DATA PROTECTION POLICY

The World Space Sustainability Association NPIO (the “Association”) regards the lawful and correct treatment of personal information as very important to its successful operations and to maintaining confidence between the Association and those with whom it carries out business. The Association ensures that it treats personal information lawfully, correctly and securely.

PRINCIPLES OF DATA PROTECTION

The Association is fully committed to ensuring the security and protection of the personal information that it processes, and to provide a compliant and consistent approach to data protection in accordance with the requirements of data protection laws, including Data Protection Law DIFC Law No. 5 of 2020 as amended and Regulation (EU) No. 2016/679 on the protection of natural persons with regards to the processing of personal data and on the free movement of such data, which stipulate that anyone processing personal data must comply with the following principles of good practice:

  • lawfulness, fairness and transparency – personal data shall be processed lawfully, fairly and in a transparent manner,

  • purpose limitation – personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes,

  • data minimization – personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed,

  • accuracy – personal data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay,

  • storage limitation – personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed,

  • integrity and confidentiality – personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.

PRINCIPLES OF HANDLING OF PERSONAL DATA  

Through appropriate management and the use of strict criteria and controls, the Association:

  • fully observes conditions regarding the fair collection and use of personal information,

  • meets its legal obligations to specify the purpose for which information is collected and used,

  • collects and processes appropriate information only to the extent that is needed to fulfil operational needs or to comply with any legal requirements,

  • ensures the quality of information used is correct and up to date,

  • ensures that personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes,

  • takes appropriate technical and organisational security measures to safeguard personal information, and

  • ensures that the rights of people about whom the information is held can be fully exercised under the data protection laws.

PROCESSING OF YOUR PERSONAL DATA BY THE ASSOCIATION

The Association processes the personal data as defined below:

A. Members and Prospective Members and Respective Employees

Purposes:

  • To perform selection and registration of Association member.

  • To manage member relationships and contractual relationship.

  • To promote the Association, its vision and values.

  • To promote events and workings of the Association and its partners.

  • To send and circulate the necessary communication, including newsletters and upates.

  • To perform any marketing actions for the Association and its partners.

Lawful Basis:

  • Data subject consent and contractual agreement, when applicable.

  • To perform any and all contractual obligations.

  • To fulfil all regulatory obligations (compliance verification relevant to respect of anti-money laundering and sanctions regulations).

B. Employees, including trainees

 Purposes:

  • To perform employment contracts.

  • To comply with legal and regulatory obligations (work permits, visas, health insurance, pension plan, regulatory fitness and property verification).

 Lawful Basis:

  • Data subject explicit consent.

  • To perform an employment contract.

  • To fulfil and comply with the law.

  • To carry out the obligations and exercise the specific rights of a Controller or a data subject in the context of the data subject’s employment.

 C. Future employees (candidates who accepted a job offer)

 Purposes:

  • To perform the on-boarding process.

  • To prepare the employment contract.

  • To comply with legal and regulatory obligations (work permits, visas, health insurance, pension plan, regulatory fitness and property verification).

 Lawful Basis:

  • Data subject explicit consent.

  • To fulfil and comply with the law.

  • Processing necessary prior to entering into an employment contract.

  • Processing necessary for the purpose of carrying out the obligations and exercising the specific rights of a Controller or a data subject in the context of the data subject’s employment.

D. Candidates

 Purposes:

  • To perform the recruitment process and assess a candidate.

  • To comply with legal and regulatory obligations.

 Lawful Basis:

  • Data subject consent.

  • To fulfil and comply with the law.

E. Service providers, vendors, consultants, contractors, partners

Purposes:

  • To manage contractual and commercial relationships.

  • To manage services.

  • To manage purchase orders and invoicing.

Lawful Basis:

  • Processing is necessary for purpose of legitimate interest pursued by the Association (execution of contracts or contractual obligations, entering into contractual relationships).

Categories of personal data collected by the Association for the purposes as defined above are name, surname, phone number, email address, date of birth, organization, and image. The personal data processed by the Association is accessible only to persons working within or with the Association and its affiliates, sponsors or partners who need to have access to it in accordance with processing purposes and a lawful basis as defined above. Those details may be communicated to any concerned individual (data subject) upon request.

Personal data may be transferred to some third parties, including third parties being located outside the Dubai International Financial Centre. In such case, the Association ensures that the transferred data is adequately protected. For more details regarding protection and safeguard measures put in place by the Association with regard to personal data transfer, please contact the Association.  

The Association retains processed personal data only for the period necessary for the Association to fulfil its legal and regulatory obligations.

DATA SUBJECT RIGHTS

The Association, while processing personal data, observes and respects data subject rights. Any concerned individuals and data subjects can enforce their data protection rights by contacting the Association Data Protection Officer, who can provide the following information:

  • type and categories of processed data,

  • purpose of the relevant processing,

  • recipients to whom the personal data has/will be disclosed,

  • duration of the retention of the concerned data,

  • source of data (if not collected directly from the individual),

  • any automated processing of concerned personal data (when applicable).

Any concerned individual has the right to ask for:

  • correction and/or completion of personal data in case of its incompleteness or inaccuracy,

  • erasure of personal data (when applicable),

  • restriction of the processing of personal data.

IMPLEMENTATION

All Association employees are fully aware of this policy and of their rights, duties and responsibilities under the data protection laws.

All contractors, consultants, partners or other servants or agents of the Association must ensure that they and all of their staff who have access to personal data held or processed for or on behalf of the Association are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the data protection laws.

VARIATION OF POLICY

The Association reserves the right to amend this policy in line with legislation and operational needs.