This policy indicates how ICOM, ICOM Czech Republic and GUARANT International (hereinafter “ICOM”, “we”, “us”, “our”), as data joint-controllers, use and protect the personal data that you (hereinafter “you”, “your”) communicate to them when you visit the website “https://prague2022.icom.museum/”, (hereinafter the “Website”) when you register to participate to the 26th General Conference of the ICOM in Prague (hereinafter referred to as the “Event”), monitored by ICOM, ICOM Czech Republic and GUARANT International (together hereinafter referred to as the “Controllers”).
The Controllers undertake to protect personal data and to respect privacy in accordance with the current legislation, and in particular with the provisions of the Regulation (EU) 2016/679 of 27 April 2016, known as “GDPR” and the Law 110/2019 Coll., on Protection of Personal Data.
Who collects your personal information?
Your personal data may be collected by the Controllers via the registration form, when you consult and interact with the pages of the Website, when you participate to the Event and/or when someone registers you to the Event as an accompanying person.
The Website may host links to third party sites, including social network sharing buttons. We draw your attention to the fact that these share buttons allow the collection of information about you. In order to know the conditions of use of this data, we invite you to read the privacy policies of the social networks concerned and accessible on their websites.
What data do we collect?
The Controllers do not collect data without warning you and only collect personal data strictly necessary for the purposes described below. To this end, the Controllers collect the following information:
- During your visit of the Website: In general, you can browse the Website without revealing any personal information. The only information that may be collected during general browsing of the site is information intended for the server log (IP/Internet protocol, domain name, browser type, operating system etc.).
- When you register to the Event:
- Last Name, First Name, country;
- Contact details (email address, phone number),
- Your organisation or institution and your position within such organisation or institution;
- ICOM membership number, if applicable;
- Last ICOM General Conference attendance;
- Student status;
- Meetings attendance during the Event;
- Dietary and other requirements
- When a person registers you as an accompanying person:
- Last Name, First Name, country;
- Contact details (email address, phone);
- Dietary and other requirements
The provision of certain data may be mandatory. The fields which are compulsory are indicated as such in the form. Please note that without the completion of these fields, we will not be able to register your attendance to the Event.
- When you participate to the Event:
- Recording of your image: You are informed that the Event may be recorded in order to broadcast the Event, publish online the video of the Event on the Website, the Controllers’ websites and social media channels and to communicate on the Event. In this context, your image or voice could be recorded, notably if you ask questions during speakers presentation.
What do we use the collected information for?
We use the information we collect about you within the framework of the registration and management of the Event and for the following purposes:
- To manage your registration to the Event and to send you the relevant information to access and participate to the Event;
- To organise and manage the Event;
- To respond to your requests for information;
- To contact you to respond to your request or suggestion;
- To contact you for safety purposes during or after the Event;
- To facilitate navigation on the website;
- To manage registration and entries to the Event;
- To perform analysis and statistics on the Event participation.
We may use your personal data when necessary to comply with a legal or regulatory obligation.
Who is your personal data disclosed to?
We limit access to your information only to those employees who need to use it. They have an obligation to protect it and maintain its confidentiality.
We may also disclose your personal data to our partners to enable us to fulfil the purposes stated above. In any case, our partners only receive the personal information necessary to carry out the services concerned and are in no case authorized to use this personal data in a context other than that of the service in question, or for purposes other than those for which the data was collected.
In any event, we do not transmit your personal data to third parties without your prior authorization, unless the communication of such data is required by the current regulations, in particular at the request of the judicial authority in compliance with the legal provisions.
Are your personal data transferred to third countries?
Your personal data is hosted by the Controllers within the European Union.
Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with a respective supervisory authority in an EU member state. For the territory of the Czech Republic, you may refer to the Office for Personal Data Protection. You can find more information (including contact details) at its web pages here: https://www.uoou.cz/en/.
However, your personal data may be transferred to our authorised partners and technical service suppliers which may be located outside the European Economic Area. In this case, the Controllers ensure that such recipients offer an adequate level of protection concerning data protection and that appropriate safeguards are put in place, prior to any transfer.
How long do we keep personal data?
The information collected by the Controllers is kept for a limited period of time to achieve the purposes it was collected for, and as long as you do not exercise your rights as defined below. Your Personal Data will be deleted 12 months after the end of the Event.
We may nevertheless retain some of your personal data for a longer period of time, for the sole purpose of complying with any legal obligation, or to answer any questions or complaints that may be addressed to us after the end of the Event.
Security and confidentiality of personal data
We take the security of your data very seriously and strive to protect all data collected. In particular, we strive to prevent your data from being distorted, damaged or accessed by unauthorized third parties.
Thereby, we have implemented protective measures to ensure the confidentiality, security and integrity of your data. For example, we make sure access to data is restricted to those among our employees who have been trained to observe confidentiality rules. We also commit to store your data in secure operating environments. These measures take into account the sensitivity of the data we collect, process and store and the current state of technology.
However, no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, although we make every effort to protect your personal data, we cannot control the risks associated with the operation of the Internet and we draw your attention to possible risks regarding occasional data loss or breach of confidentiality for data transiting via this network.
What are your rights regarding your personal data and control of their use?
In accordance with the current legislation, you have the right to access, rectify and delete your personal data, as well as the right to limit the processing and the right to portability of your data.
You are also entitled to object – on legitimate grounds – to the processing of your data by the Controllers and to withdraw your consent when the processing of your personal data is based on this legal basis, and to submit a claim to your data protection authority.
These rights may be exercised by contacting us at the following address firstname.lastname@example.org.
What are your obligations?
As a user of the Website, you are bound to comply with the current legislation regarding the protection of personal data. In particular, with regard to the personal information you have access to, you must refrain from any collection, any misuse and, in general, any act likely to infringe on privacy, fundamental rights and freedoms.