CID Data Protection Policy
1. GENERAL WARNING
1.1. Center for Intercultural Dialogue (hereinafter “CID“) respects the privacy of its users (hereinafter “Users“).
1.2. CID deals with the personal data transmitted to it in accordance with the European regulation in dealing with the personal data (Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data – of 14 April 2016), and applicable as from 25 May 2018.
1.4. The User acknowledges having read the information below and authorizes CID to deal, in accordance with what is specified below, with the personal data the person communicates on/to the Website within the framework of the service proposed by CID (hereinafter the “Service“).
1.5. By providing information to Users, CID may be required to amend and adapt the Charter, in order to comply with any new applicable legislation and/or regulations, guidelines and good practices of the European Data Protection Committee and the decisions of courts and tribunals in this field.
1.6. The Charter is valid for all the hosted pages on the Website and for the savings of these Website. It is not valid for the hosted pages by third parties that CID may redirect to and where their privacy policies may differ. CID cannot be held responsible for any data processed on these Websites or by them.
1.7. The communication of personal data is sometimes necessary in order to access to certain parts of the Website (for example to apply for CID calls or opt-in subscription on Mailing List for Newsletter). Without communication of certain data, by the User to CID, access may be denied.
2. RESPONSIBLE FOR PROCESSING
2.1. Access to the Website www.cid.mk shall in principle be possible without having to provide personal data, such as, for example, surname, first name, postal address, e-mail address, etc.
2.2. Access to the sign-up forms for the calls may require certain personal data by the User. In such case, the legal entities in charge of processing these data are:
- Center for Intercultural Dialogue
- Kiril i Metodij 7, 1300 Kumanovo, R. Macedonia
- Registration Number : 6113559
- Sector: Non-Governmental Youth Organization
2.3. Any question or request concerning the processing of these data may be addressed to the following address: firstname.lastname@example.org.
3. COLLECTED INFORMATION
3.1. DATA TRANSMITTED TO CID BY ACTIVE INTERVENTION OF USERS
By browsing the Website, filling out forms from/on/by website, social networks or emails linked to CID, the User allows CID to register and maintain, for the purposes mentioned in point 4, the following information:
– identification data, such as surname and first name, gender, e-mail address, date of birth and contact information;
– the banking information in the case of reimbursement processes, such as bank account numbers, IBAN and BIC / SWIFT;
– communications between Users and CID;
– the additional information requested by CID (from the User in order to identify or prevent the person from breaching any of the provisions of the Charter; and
– any other information voluntarily transmitted to CID by the User for a determined purpose in the Charter, in the ToU, on/to the Website or on any other communication tool used by CID.
3.2. DATA AUTOMATICALLY TRANSMITTED TO CID WHEN CONSULTING THE WEBSITE
In order to facilitate browsing the Website and optimize technical management, the Website may use “cookies”.
A “cookie” is a small file containing information saved by a website on the computer. This “cookie” can be retrieved during a subsequent visit to the same website. The “cookie” cannot be read by another website than the one that created it. The Website uses “cookies” for the purposes of good administration of the Website, in particular to save the User’s browsing preferences, or to obtain information on the visited pages and the dates and times of visit.
Most “cookies” only work for a session or a single visit. It is also possible for the User to set up his browser to be informed during each creation of “cookie” or to prevent their saving, individually or not. However, disabling cookies may prevent access to certain parts of the Website or making access more difficult.
Subject to the prior consent of the User, the Website may also allow the use of third-party cookies, including the following:
– Facebook, Twitter, Instagram
CID uses on its Website the social modules of social network providers Facebook, Twitter and Instagram. These social modules establish a direct connection to the server of the social network via the User’s browser. The social network provider on which the User has clicked receives information that the User has visited the Website. If the User is registered and identified on the relevant social network, the provider can correlate the profile of the User with the visited Website. The network provider can then establish future interactions. If the User is not registered with the social network, the provider can save the IP address of the User. In order to avoid transferring these data to the social network provider, the User must not click on the button corresponding to the social network.
3.2.2. REGISTER DATA ON SERVERS
When the User accesses the Websites, the visited servers contain certain provided data, such as the IP address of the User, the date and time of access to the Website and any other data provided by the User during registration.
4. PURPOSES OF PROCESSING
4.1. GENERAL PURPOSES
Without prejudice to what has been specified under point 3.2. concerning the automatically transmitted data, the Website collects, saves and processes the personal data of its Users in particular for the following purposes:
- to establish, carry out and conduct the contractual relationship with the User;
- or the User to apply to calls and therefore participate in events, activities and other processes offered by CID;
- to incorporate users’ personal data into one or more automated files;
- to analyze, adapt and improve the content of the Website;
- to detect and / or prevent fraud or similar activities of an illegal nature;
- to respond to requests for information;
- for any marketing and promotions actions offered by CID to Subscribers of the Newsșettel; and
- for any other purpose for which the User has expressly consented (opt-in).
4.2. COMMUNICATION TO THIRD PARTIES
CID considers personal data as confidential information. It shall not communicate them to third parties under conditions other than those specified in the Charter or under the conditions in which it is required by law, including the competent authorities who request it.
4.2.1. CID may transmit specific data to Partners of CID. These specific data could be shared with Partners, only for the execution of events and CID processes, that User will be informed and only in the case that consent has been given.
CID partners are considered: any National Public (e.g. Local Authority, National Agency), Regional and International (e.g. European Commission, Council of Europe) legal entity and/or legal entities in the non-governmental, educational and youth sector (hereinafter the “Partners“). In this context, CID may communicate to its Partners, the personal information of its Users, for the purpose of accomplishing the purposes defined in paragraph 4.1.
4.2.2. CID may transmit to third parties the personal information of its Users insofar as this information is necessary for the execution of a contract with its Users (for example, registration to an event or to organizer of an event to contact the User in relevance to the process that the second applied for, to proceed of contracting or subcontracting Staff member etc.). In such a case, such third parties shall not communicate this information to other third parties, except in one of the following two situations:
(i) disclosure by these third parties of such information to their suppliers or subcontractors to the extent necessary for the performance of the contract, and
(ii) where such third parties are obliged by the regulations in force to disclose certain information or documents to the competent authorities regarding the anti-money-laundering, as well as to any competent public authority in general.
The disclosure of such information to the aforementioned persons shall in all circumstances be limited to what is strictly necessary or required by the applicable regulations.
In order to discover new information or processes to its users that maybe be of interest to them, CID may also disclose the personal information of its Users to third parties, insofar as the Users have explicitly consented to it.
4.3. TRANSFER OF DATA TO A COUNTRY WHICH IS NOT MEMBER OF THE EUROPEAN ECONOMIC AREA
CID will not transfer data to a country which is not a member of the European Economic Area, unless it provides an adequate level of protection within the meaning of:
– the law of 8 December 1992 on the protection of privacy (including other laws under Data Protection and Privacy) or within the limits permitted by the same law, for example by ensuring the protection of data by appropriate contractual provisions.
– through the Decision 2001/497/EC of 27 December 2004 (ANNEX B) and Directive 95/46/EC of the European Parliament and of the Council of 05 February 2010 (Clause 12).
4.4. DIRECT MARKETING
Personal data will not be used for direct marketing purposes for products or services other than those to which the User has already subscribed, therefore only by “opting-in”. When the User has given his consent for the use of these information for direct marketing purposes, the User retains the right to oppose such use at any time, upon request and free of charge.
To do so, the User must unsubscribe with the corresponding link in each Newsletter by ticking the “Click to edit Email Preferences or Unsubscribe from this list” option at the bottom of the Newsletter. Beyond Newsletter subscription, referring to any other case, User can “opt-out” by contacting CID at email@example.com or any staff member of the Organization.
The User shall in all cases be responsible for the veracity of the data provided on their User account or to inform CID of any amendments to the data by sending their ambiguous request at firstname.lastname@example.org
5.1. CID, in order to assure maximum possible security linked to use of personal and sensitive data, has appointed a Data Protection Officer and will set a Data Breach Policy.
Under the Article 5.1, the Data Protection Officer shall have at least the following tasks:
– to act as the contact point for the users and supervisory authority on issues relating to the processing and any other obligations set by relevant regulations;
– monitor and report the risks associated with processing operations, taking into account the nature, scope, context and purposes of processing;
– to inform and advise the controller, the processor and the employees who carry out processing of their obligations pursuant to the relevant regulations and data protection provisions;
– to monitor compliance with the relevant regulations and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
– to provide advice where requested as regards the data protection impact assessment and monitor;
– to cooperate with the supervisory authority.
Moreover, in the case of breach, CID shall follow the Data Breach Policy and will take all necessary measures to resolve any issues within 72 hours.
5.2. When it comes to servers hosting processed personal data, CID has taken the adequate measures to prevent, to the extent possible, the servers from:
– accessing, processing or modifying these data without authorization;
– inadequately using or disclosing such data; and
– unlawfully destructing or accidentally losing such data.
5.3. In this respect, CID employees who have access to personal and sensitive data are subject to a strict confidentiality obligation. CID cannot, however, be held liable for any misappropriation of these data by a third party in spite of the adopted security measures.
5.4. The Users undertake not to commit any acts which may be contrary to the present Charter, the ToU or generally the law. Offenses against the confidentiality, integrity and availability of computer systems and saved data, processed or transmitted by such systems, or the attempt to commit any of these offenses, are punishable by three months to five years’ imprisonment and by a fine of twenty-six euros to two hundred thousand euros or by one of these penalties only.
5.5. CID shall take the maximum possible measures to protect both online and printed personal and sensitive data, while monitoring the access and justified dissemination of such data, as defined under article 4 and article 7.
5.6. CID will destroy, assuring the appropriate and most secure way, any data which are no more necessary for any ongoing, regulated or legal process related as defined under article 4 and paragraph 7.1.
6. CONSERVATION PERIOD
CID will normally keep the personal data of its Users for the period of 10 years. CID may also continue to maintain personal data concerning the unsubscribed User, including any correspondence or request or assistance addressed to CID, in order to be able to answer any questions or complaints that may be addressed to it, and in order to comply with all applicable laws, in particular the conservation of information on payments (like reimbursements) made.
7. RIGHTS ON THE CONCERNED PERSON
7.1. REQUESTS OF USER IN REGARDS TO THEIR DATA
7.1.1 The User may at any time request access, rectification or, if necessary, deletion to/ from their personal data, besides when article 7.1.2. applies, by sending a written request accompanied by a copy of their identity card or passport at:
– the following postal address:
- Center for Intercultural Dialogue
- Kiril i Metodij 7, 1300 Kumanovo, R. Macedonia
-the following email address:
CID will then take the necessary measures to satisfy this request as soon as possible.
7.1.2. The only exception that applies, in relation to article 7.1.1, is when CID would have a legal obligation to keep certain personal data (like data in Participant List, Reimbursement forms and any other documents related to reporting required by donors). In this case CID will notify the User about:
– which of their personal data are kept;
– period that these certain data will be held;
– what happens to their data after the period indicated by CID.
8. NOTE CONCERNING MINORS
8.1. Taking into account the different age limits of a minor in every National Law, CID shall not collect or process any personal data of persons under the age of 18,or/and persons who do not have full legal capacity, if the following obligation is not fulfilled:
(A) Consent form by the legal guardian(s), allowing CID to collect and process only the personal data provided (taking account the proper implementation of Article 5 and in accordance to Article 6 and 7);
When obligation (A) is fulfilled, any communication between CID and User(s), concerning the personal data of persons under the age of 18 and persons who do not have full legal capacity, will be under maximum security ensuring the full protection of their personal and sensitive data.
8.2. Persons under the age of 18 and persons who do not have full legal capacity are not permitted to communicate their personal data to CID, with the only exception of subscribing to the Newsletter as there is no collection of sensitive data (Subscription requires Name, Surname and email).
9. APPLICABLE LAW AND COMPETENT JURISDICTION
9.1. The Charter shall be governed by the Macedonian law to the fullest extent permitted by the applicable rules of private international law.
9.3. Before undertaking any legal dispute resolution, the User undertakes to resolve the dispute by amicable means by contacting CID directly, if necessary by mediation, before resorting to arbitration, litigation, or any other means of dispute resolution.