Privacy Notice
Data Protection Principles
For ICMPD trust is a vital cornerstone in every business relationship, which is why we attach great importance to the secure and sensitive management of your data. This data protection declaration is intended to give you an insight into which personal data is used, for what purpose and what options are available to you as the data subject for getting the best possible overview of what happens to your data and what rights you have in this regard. ICMPD operates a consistent and continuous data protection management system in order to systematically plan, organise, manage and monitor legal and operational data protection requirements. Our goal is to ensure the rights and freedoms of those concerned, and recognise business-related risks arising from data protection and to be able to manage these accordingly.
This means for you, as the data subject:
- All personal data shall be processed in a fair and transparent manner.
- All personal data shall be accurate and be kept up to date. When found to be inaccurate it shall be corrected as soon as possible.
- Personal data shall only be used for the specified purpose for which active consent was obtained.
- Personal data which is no longer used for the specified purpose or is known to be inaccurate shall be deleted/destructed or, where deletion is not feasible, access must be restricted so that no one apart from those responsible for technical maintenance of the space it is saved in has access.
- While business contacts are available to all staff and made available to implementing partners, beneficiaries and contractors as required, access to private and sensitive data is restricted to persons who need access for carrying out their respective function for as long as they carry out this function based on a secure authentication mechanism including strong passwords.
- Processing activities of personal data owned by ICMPD may only be performed by external parties based on the conclusion of a binding written contract that sets out the purpose and duration of the processing and ensures that the processor meets technical and organisational requirements to ensure the effective protection of the rights of the concerned data subjects.
- ICMPD respects your rights under the data protection laws, such as the right to be informed about the lawful basis we rely on for processing your personal data.
- Our information processing security measures comply with the latest standards and with statutory requirements.
- Our employees are obliged to maintain confidentiality and receive regular training on data handling best practices.
In order to explain it to you as transparently as possible, we have endeavoured to describe the facts as simply as possible. Whether you are a long-standing implementing partner, beneficiary or contractor, we invite you to read this statement carefully and familiarise yourself with our practices.
If you have any questions, please do not hesitate to contact us at eu4ibmtr@icmpd.org
What type or categories of personal data we process
Personal data is all that information that relates to an identified or identifiable natural person.
We store and process personal data only as far as is directly necessary for developing and in the implementation of individual projects and services along our fields of expertise.
We also process data that we have rightfully obtained from publicly accessible sources (e.g. company registers or the land registry).
We process the personal data which you provide to us in various ways such as through your use of our website or in the course of an enquiry you have with us.
The following personal data is processed by us:
- Personal data relating to partners, beneficiaries or contractors:
- First name, Last name
- Contact details (email address)
Any further information you provide to us such as the content of an enquiry (via a free text field or over the phone)
We guarantee that we will only use any personal data we collect for the purpose for which it was originally collected. It is especially important to us to ensure there is no lack of clarity around collection of personal data and that you know from the start how, why and by whom the data has been collected.
How we use personal data
The processing of the data subject's data is carried out on the basis of the performance of the contract and in exercise of the legal regulations addressed to the data controller (in particular the laws concerning the employee).
For example, the purposes of data processing are as follows:
In order to safeguard our legitimate interests, the following data processing purposes are pursued, for example,
- Marketing to inform interested parties about our projects
- Processing and transfer of data in the context of implementing and securing new IT solutions.
If the purpose for which the data was originally collected no longer applies, we may continue to store your data only if we obtain your consent to do so or if there is another important exceptional reason.
Existence of automated decision-making
We do not currently undertake any automatic decision-making or profiling.
Legal basis for the collection and processing of your data
As a rule, we try to make the collection and processing of your data as transparent as possible. Therefore, we adhere exactly to the guidelines set out in Art. 6 ff of the GDPR and use these as the legal basis for the processing and collection of your data. We process your personal data in accordance with the provisions of the European Data Protection Regulation (GDPR).
Legal basis for data processing:
- Consent granted pursuant to Art. 6 (1) lit. a GDPR for the processing of your personal data for specific purposes (e.g. consent for newsletter transmission).
- The processing of personal data (Art. 4 No. 2 GDPR) is carried out as far as necessary for the implementation of our contracts with you and the execution of your orders as well as for the implementation of pre-contractual measures according to Art. 6 Para. 1 lit. b GDPR.
- Legal obligations pursuant to Art. 6 Para. 1 lit. c GDPR, which we must fulfil, such as legally prescribed storage and documentation obligations.
- Safeguarding legitimate interests pursuant to Art. 6 Para. 1 lit. f GDPR. Where necessary, data processing may be carried out to protect legitimate interests within the framework of balancing interests in favour of ICMPD. In the following cases, data processing is carried out to safeguard legitimate interests. Examples of such cases are
Personal data will only be disclosed or transferred to third parties if this is required by law or for the purpose of contract execution.
Stored personal data will be deleted if you, as a user of our website and/or interested party and/or customer, revoke your consent to data processing, if your data is no longer required to fulfil the purpose for which it was stored, or if its storage is or becomes inadmissible for other legal reasons. Data that is required for contract processing, accounting purposes or to comply with other legal obligations (documentation obligations) is not affected by a request for deletion.
Disclosure and transfer
We will only disclose personal data to third parties if we have a legal basis to do so, for example, if we are required to do so by law, if it is necessary to perform our contract with you or if you have given your prior consent.
With third party processors
We use third party processors (in particular IT service providers) to help us with certain functions and we may disclose your personal data to them if they need it to perform their respective services. All processors are contractually bound to keep your data confidential and to process it only as part of the agreed service provision.
Data access and security
Those involved in the implementation and process within ICMPD have access to your data depending on operational and organisational requirements.
Privacy and data security are important to us. We have implemented technical and organisational measures to secure our data processing. These measures protect against unauthorised or unlawful processing, accidental loss, accidental destruction or accidental damage. This applies in particular to the protection of your personal data. Examples of the measures we take to protect your personal information include:
- We protect against unlawful access to personal data by applying a role authorisation policy, a data security policy and physical safeguards;
- We have information security policies in place within the company.
All technical and organisational security measures are continuously reviewed in line with technological developments. External and internal IT security is regularly reviewed by an external IT security company. Our central IT service provider regularly provides us with an ISO 27001 audit report on its internal control system.
Your rights as a data subject
As a data subject, you have a number of rights which we have set out below. To exercise your rights or if you have any queries, please contact our Data Protection Focal Point:
Contact: eu4ibmtr@icmpd.org
We may require you to prove your identity in an appropriate manner before we are able to comply with your request, in order to prevent unauthorised third parties from gaining access to your personal data and/or to prevent unauthorised changes and/or deletions from being made to unauthorised third parties and/or to prevent unauthorised changes and/or deletions.
When we receive a request from you exercising your rights, we will respond promptly and no later than one month after we receive your request. Our response will provide an initial view or response to your concern, or whether, and if so why, the period for providing our view has been extended by up to two months.
ICMPD Website, Newsletter and Cookies
Representation of ICMPD in the Republic of Türkiye is committed to safeguarding the privacy of the users of the Representation of ICMPD in the Republic of Türkiye IBM Project website (www.esy.org.tr) and newsletter, while aiming to provide a user-friendly and valuable service. Personal information is only collected via registration forms with the requirement of an explicit written consent for the Representation of ICMPD in the Republic of Türkiye to process and/or use any personal data in the manner and for the purpose described below in this privacy notice.
During a visit to the website and use of the newsletter tool, the following types of information are collected: browsing patterns, website preferences, location of the user. This information is only used in aggregate forms: statistical reports on number of monthly visits, typical user paths, etc. These reports are used:
- to monitor the use of the website
- to identify audience profiles
- to support strategic planning.
Newsletter usage monitoring is personalised in order to support the evaluation and improvement of the Representation of ICMPD in the Republic of Türkiye’s services based on the interest in specific policy topics by individual target groups.
the Representation of ICMPD in the Republic of Türkiye processes personal information collected via its website and newsletter tool solely for communication purposes of the organisation. Only authorised staff members and contractors have access to the information and it will not be shared with any third parties. ICMPD uses secure data networks that are protected by firewall, mal-ware and password protection systems that are consistent with industry standards.
A cookie is a data file that, if your browser settings allow, is stored by us on your computer when you visit our website or carry out certain actions. The cookie contains information that we have sent to your computer. It stores certain settings and data for interaction with our system via your browser.
We use so-called session cookies, which are stored during your visit to our website. They are deleted when you close your browser session. We also use persistent cookies, which remain on your computer after a browser session has ended. Persistent cookies contain an identification number that allows us to identify your computer. This allows us to improve our services when you return to our websites. We cannot link this identification number to any personally identifiable information.
If you do not wish to use cookies, please adjust the cookie handling in the security settings of your browser. You can find these settings in most browsers in the "Tools" menu under "Preferences" or "Internet Options" and in the "Privacy" tab. You can also use these settings to delete cookies that have already been set.
Please note, however, that certain cookies are necessary to ensure the basic functionality of the website. Some pages of our websites may not function properly if you do not accept cookies. Below you will also find information on how to prevent certain cookies from being set.
As far as our cookies are concerned, it is up to you when you want to delete them. In any case, they are stored in your browser until you decide to delete them. As a user, you also have full control over the use of cookies. However, please note that if you choose to disable cookies, you may not be able to use all the features of our website.