The Association for Financial Professionals (“AFP”, “we”, “us”, “our”), is committed to protecting your privacy. At all times we aim to respect any personal information you share with us, or that we receive from other organizations, and keep it safe. This Privacy Notice (“Notice”) sets out our data processing practices and your rights and options regarding the ways in which your personal information is collected (including through our website – https:///www.afponline.org/) and used.
This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal information.
The provision of your personal information to us is voluntary. However, without providing us with your personal information, your use of our services or your interaction with us may be impaired. For example, you will be unable to register as an AFP member, apply for our certifications schemes or attend our events.
1. Who are we?
5. Lawful bases
1. Who are we?
AFP is a professional society committed to advancing the success of finance professionals and their organizations, connecting figures within the finance profession and setting professional standards of excellence. While we are headquartered in the US (just outside Washington DC), and our website is operated from there, we aim to represent and assist finance professionals globally.
We may therefore collect and use personal information of individuals in other jurisdictions, such as Member States of the EU. Please note that there are certain aspects of this Notice that only apply when we are required to comply with some jurisdiction-specific laws, for example the EU General Data Protection Regulation (“GDPR”). In general, if you are interacting with us from the EU, the GDPR is likely to apply.
2. We collect personal information about you:
a. When you give it to us directly
For example, personal information that you submit through our website by registering as an AFP member, signing up to attend one of our events, subscribing to a newsletter, downloading a document, registering for our online training courses or webinars, or when you communicate with us by email, phone, fax or letter.
b. When we obtain it indirectly
For example, your personal information may be shared with us by third parties including, for example, current AFP members (when you are referred for AFP membership), event managers and planners who assist us to run our events and conferences, parties assisting us with our certifications (for example examination centers) and sub-contractors in technical, payment and delivery services. To the extent we have not done so already, we will notify you when we receive personal information about you from them and tell you how and why we intend to use that personal information.
c. When it is available publicly
Your personal information may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as LinkedIn).
d. When you visit our website
We also collect certain types of information about you automatically every time you interact with us online. While the information obtained may not be personal information under the laws of the country you are based in, we recognize that there are certain laws (for example the GDPR) which consider these types of information to be personal information.
Those types of information include:
(a) technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms; and
(b) information about your visit to our website, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks), methods used to browse away from the page and your interaction with advertisements for AFP placed on third party websites, including advertisements you viewed and what action you took in response..
We also collect and use your personal information by using cookies on our website – please see our Cookie Notice.
In general, we may combine your personal information from these different sources for the purposes set out in this Notice.
3. What personal information do we use?
We may collect, store and otherwise use the following kinds of information (which may be considered personal information according to the laws of the country where you are located when you interact with us):
a. your name and contact details (including emergency contacts), including postal address, telephone number, fax number and email address;
b. your date of birth and gender;
c. any other information contained in your AFP membership profile or certification application (for example, your username and the duration of your membership);
d. details about why you are interested in the AFP;
e. your financial information, such as bank details and / or credit / debit card details, account holder name, sort code and account number (for example so that we can process your payment for membership);
f. information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and geographical location;
g. where appropriate, your social media identity;
h. details of your organization and the position you hold there;
i. your opinions about the finance profession;
j. personal descriptions and photographs (for example so that we can identify you at our events);
k. details of your qualifications and experience;
l. details of your AFP training and event attendance history;
m. photographs and video footage (for example, for publicity purposes in relation to past or forthcoming events – where required, we will not do so without your consent);
n. details of products and services in which you have expressed an interest or purchased;
o. your posts / posts about you made on our Collaborate app;
p. information about our services which you use/ which we consider may be of interest to you; and/ or
q. any other personal information which we obtain as per section 1.
Do we process sensitive personal information?
Certain countries have laws (for example, the GDPR in the EU Member States) that recognise particular types of personal information as more sensitive and therefore requiring greater protection, for example information about your health, ethnicity, political opinions or religious beliefs. This is known as special category data under the GDPR.
In certain situations, the AFP may collect and/or use these types of personal information (for example, we may need to know information about your health to make reasonable allowances when you sit an examination for one of our certifications, or about your religious beliefs to ensure that your dietary requirements are observed at one of our events). We will only process these types of personal information if there is a valid reason for doing so and where applicable law allows us to do so (for instance, the rules under the GDPR are stricter in relation to sensitive personal information).
4. How and why will we use your personal information?
Your personal information, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use your personal information:
a. so that you can sit for exams and so that we can provide you with certified qualifications (for example, our Certified Treasury Professional or Certified Corporate Financial Planning and Analysis Professional qualifications);
b. to help you prepare for those examinations/ gain those qualifications;
c. to allow you to attend our training courses (whether in person or online);
d. to otherwise assist with your career development (for example, to provide resumé improvement services);
e. to allow you to register as an AFP member and modify your membership details;
f. to administer your AFP membership;
g. to provide you with AFP publications, such as Exchange Magazine, whitepapers and industry data and analysis (where required by applicable law, only where you have provided your consent for us to do so);
h. to provide you with other services, products or information you have requested;
i. to provide further information about our work, services, activities or products, either where you have expressed an interest or where we think the information may interest you (where required by applicable law, only where you have provided your consent to receive such information);
j. to allow your organization to sponsor our events, programs or services;
k. to allow you to attend/ participate in our events, such as the AFP Annual Conference, FinNext, and AFP Retail Roundtable;
l. to provide you with customer services or technical assistance;
m. to provide our advocacy services to ensure that your views are adequately and appropriately represented;
n. for PR/ publicity purposes (where required by applicable law, only where you have given us your consent to do so);
o. to process your payments (for training, examinations, events and other AFP initiatives/ services);
p. to answer your questions/ requests and communicate with you in general;
q. to connect you with other AFP members;
r. to manage relationships with our sponsors and partners;
s. to analyze and improve our work, services, activities, products or information (including our website), tailor content according to your interests and preferences, or for our internal records;
t. where appropriate, to ascertain whether you would be interested in volunteering for AFP services, events or activities; or contribute to one of our publications (based only on information available in our Collaborate app);
u. to report on the impact and effectiveness of our work;
v. to run/ administer our website, keep it safe and secure and ensure that content is presented in the most effective manner for you and for your device;
w. to process your application for a job with us;
x. to audit and/ or administer our accounts;
y. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);
z. for the prevention of fraud or misuse of services; and/or
aa. for the establishment, defense and/ or enforcement of legal claims.
5. Lawful bases
Under certain laws, we are required to rely on one or more lawful grounds to collect and use the types of personal information that we have outlined in section 3 above.
Where this requirement applies to us, we consider the grounds listed below to be relevant:
a. Where you have provided your consent for us to use your personal information in a certain way (for example, we may ask for your consent to use your personal information to send you Exchange Magazine or to allow you to register for other subscriptions).
b. Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal information with regulatory bodies which govern our work and services).
c. Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, to provide you with training or other career development services for which you have paid).
d. Where it is in your/ someone else’s vital interests (for example, in case of medical emergency suffered by an attendee at one of our events).
e. Where there is a legitimate interest in us doing so.
The GDPR allows us to collect and process your personal information if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).
In broad terms, our “legitimate interests” means the interests of running AFP as a professional society committed to advancing the career success of its members, representing the corporate finance profession and setting and maintaining professional standards. When we process your personal information to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. We will not use your personal information for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).
6. Use of our online services
We may make available certain interactive services through our website, such as our membership directory and community forums. You will be able to post personal information to the directory and such forums.
Please be aware that any information, including personal information, which you post to the directory and forums becomes public information and may be available to other AFP members. In addition, your name may be available in association with any posting you make, and information regarding your forum activities may be available for other members to view.
Please exercise caution and discretion when posting information, including personal information, in the directory or a forum. In particular, please do not post personal information about other individuals unless you are confident that they would not object to their personal information being used in this way. AFP is not responsible for the use by others of the personal information that you disclose in the directory or forums.
7. Communications for marketing/ promotional purposes
We may use your contact details to provide you with information about our work, events, services, initiatives and/ or products which we consider may be of interest to you (for example, about courses or events you previously attended, actions the AFP has taken on behalf of its members or about career development services which we consider may be of interest to you).
Certain laws which apply to the AFP (for example, the GDPR in EU Member States) may require us to obtain your consent to provide you with this information via certain channels (for example email, SMS or telephone). Where such requirements apply to us, we will not send you such information without your prior consent.
Where you have provided us with your consent previously but do not wish to be contacted by us about our products and/or services in the future, please let us know by email at firstname.lastname@example.org.
8. Children’s personal information
Our products and services are intended for use by those over the age of 18; therefore we do not intend to process children’s personal information. If you believe we are processing children’s personal information (those under 18 years), please contact us so that we can delete it.
9. How long do we keep your personal information?
In some jurisdictions, there are limits on how long we may retain your personal information. Where these limits apply, in general, unless still required in connection with the purpose(s) for which it was collected and/or processed, we remove your personal information from our records 6 years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you validly exercise your right of erasure (please see Section 13 below), we will remove it from our records at the relevant time.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted communications in the future.
10. Will we share your personal information?
Except where set out in this Notice, we do not sell or rent your personal information to third parties for marketing purposes. However, in general we may disclose your personal information to selected third parties in order to achieve the purposes set out in this Notice.
Non-exhaustively, those parties may include:
a. suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as software developers who assist us with the Collaborate app, website hosts or cloud storage providers;
b. insurers and banks;
c. third parties who help us organize and administer our events;
d. exhibitors who attend and sponsors who sponsor our events;
e. with other professional bodies as part of our advocacy services;
f. third parties who assist us with our certifications, for example Pearson Vue Testing Centers;
g. other members via our membership directory (please see section 6 above);
h. financial companies that process payments on our behalf;
i. professional service providers such as accountants and lawyers;
j. parties assisting us with research to monitor the impact/ effectiveness of our work and services, including third party tools we deploy such as Google Analytics and Adwords;
k. our international partners who share our values and help us maintain our global reach, for example the Beijing Financial Education Company;
l. regulatory authorities, such as tax authorities; and / or
m. news media outlets (we will always discuss this with you in advance and will not share your personal data with such outlets without your agreement).
In addition, we reserve the right to disclose your personal information to third parties:
- in the event that we sell or buy any business or assets, in which case we will disclose your personal information to the (prospective) seller or buyer of such business or assets;
- if substantially all of our assets are acquired by a third party, personal information held by us may be one of the transferred assets;
- if we are under any legal or regulatory duty to do so; and/or
- to protect the rights, property or safety of AFP, its personnel, users, visitors or others.
11. Security/ storage of and access to your personal information
AFP is committed to keeping your personal information safe and secure and we have appropriate and proportionate security policies as well as organizational and technical measures in place to help protect your personal information.
Your personal information is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorized access.
12. International Data Transfers
Certain countries have rules relating to the transfer of personal information across borders and require us to ensure that personal information remains protected according to appropriate standards (for example, EU Member States under the GDPR).
As an international organization which encourages worldwide membership but which is headquartered and administered in the US, we will occasionally need to transfer your personal information overseas. This may also happen because we use agencies and/ or suppliers to process your personal information on our behalf.
Where required to do so, we will ensure that your personal information is given appropriate protection.
For example, for individuals based in the EU, personal information we collect from you will likely be transferred to and stored in a location outside the European Union, for example the US.
If you are an individual based in the EU, please note that some countries outside of the EU have a lower standard of protection for personal information, including lower security requirements and fewer rights for individuals. Where your personal information is transferred, stored and/or otherwise processed outside the EU in a country that does not offer an equivalent standard of protection to the EU, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses) designed to protect your personal information and to ensure that your personal information is treated securely and in accordance with this Notice. If you have any questions about the transfer of your personal information, please contact us using the details below.
Unfortunately, no transmission of your personal information over the internet can be guaranteed to be 100% secure – however, once we have received your personal information, we will use strict procedures and security features to try and prevent unauthorized access.
13. Exercising your Rights
In general, please note that we will honor your requests to exercise your rights to the extent possible and required under applicable law. Certain of these rights may only be available to you if you are located within the EU when you access our website or you otherwise engage with us.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for marketing purposes or to unsubscribe from our email list at any time. You also have the following rights:
a. Right of access – you can write to us to ask for confirmation of what personal information we hold on you and to request a copy of that personal information. Provided we are satisfied that you are entitled to see the personal information requested and we have successfully confirmed your identity, we will provide you with your personal information subject to any exemptions that apply.
b. Right of erasure – at your request we will delete your personal information from our records as far as we are required to do so. In many cases we shall use limited personal information to suppress further communications with you, rather than delete it entirely.
c. Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal information we hold about you if you are unsure whether it is accurate/ up to date.
d. Right to restrict processing – you have the right to ask for processing of your personal information to be restricted if there is disagreement about its accuracy or legitimate use.
e. Right to object – you have the right to object to processing where we are (i) processing your personal information on the basis of the legitimate interests ground, (ii) using your personal information for direct marketing or (iii) using your information for statistical purposes.
f. Right to data portability – to the extent required by the GDPR, where we are processing your personal information (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contact, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal information to you – or another service provider – in a machine-readable format.
g. Rights related to automated decision-making – you have the right not to be subject to a decision based solely on automated processing of your personal information which produces legal effects on you or similarly significantly affects you, unless such a decision (i) is necessary to enter into/ perform a contract between you and us/ another organization; (ii) is authorized by EU or Member State law to which the AFP is subject (as long as that law offers you sufficient protection); or (iii) is based on your explicit consent.
We may ask you for additional information to confirm your identity and for security purposes, before disclosing personal information requested to you.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you contact us using the details in section 17 below.
For individuals based in the EU, please note that you may also have the right to lodge a complaint with your local data protection authority about how we use your personal information – a list of the data protection authorities in each Member State, including their contact details, can be found here: http://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm. For further information, please contact us using the details below.
14. Changes to this Notice
We may update this Notice from time to time. We will notify you of significant changes by contacting you directly where reasonably possible for us to do so and by placing an update notice on our website. This Notice was last updated on April 14, 2020.
15. Links and third parties
We link our website directly to other sites. This Notice does not cover external websites and we are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policies of any external websites you visit via links on our website.
16. How to contact us
Please let us know if you have any questions or concerns about this Notice or about the way in which the AFP processes your personal information by contacting us at the following channels:
Telephone: +1 (301) 907-2862
Post: Association for Financial Professionals, 4520 East West Highway, Suite 800, Bethesda, MD 20814