Privacy Notice

Introduction

IPFA is committed to protecting your data and complying with our obligations under the GDPR and the Data Protection Act 2018. Under the GDPR, a Data Controller determines the purposes and means for processing personal data. A Data Processor processes personal data on behalf of a Data Controller.

IPFA is both a Data Controller and a Data. Further details about how we process personal data can be found throughout this statement. IPFA is referred to as “we”, “us”, “our” / “I” throughout this privacy statement.


Our contact information

IPFA is the trading name of The Project Finance Association.
Company name: The Project Finance Association
Address: 38 Chancery Lane, London WC2A 1EN, United Kingdom
Phone number: +44 (0)207 427 0900
Email address: info@ipfa.org


About this Privacy Notice

This privacy notice outlines the following:

• What personal data we collect and about whom
• Why we collect personal data
• How we use personal data
• The lawful basis for collecting personal data
• Your rights in relation to your personal data
• How we collect personal data
• How we store personal data
• Who we share personal data with
• How we keep personal data secure
• How long we keep personal data
• How we use personal data for marketing
• Transferring data internationally (outside the EEA)
• Our use of cookies
• Links to other websites
• Your right to complain


Your Personal Data

Under the GDPR, IPFA must be transparent about the data we collect, about whom and why we need it. Details of what personal data we collect, about whom, why we collect it, how we use it, the lawful basis, and where appropriate, the condition for processing can be found in the following section. Where we rely on consent as a lawful basis, or the soft opt-in option when you contact us or purchase membership or a product or service, you have the right to withdraw your consent at any time and can do this by contacting us on info@ipfa.org or by clicking the unsubscribe link in email communications.

We may process data about your use of our website and services (“usage data“). The usage data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use. The source of the usage data is our analytics tracking system. This usage data may be processed for the purposes of analysing the use of the website and services. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.

We may process your personal data that are provided in the course of the use of our services (“service data“). The service data may include your name, job title or role, employment details, email address, telephone number, address, and information contained in communications between us. The source of the service data is you or your employer. The service data may be processed for the purposes of:

• providing our services and operating our website
• communicating with you
• notify you of changes to our services
• sending you communications which you have requested and that may be of interest
• ensuring the security of our website and services
• maintaining back-ups of our databases

The legal basis for this processing is our legitimate interests, namely the proper administration of our website and business.

We may process information relating to transactions, including purchases of services, that you enter into with us or through our website or over the phone. Your card information is not held by us, it is collected by our third-party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained in section 4.

In addition to the specific purposes for which we may process your personal data set out in this Section, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

Full details about how we process your data can be found in the section below.

Members

Data captured: Name, address, email, telephone number, employer name and address, region/location/country, signature, financial details, job title/position, usernames and passwords

Lawful basis and condition for processing: We rely on either Legitimate Interest and Consent as the lawful basis for the different purposes for which we use your data for membership.

Purposes for processing:
• To administer membership of IPFA including, taking payments for membership, identifying the main contact for corporate membership and communicating with members about their membership – e.g. welcome emails, renewals etc.
• To administer membership of committees and share information with the Future Leaders Network and Branch Councils.
• To send communications about benefits – e.g. discounts and liaising with business development contacts about marketing opportunities.
• To send members the Global newsletter and regional alerts.
• To facilitate access to member benefits, content, webinars, the MyIPFA dashboard and the Future Leaders Network platform.
• To enable you to update, maintain and gain access to your data and information relating to your membership.
• To receive authorisation for corporate membership from the organisation’s main point of contact.
• To measure engagement across the IPFA’s benefits, website and content.
• To carry out member research and enable members to provide assistance in defining the IPFA’s strategic direction.
• To carry out our governance – e.g. AGM, voting etc.
• To respond to and deal with enquiries from existing and potential members or follow up when we receive an individuals information (e.g. by business card etc).
• To manage members communication preferences and interests.

Event and webinar delegates, speakers and sponsors

Data captured: Name, address, email, telephone, Job title, employer name and address, region/location/country, financial details, dietary and accessibility requirements, course information – e.g. course title, training date, result (pass/fail), CPD points.

Lawful basis and condition for processing: We rely on either Legitimate Interest and Consent as the lawful basis for the different purposes for which we use your data for attending IPFA events and webinars.

Purposes for processing:
• To administer delegate places at IPFA events and webinars, process payments and provide access to the event.
• To send booking confirmation, receipts, joining instructions and communications relevant to the event.
• To cater for dietary and accessibility requirements.
• For IPFA to share with event hosts for the purpose of security, printing delegate badges and to understand the audience.
• To maintain a relationship with event sponsors.
• For IPFA to print on delegate list handouts for the purpose of networking.
• To share the speaker profile with the audience
• To share delegate information with the speaker for the purposes of understanding the audience and tailoring the events.
• To share event photographs and media on IPFA’s LinkedIn account and to use in promotional materials.
• Promote speaking profiles and the on-demand content on our Knowledge Hub/ website, mailing lists and LinkedIn account
• To record webinars and sessions for on-demand viewing post event.
• Monitoring attendance and for reporting and statistical purposes.
• To send out post event surveys and collect feedback.

Training attendees

Data captured: Name, address, email, telephone, Job title, employer name and address, region/location/country, financial details, dietary and accessibility requirements, photographs, video recordings, personal profile (speakers only)

Lawful basis and condition for processing: We rely on either Legitimate Interest and Consent as the lawful basis for the different purposes for which we use your data for attending IPFA training.

Purposes for processing:
• To administer delegate places on courses, process payments and administer access to the course.
• To communicate with delegates about their training.
• To enable the delegate to access and download their training materials.
• To send marketing communications about training they may be interested in attending.
• To cater for dietary requirements.
• To issue certificates and award qualifications and CPD points.

Website visitors

Data captured: IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use.

Lawful basis and condition for processing: We rely on either Legitimate Interest and Consent as the lawful basis for the different purposes for which we use your data to facilitate access to and engagement on our website.

Purposes for processing:
• providing our services and operating our website (see cookie information below).
• To track engagement on the website (see cookie information below).
• To facilitate access to the website and the secure area of our site.

Employees, Independent Consultants and Contractors

Data captured: Name, address, email, date of birth, NI number, gender, signature, proof of identification (e.g. passport etc.), qualifications & certificates, employment history, bank details, telephone number, job title/position, employment information (e.g. employment start/end date, salary and pension information), performance data, emergency contact information, health information, attendance data, tax information, expense information, season ticket loan information, usernames and passwords

Lawful basis and condition for processing: We rely on either Contractual, Legal Obligation, Legitimate Interest and Consent as the lawful basis for the different purposes of your employment and contact with IPFA.

Purposes for processing:
• Complying with Company Law – e.g. submitting Director and company details to Companies House, to register as a Data Controller with the ICO etc.
• Proof of ID to determine a candidate’s right to work in the UK.
• Submitting tax returns and PAYE records.
• Providing information to legal authorities to prevent fraud, crime etc.
• To administer Employees employment with IPFA – e.g. performance reviews, absence and annual leave details, process wages, payments, dividends etc.
• Sickness and medical information (Statutory Sick Pay etc.).
• Processing details in order to run the company.
• To produce Annual Reports.
• To designate a signatory for company insurances and contracts.
• To create user accounts to enable Directors and Employees to carry out their roles.
• Proof of qualifications when required for a specific role.
• To recruit to a role IPFA is advertising.
• Providing details to emergency services in the event of life or death.
• Accident and Health & Safety records.

 


Your rights in relation to your personal data

Under the GDPR you have the following rights in relation to your data. All requests can be made free of charge and we have one month to respond:

The right to be informed
You have the right to be informed when we collect your personal data from you directly or indirectly from another source.

The right of access
You have the right to request copies of the data we hold about you.

The right rectification
You have the right to request that we complete any information about you that you think is incomplete. You also have the right to request that we rectify any inaccurate information that we hold about you.

The right erasure
Also referred to as the “right to be forgotten”, you have the right to ask us, in certain circumstances, to erase your data.

The right to be informed
You have the right to be informed when we collect your personal data either directly from you or indirectly from another source.

The right to object to us processing your personal data
You have the right to object to us processing your personal data in certain circumstances. For example – for the purposes of direct marketing.

The right to restrict us processing your personal data
You have the right to restrict us processing your data in certain circumstances. This means that we may still be able to hold the data, but not process it.

The right to portability
You have the right to request that we transfer the information we hold about you to another organization or to yourself in certain circumstances.

 


How we collect personal data

We collect your personal via the following methods:

• Directly from you – we collect your personal data directly from you for the purposes outlined in ‘Your Personal Data’ above. We collect personal data via a number of methods – e.g. email, telephone, online via our website, paper forms, business cards.
• Indirectly – from partner organisations and third parties – e.g. recruitment agents, your employer who may be a member etc. Where we do not collect data directly from you, where possible we will notify you that we have your data and how it will be used.

 


How we store personal data

IPFA store your personal data on our internal, paper and digital systems as well as on our Data Processor systems – e.g. Microsoft365, Microsoft Dynamics, WordPress, Smart Portal, Mailchimp, WebEx, Zoom, our customer relationship management database, Active Campaign, WordPress, Siteground and Google Analytics, Zoom, Wufoo, Survey Monkey, Hootsuite and social media platforms e.g. LinkedIn etc. for the purposes of displaying relevant content to you.

 


Who we share personal data with

IPFA will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

We may disclose your personal data to any of our employees, board members, council members or subcontractors insofar as reasonably necessary for the purposes, and on the legal bases, set out in this privacy notice. Information about our staff, board and council members can be found at www.ipfa.org/about.

Financial transactions relating to our website and services are handled by our payment services providers, Global Payments Inc. We will share transaction data with our payment services providers only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about the payment services providers’ privacy policies and practices at https://resourcecentre.globaliris.com/privacypolicy.

We may disclose your enquiry data, at your request, to a selected third party supplier of services identified on our website for the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services. In some cases, they will be acting as a data controller of your information and therefore we advise you to read their Privacy Notice. These third party product providers will share your information with us which we will use in accordance with this Privacy Notice.

In addition to the specific disclosures of personal data set out in this, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

 


How we keep personal data secure

IPFA have appropriate physical and technical security measures in place to protect your personal information. We ensure that we have provisions in place to ensure that only authorised parties have access, that your data is kept secure, and that we have processes and procedures in place to prevent accidental loss, destruction, alteration, unauthorised access or disclosure of your personal data. We have incident and breach processes and procedures in place to deal with a respond to any suspected breaches of your personal data and will notify you and any relevant regulators where we are required to do so.

 


How long we keep personal data

IPFA has a Data Retention Policy and Retention Schedule in place to ensure that your data is only kept for a long a necessary, and in line with the purposes that it was collected.

Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

We will only hold Personal Information for as long as there is a business purpose to do so.

We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

 


How we use personal data for marketing, profiling and automated decision making

IPFA will use your information to market relevant products and services to you where you have given your consent for us to do so. You have the right to withdraw your consent at any time by contacting us on info@ipfa.org

 


Transferring data internationally (outside the EEA)

IPFA operates a global service. European Economic Area (“EEA”) Member States and other countries all have different laws. When your information is moved from your home country to another country, the laws and rules that protect your personal information in the country to which your information is transferred may be different from those in the country in which you live. For example, the circumstances in which law enforcement can access personal information may vary from country to country.
IPFA provides a voluntary service; you can choose whether or not you want to use the Services. However, if you want to use the Services, you need to agree to our Terms of Use, which set out the contract between IPFA and its users. As we operate in countries worldwide (including in the US, Japan, South Korea), in accordance with the contract between us, we may need to transfer your personal information to other jurisdictions as necessary to provide the Services.
You acknowledge that personal data that you submit for publication through our website or services may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

 


Our use of cookies

Like many other websites, the IPFA website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns, for example, we use cookies to store your country preference. Cookies do not typically contain any information that personally identifies a user, but personal information that we store about you may be linked to the information stored in and obtained from cookies. This helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, visit our full cookies policy. Turning cookies of may result in a loss of functionality when using our website.

 


Links to other websites

IPFA’s website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

 


Your right to complain

If you are unhappy with how IPFA use your personal data you have the right to complain the ICO:

Information Commissioners Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113