Responding to COVID-19: insight, support and guidance

Privacy

CIPFA has created this privacy statement in order to demonstrate our firm commitment to privacy.

Our contact details

Data Protection Enquiries: dpo@cipfa.org 

Data Protection Officer: Chris Wales, Chief Information Officer

Business Address: 77 Mansell Street, London, E1 8AN 

Telephone (switchboard): 020 7543 5600

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services. We’ll tell you: 

  • why we are able to process your information
  • what purpose we are processing it for
  • whether you have to provide it to us
  • how long we store it for
  • whether there are other recipients of your personal information
  • whether we intend to transfer it to another country and
  • whether we do automated decision-making or profiling.

Agreement with this policy is required if you provide information about yourself to us, use our website or make use of CIPFA products and services.

The privacy policy may be updated from time to time and if we make material changes to it, we will provide notice through our services, or by other means, to provide you the opportunity to review the changes before they become effective. If you object to any changes, you may amend how we contact you through the communications preference centre.

You acknowledge that your continued use of our Services after we publish and send a notice about changes to this Privacy Policy means that the collection, use and sharing of your personal data is subject to the updated Privacy Policy.

1. Data we collect

Data you provide to us

Most of the personal information we process is provided to us directly by you for one of the following reasons:

  • website registration
  • student membership application
  • CIPFA Membership application 
  • product and event/course bookings
  • Professional Qualification (PQ) course, exam, and exemption registration
  • you have made a complaint or enquiry to us
  • you have made an information request to us
  • you wish to attend, or have attended, an event
  • you subscribe to our e-newsletter
  • you have applied for a job or secondment with us
  • you are representing your organisation.

‘Data’ and ‘personal information’ can include, but is not limited to; names, address, date of birth, email address and telephone number, job title, work place address and contact details, professional qualifications, ethnicity, marital status and title, referees/ line manager/ next of kin information, invoice address and social media usernames. 

We also receive personal information indirectly, in the following circumstances: 

  • local authorities and subsequent third party contactors of CIPFA
  • an employee/member/student of ours give us your contact details as an emergency contact or a referee.

If it is not disproportionate or prejudicial, we’ll contact you to let you know we are processing your personal information. 

Data from your workplace or professional organisation

Your workplace or professional organisation, as part of a contract or subscription with CIPFA, may provide CIPFA with the following information: your name, the organisation you work for, your job title, email, address, phone and mobile numbers, education and qualifications and other memberships, for example as part of a Memorandum of Understanding to enable CIPFA membership or as part of a network subscription service that your organisation has purchased to allow staff access to best practice information, training course notifications and updates.

Data from third parties

Where permitted, CIPFA may collect your personal information from third parties and publicly available sources such as websites and professional registers. For example, as a finance director of a public body your contact details may appear on your corporate website and CIPFA may use these details to provide you with information regarding public sector finance best practice guidance or other regulatory information.

Service use

We log usage data when you visit or use our Services, including our web sites, such as when you view or click on content (eg watch a learning video or download a publication), perform a search, post in a forum or submit data via a form. We use log-ins, cookies, and internet protocol ('IP') addresses to identify you and log your use.

Cookies

As further described in our 'Cookie Policy', we use cookies and similar technologies (to recognize you and/or your device(s) across different Services. You can control cookies through your browser settings and other tools. You can also opt-out from our use of cookies when you visit our websites and by changing your browser settings.

2. How do we use your data?

CIPFA holds personal information and data collected in order to fulfil a variety of purposes:

  • to provide and help develop products, services and activities to meet our obligations as a registered charity and for use in direct marketing
  • to facilitate payment for memberships, training, examinations, and other services
  • to enable CIPFA to make payments to members, suppliers and associates – for example for expenses and fees
  • to validate credentials for example to access restricted areas of websites;
  • to help us communicate relevant information
  • to present relevant content on websites, to monitor progress on training programs and determine the effectiveness of promotional campaigns and advertising
  • to comply with legislative and regulatory requirements
  • to profile and anticipate your interests and potential needs
  • to control access to network and information systems security and prevent fraud.

Communications

Depending on your chosen preferences, we may contact you via telephone, email, post, via our website and online portals and via our social media platforms. We will send you messages about the availability of our services, security, or other service-related issues. We also send promotional messages. You may change your communication preference in MyCIPFA at any time. Please be aware that you cannot opt-out of receiving service messages from us, including security and legal notices.

If you register for an event that is sponsored by one of our third party contractors, we may share limited professional personal information (name, job title, and work contact details) so you can receive relevant information from the sponsor prior to, or following the event. By signing up to the event you are opting in to having the limited information passed on to our sponsor.

Were appropriate we use your data to investigate, respond to and resolve complaints and improve customer service (eg system bugs or customer enquiries).

Marketing

We use your personal data for relevant targeted communications to you promoting our services. You may change or opt in and out of these in MyCIPFA at any time. It may take up to 28 days for the changes to be implemented and for you to stop or start receiving emails.

Developing services and research

We use data, to conduct research and development for the further development of our Services in order to provide you and others with a better, more intuitive and personalized experience, drive membership growth and engagement on our Services, and help promote public financial management. 

3. How do we share your information?

Third parties

We use data processors who are third parties who provide elements of services for us. We have contracts in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

Providing relevant information to your employer/sponsoring bodies about your participation and progress in professional training and development. This information is only supplied to your employer and sponsoring body as part of an agreed contract with you; for example, sharing your exam results with your designated training manger or your contact details and responses as a contributor to the FM model survey.

Conference and Event delegates - For any sponsored events, delegates’ names, job titles and organisation details only will be shared with the sponsors of the event/conference.

To comply with Brexit 2021, any third party who is outside of the UK and not within the ICO’s adequacy decision will be required to hold a Standard Contractual Clause with us to ensure the transmission of personal data is kept secure.

If you wish to view a list of the third party organisations we hold contracts with please contact dpo@cipfa.org and we will provide you with this information. 

Legal obligations

In some circumstances we are legally obliged to share information. For example under a court order or where we cooperate with other European supervisory authorities in handling complaints or investigations. We might also share information with other regulatory bodies in order to further their, or our, objectives. In any scenario, we’ll satisfy ourselves that we have a lawful basis on which to share the information and document our decision making and satisfy ourselves we have a legal basis on which to share the information.

Members, students and subscribers 

Your information may be shared for the following:

  • To provide relevant information to your employer/sponsoring bodies about your participation and progress in professional training and development as agreed by you.
  • Where other organisations are commissioned by CIPFA to provide specific activities to support the delivery of your membership service. These include:
    • Redactive as the publisher of Public Finance magazine and Public Finance International
    • Parliament Hill as the provider of the CIPFA rewards website
    • Chartered Management Institute as the provider of the Management Direct website
    • Callibrand as the provider of the examination platform
    • CAPDM as the provider of the Moodle Elearning platform
    • Proctor U as the provider of remote invigilation
    • Go to Meeting as the provider of webinar platform
    • PQ magazine
    • Deloitte – Tax Advisory Service
    • TechnologyOne - Accounts Closedown
  • To comply with legal and regulatory authorities including your listing in the Members Directory

If you wish to view a list of the third party organisations we hold contracts with please contact dpo@cipfa.org and we will provide you with this information.

4. Your rights to access and control your personal data

Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information.

Your right of access

You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.

Your right to rectification

You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances.

Your right to object to processing

You have the right to object to processing if we are able to process your information because the process forms part of our public tasks, or is in our legitimate interests.

Your right to data portability

This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent or under, or in talks about entering into a contract and the processing is automated.

Exemptions

As we hold professional qualifications, some information will not be able to be erased upon request as we have a legal requirement to obtain your certifications for a specific period of time. In this instance, we are able to ‘hide’ your details from the system and we will erase all content except what is legally necessary.

This also applies for any investigations required for malpractice or negligent use of your qualification or if we are processing your information for criminal law enforcement purposes, your rights are slightly different. Please see the relevant section of the notice.

You are not required to pay any charge for exercising your rights. We have one month to respond to you.

Please contact us at dpo@cipfa.org if you wish to make a request.

5. How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at dpo@cipfa.org or 020 7543 5600.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address:           

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113.

ICO website: https://www.ico.org.uk