Introduction 

As an access to justice organization, The Hague Institute for Innovation of law (HiiL) is committed to using data responsibly in order to uphold the rights of the individuals, groups, and organizations with whom we work. People who provide us with their personal data have rights with regards to the protection and use of information related to them and HiiL has a responsibility to uphold those rights. HiiL is also committed to processing data in accordance with its responsibilities under the GDPR.

Data is the physical representation of information in a manner suitable for communication, interpretation, or processing. It can be numerical, descriptive, audio, or visual. This Data Protection Policy (hereinafter also: “Policy”) pertains to data collected for our Innovating Justice Forum 2021. HiiL will uphold this policy whenever we collect data directly. 

Policy elements

Section 1: Receiving personal data

1. In order to ensure that all Innovating Justice Forum participants can be kept up to date on the Forum programme, participate effectively in any programme elements and secure networking opportunities, HiiL can receive from third parties personal data such as e-mail addresses, organization names, positions and names of individuals, using the Hopin platform and the associated services. Forum participants are instructed to only submit to HiiL personal data that is necessary to process in light of the described purposes.
2. Personal data received by HiiL can be stored in only three places – the server of Hopin, a dedicated HiiL Google Workspace Shared Folder and Insightly, the specific CRM software used by HiiL, whereby access is properly registered and granted to a limited number of the HiiL workforce..
3. No data can be edited, revised or in any other way tampered with, without the express permission of the party providing the data or information 
4. Access to this Gdrive Shared Folder, Hopin and the CRM software, is granted and recorded by the Director of Shared Services or the Director of Projects only to the HiiL workforce  who will directly work with the specific personal data. 

Section 2: Processing of personal data 

1. Processing of personal data will be strictly limited to contacting, distributing information and re-inviting registered participants to the Innovating Justice Forum, as well as used for future marketing purposes, such as distributing of reports and other HiiL-related content, and is to be done through Hopin, direct email or CRM software.
2. HiiL will not disclose personal data to third parties for direct electronic marketing, without specific consent or except as part of a specific program or feature for which the registered participant will have the ability to opt-in or opt-out.
3. Staff members who have been granted access to personal data are subject to a strict duty of confidence.
4. The Director of Shared Services monitors the process of receiving, storing and processing personal data. The Director of Shared Services ensures that personal data collected for the Innovating Justice Forum 2021 are processed in line with the criteria of GDPR.
5. In the absence of the Director of Shared Services the Director of Projects takes over her/his responsibilities as mentioned in this Policy.

Section 3: Data retention

1. HiiL ensures that personal data is stored securely using reliable software and hardware tools that are kept-up-to-date.  
2. HiiL uses Gdrive storage services which are ISO 27001, ISO 27017 and ISO 27018 certified and are protected by state of the art security measures from Google Inc.
3. Gdrive Shared Folders are protected with a secure password authentication process. 
4. Appropriate back-up and disaster recovery solutions provided by Google and their service Gdrive are in place. 
5. In the event of a breach HiiL will promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the relevant parties.
6. All devices used by the HiiL workforce  to gain access to personal data are protected with up to date anti-virus software and the latest operating system updates.
7. In the case of a party wanting to remove their personal data, the party in question can direct this request to innovatingjusticeforum@hiil.org. 
8. Should the collected personal data no longer be needed for the purposes specified in this Privacy Policy, HiiL will ensure its deletion within a reasonable timeframe.

Governance and implementation

The responsibility for this Policy rests with the Director of Shared Services. This document will be reviewed every year. 

HiiL reserves the right to change this Privacy Policy from time to time, and at HiiL‘s sole discretion. All changes hereto will be made available on the Innovating Justice website: https://innovatingjusticeforum.hiil.org/. HiiL will inform of the changes by email, if available, in case of any significant changes affecting the registered participant’s rights.

Contact information

Claudia Heemskerk, Director of Shared Services
T: +31 (0) 70 762 0700 | E: privacy@hiil.org
Muzenstraat 120, 2511 WB The Hague, The Netherlands  
www.hiil.org