The Compliance Institute of Ireland
We respect your right to privacy. The Compliance Institute of Ireland (“Compliance Institute”, “we”, “our” or “us”) will collect and process your Personal Data and other information relating to your interactions and dealings with us on our website www.Compliance.ie (“Website”) or otherwise. This Privacy Statement explains how we will manage your Personal Data, why we use it, and how you may contact us.
Personal Data means any information which the Compliance Institute has or obtains, or which you (or a third party) provides to us, such as your name, home address, email addresses, date of birth, mobile, landline, name before marriage, employment status, employment details, employer address, work email, work phone, work experience, Pre-Approved Controlled Functions / Controlled Functions, areas of interest, bank details, credit / debit card details, CV, exam records, educational details, the Compliance Institute membership number, Institute of Banking (the “IoB”) membership number, conflict of interest disclosure information etc, from which you can be directly or indirectly personally identified.
How Personal Data is collected and used by us
We will obtain some of your Personal Data directly from you, such as when you complete an application form for one of our services, where you enter your details into our online forms, where you send us a communication or where you visit our Website.
Each time you visit our Website; two general levels of information about your visit can be retained. The first level comprises statistical and other analytical information collected on aggregate and non-individual specific basis of all visitors to our Website. The second is information, which is personal or particular to a specific visitor who knowingly chooses to provide such information.
The Compliance Institute will be using the Personal Data for the following purposes:
- for the purposes of performing the contract with you, or in anticipation of you becoming a member of the Compliance Institute or achieving a designation, namely:
(a) for the purpose of providing services to you, registering you as a member, enrolment for Compliance Institute seminars, workshops and other events, providing accredited designations and other related administration services, as the case may be;
(b) for the collection of membership subscription fees;
(c) for maintenance of (Continuous Professional Development) CPD requirements;
(d) to deal with your queries or complaints;
- for compliance with the Compliance Institute’s legal obligations, including:
(a) compliance with applicable tax and regulatory reporting obligations;
(b) meeting the Compliance Institute’s legal obligations;
(c) where the Compliance Institute is ordered to disclose information by a court with appropriate jurisdiction and / or to any of its or your regulatory or supervisory authorities;
- where the use is for a legitimate purpose of the Compliance Institute including:
(a) for day-to-day operational and business purposes, including accounting and other record keeping functions;
(b) council / board reporting and management purposes;
(c) verification purposes and statistical analysis purposes;
(d) if we are required to enquire into the conduct or status of a member;
(e) disclosure to your employer of your Compliance Institute designation(s) and CPD status(es), which disclosure is carried out by the Institute of Banking (see below under the paragraph 'The Institute of Banking' for further information). You should refer to your employer's privacy notice for information on how your employer processes information related to you.
Right to Object: you have the right, at any time, to object to the use of your personal information for this purpose. To exercise this right, including if you do not wish for your Compliance Institute designation information and CPD status to be made available to your employer, you can write to us at the Compliance Institute, Lower Ground Floor, 5 Fitzwilliam Square, Dublin 2 or to [email protected] clearly identifying the communication as a Data Protection Request.
- where you have consented to use for a particular purpose, including:
(a) processing and accessing membership and examination applications;
(b) attendance at CPD events;
(c) marketing and promotion of goods or services or events hosted by the Compliance Institute, either offered on our own or in conjunction with other organisations, unless you have expressed a preference not to receive marketing communications from us;
d) identifying educational requirements; and
(e) disclosure to a regulatory authority (unless we are compelled to do so by law) or your employer of information as may be requested by that regulatory authority or your employer.
If you consent for us to use your Personal Data for a particular purpose, you have the right at any time to withdraw consent to the future use of your Personal Data for some or all of those purposes by writing to the address: the Compliance Institute, Lower Ground Floor, 5 Fitzwilliam Square East, Dublin 2 or to [email protected] clearly identifying the communication as a Data Protection Request.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes and applicable laws. If we need to use your Personal Data for a purpose unrelated to the original purpose for which we collected it, we will notify you and we will explain the legal basis which allows us to do so.
Disclosure / sharing of Personal Data
We will only disclose your Personal Data to a third party where it is consistent with the purposes explained above.
We may disclose Personal Data to third-party service providers where required (e.g. to effect payment of registration fees, for event management purposes etc) or to presenters at Compliance Institute events. In any case, where we share Personal Data with a third-party controller (including, as appropriate, academic institutions, such as UCD, with whom we engage and partner to provide educational programmes), the use by that third party of the Personal Data will be subject to the third party’s own privacy policies.
In certain circumstances we may be obliged to disclose your Personal Data to third parties, for example, in order to meet any of our legal obligations or to comply with any legal process, as well as to protect and defend our property rights. Where the Compliance Institute uses service providers that have access to Personal Data, we require such service providers to protect those data and to process Personal Data in accordance with our written instructions and this Privacy Statement and for no other purpose.
The Institute of Banking
The Compliance Institute partners with the IOB in respect of a number of education programmes and in respect of the operation, administration, management and auditing of the CPD underpinning the Compliance Institute’s designations including the FCOI, LCOI, CFCPP and CDPO designations.
IoB will managed and use your Personal Data as set out in IoB’s privacy statement, which is available at https://iob.ie/data-protection The Compliance Institute will manage and use your Personal Data as set out in this Privacy Statement.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to individuals who have a business need to know about the information and perform a service for us or to carry out actions described in this Privacy Statement. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your Personal Data.
All third parties to which we disclose your data are required to take appropriate security measures to protect your Personal Data in line with our requirements. Third parties to which we disclose Personal Data, to process data on our behalf, will only process your Personal Data on our written instructions, and where they have agreed to treat the information confidentially and to keep it secure.
Please note, however, that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a recognised third party online secure payment system, and we are not responsible for the security of this system.
Personal Data may be transferred outside the EEA in connection with administering your membership with us, in accordance with your instructions, where you have consented and / or as otherwise required or permitted by law. Many of the countries will be within the EEA, or will be ones which the European Commission has approved, and will have data protection laws which are the same as or broadly equivalent to those in Ireland.
However, some transfers may be to countries which do not have equivalent protections, and in that case the Compliance Institute shall use reasonable efforts to implement contractual protections for the Personal Data. While this will not always be possible where the Compliance Institute is required to transfer the Personal Data in order to comply with and perform the contract with a member or a third party service provider or where it has a legal obligation to do so, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws.
For the avoidance of doubt, safeguards in the form of EU Commission approved standard contractual clauses will be implemented where personal data is transferred outside of the EEA.
Third Party Information
Where you provide us with Personal Data relating to other people, such as your directors, officers, employees, advisors or other related persons, you represent and warrant that you will only do so in accordance with applicable data protection laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this Privacy Statement and the relevant terms and conditions, and where necessary you will obtain their consent to our use of their information. We may, where required under applicable law, notify those individuals that you have provided their details to us.
Third Party Providers of Information
We may obtain Personal Data relating to you indirectly, such as where your employer provides your contact details to us in connection with our business. The person providing the information will in the ordinary course be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, you are made aware of the fact that we will hold information relating to you and that we may use it for any of the purposes set out in this statement, and where necessary that it will obtain consent to our use of the information. In certain circumstances, such as where a complaint is made against a member, we have an obligation to act on the basis of the information which is provided to us.
Third Party Websites
This Website may contain links to third party websites. Your use of third party websites is subject to that websites privacy statement and terms and conditions of use contained within each of those websites. Your access to any other website through our Website is at your own risk. The Compliance Institute is not responsible or liable for the accuracy of any information, data, opinions or statements made on third party websites or the security of any link or communication with third party websites. The Compliance Institute reserves the right to terminate a link to a third party website at any time. Where the Compliance Institute provides links to third party websites, it does so for your convenience only, and the fact that the Compliance Institute provides any such links does not mean that the Compliance Institute endorses or authorises such websites. Accordingly, we cannot guarantee that the controller of these websites will respect your privacy in the same manner as Compliance Institute. No other website is authorised to link to any part of this Website without the prior written permission of the Compliance Institute.
Retention of Personal Data
The Compliance Institute is obliged to retain certain information to ensure accuracy, to help maintain quality of service and for legal, regulatory, fraud prevention and legitimate business purposes.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and the sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general, we hold Personal Data of our members for as long as are members are a member of the Compliance Institute unless you tell us your data is out of date or the purposes for which it is processed have ceased or where the Compliance Institute is subject to legislation and regulatory rules which we must follow. Other information will be retained for no longer than is necessary for the purpose for which it was obtained or as required. In general, the Compliance Institute will hold this information for a period of up to seven years after termination of the relevant agreement between you and us.
We will review your Personal Data regularly to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your Personal Data except that we will retain your Personal Data in an archived form in order to be able to comply with future legal obligations eg, compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
When it is no longer necessary for us to hold your Personal Data, we will securely destroy it in accordance with applicable laws and regulations.
Your rights in relation to your Personal Data
You have the right, subject to some conditions and limited exceptions contained in the data protection laws, to:
(a) request access to your Personal Data that we hold about you; this right enables you to receive a copy of any Personal Data relating to you which is held by the Compliance Institute. To exercise this right, you must write to the Compliance Institute, Lower Ground Floor, 5 Fitzwilliam Square East, Dublin 2, Ireland, clearly identifying the communication as a Data Protection Request. Your request will be dealt with as soon as possible and we will respond to you within one month of your request;
(b) request correction of the Personal Data that we hold about you; this right enables you to have any incomplete or inaccurate information we hold about you corrected. If you discover that we hold inaccurate information about you, you have a right to instruct us to correct that information. Such instruction must be in writing. If at any time after giving us this information you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you are free to notify us, and we will use all reasonable endeavours to remove or rectify the information promptly;
(c) request erasure of your Personal Data; this right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);*
(d) where we hold and process your Personal Data in order to comply with legal obligations eg, compliance with tax requirements and exemptions, or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your Personal Data is limited;*
(e) object to our processing your Personal Data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your Personal Data and there is something about your particular situation which makes you want to object to processing on this ground;
(f) request that we restrict processing of your Personal Data; this right enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it; and
(g) request the transfer of your Personal Data to another party where you provided that information to us.*
*Personal Data we hold or process about you may be necessary to your membership with us. This means that should you wish to exercise your rights under sections (c), (d) or (e) it will not be possible to continue your membership.
In any case, where we are relying on your consent to process your Personal Data, you have the right to change your mind and withdraw your consent by writing to the address specified below. Where the Compliance Institute is relying on its legitimate purpose in order to use and disclose Personal Data, you are entitled to object to such use of your Personal Data, and if you object, we will cease to use and process the Personal Data for that purpose unless we can show there are compelling legitimate reasons for us to continue or we need to use the Personal Data for the purposes of legal claims.
You also have the right to lodge a complaint with the Data Protection Commission about the processing of your Personal Data by the Compliance Institute by emailing [email protected] or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois. You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details.
Amendments to this Privacy Statement
The Compliance Institute reserves the right in its sole discretion to amend this Privacy Statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes to this Privacy Statement will be communicated to you in writing by us where we are legally required to do so.
How to contact us
Any queries or complaints regarding the use of the Personal Data by the Compliance Institute should be addressed to The Compliance Institute, Lower Ground Floor, 5 Fitzwilliam Square, Dublin 2, Ireland clearly identifying the communication as a Data Protection Request.
What are cookies?
Cookies are small pieces of text sent downloaded to your device when you visit a website. A cookie file is stored by your web browser and allows the Service or a third party to recognise you and make your next visit easier and the Service more useful to you. Some cookies are only stored for the duration of your visit to our Website. These are known as “session cookies”. Others, known as “persistent” cookies, may remain stored on your device after your visit and may be accessed by our Website every time you re-visit our Website.
We treat information collected by cookies as non-personal data. However, to the extent that IP addresses or similar identifiers, when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them, we will treat these identifiers as personal information. If we combine non-personal information with personal information, the combined information will be treated as personal information for as long as it remains combined.
- to enable certain functions of the Service (e.g. member login);
- to provide analytics; and
- to store your preferences.
What type of cookies do we use?
We use both session and persistent cookies on the Service and we use the following types of cookies to run the Service:
- Essential cookies: These allow us to authenticate users and prevent fraudulent use of user accounts.
- __RequestVerificationToken – Used to protect users of the site from CSRF (cross-site request forgery).
- AnonymousCartId – Used to record details of the items you wish to purchase on the site. Expires 14 days after you leave the Website.
- ASP.NET_SessionId – Used to track your user session.
- Login – Only created if you log in to the member area of the Website. This cookie is used to keep you logged in.
Unless otherwise stated, these essential cookies expire when you leave the Website.
- Functionality cookies. This cookie enables us to remember your preferences – Specifically, whether your browser is set up to accept cookies.
- Asi.Web.Browser.CookiesEnabled – Used to identify if your browser accepts cookies.
Unless otherwise stated, these functionality cookies expire when you leave the Website.
What are your choices regarding cookies?
Please note, however, that if you delete cookies or refuse to accept them, you might not be able to use all of the features we offer, you may not be able to store your preferences, and some of our pages on our Website might not display properly.
Disabling a cookie or category of cookies does not delete the cookie from your browser; you will need to do this yourself from within your browser.
Cookies that have been set in the past
If you have disabled one or more cookies, we may still use information collected from cookies before your disabled preference was set. We stop, however, using disabled cookies to collect any further information.
Where can you find more information about cookies?
You can learn more about cookies at the following third party websites:
- AllAboutCookies: http://www.allaboutcookies.org/; and
- Network Advertising Initiative: http://www.networkadvertising.org/.