Data privacy

PERSONAL DATA PROCESSING POLICY

Approved on 07.06.2018

  1. Terms and abbreviations
    1. IIA  – Association “The Institute of Internal Auditors”.
    2. Data subject – an identified or identifiable natural person who can be identified, directly or indirectly, and who uses, has used or has expressed a desire to use any services provided by the IIA or to provide services to the IIA.
    3. An identifiable natural person - a natural person, a natural person who may be identified directly or indirectly, in particular by reference to an identifier, such as the given name, surname, identification number, location data, an online identifier or one or more of the physical, physiological, economic, identify factors specific to that natural person.
    4. Consent of the data subject – written, specific, informed and unambiguous reference to the wishes of the data subject giving his consent to the processing of his or her personal data in the form of a statement or clearly affirmative action consent.
    5. Personal data – any sort of information relating to an identified or identifiable natural person (data subject).
    6. Processing of personal data – any activity or set of activities carried out with or without automated means with or without personal data, such as collection, registration, organisation, structuring, storage, development, viewing, use, transfer, deletion.
    7. Personal data controller – natural or legal person, public authority, agency or another body, determining, alone or jointly with others, the purposes and means of processing personal data.
    8. Personal data processor – natural or legal person, public authority, agency or other body processing personal data on behalf of the controller. 
    9. The recipient of personal data – a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether or not it is a third party. However, public authorities which may receive personal data relating to a specific investigation under the law of the European Union or the Member States shall not be considered as beneficiaries; the processing of that data by those public authorities shall comply with the applicable data protection rules in accordance with the processing purposes.
    10. General Data Protection Regulation – 27.04.2016. of the European Parliament and the Council Regulation(EU) 2016/679 on the protection of individuals with regard to the processing of personal data on the free movement on such data and repealing Directive 95/46/EC.

  2. Data controller
    1. The controller for the processing of personal data is "The Insitute of Internal Auditors", registration number  40008045795, address: Perse Street 9/11, Riga, LV 1011, telephone +371 26116088, email:iai@iai.lv.
    2. The controller only processes personal data using manual methods.
    3. The processing of personal data shall include: the collection, registration, organisation, structuring, storage, adaptation, viewing, use, disclosure, making it available to data recipients to the extent necessary for the achievement of the specific purposes; the limitation of data relating to the data subject; and the erasure or destruction of data, where this is not contrary to the requirement of laws.

  3. What categories of data subjects are subject to the processing of personal data?
    1. Natural personal data processed by the IIA:
      1. Members of the IIA;
      2. IIA customers who use the services provided by the IIA and purchase goods or voluntarily transfer their personal data (e.g. sign for news);
      3. Persons providing services to or for IIA (e.g. lecturers, administrative workers, volunteers other than IIA members and others)
  4. What personal data does the IIA obtain?
    1. identification details: name, surname, personal identification number, membership identification number, username;
    2. contact information: email, phone number, country;
    3. professional data: job title, the employer;
    4. service related data: transactions carried out, applications submitted, requests and complaints, acceptance certificates;
    5. data on complacency and interest, for example, answers to survey questions.

  5. In what way does the IIA obtain personal data?
    1. IIA obtain personal data only by receiving it from the data subject itself in the following ways:
      1. applying to an association;
      2. when designing an order on the IIA website ;
      3. applying for news receipt;
      4. when concluding a contract;
      5. other sources (social networks, articles, publications, news, etc.)
  6. Why does the IIA collect this personal data?
    1. enforcement of law duties;
    2. to executive the objectives and tasks of the association;
    3. to communicate with the data subject, including information about any sort of changes;
    4. to ensure and improve the quality of service provision;
    5. for marketing needs, including sending commercial communications, using cookies and using other forms of communication;
    6. to make surveys and market analyses, including statistics.

  7. Is personal data safe?
    1. The IIA ensures an adequate level of protection for personal data and shall take all necessary technical and organisational measures to prevent unauthorized access, processing or other activity with personal data which poses or may pose a risk to their confidentiality.

  8. Who receives personal data?
    1. The IIA may transfer personal data to other recipients of personal data, for instance:
      1. binding organisations ( e.g. The Institute of Internal Auditors, Inc.);
      2. institutions (e.g.,  law enforcement authorities);
      3. other legal or natural persons associated with the provisions of services to IIA, including the provision or archiving, accounting, mail, information technology, data processing services
  9. Where will the personal data be processed?
    1. Personal data are based on processing in the European Union/European Economic Area (EU/EEA).
    2. To fall due in the association, personal data (name, surname, e-mail, position code, business code) shall be transferred to the United States - based The Institute of Internal Auditors, Inc.

  10. What are the rights of the data subject with regard to the processing of their personal data?
    1. the right to be informed about their personal data (members of the IIA can view their data on their profiles on the iai.lv home page);
    2. the right to request the rectification of their personal data if they are inadequate, incomplete or incorrect (members of the IIA are responsible for correcting their data in accordance with the IIA regulation);
    3. the right to delete personal data (personal data may be requested to be deleted if the data subject withdraws his consent and there is no legal basis for the processing of personal data or if the personal data has been processed unlawfully);
    4. the right to withdraw consent (if there is no legal basis for the processing of personal data);
    5. the right to restrict the processing of their personal data (where the data subject requires that processing be restricted, with the exception of the exercise of legitimate rights);
    6. the right to data portability;
    7. the right to submit a complaint regarding the processing of personal data to the State Data Inspectorate (www.dvi.gov.lv) if the data subject considers that the processing of personal data infringes its rights and interests in accordance with the applicable laws and regulations.

  11. How long personal data will be stored?
    1. Personal data will only be processed for as long as needed. The period of storage may be based on the legitimate interests of the IIA or the applicable laws and regulations (for example, the rules on accounting, prescription, civil rights, etc.)

  12. What are cookies and do we use them?
    1. A cookie is a small text file that is stored on your computer or another used device (such as a mobile phone) when a person/user visited the website and is stored in a user web browser with a view to storing data. The text file contains information that is used to improve the experience of using the site for visitors to a specific website.
    2. The IIA uses cookies to provide more convenient browsing of the IIA website and to learn more about the behaviour of users of the IIA website, and provide a more convenient and reliable experience of use.
    3. Before the user starts using the IIA website, the IIA must obtain the users consent for the use of cookies. The IIA website contains a pop - up window that informs the user about the use of cookies, and the user is asked to accept the use of cookies by clicking OK. Without approval of session cookies, the user will not be able to make full use of the IIA website. If the user does not agree with the use of cookies but continues to use the IIA website, it shall be considered as the users consent for the use of cookies.
    4. Cookies used by the IIA on its website do not store data that could be identified directly by the data subject. The data collected will not be transferred to third parties. Any personal information that could identify the data subject will not be released.
    5. Multiple types of cookies (permanent and session) are used. They differ with the purpose of use and the length of storage. Time - consuming cookies may be updated and adapted to the needs of improving the quality of service provision, but the general usage objectives are:
      1. User authentication - provides user recognition and safer use of the internet site.
      2. Usage statistics and analysis - provides information on how and how frequently IIA websites are used, what user groups are and what search tools are used. Cookies statistics can also be obtained from websites of the partners;
      3. The user has the option to choose and change the use of cookies. If a user doesnt want to use cookies on his devices, he or she can change the browsers security settings must be made individually for each browser and the setting methods used may vary.

  13. Contact info
    1. All questions concerning the processing of personal data by IIA and IIA personal data processing policy may be asked by letter to iai@iai.lv
Return to the top