPS/SSL encryption for all communications
  • Password hashing with bcrypt
  • CSRF protection
  • Session encryption in the database
  • Regular security updates and access controls

9. Cookies

9.1 Public Website (sioe.org)

No cookies are used on the public website, except a short-lived session cookie for the contact form (cleared on browser close).

9.2 Conference Extranet (extranet.sioe.org)

Necessary technical cookies (always active):

  • sioe_session – User authentication and session management; duration: 120 minutes; type: encrypted session cookie

These cookies are strictly necessary for the operation of the service. If we ever introduce non-essential cookies, we will implement consent handling as required by applicable law.

10. International Transfers

Primary hosting is in France (European Union). Some service providers, participants, or payment operations may involve cross-border data flows. Where required, we apply appropriate safeguards under applicable law.

11. Complaints

If you believe your data protection rights were violated, you may contact us first at secretary@sioe.org. You may also lodge a complaint with the competent authority in your jurisdiction (for example, an EU/EEA supervisory authority or UK ICO, where applicable).

12. Changes to this Policy

SIOE reserves the right to modify this policy. The "Last updated" date at the top indicates the current version.

13. Contact

For questions about this policy or to exercise your rights:
Email: secretary@sioe.org

This policy is designed for an international audience and is interpreted together with applicable local law.