Privacy statement ENG

Privacy statement

On this page we inform you what personal data we collect when you use our service provision, why we collect this data and what we do with it. IIA Netherlands maintains four categories of records:

Personnel, salary and pension records
Member records
Training and event records
Records for suppliers and others

This privacy statement concerns the data that IIA Netherlands gathers for website visits and member, training and event records.

Privacy statement confidentiality

We feel it is important that we handle your data carefully and will ensure that the personal information you provide to us is treated confidentially. For this reason our employees who process data have signed privacy regulations containing a confidentiality agreement.

In brief, our confidentiality agreement means that:

we will only use your personal data for purposes we have explicitly agreed with you (see below in this statement),
we will not share your personal data with others, and
we will carefully secure your personal data.

If you should have any questions that are not answered in this privacy statement, if you have suggestions or remarks on its contents, or if you have complaints about the way we deal with your personal data, IIA Netherlands would like to hear from you. Please send an email to privacy@iia.nl or contact us on:

IIA Netherlands
Burgemeester Stramanweg 105F
1101 AA Amsterdam

Telephone: 088-0037100

This privacy statement applies to the website of IIA. IIA is not responsible for the privacy policy of other websites and sources mentioned on our websites.

Purposes
We collect or use your personal data exclusively for the purposes described in this privacy statement, unless we have explicitly obtained your prior permission.

Website visitor
We analyse the behaviour of visitors to our website using Google Analytics. If you visit our website, some technical features are recorded, such as the time of your visit and your browser type.

Only if the firewall observes odd behaviour does your IP address get stored in some cases. For normal website use we do not track who uses which IP address when and so we do not trace back this data to you.

Logfiles are kept only for a few weeks for analytical purposes.

This website makes use of functional cookies, which are necessary to make the website function properly. We also use cookies for example to be able to analyse how the website is used and to improve its user friendliness. We do not use tracking cookies. You can read more about this in cookies and the associated regulations

IIA Netherlands membership
As a member of IIA Netherlands you register through our website and we store your data in our database and in your personal member profile. We use this data for our service provision to you and to carry out scientific research. As a member of IIA Netherlands you are eligible for discounts on training and books from IIA Global, and you have access to the international digital magazine. In order to facilitate this we provide some data to IIA Global: your membership number, first and last names and your email address. Your data will remain on file until you deregister. On request you may inspect your data in our database, have the data archived or deleted completely.

Registering for events
You can register for events and training through our website. The data is used for annual member analyses and technical/scientific research. If you receive emails from us, we analyse your behaviour in terms of opening emails and clicking links. In this way we intend to ensure that our emails and the messages on our website become ever more relevant because they better fulfil the needs of our members.

Secure profile page on the website
As a member you have a profile page on a secure part of our website. With your personal login details you can access these service pages. You can manage both the private and professional data on the profile page. On this same page you can also manage your preferences for receiving the Audit Magazine and digital access to Internal Auditor.

Taking part in training or event as a non-member.
If you use our services (once), we ask you to provide us with your personal data using a form on our website. This data is required in order to be able to provide the service and will be retained by IIA in accordance with the statutory retention obligation or may be archived or deleted on request immediately after your purchase of the service.

Forms
The website contains forms that you can use to place orders, conclude agreements or to contact us on various topics. For example:
• applying for IIA membership
• registering for a conference, symposium or other event
• filing your PE points
We will retain the data you provide to us using these forms as long as is reasonable to fully answer and/or deal with your request. In addition, your request may be entered in our email archive to be stored in accordance with the statutory retention obligation.

Communication
When you send us email or other messages, they are placed in our email archive. Sometimes we ask you for personal data that is relevant to the particular situation. This makes it possible to deal with your questions and answer your queries. This data is used for no other purpose than necessary to be able to answer your question.

Confidentiality & third parties

We make use of third parties (IT and web applications) in the performance of our services and activities. If they have access to your data, we take appropriate measures to ensure that your data is adequately secure and is used exclusively for the intended purposes. We have concluded processing agreements with every third party in accordance with the GDPR (General Data Protection Regulation). In no case will IIA sell your data to third parties.

Security
IIA has taken appropriate technical and organisational measures to protect the personal data provided by you against illegitimate use. Your data is transmitted through secure connections on the internet and processed and stored in certified data centres and on IIA servers. The personal data is shielded from search engines.

Our employees are legally obliged to respect the confidentiality of your data. We also contractually impose this obligation in a processing agreement on third parties hired by us in the performance of our services and activities.

IIA periodically carries out an extensive IT audit in order to detect weaknesses in advance. If there should be any breach relating to personal data, we will conform to the data breaches notification obligation and you will be informed.

Access to, adjustment and deletion of personal data
You have the right to access your personal data in our databases. If you believe that this personal data is not or no longer correct or complete, you can request that we supplement, correct or remove your personal data. We will deal with requests for adjustment as soon as possible. If your request cannot (yet) be carried out, we will explain why this is, with substantiation. Please send you request to privacy@iia.nl or use the contact details at the bottom of this page. You can inspect and alter you own personal data by logging on to the website.

Changes
This privacy statement is tailored to the use of and the possibilities on this website. Any adjustments and/or changes of this website might result in changes to this privacy statement. It is therefore advisable to consult this privacy statement regularly.

Exceptions
Subject to the exceptions mentioned above, IIA provides personal data to third parties only if it is obliged to do so in accordance with a legal provision.

Contact details
The party responsible for this website is:
Institute of Internal Auditors - Netherlands -
Burgemeester Stramanweg 105F
1101 AA Amsterdam
088-0037100

Questions on our privacy policy may be sent to privacy@iia.nl

Amsterdam, 25 May 2018