is an online website for the sale of goods and services provided by ICC Services, ICC Academy and Coastline Solutions, collectively named “the Providers”.

The providers are joint data controllers

  • ICC Services SAS is a wholly owned affiliate of the International Chamber of Commerce (ICC), which activity is the sale of ICC publications, conferences and seminars.

ICC Services SAS is located at 33-43 avenue du Président Wilson, 75116 Paris, France, phone +33 1 49 53 28 28, email

  • ICC Academy is a wholly owned affiliate of ICC Services, which activity is the promotion and sale of e-learning courses.

ICC Academy is located at 32 Maxwell Road, #03-05 Maxwell Chambers, Singapore 069115, phone +65 68059453, email

  • Coastline Solutions is company, which activity is providing ICC Digital Library and online training products. Coastline Solutions is located at Clara House, Glenageary Park, Dublin, Ireland, phone +353 1 2352166, email

2. Privacy Statement

The purpose of this Privacy Policy is to inform you, as data subject (herein-after also referred to as “you” or “your”) of the collection, sharing and using of personal data which is obtained from the ICC Knowledge 2Go, accessible on: . You are encouraged to carefully read this Privacy Policy.

ICC Knowledge 2Go website (hereinafter: the “Site”) is provided by ICC Services. By visiting the Site and providing information, you acknowledge that you have been informed and you consent to the processing set out in this Privacy Policy, including with regard to ICC Services, ICC Academy and Coastline Solutions and any processors use and disclosure of personal information which may be collected when you contact ICC Services, place an order, subscribe to ICC email alerts, when you register for events or training, or when you request any other products and services provided by ICC Services in accordance with the purposes detailed in section 4. If you do not wish your personal information to be used by ICC Services in the manner set out in this Privacy Policy, please do not provide us this information but you might not be able to take advantage of some features. Should we wish to use your personal data for other purposes, you will be able to opt in or opt out.


 3. Nature of information collected

In order to ship your order, to receive newsletters or information about products and services, to contact providers for any questions or comments, to purchase products and services, or to register for events and trainings, you may choose to provide some personal information:

Categories of personal data that you provide voluntarily:

  • Identity and professional information: family name, first name, organization, job title, activity, main area of interest, address, email address and mobile phone number;
  • Financial data: payment related information or banking details.
  • Registration account: when you register on this website, you will be required to create an account. You provide your name, a contact email address and a password. You are responsible for all sessions and transactions taken under these details. Therefore, you should keep your password safe at all times and not disclose it to anyone. We advise you to change it immediately if you feel it has been compromised. Information and personal data provided by you through your account will be treated in confidence and will not be disclosed to third parties unless you consented or required to do so by law.
  • The purchase information: The details on your purchase orders will be used by the customer service of the provider. They will be stored in ICC Services database and in the provider database. By creating an account, you consent to receive by email newsletters or commercial offers on similar product and services from ICC Services, ICC Academy or Coastline Solutions unless you opt out.
  • The user can interrupt this subscription by clicking on the unsubscribe link at the bottom of each email or by managing the assets from his/her account on the Site

Personal data that we collect automatically:

When you visit our website, we may collect certain information automatically from your device. In some countries, including countries in the European Economic Area ("EEA"), this information may be considered Personal Data under Applicable Data Protection Laws.

Specifically, the information we collect automatically may include information like your IP address, device type, unique device identification numbers, browser-type, broad geographic location (e.g. country or city-level location) and other technical information. We may also collect information about how your device has interacted with our Website, including the pages accessed and links clicked.

Collecting this information enables us to better understand the visitors who come to our website, where they come from, and what content on our website is of interest to them. We use this information for our internal analytics purposes and to improve the quality and relevance of our website to our visitors.

Some of this information may be collected using cookies and similar tracking technology, as explained further in section 9 below.


4. Purposes of Data Processing/ legal basis/ retention

The providers use your personal data mainly for the purposes below.

The Providers will retain your Personal Data only for as long as necessary for the purposes for which Personal Data has been collected or until you request to no longer receive communications from us in accordance with the European General Protection Regulation and applicable related data protection legislation.

The Providers might retain this Personal Data to comply with further applicable legal, tax or accounting requirements.



Legal basis

Retention period

Using the account


5 years from the last using

Contracts with professionals or consumers


5 years or 10 years for orders over €120,00

Processing with orders


10 years

Processing with deliveries


10 years



10 years

Registering the payment card numbers


15 months

Complying with international sanctions obligations and preventing fraud, corruption and money laundering


5 years from alert registration

Marketing and business development


3 years from the last activity

Sending newsletters


As long as there is no unsubscription



6 months

Answering to any questions and/or inquiries

Legitimate interest

1 year

Maintaining the unsubscription requests

Legitimate interest

3 years


 5. Transfer of data

The providers never sell your personal data to third-party. They are only used by competent services of the providers and by processors to perform functions on providers’ behalf.

The processors are:

  • Amazon Azure, as hosting provider located in France
  • DHL, for deliveries, located in France
  • Tessel 8, for packaging, located in Poland
  • Edition Guard, as ebook provider, located in XXXX
  • Xing SE, for ticketing and payment of events, located in Germany
  • Strip Connect, for payment, located in France?
  • National authorities where required by law for preventing fraud, corruption and money laundering and complying with international sanctions

For the purposes mentioned in section 4, as a global organization, the providers or processors may need to transfer and process your personal information in a country other than your country of residence and/or outside of the European Union, to/in countries which may have different data protection laws. In this case, the providers or the processors will put in place appropriate and adequate operational, organizational, procedural, and technical measures in order to ensure the security and confidentiality of your personal data.


 6. Children

The Site does not sell products for purchase by children. If you are under 18, you may use the Site only with the involvement of a parent or guardian.


7. Security

Protecting your privacy and your personal information is a priority for the Providers and they have taken reasonable measures to protect your personal information from loss, misuse and alteration.

Providers work to protect the security of your information during transmission by using Secure Sockets Layers (SSL) software, which encrypts information you input.

However, please be aware that no data transmission over the Internet or storage technology can be guaranteed to be 100% secure. The Providers can only take steps to help reduce the risks of unauthorized access to information/data. Each individual using the Internet user can also take steps to help protect his/her personal information and is encouraged to do so to further minimize the likelihood that a security incident may occur.


8. Your rights

  • Right to request access, rectification, erasure, restriction processing, object to the processing, portability

The collected information is necessary for your registration and, more generally, for the purposes described in section 4. It is subject to data processing at ICC. In application of the French law on data protection and the European Regulation on the protection of natural persons with regard to the processing of personal data and of the free movement of such data (General Data Protection Regulation “GDPR”) you will benefit from the right to access, rectification, erasure, restriction processing, object to the processing, portability. If you wish to exercise these rights and obtain all relevant information, please contact us at

In which circumstances can you exercise your rights with ICC?

  • Right of access

1. You have the right to obtain from the controller, confirmation as to whether or not your personal data is being processed, and, where that is the case, access to your personal data and the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipient to whom the personal data has been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data is not collected from you, any available information as to it source;
  • subject to the conditions provided by the GDPR, the existence of automated decision-making.

2. Where personal data is transferred to a third country or to an international organisation, you shall have the right to be informed of the appropriate safeguards relating to the transfer.

3. The controller shall provide a copy of the personal data undergoing processing. For any further copies you may request, the controller may charge a reasonable fee based on administrative costs.

4. The right to obtain a copy referred to in paragraph 3 shall not adversely affect the rights and freedoms of others.

  • Right to rectification

You have the right to obtain from the controller without undue delay the rectification of inaccurate personal data. Taking into account the purposes of the processing, you have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • Right to erasure (‘right to be forgotten’)
  1. You shall have the right to obtain from the controller the erasure of personal data without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

i.          the personal data is no longer necessary in relation to the purposes for which it was collected or otherwise processed;

ii.          you withdraw your consent;

iii.          you object to the processing on grounds relating to your particular situation including profiling and there are no overriding legitimate grounds for the processing, or you object to the processing for direct marketing;

iv.          the personal data has been unlawfully processed;

v.          the personal data has to be erased for compliance in accordance with European Union or French law.

  1. Where the controller has made the personal data public and is obliged pursuant to paragraph 1 to erase the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of the personal data.
  2. The right to erasure shall not apply to the extent that processing is necessary for:

i.          exercising the right of freedom of expression and information;

ii.          compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

iii.          archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing;

iv.          the establishment, exercise or defence of legal claims.

  • Right to restriction of processing

1. You shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • you contested the accuracy of the personal data, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and you oppose the erasure of the personal data and requests the restriction of its use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but it is required by you for the establishment, exercise or defence of legal claims;
  • you have objected to processing on grounds relating to your particular situation including profiling pending the verification of whether the legitimate grounds of the controller override yours.

2. Where processing has been restricted under paragraph 1, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the European Union or of a Member State.

3. When you have obtained restriction of processing pursuant to paragraph 1, you shall be informed by the controller before the restriction of processing is lifted.

  • Notification obligation regarding rectification or erasure of personal data or restriction of processing

The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data has been disclosed, unless this proves impossible or involves disproportionate effort. The controller shall inform you about those recipients if you request it.

  • Right to data portability

1. You shall have the right to receive personal data which you have provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from the controller to which the personal data has been provided, where:

  1. the processing is based on consent; and
  2. the processing is carried out by automated means.

2. In exercising your right to data portability pursuant to paragraph 1, you shall have the right to have your personal data transmitted directly from one controller to another, where technically feasible.

3. The exercise of your right to data portability shall be without prejudice to the right of erasure. That right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

4. The right to data portability shall not adversely affect the rights and freedoms of others.

  • Right to object
  1. You shall have the right to object, on grounds relating to your particular situation, at any time to processing which is based on legitimate interests. The controller shall no longer process your personal data, unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
  2. Where personal data is processed for direct marketing purposes, you shall have the right to object at any time to processing of personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.
  3. Where you object to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
  4. At the time of the first communication with you, the right referred to in paragraphs 1 and 2 shall be explicitly brought to your attention of the data subject and shall be presented clearly and separately from any other information.
  5. In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
  6. Where personal data is processed for scientific or historical research purposes or statistical purposes, you, on grounds relating to your particular situation, shall have the right to object to processing of your personal data, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
  • Right to object to automated individual decision-making, including profiling

1. You shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

2. This right shall not apply if the decision:

  • is necessary for entering into, or performance of, a contract between you and the data controller;
  • is authorised by European Union or French law and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests; or
  • is based on your explicit consent.

3. In the cases referred to in sub-paragraph (i) and (iii) above, the data controller shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including the right to obtain human intervention on the part of the controller, to express their point of view and to contest the decision.

  • Right to unsubscribe

If you no longer wish to receive communications from ICC, you may opt out by cancelling your subscription on the ICC Site through the link sent in each email you receive from ICC, or by sending an email to


9. Cookies Policy

  • General

Subject to your prior explicit consent where such consent is required by the applicable law in your jurisdiction, the Site uses “cookies” (i.e., small text files which are downloaded to a user’s device when visiting the Site) in order to improve navigation around the Site for the user and improve the quality of the Site.

By using, you consent to the use of cookies. If you do not consent to such use, you may disable these cookies through your browser.

  • Which cookies are we using?
  • The providers use cookies to save your logged in status and track that you have visited the site. This is useful for you and means that you do not have to login to access your preferences each time you visit the Site. This is also useful for us as it helps us gauge how many users have visited our site.

The Site also uses Google Analytics with the anonymizer function, a web analytics service provided by Google. Google Analytics collects first-party cookies, data related to the device/browser, IP address and on-site/app activities to measure and report statistics about user interactions on the websites and/or apps that use Google Analytics. Google Analytics uses IP addresses to derive the geolocation of a visitor, and to protect the service and provide security to our customers. When anonymizer function is enabled, Google Analytics uses only a portion of an IP address collected, rather than the entire address. The last octet of the user’s IP address prior to its use and storage is removed, which means that the full IP address is never written to disk. This does slightly reduce the accuracy of geographic reporting.
More information on Google Analytics is available under:
More information about IP Anonymization in Analytics:

Parameters of web browsers by default are generally set up in such a manner to accept cookies but you can easily change those parameters by modifying your preferences. If you choose to deactivate cookies, some functionalities, pages or parts of the Site may not be accessible. The Providers are not responsible in such cases.

For more information related to cookies parameters, you can consult the following websites:

Internet Explorer™ – 
Safari™ –
Chrome™ –
Firefox™ –


10. Links to Other Sites

The ICC Knowledge 2Go site may contain links to or from a number of third-party websites (hereinafter referred to as “Third-Party Sites”). The Providers do not, in any way, control or operate the Third-Party Sites. They are not responsible for the privacy practices, content, policies or actions of the Third-Party Sites. This Privacy Policy is only applicable to general information processed by the ICC Knowledge 2Go Site, pursuant to information collected on . The use of any information you may provide to third parties on Third-Party Sites, or which such parties may otherwise collect on other websites, is not governed by this Privacy Policy.


11. Social Networks

Social media plug-ins of social networks such as Facebook, Twitter and LinkedIn or services with user-generated content features are integrated into the ICC Store Sites. Where the ICC Store Sites contain a plug-in to a social network site, these are clearly marked (e.g. with a Facebook button). If you choose to click on one of these buttons or links, your browser connects directly to the servers of the relevant social network. The other website’s privacy policy applies to any personal information you provide to that website. If you do not want the social network to collect the information about you, please review the privacy policy of the relevant social network and/or log out of the relevant social network before you visit the ICC Store Site.


12. Updates to Privacy Policy

To the extent permitted by applicable law in your jurisdiction, ICC Services may, from time to time, revise or update this Privacy Policy. You agree to be bound by such modifications or updates. If we make material revisions to the way we collect or use your personal information such that we are using it for purposes that you have not consented to, we will notify you of the changes and, as the case may be, ask for your explicit consent.

Any changes to this Privacy Policy will become effective upon posting of the revised Privacy Policy on the Internet, accessible through the ICC Store Sites. By continuing to use the ICC Store Sites following such changes, you will be deemed to have agreed to such changes.


10 July 2019