Privacy

We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.

This privacy policy is divided into the following sections:

• Who we are
• Our website
• Our collection and use of your personal information
• Transfer of your information out of the EEA
• Cookies and similar technologies
• Marketing
• Your rights
• Keeping your personal information secure
• How long we keep your personal information for
• How to complain
• Changes to this privacy policy
• How to contact us
• Do you need extra help?

Who we are

This website is operated by the Institute of Asset Management ("IAM"). Registered address: 4th Floor St Catherine's Court, Berkeley Place, Bristol, BS8 1BQ, UK.

This privacy policy also applies to the uses of personal data by any subsidiary company of IAM and reference to “we” and “IAM” includes any subsidiary company of IAM where appropriate.

We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation, Regulation (EU) 2016/679, (the “GDPR”) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (as amended) (“PECR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

Our website

This privacy policy relates to your use of our website, https://theiam.org/ and also serves as a general notice as to how we use your personal data which we may collect other than through our website

Throughout our website we may link to other websites owned and operated by certain trusted third parties to their websites, such as our endorsed training providers. These other third party websites may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party websites, please consult their privacy policies as appropriate.

Our collection of your personal information

We collect personal information about you when you access our website, register with or join with us, contact us, send us feedback, email us and purchase services (which for the purposes of this policy includes training and examinations) or publications from us.

We collect this personal information from you either directly, such as when you register with or join with us, contact us or purchase products or services or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below) or subscribe to ours services or publications or provide personal information by reason of you doing any of the above through an organisation you work for

The personal information we collect about you depends on your particular activities. Such information includes:

• Identity Data includes first name, maiden name, last name, photograph, username or similar identifier, marital status, title, date of birth and gender.
• Contact Data includes your address, email address and telephone numbers.
• Transaction Data includes details about payments to and from you and other details of membership and other services you have purchased from us.
• Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
• Profile Data includes your username and password, membership status (including any disciplinary action taken under our rules) and purchases or orders made by you.
• Usage Data includes information about how you use our website, products and services.
• Education and Career Data includes information of your education and career history, exam result and qualification obtained.
• Marketing and Communications Data includes your preferences in receiving marketing from us and of third parties (if applicable) and your communication preferences.

Our website is not intended for use by children and we do not knowingly collect or use personal information relating to children.

We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.

Our legal basis for processing your personal information

When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why.

The legal bases we may rely on include:

• consent: where you have given us clear consent for us to process your personal information for a specific purpose
• contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
• legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)

Further information—legal basis for processing your information

Under GDPR, we may only process your personal information if we have a “legal basis” (i.e. a legally permitted reason) for doing so. For the purposes of this privacy policy, our legal basis for processing your Information is set out in the table below. For the purpose of the table below, reference to member includes contacts and individuals within a member which is a corporate member of IAM and also includes a prospective member or user

More info here

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your personal information with

We routinely share:

1.  Identity, Contact, Profile, Marketing and Communication and Education and Career data with IAM Chapters in countries which are local to the member. This enables the IAM to provide membership services and events to members at a local level which is necessary for our legitimate interest of advancing asset management.
2. Identity data to the extent it comprises your photograph where a photograph has been taken at an IAM event and the purpose of the photograph is to illustrate the success of and/or the look and feel of the event. This is our legitimate interest.
3. Identity and Contact data with exam delivery centres to enable you to take exams with us.
4. Identity and Contact data with logistic companies.  We will share your personal information with logistic supplier so we can despatch goods (training materials and books) to you.
5. Exam results with your employer if your employer pays for your exam and provides the proof of paying for your exam and with any training provider (but we remove your identity from the results in this event) who has provided training to you for our exams.  
6. Personal information with organisations which provide services to us such as website maintenance and hosting.
7. Identity, Contact, Profile, Usage, and Marketing and Communication data with our email service provider so that we can provide you with news and membership notifications.

Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.

We will share personal information with law enforcement or other authorities if required by applicable law.

We will not share your personal information with any other third party.

Transfer of your information out of the EEA

If we share your personal data with certain chapters, this may involve transferring your data outside the European Economic Area (EEA).

Some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
• Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Cookies and similar technologies

A cookie is a small text file which is placed onto your device (eg computer, smartphone or other electronic device) when you use our website. We use cookies and other similar tracking technologies on our website. These help us recognise you and your device and store some information about your preferences or past actions.

For further information on our use of cookies and similar technologies, please see our Cookie Policy below.

For further information on cookies generally visit www.aboutcookies.org or www.allaboutcookies.org.

Marketing

We would like to send you information about our events, services and products, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email or telephone.

You can unsubscribe at any time by:

1. —contacting us by emailing to Office@theIAM.org or calling +44 (0) 8454 560 565 (UK) / +1 (202) 810 4874 (USA)
2. —using the ‘unsubscribe’ link in emails or ‘STOP’ number in texts
3. if you are a member updating your marketing preferences in the members’ portal.

For more information on your rights in relation to marketing, see 'Your rights’ below.

Your rights

You have a number of important rights free of charge according to GDPR. In summary, those include rights to:

• fair processing of information and transparency over how we use your use personal information
• access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
• require us to correct any mistakes in your information which we hold
• require the erasure of personal information concerning you in certain situations
• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
• object at any time to processing of personal information concerning you for direct marketing
• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
• object in certain other situations to our continued processing of your personal information
• otherwise restrict our processing of your personal information in certain circumstances
• claim compensation for damages caused by our breach of any data protection laws

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/ ).

If you would like to exercise any of those rights, please:

• email, call or write to us
• let us have enough information to identify you by providing us any membership number if applicable
• let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
• let us know the information to which your request relates.

Keeping your personal information secure

We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

How long we keep your data for

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

How to complain

We hope that we can resolve any query or concern you raise about our use of your information.

The GDPR also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this privacy policy

This privacy policy was published on 20 March 2019 and last updated on 19 March 2019.

We may change this privacy policy from time to time.

How to contact us

Please contact us, if you have any questions about this privacy notice or the information we hold about you.

If you wish to contact us, please send an email to Office@theIAM.org or call UK: +44 (0) 8454 560 565.

Do you need extra help?

If you would like this privacy policy in another format (for example: audio, large print, braille) please contact us (see ‘How to contact us’ above).

Cookies

Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our site. By continuing to browse the site, you are agreeing to our use of cookies.

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.

We use the following cookies:

·         Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website.

·         Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.

You can find more information about the individual cookies we use and the purposes for which we use them in the table below:

You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.

More info on cookies