*Privacy Note: The Migrant Resource Centres applies ICMPD’s privacy rules and data protection principles.
Contact Responsible body: The responsible body and data controller of your personal data is: ICMPD Headquarters, Gonzagagasse 1, 5th floor in 1010 Vienna Austria.
Contact for data protection queries: For queries, suggestions or complaints as to the processing of your data contact our data protection focal point at:
Letters: Data Protection
Focal Point ICMPD Headquarters Gonzagagasse 1, 5th floor 1010 Vienna Austria
Email:
Supervisory authority: Responsible supervisory authority for data protection matters:
Letters: Österreichische Datenschutzbehörde Barichgasse 40-42 1030 Wien Email:
Data Protection Principles
For ICMPD trust is a vital cornerstone in every business relationship, which is why we attach great importance to the secure and sensitive management of your data. This data protection declaration is intended to give you an insight into which personal data is used, for what purpose and what options are available to you as the data subject for getting the best possible overview of what happens to your data and what rights you have in this regard. ICMPD operates a consistent and continuous data protection management system in order to systematically plan, organise, manage and monitor legal and operational data protection requirements. Our goal is to ensure the rights and freedoms of those concerned, and recognise business-related risks arising from data protection and to be able to manage these accordingly. This means for you, as the data subject:
• All personal data shall be processed in a fair and transparent manner.
• All personal data shall be accurate and be kept up to date. When found to be inaccurate it shall be corrected as soon as possible.
• Personal data shall only be used for the specified purpose for which active consent was obtained. • Personal data which is no longer used for the specified purpose or is known to be inaccurate shall be deleted/destructed or, where deletion is not feasible, access must be restricted so that no one apart from those responsible for technical maintenance of the space it is saved in has access.
• While business contacts are available to all staff and made available to implementing partners, beneficiaries and contractors as required, access to private and sensitive data is restricted to persons who need access for carrying out their respective function for as long as they carry out this function based on a secure authentication mechanism including strong passwords.
• Processing activities of personal data owned by ICMPD may only be performed by external parties based on the conclusion of a binding written contract that sets out the purpose and duration of the 3 processing and ensures that the processor meets technical and organisational requirements to ensure the effective protection of the rights of the concerned data subjects.
• ICMPD respect your rights under the data protection laws, such as the right to be informed about the lawful basis we rely on for processing your personal data.
• Our information processing security measures comply with the latest standards and with statutory requirements.
• Our employees are obliged to maintain confidentiality and receive regular training on data handling best practices.
In order to explain it to you as transparently as possible, we have endeavoured to describe the facts as simply as possible. Whether you are a long-standing implementing partner, beneficiary or contractor, we invite you to read this statement carefully and familiarise yourself with our practices.
If you have any questions, please do not hesitate to contact us - our contact details are set out at the beginning of this statement.
What type or categories of personal data we process
Personal data is all that information that relates to an identified or identifiable natural person.
We store and process personal data only as far as is directly necessary for developing and in the implementation of individual projects and services along our fields of expertise.
We also process data that we have rightfully obtained from publicly accessible sources (e.g. company registers or the land registry).
We process the personal data which you provide to us in various ways such as through your use of our website or in the course of an enquiry you have with us.
The following personal data is processed by us:
• Personal data relating to partners, beneficiaries or contractors:
• First name, Last name, address (address, zip, city, country)
• Contact details (email address, telephone number)
Any further information you provide to us such as the content of an enquiry (via a free text field or over the phone)
Personal data relating to customer base/supplier base: We record very little data on suppliers. We merely need to ensure a trouble-free business relationship.
• Supplier contacts (Name of Entity as per Registration, Contact Person first name, Contact Person last name)
• Contact details (address, email address, telephone number)
• Bank details
Personal data relating to applicants/bidders: there is a separate data protection declaration for these.
We guarantee that we will only use any personal data we collect for the purpose for which it was originally collected. It is especially important to us to ensure there is no lack of clarity around collection of personal data and that you know from the start how, why and by whom the data has been collected.
How we use personal data
The processing of the data subject's data is carried out on the basis of the performance of the contract and in exercise of the legal regulations addressed to the data controller (in particular the laws concerning the employee).
For example, the purposes of data processing are as follows
- Personal contact data for the establishment, processing and management of contracts and business relationships
- Payroll and general payments for various projects
- For financial and business accounting purposes
- Data used in the context of consultancy activities
- All data necessary for the handling of internal processes (e.g. accounting, personnel administration, etc.)
- Personal data required for purchasing purposes (e.g. supplier contact details).
In addition, in order to safeguard our legitimate interests, the following data processing purposes are pursued, for example
- Marketing to inform interested parties about projects
- Processing and transfer of data in the context of implementing and securing new IT solutions.
If the purpose for which the data was originally collected no longer applies, we may continue to store your data only if we obtain your consent to do so or if there is another important exceptional reason.