Data Protection and Privacy Statement
The Insurance Institute of York (“the Institute” “we” “us”) is committed to protecting the privacy and security of those with whom we interact. We recognise the need to respect and protect information that is collected or disclosed to us (called "Personal Information" explained below).
This notice is intended to tell you how we use your Personal Information and describes how we collect and use your Personal Information during and after your relationship with us, in accordance with applicable Data Protection Laws.
WHO WE ARE
The Insurance Institute of York is part of a network of local institutes supported by the Chartered Insurance Institute (“CII”), a professional body for the insurance and financial planning profession. Our mission is to improve public trust in the profession through the promotion of higher standards of integrity, technical competence and business capability.
The Institute is committed to handling data fairly and lawfully and takes its data protection obligations seriously. The Institute ensures that it processes Personal Information in compliance with applicable data protection laws, including, without limitation, the General Data Protection Regulation 2016/679 ("GDPR").
WHAT DOES THIS PRIVACY STATEMENT COVER?
This privacy statement is to inform you regarding the use of your personal information which is primarily collected during your visit to our website. This privacy statement applies to the majority of local institute websites, however there may be occasions where there is a need to have a slightly different policy. On your journey around the CII/local institute websites please check the privacy statement of each website you visit and do not assume that this privacy statement applies to all CII/local institute websites. The Institute is not responsible for the privacy statements or content on other CII/local institute websites.
WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION DOES THE INSTITUTE COLLECT?
What is Personal Information?
For the purposes of this Data Protection Notice "Personal Information" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.
What Personal Information does the Institute collect?
We may collect, use, store and transfer different kinds of Personal Information about members and non-members. We also collect information from our consultants, suppliers and contractors. Our customers are obliged to provide Personal Information to us. This is so we can verify customer data and so that our customers can purchase their chosen products from us. Failure to provide this information may mean that we cannot perform this contract and you would not have access to our products.
The Personal Information we collect may include as follows:
(a) Information you voluntarily provide to us (submitted information): When you use our services and complete forms, register for events, send us an email, or communicate with us in any way, you are voluntarily giving us information that we collect. That information may include either your name, postal address, email address, IP address, phone number, credit card information, as well as details including gender, occupation, location, membership, and other demographic information.
(d) Information provided by the CII: Membership information is provided by the CII, so that we can verify our members’ identity; to verify members' accreditations, qualifications, examinations; and to provide details of further training, awards and special offers as required. We do this in order to promote technical excellence and standards within insurance and financial industries. The CII provides this information as part of your membership contract with them. Failure to provide information may mean that we cannot perform your membership contract with us.
HOW DO WE USE YOUR INFORMATION?
The Institute collects and uses your personal information to operate the Institute website and if a member of the CII, deliver the services provided as part of your membership to the Institute.
We collect and use personal information (including name, address, telephone number and email address) to better provide you with the required services, or information. We use your personal information in order to:
provide tickets for events requested by you
process and maintain orders or invoices submitted by you
respond to queries or requests submitted by you
administer or otherwise carry out our obligations in relation to any agreement you have with us
anticipate and resolve problems with any goods or services supplied to you
conduct research about current services or potential new services
create products or services that may meet your needs
showcase speaker biographies to help promote our events.
In addition, we use the personal information (email addresses and phone numbers) of our council members as contacts for the institute. By submitting this data to us, you have provided consent for its use.
This includes, but is not limited to:
the administration and management of your membership with the Institute
provide details of continuing professional development events
maintain CII CPD records
provide social and networking events
provide member awards on examination performance
deliver local news and information
analysis and marketing purposes
The law allows us to use the Personal Information as set out above on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our "legitimate interests", for example, for the purposes of providing goods, services, and support as an effective professional association for our members.
The Institute may use your Personal Information to send you marketing communications by mail, telephone or email. This is necessary for the purposes of the legitimate interests pursued by us, for example, to keep our members updated about products that they might be interested in. For situations where you are purchasing goods and services from us, this is for the performance of the contract with you. For further information on this, see the 'Your Choices' section of this Data Protection and Privacy Statement.
Combining Personal Information
We may combine the Personal Information that we collect from you (including information received from our affiliates) to the extent permitted by applicable law.
It is important that the Personal Information we hold about you is accurate and current. If you are a CII member, please keep the CII informed of any changes to your Personal Information.
TO WHOM DO WE DISCLOSE YOUR INFORMATION?
We will only use your Personal Information for our internal business purposes, for example, as set out above.
We may share your information with third parties where we outsource certain functions to help us perform statistical analysis, send you email or postal mail, provide customer support, or arrange for deliveries. We would do this, for the effective performance of your membership contract with us, and for our legitimate interests, such as the effective financial and business management of the Institute.
We may also disclose Personal Information to establish, exercise or defend our legal rights including providing information to others and/or in connection with any ongoing or prospective legal proceedings. We may also disclose Personal Information to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Information.
We never sell any of your Personal Information to third parties.
WHAT DO WE DO TO KEEP YOUR INFORMATION SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Information we collect in connection with our services. In addition, we limit access to your Personal Information to those employees, Institute council members, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. However, please note that although we take appropriate steps to protect your Personal Information, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.
INTERNATIONAL TRANSFER OF DATA
The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the European Economic Area ("EEA") as part of the services offered to you through our website. For example, this may happen if any of our servers are from time to time located in a country outside of the EEA or one of our service providers is located in a country outside of the EEA.
By using or participating in any service and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside of the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located. Where we transfer your Personal Information outside the EEA to other countries, we will ensure that appropriate transfer agreements and mechanisms (such as the EU Model Clauses) are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws.
DATA RETENTION – HOW LONG WE WILL STORE/KEEP YOUR PERSONAL INFORMATION
The Institute retains Personal Information for as long as necessary to fulfil the purposes for which your Personal Information has been collected as outlined in this Data Protection and Privacy Statement unless a longer retention period is required by law. When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.
ACCESSING YOUR PERSONAL INFORMATION AND OTHER RIGHTS YOU HAVE
The Institute will collect, store and process your Personal Information in accordance with your rights under any applicable Data Protection Laws. Under certain circumstances, you have the following rights in relation to your Personal Information:
Subject Access - you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.
Right to Withdraw Consent – where our use of your Personal Information is based upon your consent, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in clause 16 below.
Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.
Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
Erasure ('right to be forgotten') - you have the right to have your Personal Information 'erased' in certain specified situations.
Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information and to only store such Personal Information.
Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.
ENFORCING YOUR RIGHTS
If you wish to enforce any of your rights under applicable Data Protection Laws, then please contact us on our details in clause 16 below.
We will respond to your request without undue delay and no later than one month from receipt of any such request, unless a longer period is permitted by applicable Data Protection Laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable Data Protection Laws.
If you are concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner's Office (www.ico.gov.uk) which is the data protection regulator in the UK which is where CII is located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
THIRD-PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our website, applications and products may contain links to other third-party websites that are not operated by the Institute, and our website may contain applications that you can download from third parties. These linked sites and applications are not under the Institute’s control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third-party websites or applications, any Personal Information collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.
What are cookies?
Further information on cookies
For further information on what cookies are, and how we use them, please refer to our Cookie Statement.
YOUR CHOICES (E.G. MARKETING RELATED EMAILS OR OTHERWISE)
If you are a member of the CII, the Institute may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number)) to send you marketing-related correspondence related to our goods and services, in accordance with your email and contact preferences. When we process your Personal Information for marketing purposes, we do so on the basis that it is in our legitimate interests to do so, or in the case of our email notification service, that it is necessary to perform our contract with you.
We do not share Personal Information with third parties for the third parties’ marketing purposes.
We may also use your Personal Information to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.
To opt out of receiving marketing-related correspondence from the Institute, update your preferences at cii.co.uk/preferences by clicking "Unsubscribe" in the email or text message (SMS) you receive from us or by contacting CII Customer Service firstname.lastname@example.org
CHANGES TO THIS DATA PROTECTION NOTICE
It is also important that you check back often for updates to the Data Protection and Privacy Statement, as we may change this Data Protection and Privacy Statement from time to time. The “Date last updated” legend at the bottom of this page states when the Data Protection and Privacy Statement was last updated and any changes will become effective upon our posting of the revised Data Protection and Privacy Statement.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by email or by posting a notice of the changes on our website.
CONTACT US / FURTHER INFORMATION
If you have any queries at all in relation to your data and how we protect your data rights, please contact us at email@example.com.