In carrying out the mission with which it is entrusted by its member states, the Organization collects and uses personal data related to people interacting with CERN, including CERN contributors (i.e., members of the personnel, consultants, contractors working on site, or persons engaged in any other capacity at or on behalf of CERN), beneficiaries of the pension fund, prospective members of the personnel, suppliers, and members of the public.
In order to ensure appropriate treatment of personal data, CERN commits to managing it in accordance with recognised best practices as well as the CERN Code of Conduct. The latter specifies that CERN contributors shall:
- “Safeguard confidential information, documents or data, and ensure that such material in our possession is properly protected”; and,
- “Respect the privacy of others and protect personal information given to us in confidence”.
To this end, CERN will educate its personnel on the management of personal data and introduce an appropriate framework, in order to:
- strive to collect and process only essential personal data;
- make best efforts to ensure that personal data held is accurate;
- inform individuals on how to access and, if necessary, correct their personal data;
- use personal data efficiently and effectively and only for the purpose(s) described at the point of collection or as otherwise permitted by the Organization’s rules;
- take the necessary security measures to safeguard personal data (including against unauthorised processing and accidental loss or damage);
- ensure that personal data is not transferred without suitable safeguards;
- keep personal data only as long as is necessary for the Organization’s purposes; and,
- destroy personal data which is no longer needed.