The Association of Internal Control Practitioners (“The AICP”, “we”, “us”) is committed to protecting the privacy and security of those with whom we interact. We recognise the need to respect and protect information that is collected or disclosed to us (called “Personal Information” explained below).
This notice is intended to tell you how we use your Personal Information and describes how we collect and use your Personal Information during and after your relationship with us, in accordance with applicable Data Protection Laws.
1. Who we are?
The AICP is a professional certification, membership and training body for people engaged in internal control, risk management, governance and procurement and supply chain practices. Our mission is to improve standards in the profession through the promotion of higher standards of integrity, technical competence and business capability.
The AICP is committed to handling data fairly and lawfully and takes its data protection obligations seriously. The AICP ensures that it processes Personal Information in compliance with applicable data protection laws, including, without limitation, the General Data Protection Regulation 2016/679 (“GDPR”).
2. What is personal Information and what personal Information does the AICP collect about you?
For the purposes of this Data Protection Notice “Personal Information” consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.
3. What Personal Information does The AICP collect?
We may collect, use, store and transfer different kinds of Personal Information about members and examination candidates, including prospective members and prospective examination candidates. We also collect information from our consultants and contractors, including our agents and employees. The Personal Information we collect may include as follows:
• Contact details
• Date of birth
• Membership history and details
• Payment information
• Membership of local institutes
• Examination results and qualifications
• CPD details
• Job role, position and company information
• Employment information
• Queries and complaints
4. Provision of data
Our members are obliged to provide Personal Information to us. This is so we can verify our members’ identity; to verify members’ accreditations, qualifications and examinations; and to provide details of further training and special offers as required. We do this in order to promote technical excellence and standards within internal control and procurement practices. Failure to provide information may mean that we cannot perform your membership contract with us.
Our customers are obliged to provide Personal Information to us. This is so we can verify customer data and so that our customers can purchase their chosen products from us. Failure to provide this information may mean that we cannot perform this contract and you would not have access to our products.
5. How is your Personal Information collected?
The AICP collects information through you, for example, when you make enquiries with us or through an application for membership, or to sit an exam, or purchase training programmes or if you contact our customer service team.
Other information will be obtained during the course of your membership from you or third parties, such as your employers, or members of the public, or regulators, to enable us to carry out the purposes set out below. We also obtain information through the use of technology, such as Cookies, when you use our website, and to allow you to access restricted areas of the website without entering your personal details each time. For more information about Cookies, please see the Terms and Conditions on The AICP website.
6. How do we use your information?
We may use the Personal Information we collect for the following purposes:
- To administer and manage your membership with The AICP;
- To maintain details of any accreditations and qualifications;
- To provide details of training courses and study materials;
- To maintain records of examination performance;
- To maintain CPD records;
- To provide access to our online library of internal control and procurement publications, reports, magazines and documents;
- For details of market events and sector network information;
- To provide learning and development services and materials;
- To provide market news, opinions and key industry developments;
- For member perks including products, services and discounts;
- To enhance and improve The AICP’s service and qualifications;
- To provide customer service support including training and quality purposes;
- To maintain and review order histories and invoices;
- To fulfil our disciplinary and regulatory functions;
- For marketing purposes.
The law allows us to use the Personal Information as set out above on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our “legitimate interests”, for example, for the purposes of providing goods, services, and support as an effective professional association for our members.
7. Marketing Communications
The AICP may use your Personal Information to send you marketing communications by mail, telephone or email. This is necessary for the purposes of the legitimate interests pursued by us, for example, to keep our members updated about products that they might be interested in. For situations where you are purchasing goods and services from us, this is for the performance of the contract with you. For further information on this, see the ‘Your Choices’ section of this Data Protection and Privacy Statement.
8. Combining Personal Information
We may combine the Personal Information that we collect from you (including information received from our affiliates) to the extent permitted by applicable law.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with The AICP.
9. To whom do we disclose your information?
We will only use your Personal Information for our internal business purposes, for example, as set out above. We do not share your information with third parties. We never sell any of your Personal Information to third parties.
10. What do we do to keep your information secure?
We have put in place appropriate physical and technical measures to safeguard the Personal Information we collect in connection with our services. In addition, we limit access to your Personal Information to those employees and agents, who have a ‘business’ need to know.
They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. However, please note that although we take appropriate steps to protect your Personal Information, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.
11. International Transfer of Data
The Personal Information that we collect from you may be stored and processed in your region, or in any other country where The AICP has affiliates, subsidiaries or service providers.
By using or participating in any service and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside of the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located.
12. Data Retention – How long we will store/keep your Personal Information
The AICP retains Personal Information for as long as necessary to fulfil the purposes for which your Personal Information has been collected as outlined in this Data Protection and Privacy Statement unless a longer retention period is required by law. When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.
13. Accessing your personal Information and other rights you have
The AICP will collect, store and process your Personal Information in accordance with your rights under any applicable Data Protection Laws. Under certain circumstances, you have the following rights in relation to your Personal Information;
- Subject Access – you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.
- Right to Withdraw Consent – where our use of your Personal Information is based upon your consent, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in clause 16 below.
- Data Portability – you may, in certain circumstances, request us to transmit your Personal Information directly to another organisation.
- Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
- Erasure (‘right to be forgotten’) – you have the right to have your Personal Information ‘erased’ in certain specified situations.
- Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information and to only store such Personal Information.
- Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
- Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.
14. Enforcing your rights
If you wish to enforce any of your rights under applicable Data Protection Laws, then please contact us on our details in clause 20 below. We will respond to your request without undue delay and no later than one month from receipt of any such request, unless a longer period is permitted by applicable Data Protection Laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable Data Protection Laws.
If you are concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner’s Office (ico.org.uk) which is the data protection regulator in the UK which is where The AICP is located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
16. Third-party links
Our websites, applications and products may contain links to other third-party websites that are not operated by The AICP, and our websites may contain applications that you can download from third parties. These linked sites and applications are not under The AICP’s control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third-party websites or applications, any Personal Information collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.
For further information on what cookies are, how The AICP and other third parties use them, and for details of how cookies can be disabled, please see our Terms and Conditions.
18. Your Choices e.g. marketing related emails
The AICP may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number)) to send you marketing-related correspondence related to our goods and services, in accordance with your email and contact preferences. When we process your Personal Information for marketing purposes, we do so on the basis that it is in our legitimate interests to do so, or in the case of our email notification service, that it is necessary to perform our contract with you.
We do not share Personal Information with third parties for the third parties’ marketing purposes.
To opt out of receiving marketing-related correspondence from The AICP, Contact; firstname.lastname@example.org
19. Changes to this Data Protection Notice
It is also important that you check back often for updates to the Data Protection and Privacy Statement, as we may change this Data Protection and Privacy Statement from time to time. The “Date last updated” legend at the bottom of this page states when the Data Protection and Privacy Statement was last updated and any changes will become effective upon our posting of the revised Data Protection and Privacy Statement.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by email or by posting a notice of the changes on our website.
20. Contact us/further information
If you have any queries at all in relation to your data and how we protect your data rights, please contact us:
Association of Internal Control Practitioners
71-75 Shelton Street, Covent Garden, London, WC2H 9JQ
Phone: + 44 (0) 1444 242337
Last updated: 24 May 2018