Privacy Notice

Most of the time you will either directly share or be requested to share your personal data with us:

• If you are registering as an “IACA-User” online through our website;
• If you register for an IACA programme or activity;
• If you contact us on the phone, by mail, email, social media, or by other means of communication;
• If you hand over your business card to one of our representatives;
• If you visit our campus/headquarters.

Sometimes we collect your personal data:

• If your contact details are transferred to us from third parties, such as your colleagues, friends, or your employer, who may be a business partner/or member of our constituency;
• If we acquire your personal data from public sources, for example social media sites.

If you provide information on behalf of someone else you must ensure that you have their permission, and that the respective person has been provided with this Privacy Notice before doing so.

If you are under 14 years of age please do not provide us with any of your information unless you have the permission of your parent or guardian.

Please help us to keep your information up to date by informing us by email to mail@iaca.int  of any changes to your contact details or privacy preferences. If you have a user account on our website, you may revise your personal data there by logging into your account at https://www.iaca.int/restricted.

Usually we collect data which you share with us, as needed to administer and maintain our relationship with you.

We usually collect the following contact details:

• Full name;
• Company/organization, and your capacity/function within;
• E-Mail address;
• Postal address;
• Telephone number(s);
• Social media addresses.

If you are a prospective or current student, participant in IACA’s trainings and events,  alumnus/a, faculty member (such as, visiting lecturers, supervisors, examiners, academic consultants), or a job applicant or contractor, we may request you to provide further information, as required to administer your relationship with IACA.

Such additional personal data may be comprised of personal details, usually included in student/training applications, job applications, or résumés, such as your:

• Professional résumé;
• Portrait photo;
• Nationality;
• Passport/identification number;
• Profession;
• Titles;
• Gender;
• Date of birth;
• Country of work;
• Country of residence;
• Details of your employer;
• Bank details.

Students and participants in our trainings/events will be requested to inform us about any special food or support requirements. Such data are regarded as “sensitive” and will be handled by IACA very stringently, as foreseen by applicable laws and regulations.

IACA may process your personal data in particular to:

• respond to your enquiries/requests;
• communicate with you in relation to your contract/agreement with IACA;
• administer your contract/agreement with IACA, such as making bookings or processing or accepting payments;
• establish statistics about our operations (anonymized, where possible);
• maintain an existing special relationship with you, such as with visiting faculty members, partners, constituency, suppliers.

If you have opted to stay in touch and be on our mailing list, we may send you news and updates from IACA about the latest anti-corruption and compliance activities and trends, such as:

• newsletters/bulletins;
• invitations to trainings/seminars, meetings, conferences, and other gatherings;
• information about cooperation/business opportunities.

If you are a representative of one of IACA’s constituency members, or other partners, or a member of one of IACA’s organs, you will receive such updates about IACA also as part of our reporting obligations. Please contact us and let us know if you are no longer acting in this function and who your replacement is.

The use of your data is permitted on the basis of principal legal grounds, such as:

• Where necessary to enter into or perform our contract with you;
• Where we need to use it to comply with our legal obligations, such as circulating information to our partners and constituency contacts, as well as members of IACA’s statutory organs, or responding to legitimate law enforcement requests;
• Where we use it to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights (our legitimate interests include promoting IACA and its activities as well as offering future cooperation with IACA);
• Where you have consented to the use of your data; you can always withdraw your consent by sending an email to mail@iaca.int; additionally, students may write to students@iaca.int, and alumni to alumni@iaca.int.

There may be uses permitted on the basis of other grounds; in such a case, we will use reasonable endeavours to identify the grounds and communicate them to you as soon as possible after becoming aware of the new basis.

In principle, we do not share your personal data with third parties without your consent.

Nevertheless, we may have to share your personal data with external recipients to provide services to you, to administer our contractual relationship with you, or to safeguard our legitimate interests:

• Service providers that we use to conduct trainings, such as external faculty, travel agents, and catering providers;
• External auditing and accounting;
• IT and customer support services;
• Funding partners based on funding agreements;
• Other external entities, if required to safeguard our legitimate interests (e.g. legal counsel).

Please note that we operate globally and the level of data protection may be different in different countries. To the extent possible, we obtain reasonable assurances that third parties are using your personal data in a secure way and only for the purpose these data were collected.

In general, your personal data will only be kept for as long as we consider it necessary for the purposes set out in this Privacy Notice. Our retention periods are based on certain criteria such as:

• Period of contract/agreement;
• Period of partnership;
• Risk of potential claims and periods of prescription;
• Statutory or other legal obligations of retention (e.g. auditing requirements);
• Otherwise, consent-based processing, until your revocation.

We use technical and organisational security measures including encryption tools to protect your personal information against manipulation, loss, destruction, and access by third parties, and we have designed our software to limit access to personal data to those who have a need-to-know.

Regarding security of data transmission over the internet or through our website, we work hard to maintain physical, electronic, and procedural safeguards to protect your information in accordance with applicable data protection requirements.

Our main security measures are:

• Tightly restricted access to your data on a “need-to-know” basis and for legitimate purposes;
• Transfer collected personal data using security tools;
• Firewalled IT systems to prohibit unauthorised access e.g. from hackers;
• Permanently monitored access to IT systems to detect and stop misuse of personal data.

If you have a personal password which enables you to access our website, do not forget your responsibility for keeping this password confidential. We ask you not to share your password with anyone.

You have the right/s:

• That we handle your data safely and will not disclose it to anyone outside IACA without any legal ground, or your consent; within IACA, access to your data is limited on the basis of the “need-to-know” principle and every access is recorded;
• To request further details on the use we make of your personal data;
• To request a portable copy of your personal information in a usable electronic format;
• To limit our use of your personal data; in particular, you may unsubscribe from our general mailing list through clicking on the “unsubscribe” link provided in our mailings, or by sending an email to mail@iaca.int;
• To object against our processing of your data; we will follow your request if no other legitimate grounds demand or justify the processing of your data;
• To request that inaccurate data of yours are updated;
• To request deletion of such information that we no longer have a legitimate ground or obligation to use;
• To lodge a complaint at mail@iaca.int, if you are dissatisfied with our use of your information.

Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime), our interests (e.g. the maintenance of legal privilege), and the rights of third parties.

Please note that we may still process your personal data on another legal basis than that which is related to your consent. See WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA.

When accessing IACA’s website, certain information will be collected by using cookies. Some cookies collect anonymous information, helping IACA to improve its website. Other cookies are used to collect personal data of users upon their registration. Please read more on our cookies.

Please address your request or questions concerning the processing of your personal data to us, stating in the subject line or the header the reference “PRIVACY”:

International Anti-Corruption Academy (IACA)

Muenchendorfer Strasse 2

2361 Laxenburg, Austria

Telephone: +43 2236 710 718 100

FAX: +43 2236 710 718 311

E: mail@iaca.int