Information on the Personal Data Protection and Privacy Principles of the Provisional Technical Secretariat

General Information

The Preparatory Commission for the Comprehensive Nuclear-Test-Ban Treaty Organization (‘the Commission’) is committed to the protection of personal data and privacy. As an international organization under public international law, the Commission enjoys privileges and immunities and is not bound by the EU’s General Data Protection Regulation (GDPR). 

The Provisional Technical Secretariat (PTS) of the Commission processes personal data in an accountable, non-discriminatory and gender-sensitive manner, with respect for the human rights and fundamental freedoms of individuals, in particular the right to privacy, in accordance with Personal Data Protection and Privacy Principles of the PTS.

The PTS defines “personal data” as information relating to an identified or identifiable natural person (‘data subject’), in any form and processed in any manner by, or on behalf of, the PTS in carrying out its activities. 

The PTS processes personal data in accordance with the following principles:

Fair and Legitimate Processing

Personal data should be processed in a fair manner, in accordance with the mandate of the Commission and governing instruments and on the basis of any of the following: 

1. the consent of the data subject; 
2. the best interests of the data subject, consistent with the mandate of the Commission; 
3. the mandate and governing instruments of the Commission; or 
4. any other legal basis specifically identified by the PTS.

Purpose Specification

Personal data should be processed for specified purposes, which are consistent with the mandate of the Commission and take into account the balancing of relevant rights, freedoms and interests. Personal data should not be processed in ways that are incompatible with such purposes.

Proportionality and Necessity

The processing of personal data should be relevant, limited and adequate to what is necessary in relation to the specified purposes of personal data processing.

Retention

Personal data should only be retained for the time that is necessary for the specified purposes.

Accuracy

Personal data should be accurate and, where necessary, up to date to fulfil the specified purposes.

Confidentiality

Personal data should be processed with due regard to confidentiality.

Security

Appropriate organizational, administrative, physical and technical safeguards and procedures should be implemented to protect the security of personal data, including against or from unauthorized or accidental access, damage, loss or other risks presented by data processing.

Transparency

Processing of personal data should be carried out with transparency to the data subjects, as appropriate and whenever possible. This should include, for example, provision of information about the processing of their personal data as well as information on how to request access, verification, rectification, and/or deletion of that personal data, in so far as the specified purpose for which personal data is processed is not frustrated.

Transfers

Personal data may be transferred to a third party provided that, under the circumstances, the PTS satisfies itself that the third party affords appropriate protection for the personal data.

Accountability

The Commission should have adequate policies and mechanisms in place to adhere to these Principles.

These principles are implemented without prejudice to the privileges and immunities of the Commission.