IIA Luxembourg Privacy & Data Protection Policy
Please read the following policy to understand what personal data is collected by IIA Luxembourg, in its role of data controller, and for what purposes it is used for. By providing your personal data to us, you are consenting to the collection, use and disclosure as described in this policy. You are entitled under the EU Regulation 2016/679 that came into force on 25/05/2018 (GDPR) to access the personal information that IIA Luxembourg holds about you. If you believe any detail of your personal information to be incorrect, you may request that it be corrected.
Type of Personal Data  we Collect
We request information from you in several ways such as through our website, application forms, surveys, including but not limited to:
1. Your personal information such as your name, postal addresses, email addresses, telephone and fax numbers;
2. Your present employment information such as company name, company type, sector, designation, business telephone and fax numbers;
3. Your billing information, including name of the credit/debit card holder, credit/debit card number, security code and expiry date.
4. Your professional certifications and training related data
We may also automatically collect information related to your device, such as your device’s IP address.
Collection and use of information
We may use the personal data you provided for one or more of the following purposes:
1. To process and administer your membership with us;
2. To process your registration for training courses, events, seminars, workshops and/or conferences;
3. For the supply of any goods and/or services which we may offer to you or you may require from us;
4. For your use of the online services at our website and/or through other digital or telecommunication channels;
5. For identification and verification purposes in connection with any of the goods and/or services that may be supplied to you;
6. To contact you regarding your enquiries and/or feedback;
7. To send news and events updates, and/or marketing campaigns in relation to the goods and/or services that we and/or our business partners provide, or on our behalf.
8. To help us improve our services to you.
We may share your information with the Global Institute of Internal Auditors in the USA, in order to allow you password -protected access to its website (members only).
If you are giving us information about another person we will take this as confirmation that they have appointed you to act for them and that you are properly authorised to consent on their behalf.
Link to other websites
This website contains links to other websites. Please note that when you click on one of these links you are "moving" to another website. The IIA is not responsible for the information privacy practices or the content of these other websites. We encourage you to read the privacy policies of these linked websites as their privacy practices may differ.
Sharing and disclosing personal data to third parties
The personal data collected in the scope of our professional activities are processed by duly authorized employees within the limits of their respective attributions.
We do not sell personal data to anyone. However, we may share and disclose data (including personal data) to third parties to the strictest extent necessary and subject to the existence of contractual guarantees to ensure the security and the confidentiality of the information in the following circumstances:
IT service provider Our IT infrastructure and application including databases and file servers are managed by an entity located in Luxembourg
Website Our website is hosted on the Wix.com platform. Wix.com provides us with the online platform that allows us to sell our services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
External service providers (e.g. consultants, vendors etc.). We may share personal data with third party vendors, consultants and other service providers who we employ to perform tasks on our behalf.
Third party controllers. We may also share personal data with third party controllers such as banks, notaries and lawyers to perform our professional activities.
Public authorities. We may share personal data with public authorities as necessary to comply with law or court order.
IIA Global. Finally, we may share personal information with our global office.
Cookies are small pieces of data stored on a site visitor's browser. They are typically used to keep track of the settings users have selected and actions they have taken on a site.
· To provide a great experience for your visitors and customers.
· To identify your registered members (users who registered to your site).
· To monitor and analyze the performance, operation and effectiveness of our website.
· To ensure our platform is secure and safe to use.
Types of Cookies
Cookies can be classified according to their type, duration and category.
Strictly necessary cookies: necessary for the website to function and cannot be switched off. You can set your browser to block or alert you about those cookies, yet some parts of the website may not work.
Functional cookies: These cookies “remember” website visitors in order to improve their user experience. They may be set by third party providers whose services we have added to our website. If you do not allow the cookies, some parts of the website may not work.
International Data transfers
All our data (including personal data) are managed and hosted in Luxembourg and in the United States.
Personal Information you submit on the Websites or personal information that regards your membership are sent to the United States and processed by IIA Global, our global office and 123 Formbulder, the third party provider used for the forms used in the website. This transfer of personal data is under the EU-US Privacy Shield Framework of the U.S. Department of Commerce and the European Commission, which is a valid mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States in support of transatlantic commerce. We will always protect your information in accordance with this Privacy Notice wherever it is processed.
Security measures and retention periods
We use appropriate technical and organizational security measures to protect any data we hold in our databases from loss, misuse, unauthorized access, disclosure, alteration and destruction. Our external service providers are also bound by contractual guarantees to ensure the security and the confidentiality of the concerned data.
We do not keep personal data for further than required by relating laws (local, etc.), by a contract or until the purpose for which they were initially collected was fulfilled. In particular:
Finance-related personal data are kept for 10 years after the end of the fiscal year
Website-related personal data are kept for 10 years
Annual event related personal data are kept for 10 years
Membership-related personal data are kept for 10 years
Rights of the data subject and point of contact
You have the right to opt out of receiving information from the Institute or other company by sending an email to firstname.lastname@example.org.
 Personal data is to be understood as any information about you that can be used to identify you directly or indirectly.