Data Protection and Privacy policy
By accessing this Site, certain information about the User, such as Internet protocol (IP) addresses, navigation through the Site, the software used and the time spent, along with other similar information, may be stored on ITC servers. These will not specifically identify the User. The information will be used internally only for web site traffic analysis.
As a United Nations system organization, the ITC is guided by the United Nations Personal Data Protection and Privacy Principles herein enclosed in Annex I for the processing of “personal data”, which is defined as information relating to an identified or identifiable natural person (“data subject”) processed by, or on behalf of, the United Nations System Organizations in carrying out their mandated activities. In particular, ITC will process personal data with due regard to its confidentiality, in accordance with the specific undertakings below.
By using the Site, the User understands and accepts that the ITC is not subject to any domestic law, including the GDPR, which purports to regulate personal data and that the ITC does not waive its privileges and immunities pursuant to its legal status as a joint subsidiary agency of the United Nations and the World Trade Organization.
By using the Site, the User confirms that it has a data protection policy in place that meets the legal requirements applicable to the User, within the legal jurisdiction(s) in which it conducts operations, and that it will apply such a policy to any data it shares with, or receives from, any Third Party or the ITC.
ITC shall not be responsible for any damage suffered by the User or a Third Party as a result of an act or omission of the User or a Third Party regarding data collection, processing or data management. The User shall indemnify and hold harmless ITC without limitation in case of total or partial non-compliance with any of the obligations contained in this agreement.
ANNEX I – UNITED NATIONS PERSONAL DATA PROTECTION AND PRIVACY PRINCIPLES
1 FAIR AND LEGITIMATE PROCESSING
The United Nations System Organizations should process personal data in a fair manner, in accordance with their mandates and governing instruments and on the basis of any of the following: (i) the consent of the data subject; (ii) the best interests of the data subject, consistent with the mandates of the United Nations System Organization concerned; (iii) the mandates and governing instruments of the United Nations System Organization concerned; or (iv) any other legal basis specifically identified by the United Nations System Organization concerned.
2 PURPOSE SPECIFICATION
Personal data should be processed for specified purposes, which are consistent with the mandates of the United Nations System Organization concerned and take into account the balancing of relevant rights, freedoms and interests. Personal data should not be processed in ways that are incompatible with such purposes.
3 PROPORTIONALITY AND NECESSITY
The processing of personal data should be relevant, limited and adequate to what is necessary in relation to the specified purposes of personal data processing.
4 RETENTION
Personal data should only be retained for the time that is necessary for the specified purposes.
5 ACCURACY
Personal data should be accurate and, where necessary, up to date to fulfil the specified purposes.
6 CONFIDENTIALITY
Personal data should be processed with due regard to confidentiality.
7 SECURITY
Appropriate organizational, administrative, physical and technical safeguards and procedures should be implemented to protect the security of personal data, including against or from unauthorized or accidental access, damage, loss or other risks presented by data processing.
8 TRANSPARENCY
Processing of personal data should be carried out with transparency to the data subjects, as appropriate and whenever possible. This should include, for example, provision of information about the processing of their personal data as well as information on how to request access, verification, rectification, and/or deletion of that personal data, insofar as the specified purpose for which personal data is processed is not frustrated.
9 TRANSFERS
In carrying out its mandated activities, a United Nations System Organization may transfer personal data to a third party, provided that, under the circumstances, the United Nations System Organization satisfies itself that the third party affords appropriate protection for the personal data.
10 ACCOUNTABILITY
United Nations System Organizations should have adequate policies and mechanisms in place to adhere to these Principles.