Owner and Data Controller

Data Controller: International Catalogue of Heavenly Bodies (ICHB.ORG)

Contact email: privacy@ichb.org

Types of Data Collected

We may collect the following categories of personal data, either directly from you or automatically through your use of our Services:

Information You Provide to Us:

• Identity Data: first name, last name, patronymic (if applicable), gender, date of birth.
• Contact Data: email address, phone number, postal address, country, state, province, city, ZIP/postal code.
• Professional Data: profession, field of activity, company name, position, academic credentials, affiliation with scientific institutions.
• Registration Data: information related to name registration applications, including proposed names for celestial objects, supporting documentation, and correspondence regarding applications.
• Communication Data: any information you provide when you contact us, submit inquiries, or participate in surveys or feedback forms.
• Account Data: username, password, and other credentials used to access your account.

Information Collected Automatically:

• Usage Data: information about how you use our Services, including your IP address, browser type and version, time zone setting, operating system and platform, pages you view, search queries, referral URLs, and the dates and times of your visits.
• Device Data: information about the device you use to access our Services, including device type, device identifiers, and mobile network information.
• Cookies and Similar Technologies: we use cookies and similar tracking technologies to track activity on our Services and hold certain information. For more details, please see our Cookie Policy below.
• Approximate Location Data: with your permission, we may collect approximate location information (e.g., at city or regional level) to provide location-based services or comply with regional legal requirements.

If you provide us with any personal data of third parties (such as colleagues or representatives of your organization), you confirm that you have obtained all necessary consents and have the right to share such information with us.

How We Collect and Process Your Data

Methods of Processing

We process your personal data using appropriate technical and organizational measures to ensure security and prevent unauthorized access, disclosure, alteration, or destruction. Processing is carried out using computers and IT systems, following strict procedures and protocols.

Your data may be accessible to authorized ICHB.ORG personnel (including administration, technical support, and legal teams) and, where necessary, to trusted third-party service providers (such as hosting providers, email services, and payment processors) who act as data processors on our behalf and under our instructions.

Legal Basis for Processing (for EEA and UK Users)

If you are located in the European Economic Area or the United Kingdom, we process your personal data based on the following legal grounds:

• Performance of a Contract: where processing is necessary to provide you with our Services, including registration of names, account management, and customer support.
• Legitimate Interests: where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. Our legitimate interests include operating and improving our Services, communicating with you, ensuring security, and exercising our legal rights.
• Compliance with Legal Obligations: where we need to comply with applicable laws and regulations.
• Consent: where you have provided specific consent (e.g., for certain cookies or marketing communications). You have the right to withdraw consent at any time.

Place of Processing

Your personal data is processed at our operating offices and at the locations of our trusted service providers. Depending on your location, data may be transferred to and processed in countries other than your own. We ensure that any such transfers are protected by appropriate safeguards, such as standard contractual clauses approved by the European Commission.

Retention Time

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. Specifically:

• Account Data: retained for as long as your account is active and for a reasonable period thereafter to allow for account reactivation or to comply with legal obligations.
• Registration Data: retained permanently as part of the historical scientific record, as names registered in the Catalogue become part of a permanent public registry. However, personal data associated with registrations (e.g., contact information) is retained only as long as necessary to administer the registration and fulfill legal obligations.
• Communication Data: retained for as long as necessary to resolve your inquiry and for a reasonable period thereafter.
• Usage Data: retained for shorter periods, generally not exceeding 26 months, except where such data is used to enhance security or improve functionality, in which case it may be retained longer in anonymized form.

When we no longer need your personal data, we will securely delete or anonymize it. You may request deletion of your data as described in the “Your Rights” section below.

How We Use Your Data

We use your personal data for the following purposes:

1. To Provide and Manage Our Services

• Processing and verifying name registration applications.
• Creating and managing your user account.
• Communicating with you about your applications, account, or inquiries.
• Providing customer support and technical assistance.
• Maintaining the integrity and security of the Catalogue database.

2. To Improve and Develop Our Services

• Analyzing usage patterns to understand how users interact with our Services.
• Developing new features and functionalities.
• Troubleshooting technical issues and improving performance.
• Conducting research and analysis to enhance the scientific value of the Catalogue.

3. To Communicate with You

• Sending administrative information, such as updates to our terms or policies.
• Responding to your inquiries and requests.
• Sending service-related notifications (e.g., confirmation of registration).
• With your consent, sending newsletters or marketing communications about our Services.

4. To Comply with Legal Obligations

• Maintaining records as required by applicable laws.
• Responding to lawful requests from public authorities, including law enforcement.
• Enforcing our terms and conditions and protecting our legal rights.

5. For Legitimate Business Interests

• Monitoring and preventing fraud, abuse, and unauthorized access.
• Protecting the security and integrity of our systems.
• Generating anonymized statistical data for scientific or academic purposes.

Sharing Your Data

We do not sell, rent, or trade your personal data. We may share your data in the following circumstances:

With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

With Service Providers

We engage trusted third-party service providers to perform functions on our behalf, such as web hosting, data storage, email delivery, payment processing, and analytics. These providers are contractually obligated to process your data only as instructed by us and to implement appropriate security measures.

With Official Representatives and Partners

If you submit a name registration application through an official representative or partner organization, your data may be shared with that representative for the purpose of processing your application. Such representatives act as independent data controllers and are responsible for their own compliance with applicable privacy laws. We encourage you to review their privacy policies.

For Legal Reasons

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or where such disclosure is necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

In Anonymized Form

We may share aggregated, anonymized data that does not identify individuals for scientific research, academic publications, or statistical analysis.

Cookies and Similar Technologies

We use cookies and similar tracking technologies to enhance your experience, analyze usage, and support the functioning of our Services.

What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help us remember your preferences, understand how you use our site, and improve your experience.

Types of Cookies We Use

• Essential Cookies: necessary for the operation of our Services, enabling you to navigate the site and use its features (e.g., to log in securely).
• Functional Cookies: remember your preferences and settings to enhance your experience.
• Analytics Cookies: help us understand how visitors interact with our Services by collecting anonymous information about pages visited, time spent, and error reports. We use this data to improve performance and usability.
• Third-Party Cookies: some cookies are placed by third-party services that appear on our pages (e.g., social media sharing buttons).

Your Cookie Choices

Most web browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies if you prefer. However, disabling essential cookies may affect your ability to use certain features of our Services.

To learn more about managing cookies, visit www.aboutcookies.org.

Device Permissions

Depending on your device and how you access our Services, we may request certain permissions:

Approximate Location Permission

We may request access to your approximate location (e.g., at city or regional level) to provide location-appropriate information, comply with regional legal requirements, or customize your experience. This permission is non-continuous and is only accessed when explicitly requested.

You can control and revoke permissions at any time through your device settings. Revoking permissions may impact the functionality of certain features.

Children’s Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.

Data Security

We implement appropriate technical and organizational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include encryption, firewalls, access controls, and regular security assessments.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Rights

Depending on your location, you may have certain rights regarding your personal data:

For All Users

• Access: you may request a copy of the personal data we hold about you.
• Correction: you may request that we correct inaccurate or incomplete data.
• Deletion: you may request that we delete your personal data, subject to certain legal exceptions (e.g., where we are required to retain data for legal compliance or as part of the permanent scientific record).
• Objection: you may object to our processing of your data where we rely on legitimate interests as the legal basis.
• Restriction: you may request that we restrict processing of your data in certain circumstances.
• Data Portability: you may request that we provide your data in a structured, commonly used, and machine-readable format.
• Withdraw Consent: where processing is based on consent, you may withdraw consent at any time.

To exercise any of these rights, please contact us at privacy@ichb.org. We will respond to your request within the timeframes required by applicable law. We may need to verify your identity before processing your request.

Additional Rights for EEA and UK Users

If you are located in the European Economic Area or the United Kingdom, you also have the right to lodge a complaint with your local data protection supervisory authority.

Notice Regarding “Do Not Track” Signals

Our Services do not currently respond to “Do Not Track” signals from web browsers. To determine whether any third-party services we use honor such signals, please review their privacy policies.

Limitations and Disclaimers

For a full explanation of limitations regarding the use of our Services, including important information about warranties, liability, and the nature of name registrations, please review our Legal-Information.

GDPR and CCPA Compliance Information

For Users in the European Economic Area (EEA) and United Kingdom

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR). In addition to the rights described in the “Your Rights” section, we provide the following information:

• Data Protection Officer: We have appointed a Data Protection Officer who can be contacted at dpo@ichb.org.
• Supervisory Authority: You have the right to lodge a complaint with your local data protection supervisory authority. A list of national data protection authorities in the EEA is available at https://edpb.europa.eu/.
• Automated Decision-Making: We do not use automated decision-making or profiling that produces legal effects concerning you.
• International Transfers: As described in the “International Data Transfers” section, your data may be transferred outside the EEA. We ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission.

For Users in California (United States)

If you are a resident of California, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information. This section describes those rights and explains how to exercise them.

California Consumer Privacy Act (CCPA) Notice

Under the CCPA, California residents have the following rights:

• Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which the information is collected, the business purpose for collecting the information, and the categories of third parties with whom we share the information.
• Right to Delete: You have the right to request that we delete any personal information we have collected about you, subject to certain exceptions (e.g., where the information is necessary to complete a transaction, detect security incidents, comply with legal obligations, or for internal scientific research purposes).
• Right to Opt-Out: You have the right to opt-out of the sale of your personal information. ICHB.ORG does not sell personal information, as “sale” is defined under the CCPA.
• Right to Non-Discrimination: You have the right not to receive discriminatory treatment for exercising any of your CCPA rights.

Categories of Personal Information Collected (CCPA)

In the preceding twelve months, we have collected the following categories of personal information from California residents:

• Identifiers (e.g., name, email address, postal address, IP address)
• Personal information categories listed in the California Customer Records statute (e.g., contact information, professional information)
• Commercial information (e.g., records of name registrations)
• Internet or other electronic network activity information (e.g., browsing history, search history)
• Geolocation data (approximate location)
• Professional or employment-related information

How to Exercise Your CCPA Rights

To exercise your rights under the CCPA, please submit a verifiable consumer request to us by:

• Emailing us at ccpa@ichb.org
• Contacting us through our website contact form

Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Authorized Agent

You may designate an authorized agent to make a request on your behalf. When submitting the request, please ensure the agent is identified as your authorized agent and provide signed permission authorizing the agent to act on your behalf.

Shine the Light Law (California Civil Code Section 1798.83)

California residents are also entitled to request information regarding our disclosure of personal information to third parties for their direct marketing purposes. ICHB.ORG does not disclose personal information to third parties for direct marketing purposes.

For Users from Russia and CIS Countries

General Provisions

This section contains additional information for users located in the Russian Federation and member states of the Commonwealth of Independent States (CIS), and applies in conjunction with the other provisions of this Privacy Policy.

Official Representative

In the territory of the Russian Federation and CIS member states, ICHB.ORG carries out its activities through official representatives. When submitting name registration applications through a representative, your personal data is processed in accordance with the legislation of your country of residence. The representative acts as an independent data controller and is responsible for compliance with local legal requirements.

Legal Bases for Processing in Accordance with Russian Legislation

For users from the Russian Federation, personal data processing is carried out on the following grounds provided for by Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”:

• Consent to the processing of personal data (Article 9): upon registration, submission of naming applications, subscription to newsletters;
• Performance of a contract (Article 6): processing is necessary for the performance of a contract to which the user is a party;
• Legitimate interest (Article 6): for carrying out scientific activities, improving the quality of services, ensuring security;
• Compliance with legal requirements (Article 6): to fulfill obligations provided for by the legislation of the Russian Federation.

Cross-Border Data Transfer

Your personal data may be transferred to the territory of the Republic of Cyprus, where the main servers of ICHB.ORG are located. Such transfer is carried out in accordance with the requirements of personal data protection legislation and ensures an adequate level of protection. When transferring data of users from the Russian Federation, we are guided by the requirements of Article 12 of Federal Law No. 152-FZ.

Retention Periods (Data Localization)

With respect to personal data of users from the Russian Federation, we take into account the requirements for data localization. Information collected through the official representative in the territory of the Russian Federation is processed and stored in compliance with the requirements of Federal Law No. 242-FZ.

Rights of Users from the Russian Federation (Article 14 of Federal Law No. 152-FZ)

In addition to the rights described in the “Your Rights” section, users from the Russian Federation have the right to:

• Request clarification of personal data: if the data is incomplete, outdated, or inaccurate;
• Request blocking or destruction: if the data is processed in violation of the law;
• Appeal the operator’s actions: to the authorized body for the protection of personal data subjects’ rights (Roskomnadzor) or in court;
• Protect their rights and legitimate interests: including compensation for losses and compensation for moral damages.

Supervisory Authority (Roskomnadzor)

Users from the Russian Federation have the right to file a complaint with the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor): https://rkn.gov.ru/

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. When we make material changes, we will notify you by posting the updated policy on this page with a revised “Latest Update” date. In some cases, we may provide additional notice (such as email notification).

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Third-Party Links

Our Services may contain links to third-party websites, including those of partner organizations, scientific institutions, and social media platforms. This Privacy Policy does not apply to such third-party sites, and we are not responsible for their privacy practices. We encourage you to read the privacy policies of any third-party sites you visit.

International Data Transfers

Your personal data may be transferred to and processed in countries other than your own. These countries may have data protection laws different from those in your country. We take steps to ensure that any such transfers comply with applicable legal requirements and that your data remains protected, including through the use of standard contractual clauses approved by the European Commission.

How to Complain

If you have concerns about our handling of your personal data, please contact us first at privacy@ichb.org, and we will do our best to resolve your issue.

If you are located in the EEA or UK and remain unsatisfied, you have the right to lodge a complaint with your local data protection supervisory authority.

Definitions and Legal References

Personal Data

Any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.

Usage Data

Information collected automatically through our Services, which may include IP addresses, browser type and version, operating system, referral sources, page views, and the dates and times of visits.

User

The individual using our Services, who must be the Data Subject or authorized by the Data Subject to provide personal data.

Data Subject

The legal or natural person to whom the Personal Data refers.

Data Processor

A natural or legal person, public authority, agency, or other body that processes personal data on behalf of the Data Controller.

Data Controller (or Owner)

The natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of processing personal data. For the purposes of this Privacy Policy, the Data Controller is ICHB.ORG.

This Application

The website, platform, and services provided by ICHB.ORG through which Personal Data is collected.

Cookies

Small text files stored on a user’s device by a web browser, used to remember information about the user’s visit and preferences.