Investment Association
A company limited by guarantee
Registered Office: Camomile Court, 23 Camomile Street, London EC3A 7LL
Registered: in England and Wales.
Registration Number: 4343737
Privacy Policy
The Investment Association (the “IA” "we", “us”, “our”) are committed to protecting and respecting your privacy.
This policy (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting http://www.theia.org ("our site”), you are accepting and consenting to the practices described in this policy. You can withdraw such consent at any time.
This website is hosted by Moore Wilson, in the UK.
For the purpose of the Data Protection Act 2018 (the “Act”) and the UK General Data Protection Regulation(the “UK GDPR”), the IA may act as either data controller or data processor with respect to your personal data. The IA’s registered address is Camomile Court, 23 Camomile Street, London EC3A 7LL.
References to “Regulations” in this policy shall include both the Act and the UK GDPR, each of them, as from time to time applicable, amended, restated or supplemented.
1. INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you (including without limitation):
1.1 Information that you give us
You may give us information about you by filling in forms on our site or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you register to use our site, become a member, post material, participate in discussion boards or other social media functions on our site, request further services, and when you report a problem with our site. If you contact us, we may keep a record of that correspondence. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them. The information you give us may include your name, address, e-mail address, phone number and financial information.
1.2 Information we collect about you
With regard to each of your visits to our site we may automatically collect the following information:
i. technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform; and
ii. information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); services you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), methods used to browse away from the page and any phone number used to call our customer service number.
1.3 Information we receive from other sources
We may receive further information of the categories set out above about you if you use any of the other websites we operate or the other services we provide. In this case, any data collected may be shared internally and combined with data collected on this site. We may also work closely with third parties (including, for example, business partners, sub-contractors, analytics providers, search information providers) and may receive information about you from them.
2. COOKIES
The IA collects some information on its web sites through the use of 'cookies'. To find out how we use them, see our cookie notice here.
3. USES MADE AND PROCESSING OF THE INFORMATION
We may use information held about you (information that you give to us, information we collect about you and information we receive from other sources) in the following ways:
3.1 Information you give to us
We may process information that you give to us:
i. to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products and services that you request from us;
ii. to notify you about changes to our service;
iii. to ensure the security of our website and services, maintaining back-ups of our databases and communicating with you and record-keeping;
iv. for the purposes of offering, marketing and selling relevant products and/or services to you;
v. for the purposes of supplying goods and/or services that we may from time to time advertise and sell through our website, and keeping proper records of those transactions;
vi. to analyse the use of the website and services;
vii. to ensure that content from our site is presented in the most effective manner for you and for your computer;
viii. to create and keep profiles, in respect of people that are usually acting in the public domain and affairs such as members of parliament, politicians, journalists, etc.; and
xi. in general, we may process any of your personal data with the purpose to comply with any legal obligation to which we are subject.
Information you give us may comprise:
i. information in your website profile, which may include your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details;
ii. information relating to transactions, including purchases of goods and services, that you enter into with us and/or through our website, and may comprise contact details, card and/or bank details and transaction details; and
iii. information contained in or relating to any communication that you send to us, including any metadata associated with the communication, where applicable; and
iv. information containing personal views or comments that you might have made directly to us in any form or that are in the public domain in any form or shape, which may or may not be linked to a particular role or position of public interest that you may hold or may have held in the past or your personal or particular views in relation to a particular subject matter of certain general interest.
3.2 Information we collect about you
We may process information that we collect about you:
i. to administer our site and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
ii. to improve our site to ensure that content is presented in the most effective manner for you and for your computer;
iii. to allow you to participate in interactive features of our service, when you choose to do so;
iv. as part of our efforts to keep our site safe and/or secure;
v. to make suggestions and recommendations to you and other users of our site about services that may interest you or them;
vi. to collect broad demographic information for aggregate use; and
vii. in co-operation with your internet provider, to identify you if we feel it is necessary to enforce compliance with our terms or use or to protect our service, site, users or others.
The legal basis for this processing is our legitimate interests and business and, where applicable, the proper performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and the proper administration of our website and business.
3.3 Information we receive from other sources
We may combine information that we receive about you from other sources with information you give to us and information we collect about you. We may use this information and the combined information for the purposes set out above (depending on the types of information we receive).
To this extent, we may collect information about any public or private role, public service position or public profile that may be available in the public domain, as well as any declarations, opinions, comments or any other information about you that, linked to your public profile, may be of public domain and widely available to the public in general.
3.4 Information of third parties
You will not supply to us, and we will not accept, any other person’s personal data other than your own personal data.
4. SPECIAL CATEGORIES OF PERSONAL DATA
In addition to the information set out in Section 3.1 above, you may also provide us with Special Categories of Personal Data (as that term is defined under the UK GDPR). This may include, for example, personal data revealing your racial or ethnic origin, political opinions or religious or philosophical beliefs.
We will only ever process your Special Category Personal Data where you provide us with your explicit consent, or we are lawfully able to process the data for a different reason in accordance with the Regulations. We will always ensure we have a lawful basis to process any type of personal data, including Special Category Personal Data.
5. WHERE WE STORE YOUR PERSONAL DATA
The data that we collect from you is hosted and stored in Europe and USA.
Your data may be transferred to, and stored at, a destination outside the European Economic Area (“EEA”). It may also be processed by staff operating outside the EEA, who work for us or for one of our suppliers. Such staff maybe engaged in, among other things, the provision of services to you and the provision of support services. By submitting your data, you agree to this transfer, storing or processing. Whenever we transfer your personal data outside of the United Kingdom, we will ensure a similar degree of protection is afforded to it, as is afforded to it under the UK GDPR, by ensuring at least one of the following safeguards apply:
i. The transfer of your personal data is to a country that has been deemed to provide an adequate level of protection for personal data. Those countries and territories deemed adequate by the European Commission as at 31 December 2020 are also deemed adequate by the United Kingdom; or
ii. The transfer of your personal data is subject to specific contracts approved for use in the United Kingdom which protect your data in any international transfer.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You acknowledge that any personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.
6. DISCLOSURE OF YOUR INFORMATION
6.1 Group members
We may share your information with any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 for the purposes set out in this policy.
6.2 Selected third parties
We may also share your information with selected third parties for the purposes set out in this policy. These selected third parties may include:
i. business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you, including payment services providers;
ii. analytics and search engine providers that assist us in the improvement and optimisation of our site; and
iii. insurers and/or professional advisors for the purposes of maintaining appropriate insurance levels, managing risks, obtaining legal advice and managing disputes.
We may disclose your information to third parties:
i. in the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets;
ii. if the IA or substantially all of its assets are acquired by a third party, in which case personal data held by it about its members will be one of the transferred assets;
iii. if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; and/or
iv. to protect the rights, property, or safety of the IA and our members or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
7. RETENTION AND DELETION OF PERSONAL DATA
We will not retain and store any personal data for longer than it is necessary for the purposes of compliance with our legal obligations under the Regulations.
We will retain your personal data for a minimum period of two (2) years, or as any other longer period that may be imposed to us by law or by the Regulations (the “Data Retention Period”).
Upon elapsing of the Data Retention Period, all your personal data stored and retained by the IA will be deleted from its files and records.
8. YOUR RIGHTS
Your rights under the Regulations are:
8.1 Information
You have the right to be informed of your rights and how your personal data will be stored, treated, deleted and controlled, as all is set out in this policy.
8.2 Access to information
You have the right to access your personal data, so that you are aware of and can verify the lawfulness of the processing. The Regulations give you the right to access information held about you. Your right of access can be exercised in accordance therewith. Any access request is free of charge.
Please note that we reserve the right to charge a reasonable fee taking into account the administrative costs of providing the information and/or refuse to respond to any access request, should any such requests are manifestly unfounded or excessive, if in particular, these requests are repetitive.
We aim to reply to any requests with undue delay and within two months from the receipt of the request, unless the complexity of the request so requires. We shall inform you of any delays that may occur in replying to any request that you may have submitted to us. If any such requests are denied, you would have the right to complain to the supervisory authority (the Information Commissioner’s Office).
8.3 Rectification
It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.
You have the right to rectification of any data that is incorrect and, taking into account the purposes of the processing, you have the right to request that any incomplete information is completed.
8.4 Erasure
You can request that any data is erased:
i. where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed;
ii. when you wish to withdraw consent;
iii. when you object to the processing and there is no overriding legitimate interest for continuing the processing;
iv. when your personal data has been unlawfully processed in breach of the Regulations;
v. when your personal data has to be erased in order to comply with a legal obligation; and
vi. when your personal data is processed in relation to the offer of information society services to a child.
8.5 Restriction
Processing of your personal data will be restricted in any of the following circumstances:
i. where there is a contest regarding the accuracy of your personal data, the IA will restrict any processing until the data has been verified;
ii. where you object to the processing and the IA needs to consider whether your organisation’s legitimate grounds override those of the individual;
iii. when processing is unlawful and you oppose erasure and request restriction instead; and
iv. if the IA does no longer need your personal data but you require the data to establish, exercise or defend a legal claim
8.6 Data Access Portability
You may also, free of charge, request to view, access and use your personal and transaction data in a way that is generally portable. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.
8.7 Objection
You may express an objection on grounds relating to your particular situation to:
i. processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
ii. direct marketing (including profiling); and
iii. processing for purposes of scientific/historical research and statistics.
8.8 Rights in relation to automated decision making and profiling
You may object to be subject to any automated data processing decisions, unless such automatic processing is necessary for entering into or performance of a contract between you and the IA, is lawfully authorised and/or based on your explicit consent.
9. LINKS TO THIRD PARTY WEBSITES
Our site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
10. DATA ACCURACY
Whilst we accept responsibility for maintaining the personal information entrusted to us on our site, we are not responsible for its accuracy over time or at the point of entry. If you identify any inaccuracy in your personal information, as a registered user you can make any necessary changes as required and as provided in this policy.
11. CHANGES TO OUR PRIVACY POLICY
Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy and to ensure that you are happy with any such changes.
12. COMMUNICATIONS WITH REGISTERED USERS
The IA may contact its registered users by e-mail, post or telephone call or messaging, as these have been provided by its registered users to it.
13. CONTACT
Questions, comments and requests regarding this privacy policy are welcomed. You can contact the IA:
a) by e-mail at the following e-mail address: and should be addressed to [email protected];
b) by post, at our registered office address set out above; and
c) by telephone, using the contact number published on the IA’s website from time to time.
14. DATA PROTECTION OFFICER
For the purposes of the Regulations, the IA has appointed Mr Jack Knight as its Data Protection Officer, who can be contacted by post at Camomile Court, 23 Camomile Street, London, EC3A 7LL, or by e-mail at [email protected], or telephone number on 020 7831 0898.
15. FILING OF COMPLAINTS
If you have any complaints or concerns about the contents of this policy or your personal data stored, processed and/or controlled by the IA, you can address these with the supervisory authority, the Information Commissioner’s Officer.