The International Centre for the Study of the Preservation and Restoration of Cultural Property (hereafter, ICCROM) is an intergovernmental organization working in service to its Member States to promote the conservation of all forms of cultural heritage, in every region of the world.
ICCROM-Sharjah is a regional office of ICCROM located in Sharjah, United Arab Emirates, aiming to contribute to cultural heritage education and advocacy in the Arab region.
ICCROM, in adherence to its mission and institutional values, undertakes to protect personal data of natural persons regardless of their nationality or residence, respecting every human being’s identity, dignity and fundamental freedoms in accordance with standards adopted regarding the processing and circulation of personal data.
The Data Controller (Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; in this case ICCROM) is ICCROM, based in Rome, via di San Michele n. 13, Tel.: (+39) 06 585531; Fax: (+39) 06 58553349. The Data Controller is also available at the following e-mail address: data-protection@iccrom.org.
Personal data protection is based on compliance with data protection principles that ICCROM undertakes to implement, adhere to and require of its staff members or third parties with whom it collaborates in its activity and mission. Specifically, ICCROM undertakes to:
This Data Protection Manual will be brought to the attention of all internal staff (both at the Headquarters and Regional Office), as well as to collaborators and partners, through specific awareness-raising meetings and other means.
This policy is addressed to Users of the https://iccromarabforum.org/ website (“Website”) and to all individuals concerned about the processing of their personal data by the Data Controller, within its activity and mission (“Concerned person/s” or “User/s”).
Access to some sections of the Website and/or requests for information or services from Users requires the disclosure of personal data; the processing of these data will comply with Organization’s privacy policy.
This policy concerns only the ICCROM Arab Forum Website and not other websites Users may access through links on the ICCROM Website.
Computer systems and software procedures that ensure the proper function and running of the portal acquire, during normal activity and only for the time of the connection, some personal data implicitly shared during the use of Internet communication protocols. Such data are not collected for the purpose of matching them with the concerned identified Users, but these data, by their nature, could, through processing and matching with data detained by third parties, allow identification of Users (e.g. IP protocols), the domain name of utilized computer terminal, Users’ URI strings (Uniform Resource Identifiers), time of requests, and so on. Such data, once processed, are utilized for the sole purpose of gaining anonymous statistical information concerning Website use and for checking that it is functioning properly.
For more information, refer to Cookies Policy.
Users may voluntarily supply personal data such as contact details, e-mail address, etc., for example when requesting information through e-mail communications. These data are processed in order to fulfil and respond to Users’ requests or perform related activities.
Data processing will be carried out either manually or through electronic media, in compliance with the Organization’s privacy policies and the principles of correctness, lawfulness, transparency, relevance, completeness and process limitation, data minimization and accuracy. The organization and processing of the data and the reason for the processing will follow logic strictly related to the pursued objectives and be performed in a manner suitable to grant security, integrity and confidentiality of processed data. Such measures shall be upgraded and increased from time to time in accordance with technological advancement, in order to assure confidentiality, availability and integrity of processed data.
Personal data may be disclosed to appropriate third parties deemed as Recipients or to persons authorized to process personal data under Data Controller’s authority. In order to correctly perform all processing activities necessary for the scopes indicated in this policy, the following Recipients might process personal data:
Right of access
Data Subjects have the right to obtain from the Data Controller confirmation as to whether or not personal data concerning them are being processed, to access such personal data and to obtain the following information: a) the purposes of the processing operation; b) the personal data categories concerned; c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular those in third countries or international organizations; d) the expected period of personal data storage or applicable criteria for determining such period; e) the existence of the right to request from the Data Controller rectification or erasure of personal data or restriction of processing of personal data concerning or to object to such processing; f) data source, if personal data are not being provided by Data Subjects themselves; g) existence of automated decision making process, including profiling and, in such cases, relevant information concerning applied logic, as well as importance and consequences for Data Subjects arising from the processing.
Right to rectification
Data Subjects have the right to amend inaccurate Personal Data. Taking into account the purposes of the processing, Data Subjects are entitled to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to erasure
Data Subjects have the right to request erasure of personal data to be obtained without unjustified delay and the Data Controller will be bound to erase Personal Data for any of the following reasons: a) Personal Data are no longer necessary to the purposes for which they were collected or processed; b) consent on which Data Processing is based has been withdrawn and there is no other legal basis for Processing; c) Data Subject has denied the right of Processing and there is no other prevailing legitimate reason for Personal Data Processing; d) Personal Data have been unlawfully processed. In some cases, the Data Controller will have the right not to erase Personal Data should the Processing be mandatory to fulfil legal obligations, for public interest reasons, for filing purposes in the public interest or for statistical use or establishment, exercise or defence of legal claims.
Right to limit processing
Data Subjects have the right to restrict processing in the following cases: a) the Data Subject contests the accuracy of the personal data (restriction will last for the time necessary for the Data Controller to assess accuracy of the data); b) the processing is unlawful, and the Data Subject opposes the erasure of the personal data and requests the restriction of their use instead; c) the Data Controller no longer needs the personal data for processing but they are required by the Data Subject for establishment, exercise or defence of legal claims; d) the Data Subject objects to the data processing and is awaiting verification whether the Data Controller’s legitimate grounds override those of the Data Subject. Should a processing restriction apply, personal data will only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest.
Right to data portability
Data Subjects have the right to request and obtain any personal data they have provided to the Data Controller in a structured, commonly used and legible format or to ask for the data to be transmitted to another Data Controller, where technically feasible. In such case, the Data Subject shall be bound to give specific authorization in written form regarding the new Data Controller to whom the personal data is to be transferred.
Right to object
Data Subjects have the right to object, in any situation, for reasons related to their personal situations, to the processing of personal data related to them, included profiling. The Data Controller will refrain from further processing operations on the data in question, unless it demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedom of the data subject, or for the establishment, exercise or defence of a legal claim.
Personal data will be processed by ICCROM only to fulfil specific purposes listed in this policy. Data may be kept for longer periods, or permanently, solely for archiving purposes in accordance with ICCROM’s records retention and disposal schedule.
Anything set forth in this Web Privacy Policy or referring to the Website shall ever be deemed a waiver of any privilege and immunity accruing to ICCROM.
Any request or need shall be addressed by the User to: ICCROM, via di San Michele 13 – Rome, Italy; Tel.: (+39) 06 585531; Fax: (+39) 06 58553349; E-mail: data-protection@iccrom.org.
Users also may consult the Privacy section of the website to find information concerning the Personal Data Policy applied by Data Controller, usage and processing of personal data, updated information concerning contacts and ways to communicate with the Data Controller.