Privacy Policy

WE RESPECT YOUR PRIVACY
Transparency International (TI) is committed to ensuring the privacy of all our users. The IACC Monitor website (iaccmonitor.org), including all information and materials contained on it is managed by:

Transparency International e. V.
Alt-Moabit 96, 10559 Berlin, Germany
Tel. +49 30 343820 0
iaccmonitor@transparency.org

This Privacy Policy governs all pages on the IACC Monitor Website, iaccmonitor.org. It does not apply to pages hosted by other organizations, including the websites of TI National Chapters or related organizations or third party sites. The IACC Monitor may be linked to the websites of such other parties but those other sites may have their own privacy policy which applies to them.
Our website may be used without entering personal information. Different rules may apply to certain services on our website, however, and are explained separately below. Information is considered personal if it can be associated exclusively to a specific natural person. The legal framework for data protection may be found in the German Federal Data Protection Act (BDSG) and the Telemedia Act (TMG). The provisions below serve to provide information as to the manner, extent and purpose for collecting, using and processing personal information by the provider.
Please be aware that data transfer via the internet is subject to security risks and, therefore, complete protection against third-party access to transferred data cannot be ensured.

COOKIES

We do not use any cookies for the visitors of this website. We also don’t use any embedded content from other websites. We do not collect any personal information from visitors unless they voluntarily provide it to us through contact email. Any information provided to us will be used solely for the purpose of responding to inquiries and will not be shared with third parties unless required by law.

SERVER DATA

For technical reasons, data such as the following, which your internet browser transmits to us or to our web space provider (so called server log files), is collected:

      • type and version of the browser you use
      • operating system
      • websites that linked you to our site (referrer URL)
      • pages that you visit
  • date and time of your visit
  • your Internet Protocol (IP) address.

This anonymous data is stored separately from any personal information you may have provided, thereby making it impossible to connect it to any particular person. The data is used for statistical purposes in order to improve our IACC Monitor Website and services.

Data Protection Legal Requirements

We Process your Personal Data only to the extent permissible under statutory provisions under the German Federal Data Protection Act (Bundesdatenschutzgesetz) and the European Union’s General Data Protection Regulation (“EU GDPR”); our Data Protection Compliance Team keeps up to date with current Data Protection Laws.

Data Protection Laws have created the concepts of a “Data Controller” and a “Data Processor”. Transparency International acts in the capacity of a Data Controller. A Data Controller determines the purposes and means of Personal Data Processing (Article 4(7) of the EU GDPR) which means that we decide what, when and how we Process any Personal Data that we receive.

Different Types of Personal Data

We also collect, use and share “Aggregated Data” such as statistical or demographic data for other purposes including research and analysis. Aggregated Data could be derived from your Personal Data but is not considered Personal Data under Data Protection Laws as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Technical & Usage Data to calculate the percentage of users accessing a specific page on the website. However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data which will be used in accordance with this Privacy Notice.

Data Retention

We will only keep your Personal Data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, or to fulfil our (post-)contractual obligations. We may retain your Personal Data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you, or if you have given us your Consent to do so.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we Process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Personal Data in our logfiles will generally be deleted after 2 months.

Your Data Subject Rights

Under certain circumstances, you have specific rights in respect of the Personal Data that we Process about you. The fulfilment of the legal requirements to exercise these rights must be assessed on a case-by-case basis. Your rights include:

  • the right of access to the Personal Data we hold about you, in accordance with Article 15 of the EU GDPR.
  • the right to rectify (i.e. correct) your Personal Data where it is inaccurate or incomplete, in accordance with Article 16 of the EU GDPR.
  • the right to delete your Personal Data, in accordance with Article 17 of the EU GDPR, but only in specific circumstances, for example where the Personal Data is no longer necessary in relation to the purpose for which it was originally collected or Processed. It may not therefore always be possible for us to delete all of the information we hold about you if you request this, for example, if we have an ongoing contractual relationship with you.
  • the right to restrict Processing in specific circumstances, in accordance with Article 18 of the EU GDPR, for example while we are reviewing the accuracy or completeness of data or deciding on whether any request for erasure is valid.
  • the right to data portability which means the right to receive, move, copy or transfer your Personal Data to another Data Controller, in accordance with Article 20 of the EU GDPR. You have the right to this when we are Processing your Personal Data based on Consent or on a contract and the Processing is carried out by automated means.
  • the right to object to Processing in cases where Processing is based upon our Legitimate Interests or where Processing is for direct marketing purposes, in accordance with Article 21 of the EU GDPR.
  • the right to withdraw consent to our Processing of your Personal Data, in accordance with Article 7(3) of the EU GDPR, at any time with effect for the future.
  • the right to lodge a complaint with the appropriate Data Protection Supervisory Authority, in accordance with Article 13(2)(d) of the EU GDPR.

If you wish to exercise any of the rights set out above, please contact our Data Protection Compliance Team. You will not have to pay a fee to access your Personal Data or to exercise any of the other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity. This is a security measure in your own interest to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. It could take us longer than one month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Data Security

We have put in place appropriate technical and organisational security measures to prevent your Personal Data from being accidentally lost, falsified, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to the workers, employees, independent contractors and other third-party organisations who have a reason to know. We have put in place guidelines, procedures and plans to deal with any suspected or actual personal data breaches. Please be aware that despite the application of due care and attention to the respective current technical standards loss of or damage to your Personal Data cannot be ruled out (especially the use of cloud-based services, email communication, mobile communication and video conferences harbour certain risks).

 

CONTACTING US

On IACC Monitor website we offer you the opportunity to contact us by email. In such event, information provided by the user is stored for the purpose of facilitating communications with the user. No data is transferred to third parties. Nor is any of this information matched to any information that may be collected by other components of our website.

Data Protection Laws are constantly evolving, and we endeavour to maintain best practice. However, we recognise that we may not always get it right. If you are not satisfied by the way we handle your Personal Data or wish to discuss our processes, we would like to hear from you and recommend that you contact us in the first instance.

 

INFORMATION / CANCELLATION / DELETION

On the basis of the Federal Data Protection Act, you may contact us at no cost if you have questions relating to the collection, processing or use of your personal information. Please note that you have the right to have incorrect data corrected or to have personal data deleted, where such claim is not barred by any legal obligation to retain this data.
If you wish to exercise any of these rights or have any questions about this policy, please contact:

The Data Protection Officer
Transparency International e. V.
Alt Moabit 96
10559 Berlin, Germany

or please email us: dataprotection@transparency.org

 

GLOSSARY

Data Controller: refers to an organisation that determines when, why and how to Process Personal Data. It is responsible for establishing practices and policies in line with Data Protection Laws. There are certain circumstances where we act as a Data Controller.

Data Protection Laws: refers to the European Union’s General Data Protection Regulation 2016/679 (“EU GDPR”) and local data protection law including the German Federal Data Protection Act (also known as the Bundesdatenschutzgesetz).

Data Processor: refers to an organisation that Processes Personal Data on behalf of a Data Controller. It is also responsible for establishing practices and policies in line with Data Protection Laws and its contractual obligations with Data Controllers.

Data Protection Supervisory Authority: refers to independent public authorities / regulators that supervise, through investigative and corrective powers, the application of Data Protection Law. They provide expert advice on data protection issues and handle complaints lodged against violations of the EU GDPR and the relevant national laws.

Personal Data: refers to any information identifying an individual or information relating to an individual that an organisation can identify (directly or indirectly) from that data alone or in combination with other identifiers that it Processes. Personal Data includes Special Category Personal Data, Criminal Convictions Data and pseudonymised Personal Data. Personal Data excludes anonymous data or data that has had the identity of an individual permanently removed.

Processing or Process: refers to any activity that involves the use of Personal Data. It includes obtaining, recording or holding the data, or carrying out any operation or set of operations on the data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transmitting or transferring Personal Data to third parties.