CIPFA has created this privacy statement in order to demonstrate our firm commitment to privacy.
Our contact details
Data Protection Enquiries: firstname.lastname@example.org
Data Protection Officer: Colin Jenkins
Business Address: 77 Mansell Street, London, E1 8AN
Telephone (switchboard): 020 7543 5600
This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. We'll tell you:
- why we are able to process your information
- what purpose we are processing it for
- whether you have to provide it to us
- how long we store it for
- whether there are other recipients of your personal information
- whether we intend to transfer it to another country
- whether we do automated decision-making or profiling
1. Data we collect
a) Data you provide to us
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- website registration
- student membership application
- CIPFA Membership application
- product and event/course bookings
- Professional Qualification (PQ) course, exam, and exemption registration
- you have made a complaint or enquiry to us
- you have made an information request to us
- you wish to attend, or have attended, an event
- you subscribe to our e-newsletter
- you have applied for a job or secondment with us
- you are representing your organisation
'Data' and 'personal information' can include, but is not limited to: names, address, date of birth, email address and telephone number, job title, work place address and contact details, professional qualifications, ethnicity, marital status and title, referees/line manager/next of kin information, invoice address and social media usernames.
We also receive personal information indirectly, in the following circumstances:
- local authorities and subsequent third party contactors of CIPFA
- an employee/member/student of ours give us your contact details as an emergency contact or a referee.
If it is not disproportionate or prejudicial, we'll contact you to let you know we are processing your personal information.
b) Data from your workplace or professional organisation
Your workplace or professional organisation, as part of a contract or subscription with CIPFA, may provide CIPFA with your personal information for example as part of a Memorandum of Understanding to enable CIPFA membership or as part of a network subscription service that your organisation has purchased to allow staff access to best practice information, training course notifications and updates.
c) Data from third parties
Where permitted, CIPFA may collect your personal information from third parties and publicly available sources such as websites and professional registers. For example, as a finance director of a public body your contact details may appear on your corporate website and CIPFA may use these details to provide you with information regarding public sector finance best practice guidance or other regulatory information.
d) Service use
We log usage data when you visit or use our services, including our web sites, such as when you view or click on content (eg watch a learning video or download a publication), perform a search, post in a forum or submit data via a form. We use log-ins, cookies, and internet protocol (IP) addresses to identify you and log your use.
2. How do we use your data?
CIPFA holds personal information and data collected in order to fulfil a variety of purposes:
- to provide and help develop products, services and activities to meet our obligations as a registered charity and for use in direct marketing
- to facilitate payment for memberships, training, examinations, and other services
- to enable CIPFA to make payments to members, suppliers and associates, eg for expenses and fees
- to validate credentials for example to access restricted areas of websites
- to help us communicate relevant information
- to present relevant content on websites, to monitor progress on training programs and determine the effectiveness of promotional campaigns and advertising
- to comply with legislative and regulatory requirements
- to profile and anticipate your interests and potential needs
- to control access to network and information systems security and prevent fraud
Depending on your chosen preferences, we may contact you via telephone, email, post, via our website and online portals and via our social media platforms. We will send you messages about the availability of our services, security, or other service-related issues. We also send promotional messages. You may change your communication preference in MyCIPFA at any time. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.
If you register for an event that is sponsored by one of our third party contractors, we may share your professional personal information (name, job title, organisation and work contact details, telephone number, email address) so you can receive relevant information from the sponsor prior to, or following the event. By signing up to the event you are opting in to having this information passed on to our sponsor or relevant third party involved in the event.
Were appropriate we use your data to investigate, respond to and resolve complaints and improve customer service (eg system bugs or customer enquiries).
We use your personal data for relevant targeted communications to you promoting our services. You may change or opt in and out of these in MyCIPFA at any time. It may take up to 28 days for the changes to be implemented and for you to stop or start receiving emails.
c) Developing services and research
We use data, to conduct research and development for the further development of our services in order to provide you and others with a better, more intuitive and personalised experience, drive membership growth and engagement on our services, and help promote public financial management.
3. How do we share your information?
a) Third parties
We use third party data processors who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.
Providing relevant information to your employer/sponsoring bodies about your participation and progress in professional training and development: This information is only supplied to your employer and sponsoring body as part of an agreed contract with you; for example, sharing your exam results with your designated training manger or your contact details and responses as a contributor to the FM model survey.
Conference and Event delegates: For any sponsored events, delegates' names, job title, organisation and work contact details (work telephone number and email address) will be shared with the sponsors of the event/conference. By registering for an event, you agree to opt-in to sharing these limited details with our sponsor or relevant third party.
To comply with Brexit 2021, any third party who is outside of the UK and not within the ICO's adequacy decision will be required to hold a Standard Contractual Clause with us to ensure the transmission of personal data is kept secure.
b) Legal obligations
In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we'll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.
In order to comply with education guidelines, we keep a record of education certificates obtained by our students at CIPFA for the duration of 100 years. You have the right to have your information erased from our system, however as an exception to the Data Protection Act and GDPR we can keep hold of the certificate withstanding your name and a unique identifiable number only.
c) Members, students and subscribers
Your information may be shared for the following:
- To provide relevant information to your employer/sponsoring bodies about your participation and progress in professional training and development as agreed by you.
- Where other organisations are commissioned by CIPFA to provide specific activities to support the delivery of your membership service. These include:
- Redactive as the publisher of Public Finance magazine and Public Finance International
- Parliament Hill as the provider of the CIPFA rewards website
- Chartered Management Institute as the provider of the Management Direct website
- Callibrand as the provider of the examination platform
- CAPDM as the provider of the Moodle Elearning platform
- Proctor U as the provider of remote invigilation
- Go to Meeting as the provider of webinar platform
- PQ magazine
- Deloitte – Tax Advisory Service
- TechnologyOne - Accounts Closedown
- To comply with legal and regulatory authorities including your listing in the Members Directory
If you wish to view a list of the third party organisations we hold contracts with please contact email@example.com and we will provide you with this information.
4. Your rights to access and control your personal data
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.
a) Your right of access
You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
b) Your right to rectification
You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
c) Your right to erasure
You have the right to ask us to erase your personal information in certain circumstances.
d) Your right to restriction of processing
You have the right to ask us to restrict the processing of your information in certain circumstances.
e) Your right to object to processing
You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.
f) Your right to data portability
This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.
As we hold professional qualifications, some information will not be able to be erased upon request as we have a legal requirement to obtain your certifications for a specific period of time. In this instance, we are able to hide your details from the system and we will erase all content except what is legally necessary.
This also applies for any investigations required for malpractice or negligent use of your qualification or if we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.
You are not required to pay any charge for exercising your rights. We have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
5. How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com or 020 7543 5600.
You can also complain to the ICO if you are unhappy with how we have used your data. The ICO's address:
Information Commissioner's Office
Helpline number: 0303 123 1113
ICO website: www.ico.org.uk