1. Background

During the PCP Forum held in Rome on 24-25 February 2011, “the participants of the Forum shared experiences, discussed challenges and exchanged good practices relating to the promotion of IOTA among their administrations. In addition, the PCPs discussed the question of the use of Facebook and other modern social media tools for the promotion of IOTA activities. The majority of PCPs welcomed the use of such tools and agreed that any issues of personal identity will be addressed by a special disclaimer attached to the invitation package.”

During the EC meeting in Berlin on 29-30 March 2011, the Council decided that there is a need for detailed protocol on the use of Facebook and other ITC tools and asked the Secretariat to draft a relevant document for the next meeting of the body in Norway.

Following the best practice of such organisations as the European Commission, OECD, World Bank and CIAT as well as best experience stemming from the application of Regulation (EC) no 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the community institutions and bodies and on the free movement of such data, the Executive Council of IOTA has adopted this policy to make sure that personal data of participants is processed fairly and lawfully.

The policy will be available to any participants prior to all IOTA events and undertakings. By registering to such events or undertakings, participants agree to this policy.

2. Definitions

For the purposes of this document:

3. Types of Personal Data

During the delivery of IOTA services, IOTA collects general information about participants that take part in activities organised by IOTA and users of the IOTA website and other Internet-based tools. The general information includes:

4. Collection of Personal Data

Event registration information about participants, such as their names, positions, addresses and contact details are submitted to IOTA by IOTA principal contact persons, participants themselves or other individuals authorised by participants.

Photographs, video or recording of participants are taken during IOTA events by the members of the IOTA Secretariat, participants themselves or other individuals authorised by IOTA. Please note that attendance at any IOTA event is conditional on the attendee accepting that any photographs, video or recording made of them by the IOTA Secretariat members and hosting administration or any individuals authorised by the IOTA Secretariat, at any time during the period of the event, become the property of IOTA. By submitting a registration form, participants agree to these conditions.

Information, which is used to establish a profile of registered user of the IOTA website, is provided by a website user in the course of registration for the IOTA website.

Information, which is automatically recognised by the ITC tools used by IOTA, such as the date and time, the originating IP address, the domain name, the type of browser and operating system used (if provided by the browser), the URL of the referring page (if provided by the browser), the object requested and the completion status of the request, is collected while using the ITC tools offered by IOTA.

5. Use of Personal Data

5.1. IOTA will use the collected personal information for the purpose set out only in this Privacy Policy. IOTA will not use personal information for any other purpose without first seeking consent of an individual, unless authorised or required by law. IOTA will only use and disclose personal information as follows:

• a) To establish and maintain a participant’s involvement with IOTA, including providing a participant with newsletters;
  
• b) To provide the products or services a participant has requested from IOTA;
  
• c) To answer a participant’s inquiry;
  
• d) To register a participant for IOTA events;
  
• e) To promote IOTA products or services;
  
• f) To provide a participant’s personal information to other participants with a view to establishing contacts.
  

5.2 When using social media, no physical and automatic connection will be established between the IOTA website and such media. IOTA will limit the content of information placed in such media to:

When using social media, IOTA will not use other personal data of participants than information already included in the above-mentioned points (5.2 abcd).

5.3 Users can generally visit the IOTA website without revealing who they are or other personal information unless they log on or register with us. IOTA will not collect any personal information about visitors to the website except when they knowingly provide it. As described above, IOTA sometimes collect anonymous information from visits to our website to help the IOTA Secretariat provide better customer service. For example, IOTA keeps track of the domains from which users visit and also measures visitor activity on the IOTA site(s), but IOTA does so in ways that keep the information anonymous. IOTA uses the collected information to measure the number of visitors to the different areas of IOTA’s website, and to help the Organisation make its website more useful to visitors. This includes analysing these logs periodically to measure the traffic through our servers, the number of pages visited and the level of demand for pages and topics of interest.

6. Access to Personal Data

All personal data of a participant is available only on the IOTA website for the registered users of the website unless a participant has agreed otherwise.

A participant can request access to the personal information that IOTA holds about them by contacting IOTA as set out below.

If a participant wishes to change personal information that is out of date or inaccurate at any time, they should contact IOTA accordingly. After notice from a participant, IOTA will correct any of a participant’s information which is inaccurate, incomplete or out of date. If a participant wishes to have their personal information deleted, please let IOTA know about it and such information will be deleted wherever practicable and possible.

7. Security

IOTA intends to protect the quality and integrity of a participant’s personal information. IOTA has implemented technologies and security policies to protect the stored personal data of participants from unauthorised access, improper use, alteration, unlawful or accidental destruction and accidental loss. IOTA will continue to enhance its security procedures, as new technology becomes available.

8. Changes to this Privacy Policy

The Executive Council of IOTA may amend this Privacy Policy by having the amended version available at IOTA website at www.iota-tax.org. IOTA suggests that a participant visit IOTA’s website regularly to keep up to date with any changes.

9. Contact

If a participant would like any further information, or have any queries, problems or complaints relating to the IOTA Privacy Policy or information handling practices in general, please contact IOTA at This e-mail address is being protected from spam bots, you need JavaScript enabled to view it .