The INTOSAI Development Initiative (IDI) is committed to protecting your privacy. Where we ask you to provide us with any information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement, and in line with EU General Data Protection Regulation 2016/679 (“GDPR”).
On this page
- Who we are and how to contact us?
- Why and what personal data we collect from you?
- What are the lawful basis for our processing?
- How do we collect the personal data from you?
- How do we share your personal data with other parties?
- Security of your personal data
- How long do we keep your personal data?
- We keep your information up to date
- Your rights related to the personal data we collect
- Other websites
- Where to complain
- Changes to our privacy notice
Who we are and how to contact us?
IDI is a non-profit organisation based in Norway. We support Supreme Audit Institutions in developing countries to sustainably enhance their performance and capacities. In our engagement with you, we are responsible for the usage of your personal data. If you have any questions, please feel free to send an e-mail to Jianhua Qian, Coordinator with GDPR Compliance Responsibility: [email protected]
Why and what personal data we collect from you?
In short, IDI collects your personal data in order to meet our goals in supporting SAIs with performance development and capacity building.
Personal data collected for all initiatives (including programmes, courses, e-learning, learning events and other activities to support SAIs as described):
- Name, gender (for reporting purpose), language, designation
- SAI/organisation, office address, postal code, e-mail address
Personal data collected for initiatives with qualification requirements:
- Educational background
- Working experience
In addition to the above, some personal data is collected based on how a specific event is organised:
Onsite events – for travel, accommodation and meeting arrangements
- passport copy
- mobile phone numbers (airport pickups)
- departure city/arrival city
- food restrictions (for meals arrangement)
- needs of persons with disabilities
- next of kin contact details
- banking details (only when you are entitled to reimbursements)
- itineraries/air tickets
- hotel check in/out information
eLearning courses – for IDI LMS IDI Learning Management System
- Users logs
- Assignments you submit
- Discussion forum records
Webinars, online meetings and another online synchronous activities
*Normally all webinars are recorded. Please note that if you have been sharing your audio or video during the sessions, this data will be collected.
Publications: articles, training materials, GPGs, reports
- photos taken during onsite events
Reporting and archiving
- name, SAI/organisation, gender, e-mail address
- photos taken during onsite events
- result of tests *
- eLearning course grades, completion rate *
- record of certificates/diplomas *
- course/event attendance record
*not in all eLearning courses.
When you contact us by email, letter or on the phone, we may also store such information to help us process your request efficiently.
Where do we store your personal data
We use Microsoft office 365 cloud solution for data storage. All data collected by us are stored in Microsoft data centers within EU.
What are the lawful basis for our processing?
We process your personal data based on legitimate interests, performance of a contract, compliance with a legal obligation and consent.
For example, in order to admit you into an capacity building initiative/a course, we process your contact information, educational background, working experience etc. This is our legitimate interest.
We process your contact information, account details in order to sign and fulfill a contract. This is based on ‘performance of a contract’ lawful base.
We keep the payment transaction record for a longer period of time, this is based on a legal obligation. (see ‘’How long do we keep your personal data?)
We may also ask you for your consent to process some of your personal data. For instance: - whether it is okay to keep your contact information and attendance record to initiatives/events and for as long as our organisation exists.
Whether it is okay to use photos taken during the events in our communication materials, or food restrictions for conference package arrangements.
How do we collect the personal data from you?
We collect your personal data through the following channels:
- Online registration forms (Google Forms, Microsoft Forms, Limesurvey, and other online tools)
- Nominations from your Supreme Audit Institution (SAI) via e-mail or other means
Security of your personal data
We have implemented appropriate controls to protect your personal data against unauthorised access or accidental loss.
How long do we keep your personal data?
We do not keep your information for longer than necessary.
Retention period of your personal data depends on the purpose of which information was collected. The specific time span is indicated in each data consent form. Once your personal data is no longer needed, or you withdraw your consent, we will delete your personal data.
IDI will regularly delete users who have not been active in IDI LMS for more than two years.
In the meantime, users can also remove their own personal data by deleting their user account at any time. A video tutorial on how to delete user account is available at: https://drive.google.com/file/d/1KVXh8Mm7nUyzWqvDUzYdeVnZ3FMn8Cqq/view
Documents and records stored in IDI financial system follow the Norwegian State Regulations in Financial Management. They are to be stored for 3 years and 6 months to 10 years after the end of the financial year, depending on the nature of the documents. (source: https://www.regjeringen.no/globalassets/upload/fin/vedlegg/okstyring/reglement_for_okonomistyring_i_staten.pdf )
However, personal data collected for “archiving and reporting” purpose will be stored for as long as our organisation exists. Proper security measures will be taken to ensure the safety of your data.
We keep your information up to date
We want to make sure that any personal information we hold about you is accurate and up to date. Please contact us to correct or remove information you think is inaccurate.
Our website contains links to other websites which are not run by IDI. This privacy notice only applies to IDI website. Therefore when you link to other websites, we advise you to read their own privacy policies.
Where to complain
We work to high standards when it comes to processing your personal information. If you would like to send a complaint to Norwegian Data Protection Authority, who oversee personal data protection in the country, please write to [email protected] .
Changes to our privacy notice
We review our privacy notice regularly and we will place any updates on this web page. This privacy notice was last updated on 1 February 2023.