Privacy Policy
General statement of principle
1. We are committed to safeguarding the privacy of ICoCA Members, subscribers, website visitors and service users. As a general principle, we will not share your personal information with external parties without your consent. This privacy statement explains how we collect, use and share personal information, and how you can exercise your privacy rights.
We continuously review and update our practices to ensure alignment with the EU General Data Protection Regulation (GDPR, Regulation (EU) 2016/679), the Swiss Federal Act on Data Protection (FADP) and international best practices for data protection.
Information collected and purpose of holding your personal data
2. The following section outlines the main categories of personal data we may process and the purposes for which we may process it.
Lawful basis for processing
We process personal data only when we have a valid legal basis under applicable data protection laws. Depending on the nature of your interaction with ICoCA, we rely on different lawful grounds for processing.
- Usage data is processed on the basis of our legitimate interests in maintaining and improving our website and services.
- Correspondence data is processed on the basis of our legitimate interests in responding to your communications, maintaining records and ensuring the proper functioning of our services.
- Account data and user data are processed where necessary for the performance of a contract or to take steps at your request prior to entering into a contract.
- Subscription data and event registration data are processed based on your consent, which you may withdraw at any time.
- Legal and compliance data are processed where necessary to comply with a legal obligation or establish, exercise or defend legal claims.
In all cases, we ensure that our legitimate interests are balanced against your fundamental rights and freedoms, and that processing is carried out transparently and securely.
2.1. Usage data. We may collect and process information about your use of our website and services (“usage data”). This may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is Google Analytics. This data is processed securely and anonymised where possible, for the purpose of analysing and improving our website and services.
We use cookies and analytics tools in accordance with applicable data protection and e-privacy laws. You can manage or withdraw your consent through our cookie banner or browser settings.
2.2. Correspondence data. We may collect and process information contained in or relating to any communication you send to us (“correspondence data”), including its content and metadata. All correspondence data is stored securely and access is restricted to authorised personnel.
2.3. Account data. We may collect and process information you provide when signing up (“account data”). This may include your name, email address and any affiliation you have provided through our registration form. Account data is stored securely with restricted access and is used for communicating with you, registering you in our CRM and providing access to ICoCA services.
2.4. User data. We may collect and process information relating to your Membership with ICoCA (“user data”). This may include your name, affiliation, job title or role, contact details, address, Membership details and communications with us or your employer. User data is processed in compliance with ICoCA’s technical and organisational security measures.
2.5. Subscription data. We may collect and process the information you provide when subscribing to our email notifications and/or newsletters (“subscription data”). This data is handled in accordance with your preferences and is stored securely. Our website provides privacy controls to help you manage your subscription settings.
2.6. Event registration data. We may collect and process information you provide when registering for ICoCA events (“event registration data”). This data may include your name, email, address, phone number, date of birth, employer, job title or role, country, language and event preferences. Event registration data is shared with external service providers only when necessary and under contractual data protection obligations.
2.7. Legal and compliance data. We may collect and process personal data necessary for establishing, exercising or defending legal claims, or for compliance with a legal obligation (“legal and compliance data”). Processing is carried out securely and in accordance with our technical and organisational security measures.
2.8. Data controller. The data controller responsible for your personal data is the International Code of Conduct Association (ICoCA), Geneva, Switzerland. You may contact us at secretariat@icoca.ch for any privacy-related queries.
2.9. International data transfers. Where personal data is transferred outside Switzerland or the EU/EEA, we ensure that such transfers comply with applicable data protection laws. This includes relying on adequacy decisions or, where necessary, implementing appropriate safeguards such as the European Commission’s Standard Contractual Clauses or equivalent instruments under the FADP. Further details may be requested by contacting us at secretariat@icoca.ch.
Your rights
3. The following section summarises the rights you have under data protection law in the European Union (GDPR) and other applicable regulations.
3.1. Right of access. You have the right to know whether we process your personal data and if so, to access it, including information on processing purposes, categories of personal data and recipients.
3.2. Right to rectification. You have the right to have inaccurate personal data corrected and incomplete personal data updated. Corrections are processed in secure systems to maintain the integrity of your data.
3.3. Right to erasure (“right to be forgotten”). In certain circumstances, you can request the deletion of your personal data. This includes situations where you withdraw consent, you object to processing or if the data is no longer necessary. Any deletion request is processed securely and a confirmation of deletion is provided when completed. Exceptions may apply due to legal obligations, freedom of expression or legal claims.
3.4. Right to restriction of processing. You can request that we limit the processing of your personal data in certain circumstances: if you contest accuracy of the data, if processing is unlawful, if the data is no longer needed but required for legal claims or if you object and verification is pending. During restriction, your personal data will only be processed in accordance with ICoCA’s technical and organisational security measures.
3.5. Notification obligation. When we rectify, erase or restrict the processing of your personal data, we will notify any recipients to whom your data has been disclosed, unless this proves impossible or requires disproportionate effort. Upon request, we can inform you about those recipients.
3.6. Right to data portability. Where processing is based on consent or a contract, you have the right to receive your personal data in a structured, commonly used, machine-readable format. You may also transmit your data to another controller where technically feasible.
3.7. Right to object. You can object to the processing of your personal data at any time based on your situation, particularly when processing is based on public tasks or legitimate interests. We will cease processing unless compelling grounds override your objection. All objections are handled securely.
3.8. Rights related to Automated Decision-Making. You have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affect you. You can request human intervention, express your point of view or contest such decisions.
3.9. Right to withdraw consent. If processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing and is handled securely.
3.10. Right to complain. You have the right to complain to a supervisory authority if you believe your data has been processed unlawfully. If you are based in the EU/EEA, you may lodge a complaint with your local data protection authority. If you are based in Switzerland, you may contact the Federal Data Protection and Information Commissioner (FDPIC). ICoCA will assist as needed in lodging complaints.
3.11. Exercising your rights. You may exercise any rights by written notice to us or via designated channels. All requests are logged and processed under secure procedures to protect your personal data.
Retaining and deleting personal data
4. We retain personal data only as long as necessary for the purposes described in this statement or as required by contractual or legal obligations.
4.1. Data is securely stored and access is restricted. Personal data is stored securely in accordance with applicable data protection laws. Access is restricted to authorised personnel only and managed under appropriate technical and organisational security measures, up to and including secure offline storage.
4.2. When personal data is no longer required for the purposes for which it was collected, it will be securely deleted or anonymised. If deletion is not possible due to legal, regulatory or technical reasons, access to the data will be limited, and confidentiality and integrity will be maintained through appropriate safeguards.
Amendments
5. We may update this Privacy statement periodically to reflect changes in our practices, technologies or legal requirements. Significant amendments will be communicated on our website and, where possible, notified by email.
Questions and Concerns
6. If you have any questions, concerns or complaints about this statement or the processing of your personal data, please contact us:
International Code of Conduct for Private Security Service Providers’ Association
Kyoto Building 4th Floor
Chemin du Pommier 42
CH-1218 Grand-Saconnex, Geneva, Switzerland