Privacy Policy

www.ipaf.org/privacy

This policy is valid as of 25 May 2018. It is reviewed periodically and at least annually to ensure compliance with the General Data Protection Regulation and legislative requirements defined by law, where appropriate. It is applicable for the following users:

  • Receivers of Marketing Communications
  • Website Users
  • Members
  • Training Centres
  • IPAF Licence Holders and Applicants

What we mean by personal data

Personal data is defined within GDPR as ‘any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’ (Article 4, GDPR)

Marketing Communications

Why we collect and process data, and what we will collect

When you sign up to our mailing list, you consent to IPAF collect the following personal data about you:

  • Name
  • Email
  • Company
  • Job Title
  • Country
  • IP Address (where applicable)

IPAF collect this information to provide you with the marketing communications you have requested.

You will always have the option on our marketing emails, to opt out or update your subscriptions at any time. Your data is stored and processed through eMarketeer and Amazon Web Services in the EU. We will never pass your details on to any third parties or send you irrelevant email. You will still receive transactional emails for event booking confirmations, invoices and if applicable, membership/training correspondence.

Website Users

Your privacy is important to us. Individual information gathered by the International Powered Access Federation (IPAF) is only used to answer and process your enquiries. Individual information will not be used for commercial purposes nor shared with any other organisation or third party, unless required to do so by law or regulators. You will not receive any email from IPAF simply as a result of visiting our site. Relations with our member organisations to which many pages link, are governed by their respective general terms and conditions.

However, it is pointed out that mail secrecy is not guaranteed on the Internet and that it is up to each Internet user to take all appropriate measures so as to protect his/her own data and/or software from corruption by any viruses that may be circulating on the Internet. IPAF takes appropriate steps to maintain the security of each user’s information on this site. Each Internet user should understand that the open nature of the Internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. IPAF cannot guarantee that such communications will not be intercepted or changed or that they will reach the intended recipient safely.

Cookies

Cookies are pieces of data that a website can transfer to an individual’s computer hard drive for record keeping. Cookies can make websites easier to use by storing information about your preferences on a specific website. The information may remain on your computer after the internet session finishes and you leave the website. Most internet browsers are pre-set to accept cookies.

How we use cookies

Our website uses Google Analytics cookies to collect information about how our visitors use and navigate the website. The cookies collect information such as the number of visitors to the site, which pages they visited and whereabouts they came to the site from. The information collected is anonymised and cannot be used to identify you personally.

We also use separate cookies to make browsing the website easier by remembering your language and region preferences, and for logged in users, to stay logged in on subsequent visits.

How to manage cookies

Most web browsers allow some control of most cookies through the browser settings. You can adjust your session cookies through the settings feature of your browser. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org

Members

Why we collect and process data, and what we will collect

IPAF collects the following information about you as is necessary for the performance of our contract (membership administration) with you:

  • Contact information (name, email, phone number, address, job title)

For some members, this will include information that is not classed as personal data.

IPAF collects this information to fulfil its contract with you. If you have any concerns or queries around collection of personal data, you can contact IPAF’s Privacy Manager via email at privacy@ipaf.org.

Who has access to personal data

IPAF is the data controller for the information identified above. In order to provide users with the correct level of service, and to fulfil our contract with you, this information is shared with some third parties:

  • Payment information is processed by third party payment gateways. IPAF handles payment information in a PCI-DSS compliant manner.
  • IPAF uses external development and IT support companies, who are based in the UK and EEA. Sometimes, individuals from these companies may come into contact with your personal data whilst providing services to IPAF. These third parties are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.
  • Independent auditors may come into contact with your personal data when conducting audits of Training Centres and Instructors. These auditors are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.
  • Member contact information is shared on the IPAF website Members Directory and in IPAF issued publications such as magazines and annual reports. Any members who do not wish to have their contact information shared in this manner must contact the Privacy Manager.

Personal data is subject to access control: access is restricted as much as possible to those with a need to know. The information IPAF holds is not sold or made available for use by other entities.

No profiling or automated decision making based on personal data is used by IPAF.

How long is personal data stored for

IPAF will not retain personal data for longer than necessary to perform our lawful processing. Some information must be kept for longer due to legal and regulatory obligations.

Data subject rights

As a data subject, you have certain rights:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights surrounding profiling and automated decision making

IPAF-Approved Training Centres

Why we collect and process data, and what we will collect

IPAF collects this information to fulfil its contract (training provision administration) with you:

  • Contact information (name, email, phone number, address, job title)

For some Training Centres, this will include information that is not classed as personal data.

Where this information is not provided, IPAF cannot fulfil a contract with you. If you have any concerns or queries around collection of personal data, you can contact IPAF’s Privacy Manager via email at privacy@ipaf.org.

As an IPAF-Approved Training Centre, you also act as a data processor for IPAF and will collect PAL Card Holder and Applicant information on our behalf. You must ensure that PAL Card holders and applicants are directed to the relevant section of this privacy policy when you collect data from them on IPAF’s behalf, in accordance with your agreement with us. Where you use this information for additional purposes within your own business, your own privacy policy must also be provided.

Who has access to personal data

IPAF is the data controller for the information identified above. In order to provide users with the correct level of service, and to fulfil our contract with you, this information is shared with some third parties:

  • Payment information is processed by third party payment gateways. IPAF handles payment information in a PCI-DSS compliant manner.
  • IPAF uses external development and IT support companies, who are based in the UK and EEA. Sometimes, individuals from these companies may come into contact with your personal data whilst providing services to IPAF. These third parties are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.
  • Independent auditors may come into contact with your personal data when conducting audits of Training Centres and Instructors. These auditors are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.

Personal data is subject to access control: access is restricted as much as possible to those with a need to know. The information IPAF hold is not sold or made available for use by other entities.

No profiling or automated decision making based on personal data is used by IPAF.

How long is personal data stored for

IPAF will not retain personal data for longer than necessary to perform our lawful processing. Some information must be kept for longer due to legal and regulatory obligations.

Data subject rights

As a data subject, you have certain rights:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights surrounding profiling and automated decision making

IPAF Licence Holders and Applicants

Why we collect and process data, and what we will collect

IPAF collects the following information about you as is necessary for the performance of our contract (training administration) with you:

  • Contact information (name, email, phone number, address, job title)
  • Date of birth
  • Photo
  • National Insurance Number (where applicable)
  • IPAF Powered Access Licence number

Where this information is not provided, IPAF cannot fulfil a contract with you. If you have any concerns or queries around collection of personal data, you can contact IPAF’s Privacy Manager via email at privacy@ipaf.org.

Who has access to personal data

IPAF is the data controller for the information identified above. IPAF -Approved Training Centres, acting as a data processor for IPAF, generally handle collection of this information. In order to provide users with the correct level of service, and to fulfil our contract with you, this information is shared with some third parties:

  • The IPAF-Approved Training Centre where you completed your training will hold a copy of information they collect
  • Payment information is processed by third party payment gateways.
  • IPAF uses external development and IT support companies, who are based in the UK and EEA. Sometimes, individuals from these companies may come into contact with your personal data whilst providing services to IPAF. These third parties are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.
  • The IPAF website contains a verification tool which allows anyone to search for a licence number. By searching for your licence number, it is possible to view information from your licence including your name.
  • Independent auditors may come into contact with your personal data when conducting audits of Training Centres and Instructors. These auditors are subject to contracts detailing how they treat personal data and cannot use your information for any other purposes.

Personal data is subject to access control: access is restricted as much as possible to those with a need to know. The information IPAF holds is not sold or made available for use by other entities.

No profiling or automated decision making based on personal data is used by IPAF.

How long is personal data stored for

IPAF will not retain personal data for longer than necessary to perform our lawful processing. Some information must be kept for longer due to legal and regulatory obligations. We will keep full details including contact information, date of birth, photo and IPAF Powered Access Licence number for 6 years. After this time, we will keep name, date of birth, photo and IPAF Powered Access Licence.

Data subject rights

As a data subject, you have certain rights:

  • The right to be informed
  • The right to access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights surrounding profiling and automated decision making