Data controller
The data controller is the International Council for Adult Education (ICAE). You can contact us by email to. The Communications Officer and Administration Officer are responsible for data protection matters. You can find out up-to-date contact details on our website www.icae.global.
Personal register
Information about subscribers to topical bulletins and newsletters is stored directly with the service provider (MailChimp).
Data regarding invoicing , contributions and payments are kept in a secure Google Drive environment for up to 7 years due to legal obligations. Copies of all invoices, expense claims and statements are stored in the digital cloud, a hard copy is stored within our office.
Any information related to personal or sensitive data is not shared with anyone outside the office without consent. Financial details however might be shared with our accountancy firm (Accounts Online) for financial reporting purposes and others.
The purpose of the use of data
Data is used to manage customer relationships such as invoicing and taking care of cooperation with stakeholders like the sending of topical bulletins, invitations and other communications.
We use personal data only for our own activities, and we do not offer the personal data we use and its contents to third parties.
Information necessary for organising events like name and dietary requirements may be disclosed outside the foundation, such as to companies providing catering services and training services.
The data may be used for research purposes, but in such a way that the identity of individual persons is not known to the researchers.
In invoicing systems, personal data is disclosed to the accountancy firm and may also be disclosed to debt collection companies.
Data collected
The collection and maintenance of personal data is always based on a two-way agreement, customer relationship or other agreed forms of cooperation. Data is collected and maintained only for the provision and development of an agreed service. The only data that is collected from persons is that which the ICAE needs in order to provide agreed services. No extra personal data is collected.
Personal data may be used by the ICAE for direct marketing and the sending of topical bulletins and newsletters, only with the permission of the person concerned. Stakeholder personal data is, in particular, the person’s first name and surname, title, position, postal address, telephone number, email address and organisation and, with regard to newsletters, categories of newsletters or communications subscribed to and, with regard to events, registrations and special dietary requirements. Data is always obtained from the data subject him/herself.
Data concerning the management of customer relationships is, in particular, invoicing information, selected payment methods and information and correspondence concerning payment and debt collection. Data may be collected and updated from the data controller’s other registers, the Population Information System, credit information registers and other similar public or private registers or data sources providing information services.
Data protection
For us, privacy and the rights of the individual are core values of our operations.
We protect our data so that only persons who must have access to it in order to carry out their jobs can see and process it. Our personnel observe the obligation to secrecy in all personal data-related content. We train our personnel regularly in amendments to, principles of and procedures in legislation concerning data protection and data security. Paper material is located in locked facilities or cabinets. Temporary and working hours lists are stored in locked filing cabinets and are destroyed by companies specialised in the destruction of private material after they have been used.
We ensure the technical data security of data materials and services. Databases in which data from registers is stored are protected by firewall, passwords and other technical means. We monitor our data protection and are continually developing our practices.
Regular data disclosure and data transfer outside the European Union or European Economic Area
Data is not regularly transferred to third parties outside the European Union or European Economic Area. If a business function, the communication of which is sent to a data subject, is disclosed to a third party, the register data may also be disclosed to that party in the country where the third party is situated. When transferring the data, the data controller ensures through contractual arrangements a sufficient level of data protection as required by legislation.
Checking and correcting data
A data subject has the right to check the data concerning him/her stored in the register. A request to check data must be sent either by email or signed in writing to the ICAE. Such a request may also be presented in person at the office of the data controller. Requests will be answered no later than within three months of their presentation. The data is then disclosed only to the data subject him/herself. Before disclosure of the data, the data subject must prove his/her identity with acceptable picture ID.
A data subject has the right to refuse to allow his/her data to be used, and the right to demand that incorrect data be corrected by contacting the data controller.
The keeping of data
The necessity of data in the register is assessed regularly, every three years. Data is immediately destroyed once the personal data becomes unnecessary in terms of the purpose of the register, for example if subscription to the newsletter ends.
A data subject has the right to ask for data concerning him/her to be erased, as long as the law does not require it to be kept. For example, data concerning payment transactions is kept for as long as is required by the Accounting Act.
A data subject may block or delete cookies using his/her browser settings.