INSTITUTE OF INTERNATIONAL PEACE LEADERS
PRIVACY POLICY (GDPR COMPLIANT)
Effective Date: 20-10-2019
|
Version: 1.0
1.1 The Institute of International Peace Leaders ("IIPL," "we," "us," "our") is committed to protecting your privacy and ensuring the security of your personal data.
1.2 This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you interact with our organization.
1.3 This policy is formulated in accordance with the EU General Data Protection Regulation (GDPR) 2016/679 and other applicable data protection laws.
2.1 The data controller for the personal data you provide is:
3.1 Our Data Protection Officer (DPO) can be contacted at:
4.1 We collect and process the following categories of personal data:
4.1.1 Identity Data
- Full name
- Title/position
- Date of birth
- Photograph
- Government ID (for high-level role due diligence)
4.1.2 Contact Data
- Email address
- Physical address
- Telephone number(s)
- Social media profiles (when relevant)
4.1.3 Professional & Biographical Data
- Curriculum Vitae/Resume
- Motivation letters
- Professional background
- References and recommendations
- Academic qualifications
- Work experience
4.1.4 Financial Data
- Bank account details
- Payment card information (processed via PCI-DSS compliant processors)
- Donation history
- Transaction records
4.1.5 Technical Data
- IP address
- Browser type and version
- Time zone setting
- Operating system
- Device information
4.1.6 Usage Data
- Website navigation paths
- Feature usage statistics
- Member portal access logs
4.1.7 Marketing and Communications Data
- Newsletter preferences
- Communication preferences
- Event participation history
5.1 We process personal data under the following lawful bases:
5.1.1 Consent
- For marketing communications
- For certain types of cookies
- For special category data processing
5.1.2 Contract
- Membership administration
- Program participation
- Donation processing
5.1.3 Legal Obligation
- Tax compliance
- Regulatory reporting
- Legal claims defense
5.1.4 Legitimate Interests
- Network security
- Fraud prevention
- Organizational administration
- Program improvement
6.1 Specific purposes for data processing include:
6.1.1 Membership Management
- Application processing
- Membership administration
- Communication regarding membership benefits
6.1.2 Program Administration
- Global Peace Ambassador program management
- National Youth Leaders program coordination
- Event organization and management
6.1.3 Financial Processing
- Donation processing and acknowledgment
- Membership fee collection
- Financial reporting and compliance
6.1.4 Communication
- Newsletter distribution
- Event invitations
- Organizational updates
- Research dissemination
6.1.5 Operational Improvement
- Website analytics
- Service improvement
- Impact measurement
7.1 Internal Data Sharing
- Data may be shared with IIPL Regional Chapters for program coordination
- All chapters bound by data processing agreements
- Access limited on need-to-know basis
7.2 Third-Party Processors
- Cloud storage providers (Google Workspace/Microsoft 365)
- Payment processors (Stripe/PayPal)
- Email marketing platforms (Mailchimp)
- Analytics providers (Google Analytics)
- All processors bound by GDPR-compliant data processing agreements
7.3 International Transfers
- Transfers outside EEA use Standard Contractual Clauses
- Adequacy decisions considered where applicable
- Additional safeguards implemented for high-risk transfers
7.4 Legal Disclosures
- We may disclose data when required by law
- We may disclose data to protect vital interests
- We may disclose data to enforce our legal rights
8.1 Technical Measures
- Encryption of data in transit and at rest
- Access controls and authentication systems
- Network security systems
- Regular security testing
8.2 Organizational Measures
- Staff training on data protection
- Confidentiality agreements
- Access limitation policies
- Incident response procedures
9.1 We retain personal data only as long as necessary for the purposes collected, in accordance with our Data Retention Policy.
9.2 Key retention periods:
- Membership data: Duration of membership + 3 years
- Financial records: 7 years for legal compliance
- Application data (unsuccessful): 2 years
- Website analytics: 26 months
10.1 Right to Access
- You may request copies of your personal data
- We will respond within one month
10.2 Right to Rectification
- You may request correction of inaccurate data
- We will correct data promptly
10.3 Right to Erasure
- You may request deletion of your data
- Subject to legal retention requirements
10.4 Right to Restrict Processing
- You may request limitation of data processing
- Applicable in specific circumstances
10.5 Right to Data Portability
- You may receive your data in machine-readable format
- Applicable to data processed by automated means
10.6 Right to Object
- You may object to certain processing activities
- Including direct marketing
10.7 Rights Related to Automated Decision-Making
- You have rights regarding automated processing
- Including profiling with legal effects
11.1 Contact Point
11.2 Response Time
- We respond to all legitimate requests within one month
- Complex requests may require extension to two months
12.1 You have the right to lodge complaints with:
- Our Data Protection Officer: dpo@iipl.org
- Your national data protection authority
13.1 We may update this policy periodically
13.2 Significant changes will be communicated to data subjects
13.3 Current version always available on our website
14.1 For privacy-related inquiries:
This policy was approved by the IIPL Board of Trustees on 20-10-2019.