Last updated: 16 August 2019
- Who are we?
- How do we collect your personal data?
- What personal data do we collect?
- How do we process and use your personal data?
- What is the legal basis for processing your personal data?
- Who do we share your personal data with?
- International data transfers
- How long do we keep your personal data?
- How do we protect your personal data?
- What are your rights under the GDPR?
- Direct marketing and unsubscribing from marketing
- How can you contact us?
CFA UK is a data controller for the purposes of the General Data Protection Regulation (the "GDPR"). This means we decide how and for what purposes your personal data is processed. The processing is governed by the GDPR and other applicable data protection laws.
2. How do we collect your personal data?
The term "personal data" is defined broadly under the GDPR as any data that from which a living individual can be identified. Personal data can include, but is not limited to, your name, address, email address, online identifiers (e.g., IP addresses), customer services data, feedback forms, location data, biometric data, financial information and much more.
We collect your personal data both directly and indirectly. We collect your data directly when you:
- register for an examination;
- register as a CFA UK Member or CFA Institute Member with CFA UK as your local society;
- purchase training manuals;
- apply for or renew your membership;
- register for events, courses, or online webinars;
- apply for or renew your Statement of Professional Standing (SPS);
- apply for pre-employment verification, directly, via your company or via a screening agency;
- register on CFA UK’s jobs board;
- use CFA UK’s online community tools or Learning Platforms;
- use a mobile application associated with delivery of a CFA UK product or service;
- register your interest in, or purchase, CFA UK’s products or services;
- volunteer with CFA UK;
- respond to surveys, or speak to us via telephone;
- correspond with us by phone, email or otherwise; and
- use our websites.
All CFA UK qualifications include the opportunity for candidates to request reasonable adjustments prior to taking an examination. As part of this application process, personal data classified as a "special category" data may be collected. Such data is also collected where candidates wish to request special consideration. This classification of data includes data about your health. Where you are requesting a reasonable adjustment or special consideration we will always seek explicit consent from you to process that information for the stated purpose only.
We may collect your personal data indirectly via our relationship with your employer, CFA Institute or third parties who may purchase products or services on your behalf, for example, training providers.
3. What personal data do we collect?
- your name, gender, date of birth, contact details, employer, job role, training provider if you are an examination candidate;
- identification documents for the purposes of verifying your name if you are an examination candidate;
- examination result and assessment data, history of qualifications held if you are or were an examination candidate;
- special categories of data, if you are an examination candidate and you wish to share this data with us for the purposes of a reasonable adjustment / special consideration application;
- If you are a CFA UK member, your name, date of birth, contact details, employer, your job role, payment transactions, and a record of your interactions with us;
- If you volunteer with CFA UK, a record of your volunteer interactions;
- details about products and services you have purchased to enable delivery of a contract;
- if you are a user of CFA UK’s online communities, learning platforms, websites or mobile applications, then details regarding your interactions with those systems;
- any consents and preferences provided by you, via email, telephone or otherwise;
- your unique identification number(s) provided by the regulator or by other professional bodies;
- information in relation to your application for an SPS and responses you or your employer may have provided in relation to your SPS and the Continuing Professional Development (CPD) audit;
- details on your membership with CFA Institute, including your CPD record;
- details of any publicly available criminal convictions, your disciplinary history with CFA UK and CFA Institute including our contact with other professional bodies and the regulator.
Please note that we do not store payment card details on our systems. If you make a card payment online to pay for CFA UK services or products, you will be redirected to a secure payment service provider who will take your payment on our behalf and then return you to our website when your order has been completed.
We may ask you to complete surveys or questionnaires from time to time. If you complete them, we may use the information collected to personalise the website and to target marketing to relevant users.
We also collect usage and tracking data from devices you may use to connect to our websites or services using cookies and other internet tracking software. For information on the cookies we use and the purposes for which we use them, please read our cookies policy.
There are a number of main methods of interaction with us: as a CFA UK qualification Candidate, as a local CFA UK Member, as a CFA Institute Member with CFA UK as your local society or a person interested in CFA UK’s products and services. Based on those that apply to you, we collect and use your personal data for the following purposes:
- to communicate information about the products or services in which you have expressed an interest;
- to verify your identity;
- to manage our relationship with you and administer your account, including payments;
- to provide a qualification service, monitor examination results and performance, entitlements, digital badging and ancillary products;
- to maintain and manage your history of accreditations and qualifications;
- to provide membership services and associated benefits of membership;
- to provide the online community platforms that enable members within a community to share ideas and resources;
- to deliver and optimise our websites and learning platform services to members;
- to maintain the online member and volunteer directories;
- to book places on CFA UK events or courses including the delivery of the event or course and necessary follow-on processing;
- to carry out statistical analysis, reporting, regulatory reporting and to improve our services;
- to meet internal operational requirements;
- to investigate and resolve complaints; and
- to carry out disciplinary, audit and regulatory functions.
We rely on one or more of the following processing conditions in order to process your personal data:
- to perform our obligations under any contracts that have been agreed with you in relation to membership, for a qualifications, events or courses, verification services or Statements of Professional Standing (SPS);
- our legitimate interests in the effective delivery of information and services to you and in the effective and lawful operation of our businesses (provided these do not interfere with your rights);
- to satisfy any legal and regulatory obligations to which we are subject; and
- where no other condition for processing is available, if you have agreed to us processing your personal data for the relevant purpose.
We share your personal data with the following parties:
- Pearson VUE and NCS Pearson Inc., based in the European Economic Area (‘EEA’) and in the USA, who deliver examinations on our behalf, or any other examination partners selected from time to time;
- third party providers for delivery of products and services, based in the EEA or in the USA;
- training providers who administer examinations on your or your employer’s behalf;
- your employers who may book you onto an examination, purchase services or products on your behalf or who may provide information relating to an SPS (Statement of Professional Standing) application or renewal;
- where you have successfully completed a CFA UK qualification, with a digital credentialing provider;
- where you are an event registrant, with event sponsors, event and course venues, providers or firms who manage our events and courses;
- CFA Institute, based in the EEA and in the USA, where you are or were a joint member or a CFA Program candidate;
- other CFA UK and CFA Institute volunteers, members and other CFA UK interest based communities that you may choose to join, via our online community platform where your name will be made visible within the platform for the purpose of such parties communicating with and identifying you;
- other professional bodies and regulators;
- members of the public, if you hold a CFA UK SPS (Statement of Professional Standing) and they contact CFA UK to additionally request confirmation of your CFA UK membership status; and
- other third parties where you provide consent to do so.
We transfer your personal data to countries outside of the EEA for the purposes of delivery of examinations, events or courses, for the purposes of administering your membership record or SPS application, and for providing online community platform services and jobs board services. If you are a joint member of CFA UK and CFA Institute, or if you are a CFA Program candidate, your data will be transferred outside of the EEA as part of our data sharing arrangements with CFA Institute.
Where we collect your personal data within the EEA, transfer outside the EEA will only be:
- to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
- under an agreement or mechanism which satisfies EU requirements for the transfer of personal data to data processors or data controllers outside the EEA, such as standard contractual clauses approved by the European Commission or the EU-US Privacy Shield Framework in relation to transfers of personal data from the EEA to the USA.
We retain your personal data for as long as it remains necessary in relation to the purposes for which it was collected. For examination candidates we hold your data indefinitely as proof of your examination history or your having sat the examination. After you cease being a customer of CFA UK we may continue to hold your data to enable CFA UK to respond to questions or to complaints or to comply with legal or regulatory requirements.
9. How do we protect your personal data?
To protect the security of your personal data, we have appropriate technical and security measures in place including both physical and technical safeguards. We have a governance model that ensures adequate policies, procedures and controls are in place to manage the risks.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the Internet (including by email) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
10. What are your rights under the GDPR?
Under the GDPR you have the rights listed below, however they do not all apply in all circumstances. If you wish to exercise any of these rights, we will explain at the time if they apply or not. You have the right to:
- access, rectify or request erasure of your personal data;
- restrict the processing of your personal data;
- request the portability of your personal data;
- object to our processing of your personal data; and
- withdraw your consent to our processing of your personal data (to the extent such processing is based on consent and consent is the only permissible basis for processing).
You also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office: https://ico.org.uk/for-the-public/.
11. Direct marketing and unsubscribing from marketing communications
Where we are legally required to obtain your consent to provide you with marketing materials, we will only provide you with such marketing materials if you have provided consent for us to do so.
If you want to unsubscribe from mailing lists or any marketing, you should follow the unsubscribe link provided in the relevant communications.
If you do not wish to receive marketing communications from us, you can at any time contact us to request that such communications cease. If you choose to unsubscribe from any or all mailings, we may retain information sufficient to identify you so that we can honour your request.
You can manage your email preferences via the CFA UK preference centre which is included in a link on all member emails you receive.
12. How can you contact us?
If you wish to contact CFA UK, please do so via the contact details shown on our website.
If you wish to make a subject access request, please do so via email to firstname.lastname@example.org with ‘Subject Access Request’ in the title of the email, or in writing to Subject Access Request, CFA Society of the UK, 4th floor Minster House, 42 Mincing Lane, London EC3R 7AE.
If you have any questions or concerns about our use of your personal data, or would like to exercise one of your rights set out above, please contact us at CFA Society of the UK, 4th floor Minster House, 42 Mincing Lane, London EC3R 7AE or at email@example.com.
Last updated: 16 August 2019