• English
  • العربية
  • 中文
  • Français
  • Русский
  • Español

Information Concerning the Personal Data Privacy Policy of the International Atomic Energy Agency

General Information

The IAEA is committed to processing personal data in an accountable and non-discriminatory manner. As an autonomous intergovernmental organization in relationship with the United Nations, enjoying privileges and immunities that derive, inter alia, from its Statute, the IAEA is not bound by the EU's General Data Protection Regulation (GDPR). The IAEA processes, or ensures processing of, personal data in carrying out its mandated activities based on the IAEA Personal Data Privacy Policy.

The IAEA defines "personal data" as information relating to a natural person (data subject) who can be uniquely identified by that information, either directly or indirectly through recognizable attributes. The IAEA uses the term "data processing" to describe all activities associated with the handling of personal data, including the collection, storage, usage, transfer and disposal of personal data. 

The Privacy Policy is integral to the IAEA's administrative framework on data governance. It is implemented without prejudice to the privileges and immunities of the IAEA, deriving from such instruments as the Statute and the Agreement on the Privileges and Immunities of the International Atomic Energy Agency. 

In line with our Privacy Policy, the IAEA processes personal data in accordance with the following principles:

Fair and Legitimate Processing

The IAEA processes personal data in a fair manner, and based on any of the following: 

  1. The mandate and applicable legal framework of the IAEA, including its Statute and applicable decisions of its Policy-Making Organs; 
  2. The best interests of the data subject, consistent with the mandate of the IAEA; 
  3. The consent of the data subject, consistent with the mandate of the IAEA; or 
  4. Any other legal basis specifically identified by the IAEA. 

Purpose Specification

Personal data should be processed for one or more specific purpose(s), consistent with the IAEA’s mandate, and is not to be processed in a way incompatible with such purpose(s).

Proportionality and Necessity

The processing of personal data should be relevant, adequate and limited to what is necessary in relation to the specified purpose(s) of personal data processing.

Retention

Personal data should be retained only for the time that is necessary for the specified purpose(s) in accordance with the IAEA’s Records Retention Schedules.

Accuracy

Personal data should be accurate and, where necessary, up to date to fulfill the specified purposes. 

Security

Personal data should be processed with due regard to its level of classification, and in accordance with any applicable IAEA frameworks regarding the handling and protection of such information. The IAEA should implement appropriate organizational, administrative, physical and technical measures to protect the security of personal data from unauthorized or accidental access, damage, loss, disclosure or other risks presented by data processing.

Transparency and Access

Processing of personal data should be carried out with transparency to the data subjects, as appropriate and whenever possible. This should include, for example, provision of information about the processing of their personal data as well as information on how to request access, verification, rectification, and/or deletion of that personal data, insofar as the specified purpose for which personal data is processed is not frustrated.

Transfers

In carrying out its mandated activities, the IAEA may transfer personal data to a third party, provided that, under the circumstances, the IAEA satisfies itself that the third party affords appropriate protection for the personal data,

Accountability

The IAEA should have adequate policies, procedures and processes in place to adhere to this Policy.


The Office of the Deputy Director General, Department of Management, is the focal point for data privacy issues, and the designated Data Protection Officer provides advice to ensure that personal data is processed in accordance with these principles.

Should you have any questions or concerns about the protection or processing of your personal data by the IAEA, please complete our online form available here.

Stay in touch

Newsletter