The International Finance Corporation (“IFC”) has adopted core privacy principles for its operations, aligned with global standards for personal data protection. IFC’s Data Privacy Office actively works to protect and maintain the privacy, accuracy and security of the personal data that IFC collects, handles or processes, and seeks to foster a culture that values privacy through awareness.
IFC’s Approach to Personal Data Protection:
- is underpinned by appropriate policies and procedures aimed at supporting effective identification and management of privacy risks across IFC;
Principles Governing Processing of Personal Data by IFC
- Legitimate, Fair and Transparent: IFC’s processing of personal data should be for a legitimate purpose, and processing should be fair and transparent to the individual concerned (often called the data subject).
- Data Accuracy: Personal data should be collected, recorded, and maintained as accurately as possible.
- Storage Limitation: Personal data should be retained and disposed of according to applicable records retention and disposition schedules.
- Security: IFC should use reasonable technical and organizational measures to avoid accidental destruction, loss, alteration, unauthorized disclosure of or access to personal data.
- Transfers of Personal Data: Personal data should only be transferred to third parties for legitimate purposes and with appropriate regard for protection of the personal data transferred.
How to Request Information on Your Personal Data Processed or Held by IFC
As part of its data privacy framework, IFC has established a mechanism for individuals to request information regarding their personal data processed or held by IFC and, when appropriate, to seek redress, as further described here.
Current staff may submit requests using the webform available here.
If you are not currently a staff member of IFC or another World Bank Group institution, you may submit such a request using the webform available here.