Introduction
The Center for International Policy and Sustainability (CIPS) is committed to protecting the personal data and privacy of all individuals who engage with us, including event participants, partners, employees, contractors, and stakeholders. This GDPR Compliance Policy outlines how we handle, process, and safeguard personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.
Scope
This policy applies to all personal data collected, processed, or stored by CIPS in connection with:
- Participants registering for programs, fellowships, or international events organized by CIPS.
- Employees, consultants, and volunteers supporting CIPS operations.
- Partner organizations, sponsors, and vendors engaged in CIPS initiatives.
- Visitors and users interacting with CIPS through our website (www.thecips.org) and social media platforms.
What Data We Collect
CIPS may collect and process the following categories of personal data:
- Personal Identification Data: Name, email, phone number, address, passport/ID details.
- Event & Program Information: Registration forms, participation records, preferences, and application materials.
- Financial Data: Payment details for registration fees, ticket purchases, or program contributions (processed securely via third-party providers).
- Media & Communications: Photos, videos, testimonials, and quotes for educational or promotional purposes.
- Technical Data: IP addresses, cookies, device information, and website usage patterns.
How We Use Personal Data
We process personal data to:
- Facilitate event registration, applications, and participation.
- Communicate program updates, newsletters, and opportunities (with consent).
- Manage logistics such as visas, travel support, and event coordination.
- Process payments and refunds securely.
- Fulfill legal and regulatory obligations.
- Use photographs, video, and testimonials for educational or promotional content related to our mission.
Legal Basis for Processing
CIPS processes personal data under the following legal grounds:
- Consent β where individuals explicitly agree (e.g., newsletters, promotional use).
- Contractual Necessity β to fulfill obligations of participation, registration, or employment.
- Legal Obligation β compliance with applicable regulations, tax laws, or government reporting.
- Legitimate Interest β to improve program delivery, participant experience, and organizational efficiency.
How We Protect Personal Data
CIPS uses a combination of technical and organizational measures to safeguard personal data:
- Encryption β sensitive data is encrypted in transit and at rest.
- Access Controls β only authorized personnel may access personal data.
- Regular Reviews β data protection practices are periodically assessed for compliance.
- Data Retention β personal data is stored only as long as necessary to fulfill its purpose or meet legal requirements.
Data Subject Rights
Under GDPR, individuals have the right to:
- Access β request access to personal data we hold.
- Rectification β request corrections of inaccurate or incomplete data.
- Erasure β request deletion of personal data, subject to legal and contractual obligations.
- Restriction β request limitations on how data is processed.
- Portability β receive personal data in a structured, machine-readable format.
- Objection β object to processing based on legitimate interests or marketing.
- Withdraw Consent β withdraw consent at any time, without affecting prior lawful processing.
To exercise these rights, contact us at contact@thecips.org
.
Third-Party Sharing & Transfers
CIPS may share data with third parties in the following contexts:
- Event Partners & Service Providers: For logistics, venues, sponsorships, and technical support.
- Payment Processors: Secure handling of financial transactions.
- Legal Compliance: Disclosures required by law, regulation, or legal proceedings.
- International Data Transfers: Where data is transferred outside the EEA, safeguards such as Standard Contractual Clauses (SCCs) are applied.
Cookies & Tracking
Our website uses cookies and analytics tools to improve usability and analyze traffic. Users may manage cookie preferences through their browser settings.
Data Breach Notification
In the event of a personal data breach, CIPS will notify affected individuals and the relevant supervisory authority within 72 hours, in accordance with GDPR requirements.
Updates to This Policy
CIPS may update this GDPR Compliance Policy to reflect regulatory changes or organizational needs. Updated versions will be posted on www.thecips.org, and significant changes will be communicated directly to relevant stakeholders.
Contact Us
For any questions or concerns regarding GDPR compliance or your personal data rights, please contact us:
π§ Email: contact@thecips.org
π Website: www.thecips.org
