We take our responsibility to fairly, lawfully and transparently process personal data seriously. The personal data of natural persons, regardless of their nationality or residence, are protected in respect of their identity, dignity and fundamental freedoms.
The main principles that govern ICCROM’s data protection measures are
- Have due regard and consideration for all parties whose personal data may be collected and process these data only for the time strictly necessary.
- Limit the collection of personal data to those necessary to perform activities (pertinent and limited personal data).
- Protect stored personal data, implementing appropriate technical and organizational procedures, as well as security measures, to ensure that data processing is carried out with due regard to ethical standards, with all respect for the nature of the personal information being held and the risks to which it is exposed.
ICCROM’s Data Protection Manual is composed of
- Principles and commitments ICCROM undertakes for the protection of personal data;
- Physical, technical and organizational measures, including the assignment of roles and responsibilities within the Organization for personal data handling and protection;
- Informative and consent notices developed for individuals whose personal data are processed within ICCROM to provide clear and concise information regarding the processing of their data.
- Policies and procedures, such as a web privacy policy, web cookies policy, social media policy, policy for the use of IT systems/devices and archives, and a data breach procedure.
Yearly training on personal data protection and management for ICCROM staff and collaborators is an important component of our data protection measures. Tutorials on data protection and cyber security have been developed, as well as infographics to provide an easy-to-understand overview of the topic.
- General Information on Personal Data Protection
- ICCROM Commitment and Roles for Data Handling and Protection
- Data Breach Procedure
- Rights of Data Subjects
An annual internal audit is conducted to determine if compliance requirements have been fulfilled and whether operations need to be modified to optimize data management and security.
Below you can view notices about what and why data is processed within the scope of ICCROM’s activities.
- Processing of Data Collected from Staff
- Processing of Personal Data Collected from Candidates Admitted to Training Activities, Internships and Fellowships
- Processing of Personal Data Collected from Activity Lecturers, Consultants and Other Types of Collaborators
- Processing of Personal Data Collected from the General Assembly and Nomination to the Council (EN, FR)
- Processing of Data Collected from Suppliers (EN, IT)
- Data Processing Agreement
This Data Processing Agreement is established between ICCROM and a partner as part of a Memorandum of Understanding to ensure that the our partners’ processing of personal data is carried out in accordance with the principles of lawfulness, fairness and transparency.
Access and Response to Data Subject Access Requests
ICCROM facilitates the individual in exercising their rights concerning their personal data. These rights include the right to access, rectify, erase, minimize processing, withdraw consent, object to processing, data portability where technically feasible, and not be subject to automated decisions, including profiling.