This Policy applies to any personal information you give to us.
We may make changes to this Policy. If we make changes we consider important, we may notify you by email.
This Policy was last updated on 22 May 2018.
Who we are
We are the British Accounting and Finance Association, a charitable unincorporated association. We are a registered charity with registered charity number 299527.
Portsmouth PO2 8FA
For the purpose of the Data Protection Act 1998 the data controller is the British Accounting and Finance Association.
Personal information means any information relating to an identified or identifiable natural person; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
We collect, use, disclose, transfer, and store personal information when needed to provide membership, our products and services and for our operational and charitable purposes as described in this Policy.
The personal information we may collect
We collect personal information from you, for example if you email or write to us, apply for membership, attend a conference, join one of our sub groups or committees, apply to become an officer, executive committee member or trustee.
We will ask you to provide information such as your name, address, phone number and email address.
Not all of the personal information we hold about you will always come directly from you. We also collect personal information from third parties such as our partners, service providers, and publicly available websites, to offer products and services we think may be of interest and to help us maintain data accuracy and provide and enhance our products and services.
In addition, our website will automatically collect certain information to help us administer, protect, and improve our membership services, analyse usage of our website and improve users’ experience. We share personal information with others only as described in this policy or when we believe that the law requires it.
Occasionally in order to provide our membership services and events we collect and process what may be considered sensitive personal information such as:
- academic and professional qualifications
- job title and professional status
- regulatory or disciplinary action
- financial and bank account numbers
The following are examples of our use of sensitive personal data:
In order to process your membership application we may ask you for your job title.
If you pay for membership or to attend a conference our third party payment provider will collect payment information such as financial or bank card information necessary to process the transaction but we do not hold that information ourselves.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
We use the following cookies:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily.
Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website more relevant to your interests. We may also share this information with third parties for this purpose.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
How we use personal information
We process personal information for these purposes:
To carry out our obligations arising from a contract with you: We use your personal information where necessary to provide your membership and the products and services you have purchased from us such as sending you a conference booking confirmation.
Account setup and administration: We use personal information such as your name, email address and phone number to set up and administer your account on our website.
Personalisation: We use personal information to deliver and suggest tailored content such as news and events. We may ask you to share your precise location so we can customize your experience.
Marketing: We use personal information to deliver marketing communications to you by email, direct mail and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. Please remember that even if you opt out of receiving marketing emails, we may still send you important information related to any contract between you and us, such as your membership or attendance at an event. If you have previously told us you do not wish to receive marketing communications from us and then subsequently purchase another product or service from us, we may recommence sending you marketing communications until you tell us you do not wish to receive them.
Surveys and polls: If you choose to participate in a survey or poll, any personal information you provide may be used by BAFA to help determine policy and to help improve our services to members; or by third parties that BAFA may give the information to for market research which will only be made available as anonymous statistical reports.
To comply with our legal obligations: We may be required to use and retain personal information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate: (a) under applicable law, (b) to respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities (c) to enforce our terms and conditions; and (d) to protect our rights, privacy, safety, or property, or those of other persons.
How we share personal information
We only share personal information when necessary to provide our services or conduct our business operations as described below. When we share personal information, we do so in accordance with data privacy and security requirements.
Within BAFA: BAFA operates a number of sub-committees, regional groups & special interest groups (referred to as groups in this Policy) with whom we may share your information. These include the following:
- Committee for Departments of Accounting and Finance
- Conference of Professors of Accounting and Finance
- Regional Groups
- Special Interest Groups
Personal information will be made available to groups if necessary for the provision of your membership, products and services, account administration, sales and marketing, member and technical support and membership development. All of our groups are required to follow our data privacy and security policies when handling personal information.
Any of our groups may send you marketing communications but you may opt out of receiving marketing communications from one or all of our groups at any time.
Individuals within BAFA: In order to carry out its activities BAFA relies on individuals who may be employed by, or members of third party organisations. Those individuals may use those third parties’ email and storage systems to process your personal information which may be outside the control of BAFA. There may not be an agreement directly between BAFA and those third parties for the processing of your personal information and we are reliant on the individuals acting on behalf of BAFA to keep your personal information secure and to ensure it is processed lawfully.
Personal information will only be transferred to third parties where that is necessary for the purposes set out in this Policy. Individuals handling personal information on behalf of BAFA which will be stored or processed by third parties are required to comply with this Policy.
Third party service providers: Personal information will be made available to these parties only when necessary to fulfil the services they provide to us, such as software support, payment, direct marketing services, cloud hosting services, advertising and data analytics. Our third-party service providers are not permitted to share or use personal information we make available to them for any other purpose than to provide services to us. We will not provide your personal information to third parties so that they can market products or services other than those offered by us.
Third parties for legal reasons: We will share personal information when we believe it is required, such as to comply with legal obligations and respond to requests from law enforcement and other public authorities.
We will share personal information with third parties in the event of an incorporation, merger, restructure, acquisition, joint venture, assignment, transfer of all or part of our operations or assets.
Our partners: We occasionally partner with other organizations to deliver co-branded events, products or services. As part of these arrangements, you may be a customer or member of both BAFA and our partners, and we and our partners may collect and share information about you. We will handle personal information in accordance with this Policy, and we encourage you to review the privacy policies of our partners to learn more about how they collect, use, and share personal information.
Where we store and process personal information
Your personal information may be stored and processed outside of the UK or European Economic Area. We take steps to ensure that the information we collect is processed according to this Policy and the requirements of applicable law wherever the data is located.
We collaborate with third parties such as cloud hosting providers located around the world. We take appropriate steps to ensure that personal information is processed, secured, and transferred according to United Kingdom law.
When we transfer personal information from the European Economic Area to other countries in which applicable laws do not offer the same level of data privacy protection as in your home country, we take measures to provide an appropriate level of data privacy protection. In other words, your rights and protections remain with your data. For example, we use contractual clauses designed to ensure that the recipients of your personal information protect it.
How we keep personal information secure
- We use appropriate technologies and procedures to protect personal information.
- We have measures in place to protect against accidental loss and unauthorized access, use, destruction, or disclosure of data.
- We place appropriate restrictions on access to personal information.
- We implement appropriate measures and controls to store and transfer data securely.
- We take steps to ensure that our contractors operate in accordance with our information security policies and procedures.
How long we store personal information
We retain personal information for as long as we reasonably require it for legal or operational purposes. In determining data retention periods, we take into consideration the law, contractual obligations, and the expectations of our members. When we no longer need personal information, we securely delete or destroy it.
Your right to access and correct your personal information
We respect your right to access and control your information, and we will respond to requests for information and, where applicable, will correct, amend, or delete your personal information.
Access to personal information
If you request access to your personal information we will comply, subject to any relevant legal requirements and exemptions, including identity verification procedures. Before providing data to you, we will ask for proof of identity and sufficient information about your interaction with us so that we can locate any relevant data. We will only charge a fee for providing you with a copy of your data where the request will require an unusually large amount of work by us.
Correction and deletion
You have the right to correct or amend your personal information if it is inaccurate or requires updating. You may also have the right to request deletion of your personal information; however, this is not always possible due to legal requirements. You can update your account information on our website.
To opt out of email marketing you can use the unsubscribe link found in the email communication you receive from us. For other marketing you may email or write to us to let us know you do not wish to receive marketing communications.
We aim to resolve any concerns you have to your satisfaction so please contact us first by emailing firstname.lastname@example.org. If you are not satisfied with how BAFA manages your personal data, you have the right to make a complaint to the Information Commissioner’s Office which can be found here https://ico.org.uk/concerns/.