Skip to content

MIT CISR Privacy Statement

Center for Information Systems Research


The mission of the MIT Center for Information Systems Research (MIT CISR) is to help executives meet the challenge of leading dynamic, global, and information-intensive organizations. This Privacy Statement explains how MIT CISR collects, uses, and processes personal information about you in order for you to participate in MIT CISR.

What personal information we collect

We collect, use, store, and transfer different kinds of personal information about you, which we have grouped together as follows:

  • Biographic information – name, home and business addresses, phone numbers, email addresses, phone numbers, MIT affiliation (if any)
  • Employment information – employer, address, and job title
How we collect personal information about you

We collect information about you from a variety of sources. In general, this is obtained directly from you when you register on and use the website. If you are a member of an MIT CISR sponsor or patron organization, we may receive basic biographic and contact information about you directly from your employer.

How we use your personal information

We collect, use, and process your personal information (1) to process transactions requested by you and meet our contractual obligations, (2) to facilitate MIT CISR’s legitimate interests, and/or (3) with your explicit consent, where applicable.

If you have concerns about any of these purposes, or how we communicate with you, please contact us at We will always respect a request by you to stop processing your personal information (subject to our legal obligations).

When we share your personal information

To perform the functions listed above, it may be necessary to share your personal information with third parties performing services under contract with us.

How your information is stored and secured

MIT CISR uses risk-assessed administrative, technical, and physical security measures to protect your personal information. Only authenticated users with specific permissions may access the data using a virtual private network. We use firewalls and regular monitoring to evaluate any attempts at accessing the systems without permission. We conduct an annual security audit of our systems.

How long we keep your personal information

We consider our relationship with the MIT CISR community to be lifelong. This means that we will maintain a record for you until such time as you tell us that you no longer wish us to keep in touch.    After such time, we will retain a core set of information for MIT CISR’s legitimate purposes, such as archival, scientific, and historical research, and for the defense of potential legal claims.

Rights for Individuals in the European Economic Area

You have the right in certain circumstances to (1) access your personal information; (2) to correct or erase information; (3) restrict processing; and (4) object to communications, direct marketing, or profiling. To the extent applicable, the EU’s General Data Protection Regulation provides further information about your rights.  You also have the right to lodge complaints with your national or regional data protection authority.

If you are inclined to exercise these rights, we request an opportunity to discuss with you any concerns you may have. To protect the personal information we hold, we may also request further information to verify your identify when exercising these rights. Upon a request to erase information, we will maintain a core set of personal data to ensure we do not contact you inadvertently in the future, as well as any information necessary for MIT archival purposes. We may also need to retain some financial information for legal purposes, including US IRS compliance. In the event of an actual or threatened legal claim, we may retain your information for purposes of establishing, defending against, or exercising our rights with respect to such claim.

By providing information directly to MIT, you consent to the transfer of your personal information outside of the European Economic Area to the United States. Information we receive from your employer is transferred through a binding agreement with standard contractual clauses for the cross-border transfer of such personal information. You understand that the current laws and regulations of the United States may not provide the same level of protection as the data and privacy laws and regulations of the EEA.

Additional information

We may change this Privacy Statement from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.

The controller for your personal information is MIT. We can be contacted at

MIT’s EU Representative can be contacted via MIT Press London 1 Duchess Street, London W1S 6AN.

This policy was last updated in July 2018.