Data Protection Policy

  1. Introduction

This Data Protection Policy (“Policy”) outlines the principles and guidelines that the Science Summit at UNGA78 (SSUNGA78) follows to ensure compliance with the General Data Protection Regulation (GDPR) set forth by the European Union (EU). This Policy applies to all personal data collected, processed, stored, or transmitted by our company in relation to individuals within the EU and worldwide.

  1. Scope

This Policy applies to all employees, contractors, and third-party service providers who handle personal data on behalf of SSUNGA78. It covers all systems, processes, and activities related to the collection, processing, storage, and transfer of personal data.

  1. Data Protection Principles

SSUNGA78 is committed to adhering to the following GDPR principles when handling personal data:

3.1. Lawfulness, Fairness, and Transparency: a. Personal data shall be processed lawfully, fairly, and in a transparent manner. b. Individuals shall be provided with clear information about the processing of their personal data.

3.2. Purpose Limitation: a. Personal data shall be collected for specified, explicit, and legitimate purposes. b. Any further processing of personal data shall be compatible with the original purpose.

3.3. Data Minimization: a. Personal data collected shall be adequate, relevant, and limited to what is necessary for the intended purpose. b. Our company shall not retain personal data longer than necessary for the specified purpose.

3.4. Accuracy: a. Personal data shall be accurate and kept up to date. b. Appropriate measures shall be taken to rectify or erase inaccurate or incomplete personal data.

3.5. Storage Limitation: a. Personal data shall be stored in a form that permits identification of data subjects for no longer than necessary. b. Regular reviews shall be conducted to ensure compliance with the storage limitation principle.

3.6. Integrity and Confidentiality: a. Appropriate technical and organizational measures shall be implemented to ensure the security and confidentiality of personal data. b. Personal data shall be protected against unauthorized or unlawful processing, accidental loss, destruction, or damage.

3.7. Accountability: a. Our company shall be responsible for demonstrating compliance with GDPR principles and be able to provide evidence of such compliance. b. Records of processing activities shall be maintained, including the purpose, categories of data subjects, and recipients of personal data.

  1. Lawful Basis for Processing Personal Data

Our company shall ensure that personal data is processed based on one of the lawful bases defined in Article 6 of the GDPR, including:

a. Consent: Individuals’ freely given, specific, informed, and unambiguous consent. b. Contractual Necessity: Processing necessary for the performance of a contract with the data subject. c. Legal Obligation: Processing necessary for compliance with a legal obligation. d. Legitimate Interests: Processing necessary for the legitimate interests pursued by our company or a third party, except where overridden by the data subject’s interests or fundamental rights.

  1. Rights of Data Subjects

SSUNGA78 acknowledges and respects the rights of data subjects as defined under the GDPR, including:

a. Right to be Informed: Providing individuals with concise, transparent, and easily understandable information about the processing of their personal data. b. Right of Access: Enabling individuals to obtain confirmation of whether their personal data is being processed and access to that information. c. Right to Rectification: Allowing individuals to rectify inaccurate or incomplete personal data. d. Right to Erasure: Providing individuals the right to request the deletion of their personal data under certain circumstances. e. Right to Restriction of Processing: Enabling individuals to restrict the processing of their personal data in specific situations. f. Right to Data Portability: Allowing individuals to receive their personal data and transmit it to another controller. g. Right to Object: Providing individuals with the right to object to the processing of their personal data, including direct marketing and profiling. h. Rights in Relation to Automated Decision Making and Profiling: Ensuring safeguards when making decisions based solely on automated processing.

  1. Data Protection Impact Assessment (DPIA)

SSUNGA78 shall conduct a Data Protection Impact Assessment (DPIA) for high-risk processing activities involving personal data. The DPIA shall assess the impact on individuals’ rights and freedoms and identify measures to mitigate any potential risks.

  1. Data Breach Management

SSUNGA78 shall implement procedures to detect, investigate, and report personal data breaches in compliance with GDPR requirements. In the event of a data breach, appropriate measures will be taken to mitigate the impact and prevent future occurrences. Data subjects affected by a breach shall be informed without undue delay when necessary.

  1. Third-Party Processors

When engaging third-party processors to handle personal data on behalf of our company, appropriate due diligence shall be conducted to ensure they provide sufficient guarantees regarding GDPR compliance. Contracts with such processors shall include the necessary data protection obligations and safeguards.

  1. Training and Awareness

SSUNGA78 shall provide regular training and awareness programs to all employees and contractors involved in processing personal data. The training shall cover GDPR principles, data protection obligations, and individuals’ rights under the GDPR.

  1. Policy Compliance and Review

Compliance with this Policy is mandatory for all employees, contractors, and third-party service providers. Regular reviews of this Policy and associated procedures shall be conducted to ensure ongoing compliance with the GDPR and any changes in applicable data protection laws.

  1. Contact Information

For any questions, concerns, or requests related to data protection or this Policy, individuals may contact the designated Data Protection Officer (DPO) at the following address:

  1. Policy Acknowledgment

All employees, contractors, and third-party service providers shall acknowledge their understanding and compliance with this Policy by signing an acknowledgment form, indicating their commitment to upholding the principles and guidelines outlined herein.