Last updated: 22 February 2021
- Who are we?
- How do we collect your personal data?
- What personal data do we collect?
- How do we process and use your personal data?
- What is the legal basis for processing your personal data?
- Who do we share your personal data with?
- International data transfers
- How long do we keep your personal data?
- How do we protect your personal data?
- What are your rights under the UK GDPR?
- Direct marketing and unsubscribing from marketing
- How can you contact us?
CFA UK is a data controller for the purposes of UK GDPR (being the General Data Protection Regulation (Regulation (EU) 2016/679) (the "EU GDPR") as incorporated into UK law by the European Union (Withdrawal) Act 2018 and subsequently amended by the Data Protection, Privacy and Electronic Communications (Amendments etc.) (EU Exit) Regulations 2019 (SI 2019/419)). This means we decide how and for what purposes your personal data is processed. The processing is governed by the UK GDPR and other applicable data protection laws.
The term "personal data" is defined broadly under the UK GDPR as any data that from which a living individual can be identified. Personal data can include, but is not limited to, your name, address, email address, online identifiers (e.g., IP addresses), customer services data, feedback forms, location data, biometric data, financial information and much more.
We collect your personal data both directly and indirectly. We collect your data directly when you:
- register for an examination;
- purchase examination training manuals;
- register, apply for, or renew your membership as a CFA UK member or as a CFA Institute member with CFA UK as your local society;
- create an account on the CFA UK website;
- register for events, courses, or online webinars;
- apply for or renew your Statement of Professional Standing (SPS);
- apply for pre-employment verification, directly, via your company or via a screening agency;
- register on CFA UK’s ‘Careers Centre’;
- use CFA UK’s online community platforms (‘Connect’) or Learning Platform (‘Discover’);
- join a special interest group;
- use a mobile application associated with delivery of a CFA UK product or service;
- register your interest in, or purchase, CFA UK’s products or services;
- volunteer with CFA UK or sign up as a mentor or mentee;
- use CFA UK social media channels;
- respond to surveys, or speak to us via telephone;
- correspond with us by phone, email or otherwise; and
- use our websites.
All CFA UK qualifications include the opportunity for candidates to request reasonable adjustments prior to taking an examination. As part of this application process, personal data classified as a "special category" data may be collected. Such data is also collected where candidates wish to request a special consideration. This classification of data includes data about your health. Where you are requesting a reasonable adjustment or special consideration, we will always seek explicit consent from you to process that information for the stated purpose only.
We may collect your personal data indirectly via our relationship with your employer, CFA Institute or third parties who may purchase products or services on your behalf, for example, training providers.
We may collect the following personal information:
- your name, gender, date of birth, contact details, employer, job role, training provider, country of registration and sitting, if you are an examination candidate;
- identification documents for the purposes of verifying your name if you are an examination candidate;
- examination result and assessment data, history of qualifications held if you are or were an examination candidate;
- special categories of data, if you are an examination candidate and you wish to share this data with us for the purposes of a reasonable adjustment / special consideration application;
- if you are a CFA UK member, your name, date of birth, contact details, employer, your job role, payment transactions, and a record of your interactions with us;
- if you volunteer with CFA UK, a record of your volunteer interactions;
- details about products and services you have purchased to enable delivery of a contract;
- if you are a user of CFA UK’s online communities, learning platforms, websites, social media or mobile applications, then details regarding your interactions with those systems;
- any consents and preferences provided by you, via email, telephone or otherwise;
- your unique identification number(s) provided by the regulator or by other professional bodies;
- information in relation to your application for an SPS and responses you or your employer may have provided in relation to your SPS and the Continuing Professional Development (CPD) audit;
- details on your membership with CFA Institute, including your CPD record;
- details of any publicly available criminal convictions, your disciplinary history with CFA UK and CFA Institute including our contact with other professional bodies and the regulator.
Please note that we do not store payment card details on our systems. If you make a card payment online to pay for CFA UK services or products, you will be redirected to a secure payment service provider who will take your payment on our behalf and then return you to our website when your order has been completed.
We may ask you to complete surveys or questionnaires from time to time. If you complete them, we may use the information collected to personalise the website and to target marketing to relevant users.
We also collect usage and tracking data from devices you may use to connect to our websites or services using cookies and other internet tracking software. For information on the cookies we use and the purposes for which we use them, please read our cookies policy.
There are a number of main methods of interaction with us: as a CFA UK qualification Candidate, as a local CFA UK Member, as a CFA Institute Member with CFA UK as your local society, as a CFA UK volunteer, or as a non-member individual interested in CFA UK’s products and services.
Based on those areas that apply to you, we collect and use your personal data for the following purposes:
- to communicate information about the products or services in which you have expressed an interest;
- to communicate information about products and services directly related to those which you have already purchased / subscribed to;
- for CFA UK, CFA Institute, or the CFA Society in your country if you are based outside the UK, to communicate information about products or services that relate to a CFA UK examination you have registered for;
- to verify your identity;
- to manage our relationship with you and administer your account, including payments;
- to provide a qualification service, monitor examination results and performance, entitlements, digital badging, and ancillary products;
- to maintain and manage your history of accreditations and qualifications;
- to provide membership services and associated benefits of membership;
- to provide services relating to the issue of Statements of Professional standing, including sharing information with other professional bodies as needed;
- to provide the online community platforms that enable members and volunteers within a community to share ideas and resources;
- to deliver, track and optimise our websites and learning platform services to members;
- to maintain the online member and volunteer directories;
- to book places on CFA UK events or courses including the delivery of the event or course and necessary follow-on processing;
- to carry out statistical analysis, reporting, regulatory reporting and to improve our services;
- to meet internal operational requirements;
- to fulfil contracts with CFA Institute and/or a registered CFA Society in your country, relating to CFA UK’s qualifications;
- to investigate and resolve complaints; and
- to carry out disciplinary, audit and regulatory functions.
We rely on one or more of the following processing conditions in order to process your personal data:
- to perform our obligations under any contracts that have been agreed with you in relation to membership, for qualifications, events or courses, verification services or Statements of Professional Standing (SPS);
- our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
- to satisfy any legal and regulatory obligations to which we are subject; and
- where no other condition for processing is available if you have agreed to us processing your personal data for the relevant purpose.
We share your personal data with the following parties:
- Pearson VUE and NCS Pearson Inc., based in the UK, the European Economic Area (‘EEA’) and in the USA, who deliver examinations on our behalf, or any other examination partners selected from time to time;
- third party providers for delivery of products and services, based in the UK, the EEA or in the USA;
- training providers who administer examinations on your or your employer’s behalf;
- your employers who may book you onto an examination, purchase services or products on your behalf or who may provide information relating to an SPS (Statement of Professional Standing) application or renewal;
- where you have successfully completed a CFA UK qualification, with a digital credentialing provider;
- where you are a CFA UK ESG Certificate in Investing examination candidate or certificate holder, based in a country outside the UK, with the CFA Society in that country;
- where you are an event registrant, with event sponsors, event and course venues, providers or firms who manage our events and courses;
- CFA Institute, based in the UK, the EEA and in the USA, where you are or were a joint member or a CFA Program candidate or a CFA UK ESG Certificate in Investing examination candidate or certificate holder;
- other CFA UK and CFA Institute board members, volunteers, members, and other CFA UK interest-based communities that you may choose to join, via our online community platform where your name will be made visible within the platform for the purpose of such parties communicating with and identifying you;
- other professional bodies and regulators;
- our board members to the extent necessary for them to correspond with individuals who have attended board meetings in order to encourage further participation in CFA UK committees and groups;
- members of the public, if you hold a CFA UK SPS (Statement of Professional Standing) and they contact CFA UK to additionally request confirmation of your CFA UK membership status; and
- other third parties where you provide consent to do so.
The UK is still permitting the free flow of data from the UK to the European Economic Area (EEA), maintaining the position pre-1 January 2021 (subject to any future announcements by the Government). Further, despite the end of the Brexit Transition Period on 31 December 2020, the EU has announced that the transfer of data from the EEA to the UK will remain compliant with the EU GDPR until 1 July 2021. Transfers of data between the UK and the EEA therefore continue to be compliant with both the UK GDPR and the EU GDPR.
We transfer your personal data to countries outside of the UK and the EEA for the purposes of delivery of examinations, events or courses, for the purposes of administering your membership record or SPS application, and for providing online community platform services and career’s centre services. If you are a joint member of CFA UK and CFA Institute, or if you are a CFA Program candidate or a CFA UK ESG Certificate in Investing candidate, your data will be transferred outside of the EEA as part of our data sharing arrangements with CFA Institute.
Where we collect your personal data within the UK or EEA, transfer outside the EEA will only be:
- to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
- under an agreement or mechanism which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission or the EU-US Privacy Shield Framework in relation to transfers of personal data from the EEA to the USA.
We retain your personal data for as long as it remains necessary in relation to the purposes for which it was collected. For examination candidates we hold your data indefinitely as proof of your examination history or your having sat the examination. After you cease being a customer of CFA UK, we may continue to hold your data to enable CFA UK to respond to questions or to complaints or to comply with legal or regulatory requirements.
To protect the security of your personal data, we have appropriate technical and security measures in place including both physical and technical safeguards. We have a governance model that ensures adequate policies, procedures and controls are in place to manage the risks.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the Internet (including by email) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Under the UK GDPR you have the rights listed below, however they do not all apply in all circumstances. If you wish to exercise any of these rights, we will explain at the time if they apply or not. You have the right to:
- access, rectify or request erasure of your personal data;
- restrict the processing of your personal data;
- request the portability of your personal data;
- object to our processing of your personal data; and
- withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing).
You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office: https://ico.org.uk/for-the-public/.
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you want to unsubscribe from mailing lists or any marketing, you should follow the unsubscribe link provided in the relevant communications.
If you do not wish to receive marketing communications from us, you can at any time contact us to request that such communications cease. If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.
You can manage your email preferences via the CFA UK preference centre which is included in a link on all CFA UK emails you receive.
If you wish to contact CFA UK, please do so via the Contact Us details shown on our website.
If you wish to make a subject access request, please do so via email to firstname.lastname@example.org with ‘Subject Access Request’ in the title of the email.
If you have any questions or concerns about our use of your personal data, or would like to exercise one of your rights set out above, please contact us at email@example.com.
If you are a data subject based in the EU, we are required by Article 3 of the EU GDPR to appoint a representative based within the EU for data subjects based within the EU to correspond with if you do not wish to contact us directly. The details of this representative are:
Prighter GDPR-Rep by Maetzler Rechtsanwalts GmbH & Co KG
c/o CFA Society of the UK
Last updated: 22 February 2021