The Chartered Insurance Institute (this includes its Subsidiary Companies in the UK, Dubai, Hong Kong and India and its Societies) ("CII", "we", "us") is committed to protecting the privacy and security of those with whom we interact. We recognise the need to respect and protect information that is collected or disclosed to us (called "Personal Information" explained below).
This notice is intended to tell you how we use your Personal Information and describes how we collect and use your Personal Information during and after your relationship with us, in accordance with applicable Data Protection Laws.
1. WHO WE ARE
CII is a professional body for the insurance and financial planning profession. Our mission is to improve public trust in our united profession by driving confidence in the power of professional standards: competence, integrity and care for the customer.
CII is committed to handling data fairly and lawfully and takes its data protection obligations seriously. CII ensures that it processes Personal Information in compliance with applicable data protection laws, including, without limitation, the General Data Protection Regulation 2016/679 ("GDPR").
2. WHAT IS PERSONAL INFORMATION AND WHAT PERSONAL INFORMATION DOES CII COLLECT ABOUT YOU?
What is Personal Information?
For the purposes of this Data Protection Notice "Personal Information" consists of any information that relates to you and/or information from which you can be identified, directly or indirectly. For example, information which identifies you may consist of your name, address, telephone number, photographs, location data, an online identifier (e.g. cookies identifiers and your IP address) or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity. When we combine other information (i.e. information that does not, on its own, identify you) with Personal Information, we treat the combined information as Personal Information.
What Personal Information does CII collect?
We may collect, use, store and transfer different kinds of Personal Information about members and customers, including prospective members and prospective customers. We also collect information from our consultants and contractors, including our agents and employees. The Personal Information we collect may include as follows:
- Contact details
- Date of birth
- Membership history and details
- Payment information and reasons for resignation
- Financial / bank account information
- Membership of local institutes
- Examination results and qualifications
- CPD details
- Job role, position and company information
- Employment information
- Queries and complaints
We may also obtain Special Category Personal Data (as defined in the GDPR) such as healthcare information (for example, medical conditions).
We may also obtain criminal records information. We may also obtain bankruptcy and insolvency information.
Provision of data
Our members are obliged to provide Personal Information to us. This is so we can verify our members' identity; to verify members' accreditations, qualifications, examinations; and to provide details of further training and special offers as required. We do this in order to promote technical excellence and standards within insurance and financial industries. Failure to provide information may mean that we cannot perform your membership contract with us.
Our customers are obliged to provide Personal Information to us. This is so we can verify customer data and so that our customers can purchase their chosen products from us. Failure to provide this information may mean that we cannot perform this contract and you would not have access to our products.
3. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
CII collects information through you, for example, when you make enquiries with us or through an application for membership, or to sit an exam, or if you contact our customer service team.
Personal Information is also collected via your membership with your local insurance institute.
Other information will be obtained during the course of your membership from you or third parties, such as your employers, or members of the public, or regulators, to enable us to carry out the purposes set out below. We also obtain information through the use of technology, such as Cookies, when you use our website, and to allow you to access restricted areas of the website without entering your personal details each time. For more information about Cookies, please see the Terms and Conditions on the CII website.
4. HOW DO WE USE YOUR INFORMATION?
We may use the Personal Information we collect for the following purposes:
- To administer and manage your membership with CII
- Liaising with your local institute, for example, to update records
- To maintain details of any accreditations and qualifications
- To provide details of training courses and study materials
- To maintain records of examination performance
- To maintain CPD records
- To provide access to our online library of insurance and financial planning publications, reports, magazines and documents
- For details of market events and sector network information
- To provide learning and development services and materials
- To provide market news, opinions and key industry developments
- For member perks including lifestyle member service products, services and discounts
- To enhance and improve the CII's service and qualifications
- To provide customer service support and including training and quality purposes.
- To maintain and review order histories and invoices
- To fulfil our disciplinary and regulatory functions
- For marketing purposes
The law allows us to use the Personal Information as set out above on the basis that the processing is necessary for the performance of a contract with you, or we are acting in our "legitimate interests", for example, for the purposes of providing goods, services, and support as an effective professional association for our members.
Where we collect Special Category Personal Data we will not use this except for the purposes of processing your membership, for the performance of your membership contract, and complying with our legal obligations for disciplinary and regulatory reasons. As regards medical information, this is for the purposes of considering requests for reasonable adjustments where applicable, to enhance your membership, or to assist when you are sitting exams. This is so that we can comply with Health and Safety legislation and for our own legitimate interests, to safeguard our members' wellbeing.
CII may use your Personal Information to send you marketing communications by mail, telephone (including SMS text message) or email. This is necessary for the purposes of the legitimate interests pursued by us, for example, to keep our members updated about products that they might be interested in. For situations where you are purchasing goods and services from us, this is for the performance of the contract with you. For further information on this, see the 'Your Choices' section of this Data Protection and Privacy Statement.
Combining Personal Information
We may combine the Personal Information that we collect from you (including information received from our affiliates) to the extent permitted by applicable law.
It is important that the Personal Information we hold about you is accurate and current. Please keep us informed if your Personal Information changes during your relationship with CII.
5. TO WHOM DO WE DISCLOSE YOUR INFORMATION?
We will only use your Personal Information for our internal business purposes, for example, as set out above. We disclose your information to your local insurance institute: this is the organisation which you select and which you became a member of when you join CII, and we do this for the performance of your membership contract with us.
We do share your information with third parties, for example with employers regarding your qualifications, accreditations, examinations and training. We do this for the performance of your membership contract with us or where we have another lawful basis for doing so.
We may share your information with third parties such as accountants, legal teams, regulators and other professional bodies. We would do this for the effective performance of your membership contract with us, and/or so that we can comply with any legal obligations.
We may also share your information with third parties where we outsource certain functions, including but not limited to, our payroll and logistics functions, assessment service providers, membership retention and engagement functions and other service products that we use. We would do this, for the effective performance of your membership contract with us, and for our legitimate interests, such as the effective financial and business management of CII.
We may also disclose Personal Information to establish, exercise or defend our legal rights including providing information to others and/or in connection with any ongoing or prospective legal proceedings. We may also disclose Personal Information to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that Personal Information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that Personal Information.
We never sell any of your Personal Information to third parties.
6. WHAT DO WE DO TO KEEP YOUR INFORMATION SECURE?
We have put in place appropriate physical and technical measures to safeguard the Personal Information we collect in connection with our services. In addition, we limit access to your Personal Information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your Personal Information on our instructions and they are subject to a duty of confidentiality. However, please note that although we take appropriate steps to protect your Personal Information, no website, product, device, online application or transmission of data, computer system or wireless connection is completely secure and therefore we cannot guarantee the security of your Personal Information.
7. INTERNATIONAL TRANSFER OF DATA
The Personal Information that we collect from you may be stored and processed in your region, or transferred to, stored at or otherwise processed outside the European Economic Area ("EEA"), or in any other country where CII or CII Affiliates, subsidiaries or service providers maintain facilities, including overseas local insurance institutes. For example, where members are based outside the EEA, members' data may be handled at the Hong Kong office and the India office.
By using or participating in any service and/or providing us with your Personal Information, you acknowledge that we will collect, transfer, store and process your information outside of the EEA. We will take all steps reasonably necessary to ensure that your Personal Information is kept secure and treated in accordance with this Data Protection Notice and the requirements of applicable law wherever the data is located. Where we transfer your Personal Information outside the EEA to other countries, we will ensure that appropriate transfer agreements and mechanisms (such as the EU Model Clauses) are in place to help ensure that our third-party service providers provide an adequate level of protection to your Personal Information. We will only transfer your Personal Information outside the EEA in accordance with applicable laws.
8. DATA RETENTION – HOW LONG WE WILL STORE/KEEP YOUR PERSONAL INFORMATION
CII retains Personal Information for as long as necessary to fulfil the purposes for which your Personal Information has been collected as outlined in this Data Protection and Privacy Statement unless a longer retention period is required by law. When your Personal Information is no longer required for the purpose it was collected or as required by applicable law, it will be deleted and/or returned to you in accordance with applicable law.
9. ACCESSING YOUR PERSONAL INFORMATION AND OTHER RIGHTS YOU HAVE
CII will collect, store and process your Personal Information in accordance with your rights under any applicable Data Protection Laws. Under certain circumstances, you have the following rights in relation to your Personal Information:
I. Subject Access - you have the right to request details of the Personal Information which we hold about you and copies of such Personal Information.
II. Right to Withdraw Consent – where our use of your Personal Information is based upon your consent, you have the right to withdraw such consent at any time. In the event you wish to withdraw your consent to processing, please contact us using the details provided in clause 16 below.
III. Data Portability – you may, in certain circumstances, request us to port (i.e. transmit) your Personal Information directly to another organisation.
IV. Rectification – we want to ensure that the Personal Information about you that we hold is accurate and up to date. If you think that any information we have about you is incorrect or incomplete, please let us know. To the extent required by applicable laws, we will rectify or update any incorrect or inaccurate Personal Information about you.
V. Erasure ('right to be forgotten') - you have the right to have your Personal Information 'erased' in certain specified situations.
VI. Restriction of processing – you have the right in certain specified situations to require us to stop processing your Personal Information and to only store such Personal Information.
VII. Object to processing – You have the right to object to specific types of processing of your Personal Information, such as, where we are processing your Personal Information for the purposes of direct marketing.
VIII. Prevent automated decision-taking – in certain circumstances, you have the right not to be subject to decisions being taken solely on the basis of automated processing.
10. ENFORCING YOUR RIGHTS
If you wish to enforce any of your rights under applicable Data Protection Laws, then please contact us on our details in clause 16 below.
We will respond to your request without undue delay and no later than one month from receipt of any such request, unless a longer period is permitted by applicable Data Protection Laws, and we may charge a reasonable fee for dealing with your request which we will notify to you. Please note that we will only charge a fee where we are permitted to do so by applicable Data Protection Laws.
If you are concerned that we have not complied with your legal rights under applicable Data Protection Laws, you may contact the Information Commissioner's Office (ico.org.uk) which is the data protection regulator in the UK which is where CII is located. Alternatively, if you are based outside the UK, you may contact your local data protection supervisory authority.
11. THIRD-PARTY LINKS AND PRODUCTS ON OUR SERVICES
Our websites, applications and products may contain links to other third-party websites that are not operated by CII, and our websites may contain applications that you can download from third parties. These linked sites and applications are not under CII's control and as such, we are not responsible for the privacy practices or the content of any linked websites and online applications. If you choose to use any third-party websites or applications, any Personal Information collected by the third party’s website or application will be controlled by the Data Protection Notice of that third party. We strongly recommend that you take the time to review the privacy policies of any third parties to which you provide Personal Information.
What are cookies?
Further information on cookies
13. YOUR CHOICES (E.G. MARKETING RELATED EMAILS OR OTHERWISE)
CII may use your Personal Information (such as your contact details (e.g. name, address, email address, telephone number)) to send you marketing-related correspondence related to our goods and services, in accordance with your email and contact preferences. When we process your Personal Information for marketing purposes, we do so on the basis that it is in our legitimate interests to do so, or in the case of our email notification service, that it is necessary to perform our contract with you.
We do not share Personal Information with third parties for the third parties’ marketing purposes.
We may also use your Personal Information to personalise and to target more effectively our marketing communications to ensure, to the extent possible, that any marketing-related correspondence is relevant to you.
To opt out of receiving marketing-related correspondence from CII, update your preferences at cii.co.uk/preferences by clicking "Unsubscribe" in the email or text message (SMS) you receive from us or by contacting Customer Service firstname.lastname@example.org
14. DATA PROTECTION OFFICER
The CII has appointed James-Castro Edwards, CEO of ProDPO as its external Data Protection Officer to advise and guide the CII to ensure continued compliance with Data Protection Laws. Mr Castro-Edwards is not employed by the CII. For more information please see prodpo.com
15. CHANGES TO THIS DATA PROTECTION NOTICE
It is also important that you check back often for updates to the Data Protection and Privacy Statement, as we may change this Data Protection and Privacy Statement from time to time. The “Date last updated” legend at the bottom of this page states when the Data Protection and Privacy Statement was last updated and any changes will become effective upon our posting of the revised Data Protection and Privacy Statement.
We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. We will provide this notice by email or by posting a notice of the changes on our website.
16. CONTACT US / FURTHER INFORMATION
If you have any queries at all in relation to your data and how we protect your data rights, please contact us:
Contact: Liam Russell
Position: General Counsel
Address: Chartered Insurance Institute, 1st Floor, 21 Lombard Street, London, EC3V 9AH
Document version: 3
Date last updated: 5 February 2019