Privacy Policy

The International Committee of the Red Cross (ICRC) is an impartial, neutral and independent organization whose exclusively humanitarian mission is to protect the lives and dignity of victims of armed conflicts and other situations of violence and to provide them with assistance.

The ICRC is committed to treating your personal data with security, respect and confidentiality: the processing of an individual's personal data carried out by the ICRC is performed in compliance with the ICRC Rules on Personal Data Protection, available here.

This privacy policy describes why the ICRC collects your personal data, what information is made available to the ICRC and third parties when you visit the Missing Persons Website at https://missingpersons.icrc.org/, how ICRC uses, stores and protects that information. You will also find information on how you can exercise your data subject rights. The ICRC will not use any personal data disclosed to it in ways other than as set forth in this privacy policy.

1. What personal data do we collect, and how?
    
   1. Information you give us
      We obtain personal information from you when you communicate or share information with us for the purpose of posting an event, news story, publication, training activity or entering information into the Missing Persons website’s directory.
      Depending on the specific purpose (see section 2 below), we may ask you to provide, inter alia, part or all of the following personal information: your full name, email address, phone number, company/organization.

   2. Information we collect automatically: cookies and web analytics
      We automatically collect information through the ICRC website to help administer, protect, and improve our services.

      Such information may include information regarding your device, such as your IP address, your operating system, browser type and activity, internet service provider, platform type, device type, location of the device accessing the website, and other information necessary to detect bots and ensure the security of the website including mouse movements, scroll position, gyroscope / accelerometer, keypress events, touch events and the date and time of your access to the website, traffic data (such as the number of visitors to our website, the pages you visited on our website, the time spent on the website, the number of downloads from the website). This information may be collected using cookies and analytics.

      Cookies are small data files made up of letters and numbers placed onto your computer or other mobile devices when you access the ICRC website. We use cookies to collect information about you to the extent necessary to ensure its website functionality and performance as well as for the purpose of targeting its audience and tailoring the content offered to the public both on its website and elsewhere.

      If you do not wish to have cookies installed on your computer or mobile device, you can set your browser to notify you before you receive a cookie, giving you the chance to decide whether to accept it. You can also set your browser to turn off cookies.

   3. Links to third-party websites
      Our website provides links to third party websites and social media platforms - such as Facebook, Twitter, and LinkedIn - that may collect data about you if opened.

      The ICRC does not govern the processing of personal data by such third parties, so we suggest that you refer to the privacy policies of these websites should you wish to have more information.

2. Why do we collect your personal data?
   
   We collect your personal data for one or more of the following purposes:

   1.  To allow you to contact us and/or receive information from us;
   2. To allow you to post an event, a news story, a publication or training activity, or to add your organization to the directory of the Missing Persons Website;

   3. To analyze web statistics and log files, with the aim of improving the functioning and security of our website;
      
      Your personal data are not used for automatic profiling or decision-making.

3. Who processes your personal data and with whom are they shared?
   
   All the information, including personal data, that you provide as content when posting an event, news story, publication or training activity or as information on organizations on the Missing Persons Website will be reviewed before being considered for publication on the website.
   
   The personal data you provide for the specific purpose of submitting content (e.g. name or email address) will not be made publicly available on the website, nor will it be shared with any third party external to the ICRC. Internally, all personal data collected by the ICRC are processed only by designated ICRC staff members or agents, for one or more of the specific purposes listed above, and only on a strict need-to-know basis.
   
   For the specific purpose of improving the functioning and security of our website (e.g. determining whether a user of the website is a human or a bot), a third party captcha (bot detection) service provider will use cookies to collect the following information, including personal data: 
   your IP address, your operating system, and your browser type, internet service provider, platform type, device type, location of the device accessing the website, and other information necessary to ensure the security of the website including mouse movements, scroll position, gyroscope / accelerometer, keypress events, touch events and the date and time of your access to the website. For more information, we suggest you refer to the Privacy Policy of our captcha provider, hCaptcha.
   
   We also use Google Analytics, a web analytics service provided by Google Inc., to help us identify how people are using our website by processing the information mentioned above. Likewise, for more information, we refer you to the Google Privacy Policy.
   
   We will never rent or sell your personal information.
   
   In case of sharing your data with third parties, we ensure as much as possible that the recipient has provided sufficient proof of compliance with the principles set out in the ICRC Rules on Personal Data Protection. This includes contractual obligations ensuring an adequate level of protection of the personal data shared from us.

4. How long do we keep your data?
   
   We will keep your personal data only for as long as necessary to fulfil the purposes for which we collected them.
   
   To determine the appropriate retention period, we consider the nature and sensitivity of your personal data, potential risks of harm from unauthorized use or disclosure of your personal data and the purposes for which we process your personal data. Our standard practice is that data no longer needed should be deleted.
   
   When we no longer need your personal data, or when you request they be erased, we will delete your data. However, the ICRC cannot control their further dissemination by third party entities or individuals of information, including personal data, that has been published on the Missing Persons Website.
   
   hCaptcha retention policy
   
   Google retention policy

5. What measures do we have in place to protect and safeguard your information?
   
   We take the protection of your personal data very seriously, and we therefore apply adequate technical and organizational measures to protect against accidental loss and unauthorized access, use, destruction or disclosure of data. Some examples of these measures are:

   1. An official ICRC username and password are required in order to access our IT systems.

   2. Authentication and authorization for the IT systems are based on roles and tasks.

   3. Our data center is physically protected and covered by our Privileges and Immunities.

   4. Network security is configured to prevent external threats from accessing our infrastructure.

6. What are your rights regarding our processing of your personal data?

   1. ​​Information and Access
      You have the right to request certain information about the personal data we hold about you. Furthermore, you are given the opportunity to verify your Personal Data and to access them.

   2. Correction
      You are also entitled to request the correction of any mistakes or inaccuracies in your personal data provided we are able to verify your identity. Please note that this does not apply in case your correction request relates to an assessment carried out by our staff and you are unable to provide sufficient proof of the assessment's inaccuracy or respective data are contained in a record held by our archives.

   3. Erasure
      You are entitled to request that your Personal Data are fully deleted from the public website and our systems. However, there may be certain circumstances where we are obliged to retain your Personal Data.

   4. Objection
      You have the right to object at any time to the Processing of your Personal Data on compelling legitimate grounds relating to your particular situation. Any objection of this kind will be accepted if your fundamental rights and freedoms in question outweigh our legitimate interests, or the public interest, in Processing.
      You also have the right to withdraw your consent and opt-out of receiving future information from the ICRC via e-mail at any time. Please communicate your wish to unsubscribe at the email address missingpersons@icrc.org.

7. Contact us
   
   We aim to always meet the highest standards to safeguard your privacy. Please contact us, if you require more detailed information on your rights regarding the personal data you have provided to us, the way we collect and use them, or if you wish to exercise any of the rights set out above.
   You can find our contact details, depending on your specific request(s), on this page.
   If we fail to resolve your question or complaint, you can contact the ICRC Data Protection Office at dpo@icrc.org.
   Should a complaint not be resolved with the assistance of the Data Protection Office, the complaint may be escalated to the ICRC Data Protection Independent Control Commission, in accordance with the ICRC Rules on Personal Data Protection.