Privacy Policy

Introduction

The Chartered Institute of Internal Auditors (IIA) takes the privacy of its members customers employees, suppliers, subcontractors and other contacts extremely seriously and is committed to protecting your personal information and complying with all current Data Protection legislation.

This Privacy Statement relates to the use of any personal information you provide to us online or via application forms, telephone, email exchange, letters or correspondence.

If your details have been provided by a third party, such as a centralised event booking provider the Institute acts as the data processor and will use your information only for the purposes instructed by the booking agent.

Membership applications are only accepted from you as an individual regardless of who is paying. The Institute will always act as the data controller for all membership related data collection and processing.

The IIA website occasionally contains hyperlinks to websites owned and operated by third parties. These third party websites have their own privacy policies, and are also likely to use cookies, and we therefore urge you to review them. We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.

What information does the IIA have about me?

When you participate in or sign up to any of the IIA’s services such as events, training, membership, online newsletters we may collect and store personal information about you. We will also collect information about you if you supply the Institute with goods or services.

This information can consist of information such as your name, email address, postal address, telephone or mobile number and date of birth, depending on how you are engaging with us. By submitting your details, you enable us to provide you with the products or services that you have selected.

How will you use my personal information?

We will use your personal information for a number of purposes including:

  • to provide you with information you have asked for about our products, services and activities and to deal with your requests and enquiries
  • for "service administration purposes", which means that we may contact you for reasons related to the service or activity you signed up for (eg, change of details regarding a course you booked, etc)
  • to contact you about an application you have made or a service you supply
  • to process your application for employment and where applicable  your employment once appointed

The IIA will tell you via a fair collection notice at the time you supply your information what the information will be used for and the lawful purpose of our processing.

The IIA will never sell your data to third parties but will share it with our approved third party processors such as event venues and mailing houses. We will tell you at the time we collect your data the nature of the organisations with whom it will be shared.

The IIA will require all third parties with whom we share data (data processors) to demonstrate via a non disclosure agreement that they comply with all current UK Data Protection legislation.

If you are joining as a member the IIA will share your name, membership number and email address data with the Institute’s global body in the US. This will be used solely for the purposes of issuing you with password access to the content of the global website. IIA global undertake to comply with all current and future EU data protection requirements.

The IIA may contact you:

  •  to send you relevant communications as part of a membership benefits package
  •  to remind you of important deadlines and/or renewal notifications
  •  in relation to any service or activity you have signed up for in order to ensure that we  can deliver the services to you
  •  in relation to any correspondence we receive from you or any comment or complaint you make about our products or services
  •  to invite you to participate in surveys relate to IIA services or the profession (participation is always free and voluntary)

We will only send you information related to the product or service you have enquired about or ordered and will tell you, before you give us your information, our lawful purpose for processing your data.

We would like to send you information about other related services or products and will seek your explicit consent to do so. We will never assume consent by using opt out or pre - ticked consents.

We will offer you online access to change your marketing preferences at any time and you may also do so by contacting dataprotection@iia.org.uk

How long will the IIA keep my personal information for?

We keep the information we hold about our customers and members for as long as is necessary to deliver the services we are providing you with, and to comply with other legislation such as the requirement to retain financial records.

In certain circumstances you have the right to request erasure of your data (commonly known as the “right to be forgotten”). If you wish to exercise this right please contact dataprotection@iia.org.uk We will respond to your request within one month.

Where do you store my information?

We use a variety of procedures and secure technologies to help protect your personal information from unauthorised access, use or disclosure. We store personal information you provide on computer systems which have carefully controlled access and which are located in secure facilities. All data we hold is held on secure servers located in the UK or EU.

Any highly confidential information (such as a credit card numbers and bank details) that we hold and process is managed over the Internet by third party encryption software and protected using industry standard security measures.

Can I find out what personal information the IIA holds about me?

You have the right to access personal information held about you. Wherever possible we will provide access online behind a personal login. Where this is not possible, or where supplementary information is held, such as in manual filing systems, we will supply you with a copy of your information within one month of your request.

Questions or complaints?

If you any questions comments or complaints about how we have handled your information please email dataprotection@iia.org.uk  You also have the right to complain directly to the Information Commissioners Office  https://ico.org.uk/

Page last updated: May 2018