IFA is committed to protecting and to ensuring the security of your personal data. IFA provides you with all the necessary information on how it protects your privacy and processes your personal data.
IFA is responsible for processing your personal data and determines the purposes and means of this processing. IFA undertakes to take all necessary organisational measures to ensure secure processing in compliance with the European Regulation of 26th April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the GDPR).
Personal data principles
For all processing of personal data, we apply the privacy principles:
- processed fairly and lawfully;
- collected for specific, explicit and legitimate purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- kept for no longer than necessary; and
- stored securely.
Personal data comprises all information relating to an identified or identifiable natural person. The following personal data is collected:
- Personal data identification: name, address, e-mail, phone number and other contact details
- Financial information such as payment details, company name, VAT
- Membership service information: registration date, certification as registered fraud auditor
- Competencies: areas of expertise, speakers bio….
- Photos and videos made at events, meetings, etc.
If you do not wish to provide the personal data identification, you cannot become or remain a member of IFA. Former members can request the deletion of their information, including their registration as Registered Fraud Auditor. Data will be removed if their are no other legal reasons for keeping it. The information can no longer be recovered and in this case the related individual will have to apply again for certification, if requested.
Processing of personal data includes any kind of processing of such data, such as collecting, recording, using or storing it. Personal data will be processed for the purposes of:
- managing member administration;
- organising events and trainings;
- informing members about activities;
- maintaining a register of certified individuals (registered fraud auditors).
- Performing public relations.
- Analysing our website(s) and social media channels for research and statistical purposes
We may collect information about you in various ways:
- directly from you;
- when you interact with us through our social media accounts;
- when you fill in (web)forms to attend events, receive publications, etc.;
- when you participate to online surveys and polls;
- when you hand over your business card.
IFA informs you of any activity, training and event. Each member can request the termination of these emails.
Third party transfer
Data will only be transferred to third party processors, such as partner organisations with whom we organise events and service providers, that receive specific instructions from IFA. These third-party processors may process the data only for purposes specified by IFA and in accordance with the provisions of this policy.
Your personal data will never be rented or sold to third parties for commercial purposes. Your data will only be shared with third parties, if one of the following circumstances applies:
- for executing a service;
- for facilitating payments by payment service providers;
- for complying with a legal obligation.
Where relevant, contractual safeguards are implemented to ensure the protection of your personal data when disclosing them to a third party. We will not transfer your personal data outside the European Economic Area.
IFA processes data for the duration of the active membership and RFA certification. Personal data are, in principle, stored for two years after the end of a membership.
IFA applies the following retention guidelines
- accounting records are maintained for 7 years, such as membership invoices;
- records are kept for 10 years relating to the possible liability for membership and/or exclusion of members, e.g., the application for membership and the decision on membership;
- a record of consent will be maintained for a period of 5 years after you have withdrawn your consent or cancelled your membership;
- attendance to our events and trainings are kept for Continuous Professional Education (CPE) purposes;
- personal data used for the purposes of statistics or research are anonymised as soon as possible.
- for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), e the personal data may be stored for longer periods.
Data subject rights
Members and candidate members have the following rights towards IFA:
- the right of access to and rectification of personal data processed by IFA;
- the right to erase and restrict data processed by IFA to the extent this request is compatible with the purposes of processing;
- the right to lodge a complaint with the data protection authority.
We have implemented appropriate technical and organisational measures to ensure a level of security appropriate to the specific risks that we have identified. We thereby strive to protect your personal data to the extent reasonably possible against destruction, loss, alteration, unauthorized disclosure of or access to personal data transmitted, stored or processed.
We seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data.