Who we are
We are the Institute and Faculty of Actuaries (IFoA) and our subsidiaries: Continuous Mortality Investigation (CMI) Limited, ICA 98 Limited, and Institute and Faculty Education (IFE) Limited.
We are the chartered professional body dedicated to educating, developing and regulating actuaries based both in the United Kingdom and internationally.
We are registered as Data Controllers with the Information Commissioners Office (ICO) in the United Kingdom:
Where we are based
We maintain offices in England, Scotland, China, Hong Kong and Singapore.
How you can contact us
For general enquiries: https://www.actuaries.org.uk/about-us/contact-us
For CMI specific enquiries: info@cmilimited.co.uk
For enquiries about this notice or your information rights: our Data Protection Officer can be contacted by:
Telephone: +44 (0) 131 240 1311
Email: data.protection@actuaries.org.uk
Why we need to process your personal information
If you’re a member:
We process your personal information to educate, regulate, monitor performance and professional development, investigate complaints, and discipline you as a member of the actuarial profession.
If you supply goods or services to us, or if we supply goods and services to you:
We process your personal information to communicate with you, to place or fulfil orders for goods or services and to send and receive payments.
If you use our website:
We may process your personal information to support auto-filling forms, analysing site performance, managing your shopping basket, personalising content, and targeted advertising.
Where we get your personal information
If you’re a member, our sources of personal information about you will come from:
- you;
- your current and previous employer(s);
- other actuarial organisations;
- other educational bodies;
- credit reference agencies;
- other regulators;
- public records.
If you supply goods and services to us, or if we supply goods and services to you, our sources of personal information about you will come from:
- you;
- your employer;
- your previous customers or suppliers;
- credit reference agencies;
- public records.
The lawful basis for processing your information
The lawful bases for processing your personal information are:
- Contract
- Legal obligation
- Vital interest
- Legitimate interest
- Public task
We will seek your active, explicit, and informed consent to process your personal information for marketing purposes or if/when we need to process any of your health/medical information or information about criminal convictions. If you use our website we will seek your active, explicit, and informed consent to track your activity via cookies.
For more information please see our Personal Data Processing Policy
The types of personal information we process
If you’re a member, we will capture and process your:
Contact details (i.e. name, previous name(s), current and previous postal addresses, work address, email addresses, phone number(s))
- Marital status
- Education history and exam performance
- Employment history
- Professional interests
- Payments (to and from us)
- Correspondence (to and from us)
- Professional development
- Attendance at events
- National insurance number or equivalent
- Passport / Identity card number
We may capture and process your:
- Health information;
- Location of birth;
- Criminal records;
- Disciplinary records.
If you supply goods and services to us, or if we supply goods and services to you, we will capture and process:
- contact details (i.e. name, business and/or residential address, business and/or personal email address, phone number(s));
- your financial details;
- correspondence (to and from us).
If you browse our website, we may capture and process:
- a unique machine-generated visitor ID
- the date and time of your first visit, current visit, and total number of visits to the site
- the number of pages visited
- when your visit has ended
- information about the traffic source (where you came from)
How we share your information
We will share, where appropriate, your personal information with the following organisations:
If you’re a member:
- Payment processors and our bank;
- Exam centres holding exams on our behalf;
- External exam and exam marking platform providers;
- The Times newspaper;
- Publishers;
- Other actuarial organisations;
- The Electoral Reform Society.
- Competent authorities - i.e. tribunals, courts, police forces, and other regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) The Pensions Regulator (TPR), or the Financial Conduct Authority (FCA).
Where we share your personal information with other regulators, this is part of our regulatory function, and extends to disclosures relating to disciplinary actions, as well as periodic auditing of our activity by competent authorities.
We may share your personal information with:
- Members and Lay-members via involvement in our Boards, Committees, Working Parties, Members Interest Groups, and Regional Societies;
- Members and Lay-members acting in roles as Principle Examiners, Exam Supervisors, other Exam personnel, Exam Counsellors, Independent Examiners, Subject Matter Experts, and Investigating Actuaries;
- Third parties who supply the services that support the delivery of our publications, newsletters and electronic library services;
- If you've chosen to join the Staple Inn Actuarial Society (SIAS), we'll share basic data about you with them to facilitate your membership;
- If you're representing us in the UK or overseas and we are funding your travel, we may share personal data about you with travel services, hotels and selected third parties only to facilitate your travel and attendance;
- External Legal advisors.
If you supply goods and services to us, or we supply goods and services to you:
We will share, where appropriate, your personal information with the following organisations:
- Payment processors and our bank;
- Travel and accommodation booking service providers;
- Credit reference agencies;
- Courier delivery services;
- Competent authorities - i.e. tribunals, courts, police forces, and other regulators such as Financial Reporting Council (FRC), Prudential Regulation Authority (PRA) the Pensions Regulator (TPR), or the Financial Conduct Authority (FCA)
If you browse our website:
We may share this information with Google Analytics.
When we might transfer your information across borders
We avoid transferring your personal information to third countries wherever possible. Where it is not possible to avoid transferring, we include Standard Contract Clauses and other controls in our agreements with our suppliers to ensure appropriate safeguards are in place.
We will only routinely store or process personal data:
- within the European Economic Area (EEA); or
- within countries recognised by the European Commission (EC) as providing an adequate level of protection; or
- outside the EEA or countries recognised as adequate by the EC using standard contract clauses or similar contractual controls.
We will only routinely store personal data in the United States of America with service providers who have signed up to ‘Privacy Shield’, using standard contract clauses as additional protection.
As an international body, from time to time, in pursuance of our operational objectives and to facilitate the delivery of examination and member related services we may transfer personal data on a periodic basis across jurisdictions. When we do this we will ensure appropriate technical, organisational and contractual safeguards are in place.
If you're representing us overseas and we are funding your travel, we may need to share personal data about you with third parties to facilitate your attendance. We will always seek your explicit consent for this.
How long we keep your information
We only retain personal information for as long as legally required or as long as required by the objects in our Royal Charter.
We securely dispose of personal information when the retention period has expired. If you browse our website we’ll retain tracking information for one year for statistical and analysis purposes.
For more information please see our Records Retention and Disposal Policy
Copies of our Records Retention Schedule can be requested via our Data Protection Officer: data.protection@actuaries.org.uk
When the use of your personal information is based on our legitimate interests or on consent
If we send you information based on our legitimate interests as a professional body such as professional newsletters, updates on our activity, Continuous Professional Development opportunities and notices of events you are able to opt out of receiving this at any time.
If you have provided consent for us to contact you for marketing purposes you can withdraw this consent at any time.
By Royal Charter, we are obliged to act in the public interest,: In support of our role as a regulator: you cannot opt-out of receiving regulatory information.
Your information rights
You have the right to:
- obtain a copy of any personal information we hold about you;
- correct any information we hold about you that is incorrect or out of date;
- ensure we dispose of any personal information we hold about you (once all legal and regulatory record keeping requirements have expired);
- restrict the processing your personal information;
- object to us processing your personal information;
- erase your personal information, where we no longer have a lawful basis or valid operational reason for holding it;
- request we send all or some of the personal information we hold about you to another organisation.
For more information please see our Data Subject Rights Policy
If you wish to exercise any of your information rights please contact the Data Protection Officer with your request: data.protection@actuaries.org.uk
If you’re unhappy with how we have used your personal information
You have the right to make a complaint to a Supervisory Authority about how we process your personal information.
In the United Kingdom the Supervisory Authority is the Information Commissioner’s Office: https://ico.org.uk/global/contact-us/
This notice was last updated on the 25th of May 2018.