We take our responsibility to fairly, lawfully and transparently process personal data seriously. The personal data of natural persons, regardless of their nationality or residence, are protected in respect of their identity, dignity and fundamental freedoms.

The main principles that govern ICCROM’s data protection measures are

  •  Have due regard and consideration for all parties whose personal data may be collected and process these data only for the time strictly necessary.
  •  Limit the collection of personal data to those necessary to perform activities (pertinent and limited personal data).
  • Protect stored personal data, implementing appropriate technical and organizational procedures, as well as security measures, to ensure that data processing is carried out with due regard to ethical standards, with all respect for the nature of the personal information being held and the risks to which it is exposed.

ICCROM’s Data Protection Manual is composed of

  • Principles and commitments ICCROM undertakes for the protection of personal data;
  • Physical, technical and organizational measures, including the assignment of roles and responsibilities within the Organization for personal data handling and protection;
  • Informative and consent notices developed for individuals whose personal data are processed within ICCROM to provide clear and concise information regarding the processing of their data.
  • Policies and procedures, such as a web privacy policy, web cookies policy, social media policy, policy for the use of IT systems/devices and archives, and a data breach procedure.

Yearly training on personal data protection and management for ICCROM staff and collaborators is an important component of our data protection measures. Tutorials on data protection and cyber security have been developed, as well as infographics to provide an easy-to-understand overview of the topic. 

An annual internal audit is conducted to determine if compliance requirements have been fulfilled and whether operations need to be modified to optimize data management and security.  

Below you can view notices about what and why data is processed within the scope of ICCROM’s activities.

This Data Processing Agreement is established between ICCROM and a partner as part of a Memorandum of Understanding to ensure that the our partners’ processing of personal data is carried out in accordance with the principles of lawfulness, fairness and transparency.

Access and Response to Data Subject Access Requests

ICCROM facilitates the individual in exercising their rights concerning their personal data. These rights include the right to access, rectify, erase, minimize processing, withdraw consent, object to processing, data portability where technically feasible, and not be subject to automated decisions, including profiling.

The individual may exercise their rights by submitting a request to the following email address: data-protection@iccrom.org.