The International Committee of the Red Cross (ICRC) is an impartial, neutral and independent organization whose exclusively humanitarian mission is to protect the lives and dignity of victims of armed conflicts and other situations of violence and to provide them with assistance.
The ICRC is committed to treating your personal data with security, respect and confidentiality: the processing of an individual's personal data carried out by the ICRC is performed in compliance with the ICRC Rules on Personal Data Protection, available here.
1. What personal data do we collect, and how?
1.1 Information you give us
We obtain person information from you when you communicate or share information with us, subscribe for newsletters or one of our online services, register to an event, apply to a vacancy, and/or make a donation.
Depending on the specific purpose (see section 2 below), we may ask you to provide, inter alia, part or all of the following information: your full name, date of birth, email and/or postal address, phone number, position/title, company/organisation, dietary requirements, CV and references and motivation for applying to a vacancy.
1.2 Information we collect automatically: cookies and web analytics
We automatically collect information through the ICRC website to help administer, protect, and improve our services.
For the purposes of marketing and retargeting, we make use of various advertising pixels, including Facebook and Twitter pixels: these are codes used to track website visitors. These data allow us to retarget those users with ads in the future in other platforms (for example on Facebook or on Twitter). This allows us to gain more insights about our audience, send targeted messaging to users who already know the ICRC, and track the effectiveness of our social advertising efforts.
If you do not wish to have cookies or pixels installed on your computer or mobile device, you can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies.
We also use Google Analytics, a web analytics service provided by Google Inc., to help us identify how people are using our website by processing the information mentioned above.
1.3 Links to third-party websites
Our website provides links to third party websites and social media platforms - such as Facebook, Twitter, Instagram, YouTube, and LinkedIn - that will collect data about you if opened.
The ICRC does not govern the processing of personal data by such third parties, so we suggest that you refer to the privacy policies of these websites should you wish to have more information.
2. Why do we collect your personal data?
We collect your personal data for one or more of the following purposes:
- To allow you to contact us and/or receive information from us;
- To organise or promote events and/or ICRC activities;
- To allow you to register as a participant to events we organise or co-organise;
- To process your donation to the ICRC or any question on how you can support the ICRC (for more information, please see our fundraising data protection notice)
- To process your employment application;
- To consider you for future suitable vacancies, should you not be successful in your initial application;
- To analyse web statistics and log files, with the aim of improving the functioning of our website;
- To assess the performance of our advertising and improve the relevance of ICRC campaign and marketing messages displayed to you after you leave our website
Your personal data are not used for automatic profiling or decision-making.
3. Who processes your personal data and with whom are they shared?
Internally, all personal data collected by the ICRC are processed only by designated ICRC staff members or agents, for one or more of the specific purposes listed above, and only on a strict need-to-know basis.
Depending on the purpose for which we process your personal data, we may share the necessary information with selected third parties, such as:
- The people you have indicated as references in your application, should the latter be of interest to the ICRC: your name, surname and the details of your resume we wish to get feedback on;
- The host of an event we organize or co-organise: your name, surname and company/organization;
- Selected service providers that are necessary to process your data for the above-mentioned purposes;
- Social media platforms, through for example retargeting campaigns on Facebook
We will never rent or sell your personal information.
In case of sharing your data with third parties, we ensure as much as possible that the recipient has provided sufficient proof of compliance with the principles set out in the ICRC Rules on Personal Data Protection. This includes contractual obligations imposing a strict prohibition of using such data for purposes other than those specified above, and ensuring an adequate level of protection of the personal data shared from us.
4. How long do we keep your data?
We will keep your personal data only for as long as necessary to fulfil the purposes we collected them for, including for the purposes of satisfying any legal, accounting, or archiving requirements.
To determine the appropriate retention period, we take into account the nature and sensitivity of your personal data, potential risks of harm from unauthorized use or disclosure of your personal data and the purposes for which we process your personal data.
When we no longer need your personal data, or when you request they be erased to stop receiving our marketing messages, we will delete your data.
5. What measures do we have in place to protect and safeguard your information?
We take the protection of your personal data very seriously, and we therefore apply adequate technical and organizational measures to protect against accidental loss and unauthorized access, use, destruction or disclosure of data. Some examples of these measures are:
- An official ICRC username and password are required in order to access our IT systems
- Authentication and authorisation for the IT systems are based on roles and tasks
- Our data center is physically protected and covered by our Privileges and Immunities
- Network security is configured to prevent external threats from accessing our infrastructure
- Confidentiality and data protection clauses are signed by service providers to ensure compliance with our security rules and the ICRC Rules on Personal Data Protection
6. What are your rights regarding our processing of your personal data?
6.1 Information and Access
You have the right to request certain information about the personal data we hold about you. Furthermore, you are given the opportunity to verify your Personal Data and to access them.
You are also entitled to request the correction of any mistakes or inaccuracies in your personal data provided we are able to verify your identity. Please note that this does not apply in case your correction request relates to an assessment carried out by our staff and you are unable to provide sufficient proof of the assessment's inaccuracy or respective data are contained in a record held by our archives.
You are entitled to request that your Personal Data are fully deleted from our systems. However, there may be certain circumstances where we are obliged to retain your Personal Data.
You have the right to object at any time to the Processing of your Personal Data on compelling legitimate grounds relating to your particular situation. Any objection of this kind will be accepted if your fundamental rights and freedoms in question outweigh our legitimate interests, or the public interest, in Processing.
You also have the right to withdraw your consent and opt-out of receiving future information about the ICRC via e-mail at any time. Please communicate your wish to unsubscribe at the email address provided below.
7. Contact us
We aim to always meet the highest standards to safeguard your privacy. Please contact us, if you require more detailed information on your rights regarding the personal data you have provided to us, the way we collect and use them, or if you wish to exercise any of the rights set out above.
You can find our contact details, depending on your specific request(s), on this page.
If we fail to resolve your question or complaint, you can contact the ICRC Data Protection Office at firstname.lastname@example.org.
Should a complaint not be resolved with the assistance of the Data Protection Office, the complaint may be escalated to the ICRC Data Protection Independent Control Commission, in accordance with the ICRC Rules on Personal Data Protection.