We respect your right to privacy. The Association of Compliance Officers of Ireland (“ACOI”, “we”, “our” or “us”) will collect and process your Personal Data and other information relating to your interactions and dealings with us on our website www.acoi.ie (“Website”) or otherwise. This Privacy Statement explains how we will manage your Personal Data, why we use it, and how you may contact us.
Personal Data means any information which ACOI has or obtains, or which you (or a third party) provides to us, such as your name, home address, email addresses, date of birth, mobile, landline, name before marriage, employment status, employment details, employer address, work email, work phone, work experience, Pre-Approved Controlled Functions / Controlled Functions, areas of interest, bank details, credit / debit card details, CV, exam records, educational details, Institute of Banking (the “IoB”) identification number, conflict of interest disclosure information etc, from which you can be directly or indirectly personally identified.
How Personal Data is collected and used by us
We will obtain some of your Personal Data directly from you, such as when you complete an application form for one of our services, where you enter your details into our online forms, where you send us a communication or where you visit our Website.
Each time you visit our Website, two general levels of information about your visit can be retained. The first level comprises statistical and other analytical information collected on aggregate and non-individual specific basis of all visitors to our Website. The second is information which is personal or particular to a specific visitor who knowingly chooses to provide such information.
ACOI will be using the Personal Data for the following purposes:
1. for the purposes of performing the contract with you, or in anticipation of you becoming a member of ACOI or achieving a designation, namely:
(a) for the purpose of providing services to you, registering you as a member, enrolment for ACOI examinations, providing an accredited designation when achieved and other related administration services, as the case may be;
(b) for the collection of membership subscription fees;
(c) for maintenance of CPD requirements;
(d) to deal with your queries or complaints;
2. for compliance with ACOI’s legal obligations, including:
(a) compliance with applicable tax and regulatory reporting obligations;
(b) meeting ACOI’s legal obligations;
(c) where ACOI is ordered to disclose information by a court with appropriate jurisdiction and/or to any regulatory or supervisory authority;
3. where the use is for a legitimate purpose of ACOI including:
(a) for day to day operational and business purposes, including accounting and other record keeping functions;
(b) council / board reporting and management purposes;
(c) verification purposes and statistical analysis purposes;
4. where you have consented to use for a particular purpose, including:
(a) processing and accessing membership and examination applications;
(b) attendance at CPD events;
(c) marketing and promotion and supply of good to members attendance events hosted by ACOI either on our own or in conjunction with other organisations, unless you have expressed a preference not to receive marketing communications from us;
(d) identifying educational requirements;
(e) disclosure to your employer and such other information as may be required by your employer; and
If you consent for us to use your Personal Data for a particular purpose, you have the right at any time to withdraw consent to the future use of your Personal Data for some or all of those purposes by writing to the address: fao: Chief Executive, ACOI, Lower Ground Floor, 5 Fitzwilliam Square, Dublin 2 or to email@example.com.
We will only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purposes and applicable laws. If we need to use your Personal Data for a purpose unrelated to the original purpose for which we collected it, we will notify you and we will explain the legal basis which allows us to do so.
Disclosure / sharing of Personal Data
We will only disclose your Personal Data to a third party where it is consistent with the purposes explained above. For example, certain services are provided for ACOI by the IoB and we may disclose Personal Data to the IoB and other third-party service providers where required (e.g. to effect payment of registration fees, for event management purposes etc) or to presenters at ACOI events. In any case, where we share Personal Data with a third-party controller (including, as appropriate, our service providers), the use by that third party of the Personal Data will be subject to the third party’s own privacy policies.
In certain circumstances we may be obliged to disclose your Personal Data to third parties, for example, in order to meet any of our legal obligations or to comply with any legal process, as well as to protect and defend our property rights. Where ACOI uses service providers that have access to Personal Data, we require such service providers to protect those data and to process Personal Data in accordance with our written instructions and this Privacy Statement and for no other purpose.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to individuals who have a business need to know about the information and perform a service for us or to carry out actions described in this Privacy Statement. They will only process your Personal Data on our instructions and they are subject to a duty of confidentiality.
Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we take reasonable steps to prevent this from happening. We have put in place measures to protect the security of your Personal Data.
All third parties to which we disclose your data are required to take appropriate security measures to protect your Personal Data in line with our requirements. Third parties to which we disclose Personal Data, to process data on our behalf, will only process your Personal Data on our written instructions, and where they have agreed to treat the information confidentially and to keep it secure.
Please note, however, that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure. For any payments which we take from you or pay to you online we will use a recognised third party online secure payment system, and we are not responsible for the security of this system.
Personal Data may be transferred outside the EEA in connection with administering your membership with us, in accordance with your instructions, where you have consented and / or as otherwise required or permitted by law. Many of the countries will be within the EEA, or will be ones which the European Commission has approved, and will have data protection laws which are the same as or broadly equivalent to those in Ireland.
However, some transfers may be to countries which do not have equivalent protections, and in that case ACOI shall use reasonable efforts to implement contractual protections for the Personal Data. While this will not always be possible where ACOI is required to transfer the Personal Data in order to comply with and perform the contract with a member or a third party service provider or where it has a legal obligation to do so, any transfers will be done in accordance with applicable data protection laws, including through the implementation of appropriate or suitable safeguards in accordance with such applicable data protection laws.
For the avoidance of doubt, safeguards in the form of EU Commission approved standard contractual clauses will be implemented where personal data is transferred outside of the EEA.
Third Party Information
Where you provide us with Personal Data relating to other people, such as your directors, officers, employees, advisors or other related persons, you represent and warrant that you will only do so in accordance with applicable data protection laws. You will ensure that before doing so, the individuals in question are made aware of the fact that we will hold information relating to them and that we may use it for any of the purposes set out in this Privacy Statement and the relevant terms and conditions, and where necessary you will obtain their consent to our use of their information. We may, where required under applicable law, notify those individuals that you have provided their details to us.
Third Party Providers of Information
We may obtain Personal Data relating to you indirectly, such as where your employer provides your contact details to us in connection with our business. The person providing the information will in the ordinary course be asked to warrant that it will only do so in accordance with applicable data protection laws, and that it will ensure that before doing so, you are made aware of the fact that we will hold information relating to you and that we may use it for any of the purposes set out in this statement, and where necessary that it will obtain consent to our use of the information. In certain circumstances, such as where a complaint is made against a member, we have an obligation to act on the basis of the information which is provided to us.
Third Party Websites
This Website may contain links to third party websites. Your use of third party websites is subject to that websites privacy statement and terms and conditions of use contained within each of those websites. Your access to any other website through our Website is at your own risk. ACOI is not responsible or liable for the accuracy of any information, data, opinions or statements made on third party websites or the security of any link or communication with third party websites. ACOI reserves the right to terminate a link to a third party website at any time. Where ACOI provides links to third party websites, it does so for your convenience only, and the fact that ACOI provides any such links does not mean that ACOI endorses or authorises such websites. Accordingly, we cannot guarantee that the controller of these websites will respect your privacy in the same manner as ACOI. No other website is authorised to link to any part of this Website without the prior written permission of ACOI.
Retention of Personal Data
ACOI is obliged to retain certain information to ensure accuracy, to help maintain quality of service and for legal, regulatory, fraud prevention and legitimate business purposes.
To determine the appropriate retention period for Personal Data, we consider the amount, nature, and the sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In general, we hold Personal Data of our members for as long as are members are a member of ACOI unless you tell us your data is out of date or the purposes for which it is processed have ceased or where ACOI is subject to legislation and regulatory rules which we must follow. Other information will be retained for no longer than is necessary for the purpose for which it was obtained or as required. In general, ACOI will hold this information for a period of up to seven years after termination of the relevant agreement between you and us.
We will review your Personal Data regularly to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your Personal Data except that we will retain your Personal Data in an archived form in order to be able to comply with future legal obligations eg, compliance with tax requirements and exemptions, and the establishment exercise or defence of legal claims.
When it is no longer necessary for us to hold your Personal Data, we will securely destroy it in accordance with applicable laws and regulations.
Your rights in relation to your Personal Data
You have the right, subject to some conditions and limited exceptions contained in the data protection laws, to:
(a) request access to your Personal Data that we hold about you; this right enables you to receive a copy of any Personal Data relating to you which is held by ACOI. To exercise this right, you must write to the Chief Executive Officer, The Association of Compliance Officers in Ireland, Lower Ground Floor, 5 Fitzwilliam Square, Dublin 2, Ireland. Your request will be dealt with as soon as possible and will take not more than one month to process;
(b) request correction of the Personal Data that we hold about you; this right enables you to have any incomplete or inaccurate information we hold about you corrected. If you discover that we hold inaccurate information about you, you have a right to instruct us to correct that information. Such instruction must be in writing. If at any time after giving us this information you decide that you no longer wish us to hold or use this information, or in the case that the information becomes out of date, you are free to notify us, and we will use all reasonable endeavours to remove or rectify the information promptly;
(c) request erasure of your Personal Data; this right enables you to ask us to delete or remove Personal Data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing (see below);
(d) where we hold and process your Personal Data in order to comply with legal obligations eg, compliance with tax requirements and exemptions, or for the establishment exercise or defence of legal claims, your right to ask us to delete or remove your Personal Data is limited;*
(e) object to our processing your Personal Data where we are relying on a legitimate interest (or those of a third party) in order to justify the basis for our processing your Personal Data and there is something about your particular situation which makes you want to object to processing on this ground;
(f) request that we restrict processing of your Personal Data; this right enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it; and
(g) request the transfer of your Personal Data to another party where you provided that information to us.*
*Personal Data we hold or process about you may be necessary to your membership with us. This means that should you wish to exercise your rights under sections (c), (d) or (e) it will not be possible to continue your membership.
In any case, where we are relying on your consent to process your Personal Data, you have the right to change your mind and withdraw your consent by writing to the address specified below. Where ACOI is relying on its legitimate purpose in order to use and disclose Personal Data, you are entitled to object to such use of your Personal Data, and if you object, we will cease to use and process the Personal Data for that purpose unless we can show there are compelling legitimate reasons for us to continue or we need to use the Personal Data for the purposes of legal claims.
You also have the right to lodge a complaint with the Data Protection Commission about the processing of his / her Personal Data by ACOI by emailing firstname.lastname@example.org or writing to the following address: Data Protection Commission, Canal House, Station Road, Portarlington, R32 AP23, Co. Laois. You can visit the website of the Data Protection Commission at www.dataprotection.ie for more details.
Amendments to this Privacy Statement
This Privacy Statement is introduced with effect from 25 May 2018. ACOI reserves the right in its sole discretion to amend this Privacy Statement at any time (for example, to comply with changes in laws or regulations, our practices, procedures and organisational structures, requirements imposed or recommended by supervisory authorities or otherwise). Any changes to this Privacy Statement will be communicated to you in writing by us where we are legally required to do so.
How to contact us
Any queries or complaints regarding the use of the Personal Data by ACOI should be addressed to the Chief Executive Officer, The Association of Compliance Officers in Ireland, Lower Ground Floor, 5 Fitzwilliam Square, Dublin 2, Ireland.
Last updated 18 May 2018