Privacy Policy

Your data privacy

CIFA is a data controller and committed to protecting the rights of individuals in line with data protection legislation.

This Privacy Policy was updated in view of the requirements of the EU General Data Protection Regulation (GDPR). We may change this policy from time to time to reflect changes in the law or in the provision of our services.

CIFA has a Data Protection Officer who can be contacted at [email protected]

What information we may collect about you, we use a variety of different types of personal information:

Description personal and contact

Name, date of birth, gender, where you live and how to contact you

Socio-demographic details about your work and profession, and your nationality.

Special types of data

The law treats certain types of personal data as special, such as health data and criminal convictions.

We will only collect and use these types of data if we need to and the law allows us to do so


Details about the products or services we provide to you e.g. Membership, Examination bookings


What we learn about you from our correspondence with you.


Any consents or preferences that you give us. This includes your contact preferences and the marketing communications you want to receive from us


Your payment details and any transactions.

We do not store credit or debit card information on any of our systems, any purchases made are encrypted by our pci compliant payment processors.

National Identifier

A reference given to you by a regulated body to identify who you are, such as an FCA number

Why we collect personal information

In order to fulfil our contractual obligations to customers and/or members, you must provide us personal information:

To verify your identity

To verify your qualifications and accreditations

To provide updates relating to your qualifications and/or membership where required

To enable you to purchase products and services from us

Failure to provide required information may mean that we cannot fulfil this contract and may mean that you will not have access to our membership benefits, products and services.

Where we collect personal information from

We may collect information about you from these sources:

Data you give to us:

When you purchase our products or services

When you talk to us on the phone

When you create an account with us

When you login to our website

In emails and letters

In customer and/or member surveys

Data we collect when you use our services:

Payment details and transaction data

Examination and assessment data

Profile and usage data.

We gather this data from devices you use to connect to our services using cookies and other internet tracking software

Data from third parties we work with:

Companies that introduce you to us, including your employer and accredited training provider

Other professional bodies

Examination delivery partners


Public information sources

How we use your personal information

We may use personal information to:

Administer and manage your membership

Provide customer support

Manage customer payments

Maintain details of any accreditations

Monitor examination performance

Enhance our qualifications and services

Maintain CPD records

Fulfil our disciplinary and regulatory functions

Communicate with you

Our legal bases for using your personal information

Where contractually it is needed to provide you with our products or services

Where it is in our legitimate interests to do so

To comply with our legal obligations

With your consent

For a public interest

Who we share your personal information with

Companies that introduce you to us, including your employer and accredited training provider

Other professional bodies

Examination delivery partners

Third parties whom we use to help deliver our products and services

Any relevant Regulators,

Companies you ask us to share your data with

International data transfers

We operate internationally and may transfer information to countries outside the European Economic Area for the purposes described in this policy.

We rely on multiple legal bases to lawfully transfer personal information internationally. These include your consent, compliance with a legal duty, the EU-U.S. Privacy Shield Framework and European Commission approved model contractual clauses which require certain privacy and security protections.


We do not store your credit or debit card details, all payments are processed securely by our secure gateways that are fully PCI compliant.


We use your information when needed to send you service notifications and respond to you when you contact us. We also use your information to promote new features or products that we think you would be interested in.

How long we keep your personal information

We will keep your personal information for as long as you are a customer and/or member of CIFA. After you stop being a customer and/or member, we may keep your data for one of these reasons:

To respond to any questions or complaints

To maintain records according to rules that apply to us

We may keep your data if we cannot delete it for legal or regulatory reasons. We may also keep it for statistical purposes. If we do, we will make sure that privacy is protected, and the data only used for those purposes. We do not store your payment card information.

Information security

We have put in place technical and organisational measures to safeguard the personal information we collect in connection with our services.

Your rights under data protection laws

As a data subject you have certain rights under data protection laws:

The right to be informed

The right to request access to your personal information

The right to have your personal information corrected

The right to object to certain processing of your personal information

The right to restrict processing of your personal information

The right to have your personal information erased

The right to move, copy or transfer your personal information

Rights in relation to automated decision-making

Please note that under certain circumstances your right to have your personal information erased may be limited.

Please keep us informed if your personal information changes during your relationship with us.

How to get a copy of your personal information.

You can request a copy of the personal information we hold on you by completing our subject access request form or by writing to us at this email address.

[email protected]

If you have any queries about CIFA and Data Protection, please feel free to contact the Data Protection Officer.

You also have the right to contact the Information Commissioner’s Office.