ICCROM Register of Heritage Samples Archives

Privacy Policy

The International Centre for the Study of the Preservation and Restoration of Cultural Property (hereafter, ICCROM) is an intergovernmental organization working in service to its Member States to promote the conservation of all forms of cultural heritage, in every region of the world. It operates in the spirit of the 2001 UNESCO Universal Declaration on Cultural Diversity, which states that “respect for the diversity of cultures, tolerance, dialogue and cooperation, in a climate of mutual trust and understanding are among the best guarantees of international peace and security.”

ICCROM, in adherence to its mission and institutional values, undertakes to protect personal data of natural persons regardless of their nationality or residence, respecting every human being’s identity, dignity and fundamental freedoms in accordance with standards adopted regarding the processing and circulation of personal data.

The Data Controller (Data Controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; in this case ICCROM) is ICCROM, based in Rome, via di San Michele n. 13, Tel.: (+39) 06 585531; Fax: (+39) 06 58553349. The Data Controller is also available at the following e-mail address: data-protection@iccrom.org.

Personal data protection is based on compliance with data protection principles that ICCROM undertakes to implement, adhere to and require of its staff members or third parties with whom it collaborates in its activity and mission. Specifically, ICCROM undertakes to:

- Make public its policy concerning personal data protection;

- Have due regard and consideration for all parties whose personal data may be processed (staff members, website users, donors, beneficiaries, suppliers) and to respect and respond promptly to their requests regarding processing of their personal data;

- Process personal data in a lawful, fair and transparent manner, and only for the time strictly necessary for the purposes declared in its statements;

- Limit the collection of personal data to those necessary to perform its activities (pertinent and limited personal data);

- Adopt procedures to upgrade and amend personal data processed, in order to ensure that personal data are, as far as possible, correct and up to date;

- Protect personal data stored in its possession, which may involve drawing up specific agreements with suppliers, and provide appropriate guarantees that data shall be safeguarded and the rights of Data Subjects protected;

- Implement appropriate procedures to ensure that the measures in place to protect personal information are updated regularly. The Data Controller shall be responsible for ensuring that adequate technical and organizational measures and appropriate procedures are always in place and for demonstrating that data processing is carried out with due regard to ethical standards, employing state-of-the-art procedures, with all respect for the nature of the personal information being held and the risks to which it is exposed;

- Provide staff training and raise staff awareness, according to the processing tasks being performed, concerning the principles of lawfulness and fairness, as well as security measures, detailed in this Data Protection Manual and with which all data processing procedures comply;

- Ensure that all staff who handle personal data are aware of their responsibilities under this Policy and promote awareness of accountability throughout the Organization;

Prevent and minimize, as far as available institutional funds allow, the impact of potential breaches or unlawful and/or malicious personal data processing;

- Actively promote the inclusion of data protection principles in the ongoing improvement plan implemented by the Organization across its management systems.


This Data Protection Manual will be brought to the attention of all internal staff (both at the Headquarters and Regional Office), as well as to collaborators and partners, through specific awareness-raising meetings and other means.

This policy is addressed to Users of the website (“Website”) and to all individuals concerned about the processing of their personal data by the Data Controller, within its activity and mission (“Concerned person/s” or “User/s”).

Access to some sections of the Website and/or requests for information or services from Users requires the disclosure of personal data; the processing of these data will comply with Organization’s privacy policy.

This policy concerns only the ICCROM Website and not other websites Users may access through links on the ICCROM Website.

Computer systems and software procedures that ensure the proper function and running of the portal acquire, during normal activity and only for the time of the connection, some personal data implicitly shared during the use of Internet communication protocols. Such data are not collected for the purpose of matching them with the concerned identified Users, but these data, by their nature, could, through processing and matching with data detained by third parties, allow identification of Users (e.g. IP protocols), the domain name of utilized computer terminal, Users’ URI strings (Uniform Resource Identifiers), time of requests, and so on. Such data, once processed, are utilized for the sole purpose of gaining anonymous statistical information concerning Website use and for checking that it is functioning properly.

For more information, refer to Cookies Policy.

Users may voluntarily supply personal data such as contact details, e-mail address, etc., for example when requesting information through e-mail communications. These data are processed in order to fulfil and respond to Users’ requests or perform related activities.


Data processing will be carried out either manually or through electronic media, in compliance with the Organization’s privacy policies and the principles of correctness, lawfulness, transparency, relevance, completeness and process limitation, data minimization and accuracy. The organization and processing of the data and the reason for the processing will follow logics strictly related to the pursued objectives and be performed in a manner suitable to grant security, integrity and confidentiality of processed data. Such measures shall be upgraded and increased from time to time in accordance with technological advancement, in order to assure confidentiality, availability and integrity of processed data.