This privacy notice explains how the International Association of Accounting Professionals (IAAP) uses the personal information we collect from you, either through using our website, or in any other way, electronically, verbally or in writing.
The International Association of Accounting Professionals (IAAP) is the data controller because we make decisions about what data we collect and how it is used and with whom it is shared with. We can be contacted at email@example.com or telephone number +44 (0)208 938 3040
The purpose for processing your data
The IAAP processes your personal data to offer membership to the organisation; to provide qualifications; take electronic payments and to provide members with information about services and benefits of membership.
On what basis do we collect and process your data?
Data Protection law defines the basis by which we can lawfully collect and process personal data.
We consider it to be in the IAAP’s legitimate interest to process your personal data to provide professional body services, including membership, qualifications, and member benefits. This allows the organisation to attract more members and therefore provide greater value to its membership. In determining this legal basis, we have concluded that our legitimate interest does not outweigh your rights and freedoms as a data subject.
Where we have a legal obligation:
We will collect personal data when we are required to through a legal obligation, such as requirements from government agencies.
In your vital interest:
The IAAP will process your personal data if required to do so to protect your vital interests.
Categories of Data
The IAAP collects data directly from you when you apply for membership or make an enquiry through or website, therefore you will be able to see exactly what is required from you.
We will collect details of:
your identity such as name and contact details such as address, telephone numbers and email address.
any professional qualifications you hold
anything that may preclude membership
payment information for online purchases.
We collect data in relation to your communications and interaction with us. This can include emails, text messaging, postal service delivery, social media posting or any other form of communication.
The personal data we collect from you is what we require to register you as a member and offer our professional body services to you. If you do not provide the data required, we will not be able to offer you membership.
Data recipients and data transfers
We do not sell any of your personal data to any third party. Where required, we will share personal data with service providers such as our accountants, and data protection advisors. We may, as required, share your personal information with printing and mailing companies, as well as email service providers and other delivery companies.
We use the services of data processors based in the United Kingdom, these include our web developers and hosting company and our paper and media disposal company. We also transfer your personal data to the United States of America where our membership cloud platform stores data in their accredited data centres. This transfer is protected by the use of EU approved Standard Contractual Clauses in preference to the US Privacy Shield framework.
If required, we will disclose your personal data with law enforcement and fraud prevention agencies. This is so we can help tackle fraud or where such disclosure is necessary for compliance with a legal obligation to which we are subject. Additionally, in order to protect your vital interests or the vital interests of another natural person, or in connection with the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.
Personal data in electronic form is held in EU or UK accredited data centres. Where data is transferred outside of the EEA, we ensure that the transfer is covered by an EU adequacy decision such as the USA Privacy Shield or through mechanism such as standard contractual clauses as approved by the EU.
Special category information
The IAAP does not process special category data.
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. Personally Identifiable Information placed on our system will be deleted in accordance with any legal obligations, such as government agency requirements. In addition, we will continue to retain your data for a period of 6 years following expiry or termination of your membership.
Data Storage and Security
The IAAP follows strict security procedures to ensure that your personal information is not damaged, destroyed, or disclosed to a third party without your permission and to prevent unauthorised access. We store both physical and electronic records. We have put in place technical and organisational measures to ensure our physical security as well as technical measures for data backup, authorisation and authentication onto systems.
We use secure firewalls and other measures to restrict electronic access, including anti-virus and anti-malware measures. If the data must be transferred to a third party, we require them to have in place similar measures to protect your personal data. We have a process in place to mitigate the impact of any data breach that should occur.
Only persons who need the information to fulfil their duties are granted access to personal data. We may require you to cooperate with our security checks before we disclose information to you. You can update the personal information that you give us at any time by contacting us directly.
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. The IAAP is committed to upholding those rights and those applicable to the personal information we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
The Right to be Informed – you should be clear about what, why and in what way your personal information will be processed at the time it is processed.
Right of Access – you have the right to know what personal information is held, by whom and why.
The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified.
Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations.
Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified.
Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way.
Right to Object – You have the right to object to profiling and direct marketing
You also have rights in relation to automated decision making.
You also have the right to lodge a complaint with the UK’s supervisory body, The Information Commissioners Office www.ico.org.uk
Automated decision making
The IAAP does not use automated decision making to process personal data.
Third party websites
How to contact us
You can write to us at this address:
International Association of Accounting Professionals
IAAP, Suite 5, 20 Churchill Square, Kings Hill,
West Malling, Kent, ME194YU
You can telephone us on this number: +44 (0)208 938 3040
You can email us by using this link : firstname.lastname@example.org