IAM is committed to protecting any personal data about you that we collect and process on our website. In using this website and providing your personal data, you agree to the IAM and third parties authorised to act on behalf of the IAM processing your personal data. In order to profit from the network the IAM has established, registered users can search for contact details of other users who are registered on the website.
We have implemented security policies and technical measures to protect your personally identifiable data from unauthorised access, improper use or disclosure and unauthorised modification. The individuals authorised by the IAM to access your data are obliged to respect confidentiality.
Some sections of our website may require the use of cookies. These are often used in authentication or tracking, to assist or enhance your browsing experience. Cookies are only set if your browser is configured to accept cookies.
If you want your personal data to be deleted from the system, please contact the IAM.
Privacy and Cookies Policy
Privacy
We ask that you read this privacy policy carefully as it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and on how to contact us and supervisory authorities in the event you have a complaint.
We use thelittleboxoffice.com, an online application provided by The Little Box Office Limited (“LBO”), to manage our ticket sales. We use LBO to process personal information as a data processor on Our behalf. LBO is only entitled to process your personal data in accordance with Our instructions.
Who we are
The Institute of Asset Management ("IAM"). Registered address: 4th Floor St Catherine's Court, Berkeley Place, Bristol, BS8 1BQ, UK.
This privacy policy also applies to the uses of personal data by any subsidiary company of IAM and reference to “we” and “IAM” includes any subsidiary company of IAM where appropriate.
We collect, use and are responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation, , (the “GDPR”) and Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (as amended) (“PECR”) which applies across the European Union (including in the United Kingdom) and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
This privacy policy relates to your use of our website, and also serves as a general notice as to how we use your personal data which we may collect other than through our website.
Our collection of your personal information
We collect personal information about you when you access our website, register with or join with us, contact us, send us feedback, email us and purchase services (which for the purposes of this policy includes training and examinations) or publications from us.
We collect this personal information from you either directly, such as when you register with or join with us, contact us or purchase products or services or indirectly, such as your browsing activity while on our website (see ‘Cookies’ below) or subscribe to ours services or publications or provide personal information by reason of you doing any of the above through an organisation you work for.
The personal information we collect about you depends on your particular activities. Such information includes:
Identity Data includes first name, maiden name, last name, photograph, username or similar identifier, marital status, title, date of birth and gender.
Contact Data includes your address, email address and telephone numbers.
Transaction Data includes details about payments to and from you and other details of membership and other services you have purchased from us.
Technical Data includes IP address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access our website.
Profile Data includes your username and password, membership status (including any disciplinary action taken under our rules) and purchases or orders made by you.
Usage Data includes information about how you use our website, products and services.
Education and Career Data includes information of your education and career history, exam result and qualification obtained.
Marketing and Communications Data includes your preferences in receiving marketing from us and of third parties (if applicable) and your communication preferences.
Our website is not intended for use by children and we do not knowingly collect or use personal information relating to children.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
Payment is handled separately, and securely, through Paypal (“Payment Processor”). Your payment card details are never collected by Us. If you want to find out more about how the Payment Processor processes your personal data, you can refer to their own privacy notice.
Our legal basis for processing your personal information
When we use your personal information we are required to have a legal basis for doing so. There are various different legal bases upon which we may rely, depending on what personal information we process and why.
The legal bases we may rely on include:
Consent: where you have given us clear consent for us to process your personal information for a specific purpose
Contract: where our use of your personal information is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
Legal obligation: where our use of your personal information is necessary for us to comply with the law (not including contractual obligations)
Legitimate interests: where our use of your personal information is necessary for our legitimate interests or the legitimate interests of a third party (unless there is a good reason to protect your personal information which overrides our legitimate interests)
We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Who we share your personal information with
We routinely share:
Identity, Contact, Profile, Marketing and Communication and Education and Career data with IAM Chapters in countries which are local to the member. This enables the IAM to provide membership services and events to members at a local level which is necessary for our legitimate interest of advancing asset management.
Identity data to the extent it comprises your photograph where a photograph has been taken at an IAM event and the purpose of the photograph is to illustrate the success of and/or the look and feel of the event. This is our legitimate interest.
Identity and Contact data with exam delivery centres to enable you to take exams with us.
Identity and Contact data with logistic companies. We will share your personal information with logistic supplier so we can despatch goods (training materials and books) to you.
Exam results with your employer if your employer pays for your exam and provides the proof of paying for your exam and with any training provider (but we remove your identity from the results in this event) who has provided training to you for our exams.
Personal information with organisations which provide services to us such as website maintenance and hosting.
Identity, Contact, Profile, Usage, and Marketing and Communication data with our email service provider so that we can provide you with news and membership notifications.
Some of those third party recipients may be based outside the European Economic Area — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the EEA’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Transfer of your information out of the EEA
If we share your personal data with certain chapters, this may involve transferring your data outside the European Economic Area (EEA).
Some of our external third parties are based outside the EEA so their processing of your personal data will involve a transfer of data outside the EEA.
Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented
We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Marketing
We would like to send you information about our events, services and products, which may be of interest to you. Where we have your consent or it is in our legitimate interests to do so, we may do this by post, email or telephone.
You can unsubscribe at any time by:
- contacting us by emailing office@theiam.org or calling +44 (0) 8454 560 565 (UK)
- using the ‘unsubscribe’ link in emails
- if you are a member updating your marketing preferences in the members’ portal.
Your rights
You have a number of important rights free of charge according to GDPR. In summary, those include rights to:
- fair processing of information and transparency over how we use your use personal information
- access to your personal information and to certain other supplementary information that this Privacy Notice is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
- claim compensation for damages caused by our breach of any data protection laws
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the GDPR (https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/).
If you would like to exercise any of those rights, please:
- email, call or write to us
- let us have enough information to identify you by providing us any membership number if applicable
- let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our Payment Processor use their own security measures to keep your personal banking details safe, including safeguards such as firewalls and data encryption. Please see the Payment Processor’s own privacy notice for more information about how they protect your personal data.
Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access.
How long we keep your data for
We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
All information We hold about you is stored by the Little Box Office on their secure servers, which may be at a destination outside the European Economic Area ("EEA"). The Little Box Officer processor is Amazon Web Services (AWS). The Little Box Office has signed AWS’s Data Processing Agreement. A copy of which can be obtained by contacting AWS.
Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will be subject to a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation, or such other approved mechanism that is designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data.
We will not otherwise transfer your personal data outside of the United Kingdom OR EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries.
11. How to Complain
We hope that We can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
Changes to this privacy policy
This privacy policy was published on 20 March 2019 and last updated on 18 April 2023.
We may change this privacy policy from time to time.
Use of Cookies and IP Addresses
We and the Little Box Office may collect information about your mobile phone, computer or other devices from which you access the website, including where available your IP address, operating system and browser type, for systems administration and to report aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services.
Our Website uses cookies to distinguish you from other users of our Website. This helps Us to provide you with a good experience when you browse our Website and also allows Us to improve the Website. By using our Website you agree to our use of cookies as more specifically set out below.
A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive.
The cookies We use include:
• “Analytical” cookies. They allow Us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps Us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
• “Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services.
Please note that third parties affiliates may also use cookies, over which We have no control.
You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our Website.
External links
This site may contain links to other sites at which your personal information is collected, on our event pages for example. When following a link to another site, the collection and use of your personal information is controlled by the privacy policy of that site. We do not accept any responsibility or liability for the privacy policies of external websites and your use of external websites is at your own risk.
How to contact us
Please contact us, if you have any questions about this privacy notice or the information we hold about you.
If you wish to contact us, please send an email to office@theiam.org or call UK: +44 (0) 8454 560 565.
Do you need extra help?
If you would like this privacy policy in another format (for example: audio, large print, braille) please contact us