PRIVACY POLICY
The Institute of Internal Auditors (IIA) Madras has a privacy policy in place to protect the privacy of its members, affiliates, and website visitors. By using their websites, visitors consent to the use of their data following the privacy policy. The IIA collects limited personal information for notification of events or products and services and may produce a directory of IIA specialty section participants for networking purposes. The privacy policy provides information on how personal information collected by the IIA is stored and used on their websites. The IIA also has a data protection officer whose contact details are provided in the privacy policy. The policy, however, does not cover affiliate websites.
HOW DO WE COLLECT INFORMATION FROM YOU?
We use any personal information that you provide to us online or via: membership application forms examination applications CVs telephone conversations emails letters any other type of correspondence Membership applications are only accepted from you as an individual regardless of who is paying. The IIA Madras will act as the data controller for all membership-related data collection and processing. We may also receive your data from third-party professional bodies with whom we undertake joint projects.
DATA PROTECTION PRINCIPLES
The IIA Madras will comply with the data protection principles, which are that personal data will be handled with Lawfulness, fairness, and transparency Purpose limitation Data minimization Accuracy Storage limitation Integrity and confidentiality (security) Accountability
WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?
When you participate in or sign up for any of the IIA Madras’s services such as events, training, membership, or online newsletters, we will collect and store personal information about you. We will also collect information about you if you supply the IIA Madras with goods and services. This information can consist of, but is not limited to: name and designation email address, postal address, contact phone number date of birth, and membership number We may collect special category data, for instance, health information, if you are attending an event, exam or training session. What personal data we collect will depend on how you are engaging with us. By submitting your details, you enable us to provide you with the products or services that you have selected and agreed we will provide.
HOW IS YOUR INFORMATION USED?
We will use your personal information for many processing purposes including providing you with the information you have asked for about our products, services, and activities and ensuring any requests or inquiries you may have made from us are dealt with in a manner that is sufficient for both you and the IIA Madras we may need to contact you for reasons related to the service or activity you have signed up to for example, changing the details about a course you have booked We call this “Service Administration” we may need to contact you about an application that you have made or a service that you supply. We do not disclose or share Users personal identification information except as directed by law, No specific information about the user will be shared with any third party unless any of the following conditions is met. To help complete a transaction initiated by the user. The user has specifically authorized it. The disclosure is necessary for compliance with a legal obligation. The sharing is necessary with Government agencies mandated under the law. The information is shared with any third party ordered under the law. We do not sell, trade, or rent Users’ personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates, and advertisers for the purposes outlined above.
WHAT IS THE LAWFUL BASIS FOR THE IIA MADRAS TO PROCESS YOUR PERSONAL DATA?
The IIA Madras’s legal basis for collecting and using your personal data is usually due to the processing being necessary for a contract between yourself and the IIA Madras. On occasion, we will process your data to comply with our legal obligations. We may also process your personal data based on the IIA Madras’s legitimate interests as long as your fundamental rights and freedoms do not override that legitimate interest. When we process your data based on our legitimate interest, we always identify such interest, make sure the processing is necessary to achieve it, and carefully consider your interests, rights, and freedoms against our legitimate interest in a balancing test. Our legitimate interests include member services (renewals), policy and external affairs senior networking, data sharing with Regional Committees, soft opt-in for marketing, and data sharing with third-party professional membership organizations for joint projects and stakeholder surveys. We may also process your personal data based on consent, vital interests, and in connection with a public task. Special categories of data require higher levels of protection. This is data that reveals race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, and health information. We may process special categories of information in limited circumstances, and this will normally be with your consent.
HOW LONG WILL THE IIA MADRAS KEEP YOUR PERSONAL DATA?
We only keep your information for as long as it is necessary to fulfill the purposes for which the personal information was collected. This includes meeting any legal, accounting, or other reporting requirements or obligations. The IIA Madras retention policy sets out the minimum retention timescales. As a general rule, we keep your personal data for the duration of your membership and 6 years thereafter. If you do not wish to provide your personal data If you do not wish to provide your personal data, we may not be able to agree with you, such as membership, or provide the services which you have required.
WHO HAS ACCESS TO YOUR INFORMATION?
If you are joining the IIA Madras, we will share your name, membership number, and email address data with our Global institute. The only reason for this is to make sure you can access the content of our Global Website using a password issued by us. We do not sell or rent your information to other organizations. We may pass your information to third-party service providers. This is only done when stated and to complete tasks and provide goods and services to you on our behalf. When we do this, we disclose only the personal information that is necessary to deliver the service and we have an agreement in place that requires them to keep your information safe and secure and not to use it for any other purpose. We will not release your information to other organizations unless in exceptional cases when we are required to do so by law, for example, by a court order or for prevention of fraud or other crime. In all other instances, we would only share your information with another party if you have given your explicit permission to do so. Any personal data we share with third-party controllers or processors outside only occur where we have ensured that these are subject to appropriate safeguards.
SOCIAL MEDIA PLATFORMS
If you engage with the IIA Madras on any of our social media channels (Facebook, Twitter, and LinkedIn) you should know that we do not collect your personal information from these sources. It remains within the platform that we are using and so you should familiarise yourself with their privacy notices and policies. The IIA Madras may use the information you provide to share updates, news, and events, in the form of customized online advertising. If you send us a direct message, your information remains within the platform unless we ask you to provide us with your contact details to continue the conversation offline or privately, and you consent to do that.
COOKIES
Many websites use ‘cookies’ which are small pieces of information sent by an organization to your computer and stored on your hard drive to allow that website to recognize you when you visit. We use some unobtrusive cookies to store information on your computer. We also use some non-essential cookies to (anonymously) track visitors and help to enhance the user experience of the Website. These all expire when the browsing session ends. The IIA Madras website occasionally contains hyperlinks to websites owned and operated by third parties. These third-party websites have their privacy policies and are also likely to use cookies, and we, therefore, urge you to review them. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
FOR MORE INFORMATION ON COOKIES, SEE OUR COOKIE POLICY HERE,
Your Individual (Data Subject) Rights You have a choice about whether you wish to receive marketing information from us. If you permit to receive communications about the work of the IIA Madras and our products, services, and events, you can select your choices when we collect your information. If you wish to make any changes to your preferences, please let us know and we will update our records. You have the right at any time to: ask for a copy of the information about you held by us in our records; require us to correct any inaccuracies in your information; in certain situations, request us to delete your personal data; request we restrict processing your personal data; object to us processing your personal data; and right to portability Requests can be made in many ways, including in writing or verbally. You will need to provide: Adequate information for example full name, address, date of birth, etc. so that your identity can be verified, and your personal data located. An indication of what information you are requesting to enable us to locate this You should direct your request to the Head of Governance and HR or the Data Protection Officer – (details of whom can be found below). We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for delay that is justifiable.
WHAT IF THE DATA WE HOLD ABOUT YOU IS INCORRECT?
The information which we hold about you must be up to date. You must let us know about any changes by contacting us using the contact details at the end of this Privacy Policy.
SECURITY PRECAUTIONS TO PROTECT AGAINST LOSS, MISUSE, OR ALTERATION OF YOUR INFORMATION
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerized or on paper. To make sure that your rights and freedoms are not put at risk and relevant laws and regulations are observed, we have implemented appropriate technical and organizational measures in place to ensure a sufficient level of security for personal data processing. These measures include: Regular training and testing of our employees and contractors Introduction of relevant internal policies and processes which are regularly reviewed and updated under the supervision of our Data Protection Lead; and Carefully assessing our suppliers to ensure they adhere to data protection requirements. We have a Data Protection Officer who is responsible for the IIA Madras data protection compliance and who liaises with the executive committee and Board.
PROCESSING CARD PAYMENTS
Where you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. We do not store your card details for use in future transactions.
LINKS TO OTHER ORGANISATIONS’ WEBSITES
Our website may contain links to other websites run by other organizations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.