This notice applies to you if we process your personal information and you are not an individual to whom we have provided a specific privacy notice. You may be, for example, an individual that works at a supplier or customer or another organisation that we deal with, an attendee at one of our marketing events, a user of one of our websites or someone else who is affected by our activities.
References to you, your and yourself in this privacy notice are to either you as an individual or any organisation that you work for.
References to we, our or us in this privacy notice are to International Institute for Democracy and Electoral Assistance (International IDEA), Strömsborg, SE-103 34 Stockholm, Sweden, an organisation registered in Sweden with registered company number is 9020000098.
References in this privacy notice to our website is to each of www.idea.int, www.inter-pares.eu, www.wpp-africa.net, www.constitutionnet.org and www.stepdemocracy.eu.
We have not appointed a Data Protection Officer to oversee our compliance with data protection laws as we not required to do so, but our Data Protection Compliance Manager has overall responsibility for data protection compliance in our organisation. Contact details are set out in the “Contacting us” section at the end of this privacy notice.
We are committed to respecting your privacy. This notice explains how we may use personal information we collect before, during and after your relationship with us. It also explains how we comply with the law on data protection and what your rights are.
For the purposes of data protection, we will be the controller of any of your personal information.
We may collect the following types of personal information about you:
- Contact details: information that allows us to identify and contact you directly such as your name, address email address, telephone number and addresses.
- Identification information: passport and other official identification details.
- Other personal information: such as your date of birth and nationality, which we may ask for when booking tickets for events which you wish to attend.
- Details of your work history: This may include positions, roles, responsibilities, professional qualifications.
- Dietary and health information: this includes dietary requirements to cater for you at meetings or events you may attend and where necessary, information about your health when you are attending at our premises or our events (e.g. whether you have Covid19 symptoms or information about your disability, so that we can organise access for you).
- Advisors appointed by you: including, lawyers, financial advisors, surveyors.
- Creditworthiness: We may undertake investigations into your creditworthiness in order to establish whether to enter into or continue a business relationship with you or the organisation you work for.
- Details of your performance: when working with or for us or in relation to any project or work we are engaged in.
- How you use our website: we collect information about the pages you look at and how you use them.
- Videos, photographs and audio recordings: which you take and provide to us or we take ourselves including at meetings and events.
- Your usage of the IT systems we make available to visitors to our premises: for example, our internet and Wi-Fi facilities.
- Details of the correspondence (including e-mail correspondence) you send and receive from us: this includes letters and emails, SMS, MMS and other electronic communication and may in some cases include audio recording of telephone conversations.
- Subscription information: for example, when you subscribe to one of our newsletters, podcasts or other materials via our website.
- Webforms on our website: information that you provide when you fill out a form on our website which includes when you provide subscription information, give us your feedback, request a key to make use of our tools, or if you contact us via the website.
- Login information: account details including username and password for accessing certain content available via our website such as some of our databases.
- IP address information: your computer's IP address allows us to track your usage of our website.
- Any other personal data you choose to disclose to us.
We do not collect, store and use the following “special categories” of more sensitive personal information regarding you:
- information about your race or ethnicity (other than where this is apparent from photos or videos we collect), religious beliefs, sexual orientation and political opinions;
- information about your trade union memberships; or
- biometric information about you, for example fingerprints, retina scans.
If we do collect any special category personal information (e.g. because you choose to disclose this to us), we do not currently rely on consent as a basis for processing special category personal information.
We will also not collect, store and use any criminal records information in relation to you. If we do collect any criminal records information, we do not currently rely on consent as a basis for processing criminal records information.
We will collect personal information from a number of sources. These may include the following:
- Directly from you: when you indicate that you may wish to attend an event, complete forms we provide to you, use our website, provide money laundering information to us, contact us by phone, email or communicate with us directly in some other way.
- Our website: provides us with information about how you use it and the devices that you use to connect to it.
- Providers of information: which may include professional bodies or trade associations, credit reference agencies, LinkedIn and other web platforms.
- Your employer or the organisation you work for: they may provide us with your name, position contact details and background information about you.
- Our professional advisors: such as lawyers, accountants, financial advisors, consultants and other advisors.
- Your professional advisors: such as lawyers, accountants, financial advisors, consultants and other advisors.
We will also collect additional personal information throughout the period of our relationship with you.
If you are providing information regarding other individuals to us, it is your responsibility to ensure that you have the right to provide the information to us. In particular, if you are providing us with details about other individuals, they have a right to know and to be aware of what personal information we hold about them, how we collect it and how we use and may share that information. Please share this Privacy Notice with those of them. They also have the same rights as set out in the “YOUR RIGHTS IN RELATION TO PERSONAL INFORMATION” section below.
The table below describes the main purposes for which we process your personal information, the categories of your information involved and our lawful basis for being able to do this. Which will apply will depend upon the nature of your relationship and interactions with us.
|Purpose||Personal information used||Personal information used|
|Carrying out identity and credit checks||Contact details and payment information||We may have a legal obligation to undertake identification We also have a legitimate interest in knowing your identity and carrying out money laundering checks and ensuring that we are likely to be paid|
|Anti-money laundering checks||We may have a legal obligation to undertake anti-money laundering checks|
|Enter into and perform contracts, where (i) we may be supplying services to you, (ii) you may be supplying products/services to us (iii) we may be collaborating with you to produce a deliverable, or (iv) we may be involved in similar arrangements with third parties||All the personal information we collect||To enter into and perform contracts with either yourself or the organisation that you represent We have a legitimate to properly perform contracts with third parties|
|Deal with your queries or complaints, claims, legal disputes or raise queries, claims, legal disputes or complaints with you or the organisation you work for||All the personal information we collect||This may be necessary to perform a contract with you or the organisation that you represent We have a legitimate interest to improve the services and/or products we provide To defend, bring or establish legal claims|
|Maintain and improve our services||All the personal information we collect||We have a legitimate interest to improve the services and/or products we provide|
|Data analytics, statistical analysis and other research to help us improve our online services||How you use our website||We have a legitimate interest to improve the online services we provide and user experience|
|Security of our IT systems||All the personal information we collect||We have a legitimate interest in ensuring the security of our IT systems|
|Staff training||All the personal information we collect||We have a legitimate interest to improve the products and services we provide|
|Direct marketing||Contact details and services and products that we have determined may be of interest to you or your organisation and/or which you or your organisation has received from us in the past||We may ask for your consent to process your data for this purpose, you may revoke your consent at any point. Alternatively, if you or your organisation have received similar services from us previously we may market similar products or services as a legitimate interest in developing our business. You have the right to opt out from such marketing at any time|
|Holding events||Your contact details, date or birth, nationality, details of attendance, your comments in response forms, dietary and health requirements.||We have a legitimate interest in holding events and tracking attendance and providing appropriate food and drinks at events. We may also have a legal obligation to comply with health and safety requirements.|
|Promoting future events||Your photograph or audio and/or video recordings that you appear in may be used in marketing material for the promotion of future events.||We have a legitimate interest in using such images and/or recordings to promote our organisation and what we do.|
|To comply with our legal obligations||All the personal information we collect.||To comply with any legal obligations or requirements.|
|To manage our relationship with you or the organisation you work for and to operate and manage our business and internal reporting||All the personal information we collect.||We have a legitimate interest to operate our business in an efficient way and to expand our business. To enter into and perform contracts with either yourself or the organisation that you represent.|
|Storage of records relating to you and also records relating to our business||All the personal information we collect.||To be able to manage and fulfil any contract with you, we may have a legal obligation to do so and we also have a legitimate interest to keep proper records.|
For some of your personal information you may have a legal, contractual or other requirement or obligation for you to provide us with your personal information. If you do not provide us with the requested personal information we may not be able to properly perform our contract with you or the organisation you represent or comply with legal obligations and we may have to terminate our relationship. For other personal information you may not be under an obligation to provide it to us, but if you do not provide it then we may not be able to properly perform our arrangements with you or the organisation you represent.
Where you have given us your consent to use your personal information in a particular manner, you have the right to withdraw this consent at any time, which you may do by contacting us as described in the “Contacting us” section below. We will generally only ask for your consent for direct marketing.
Please note however that the withdrawal of your consent will not affect any use of the data made before you withdrew your consent and we may still be entitled to hold and process the relevant personal information to the extent that we are entitled to do so on bases other than your consent. Withdrawing consent may also have the same effects as not providing the information in the first place, for example we may no longer be able to provide marketing information to you.
We may anonymise and aggregate any of the personal information we hold (so that it does not directly identify you). We may use anonymised and aggregated information for purposes that include testing our IT systems, research, data analysis, improving our site and services.
We may share personal information with the following parties:
- ther companies in our supply chain: so that they can contact you about any issues in the supply chain or where your personal information is relevant to a subcontractor or party above us in the supply chain.
- Credit reference and other identification agencies: so that we can assess your creditworthiness and to verify your identity. These agencies may retain a footprint that a search has been undertaken.
- Third parties who ask for or want referrals: we may provide your details to a third party who is seeking services/products which are the same or similar to those that you provide.
- Marketing, public relations and IT service provider companies: to help us to develop, carry out and assess marketing and PR campaigns such as Mailchimp and Eventbrite.
- Other service providers and advisors to us: such as companies that support our IT, help us analyse the data we hold, process payments, send communications to our customers, provide us with legal, property or financial advice and generally help us deliver our services to you or the organisation that you represent or for us to purchase them from you or the organisation you represent.
- Information providers: which may include credit reference agencies and money laundering check providers.
- The Government, local authorities, planning authorities or relevant regulators: where we are required to do so by law or to assist with their investigations.
- Police, law enforcement agencies and security services: to assist with the investigation and prevention of crime and the protection of national security.
We may provide third parties with aggregate statistical information and analytics about users of our products and services but we will make sure no one can be identified from this information before we disclose it.
We do not disclose personal information to anyone else except as set out above unless we have your consent or we are legally obliged to do so. We do not sell, rent or trade your data.
Email and post and SMS marketing: from time to time, we may contact you by email, post or SMS with information about products or services we believe you may be interested in.
We will only send marketing messages to you in accordance with the marketing preferences you set when you create your account or that you tell us afterwards you are happy to receive or where you or the organisation you represent have received similar services or goods from us previously.
You can then let us know at any time that you do not wish to receive marketing messages by sending an email to us at email@example.com or by using the by using the details set out in the "Contacting Us" section below. You can also unsubscribe from our marketing by clicking on the unsubscribe link in any marketing messages we send to you.
The personal information we collect about you is not transferred to or stored in countries outside of the European Union except as set out in this section.
Our directors and staff working for us may in limited circumstances access personal information outside of the European Union if they are based outside of European Union or if they are on holiday and accessing our systems remotely for work. If they do so they will be using our security measures and will be subject to their arrangements with us which are subject to Swedish law and the same legal protections that would apply to accessing personal data within the Sweden.
In limited circumstances the people to whom we may disclose personal information as mentioned in the “WHO WE SHARE YOUR PERSONAL INFORMATION WITH?” section above may be located outside of the European Union. In these cases we will impose any legally required protections to the personal information as required by law before it is disclosed.
We will keep your personal information for as long as is necessary for the purpose for which it has been obtained and then for as long as there is any risk of a potential claim, which will be dependent upon the limitation period for the particular type of claim. We have set out below the main retention periods which will apply, unless we contact you to specifically tell you otherwise:
- For individual contacts at customers and suppliers this will be for as long as we continue to have a relationship with that customer or supplier and then for a period of 10 years afterwards.
- For marketing contacts it will generally be a period of 3 years after we were last in contact with you.
- For website users it will generally be a period of 1 years after you used our website.
- For individuals seeking information, making complaints or otherwise corresponding with us it will generally be 10 years.
- For individuals attending an event it will generally be a period of 3 years after the event.
It is important to ensure that the personal information we hold about you is accurate and up-to-date, and you should let us know if anything changes, for example if you move position or work for a different organisation or change your phone number or email address. you can contact us by using the details set out in the “Contacting us” section below.
We have numerous security measures in place to protect the loss, misuse and alteration of information under our control, such as passwords and firewalls. We cannot, however, guarantee that these measures are, or will remain, adequate. We do, however, take data security very seriously and will use all reasonable endeavours to protect the integrity and security of the personal information we collect about you.
You have the following rights in relation to your personal information:
- the right to be informed about how your personal information is being used;
- the right to access the personal information we hold about you;
- the right to request the correction of inaccurate personal information we hold about you;
- the right to request the erasure of your personal information in certain limited circumstances;
- the right to restrict processing of your personal information where certain requirements are met;
- the right to object to the processing of your personal information;
- the right to request that we transfer elements of your data either to you or another service provider; and
- the right to object to certain automated decision making processes using your personal information.
You should note that some of these rights, for example the right to require us to transfer your data to another service provider or the right to object to automated decision making, may not apply as they have specific requirements and exemptions which apply to them and they may not apply to personal information recorded and stored by us. For example, we do not use automated decision making in relation to your personal data. However, some rights have no conditions attached, so your right to withdraw consent or object to processing for direct marketing are absolute rights.
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
Whilst this Privacy Notice sets out a general summary of your legal rights in respect of personal information, this is a very complex area of law. More information about your legal rights can be found on the website of the Swedish Data Protection Authority (https://www.datainspektionen.se).
To exercise any of the above rights, or if you have any questions relating to your rights, please contact us by using the details set out in the "Contacting us" section below.
If you are unhappy with the way we are using your personal information you can also complain to Swedish Data Protection Authority (https://www.datainspektionen.se). We are here to help and encourage you to contact us to resolve your complaint first.
In the course of interacting with us, whether through our website or otherwise, you may disclose personal information to others. For example, our website may include links to third party sites, not controlled by us, or you may attend an event at premises not owned by us. In those circumstances, you may be disclosing your personal information to the third party owner of the website we link to or the owner of the premises you attend. The personal information you disclose in these scenarios will be subject to the privacy notices of the entities you disclose your information to, not us, so please read their privacy notices carefully before you submit your personal information to them.
We may update this privacy notice from time to time. When we change this notice in a material way, we will update the version date at the bottom of this notice. For significant changes to this notice we will try to give you reasonable notice unless we are prevented from doing so. Where required by law we will seek your consent to changes in the way we use your personal information.
In the event of any query or complaint in connection with the information we hold about you, please email us at firstname.lastname@example.org or write to us at International IDEA, Strömsborg, SE-103 34 Stockholm, Sweden.