Privacy Policy

Overview
Our mission is to drive a dynamic accounting profession globally and, when you register with us, you gain access to a wide range of tools and services to stay ahead. To seamlessly deliver these resources and benefits, we at times need to share your information across our teams and offices – always with a focus on keeping your data secure.

This Privacy Policy describes the ways in which your personal data is collected and used by the Association of International Certified Professional Accountants (the Association), The Chartered Institute of Management Accountants (CIMA), and the American Institute of CPAs (the AICPA) (collectively referred to herein as “the controllers”, “we”, “us”, “our”). By providing your personal data to any of the controllers, you acknowledge and agree that your data may be shared between and/or processed by any of the three controllers.

It is your responsibility to review and understand this Privacy Policy prior to providing your personal data to us. You also should review our Terms and Conditions. If you do not accept and agree to the Privacy Policy and/or Terms and Conditions, please refrain from providing your personal data to us, accessing our websites, and/or utilizing our products and services.

With our websites and services constantly evolving, our Privacy Policy and Terms and Conditions may also change from time to time. Whenever there are changes, the modified policies will be posted on our websites and will be effective at that time. Each time they change, the version number displayed at the top of the page also will change. Consequently, each time you access or use our websites or otherwise engage with us, you accept and agree to the most current Privacy Policy and set of Terms and Conditions. It is your responsibility to be aware of any such changes.

Notice
Our websites contain links to other websites which are managed by third parties (including their use of cookies). As a user of links, it is your responsibility to understand those third parties’ privacy policies. Once you leave our websites using links, we have no control over information that is submitted to or collected by any third parties and are not responsible for other websites.

Collection of Personal Data
In order to provide our products, services and websites and for the other purposes set out in Use of Information below, we collect and process personal data from our members, students, customers, and other users of our websites, products and services. We may collect information from you such as, but not limited to, your name, email address, mailing address, phone/fax numbers, date of birth, gender, ethnicity, payment information, education history, employment information, information related to your professional qualifications, designations and memberships and information about your use of our and third-party websites, products and services ("Personal Data"). You are not required to provide us with all of the Personal Data listed above, but if you do not do so, we may not be able to effectively provide you with our products, services and information. In certain circumstances, you will need to provide us with specific categories of Personal Data (including name, email address and payment information) in order to enter into a contract with us and for us to perform that contract.

From time to time and as permitted by applicable law(s), we may collect Personal Data about you and update any existing Personal Data that we currently hold from other third-party sources, including publicly available data sources, publicly available social networking sites such as LinkedIn, your employer or university/school, your tuition provider, State CPA Societies, our credential and designation examination providers, course providers or data brokers such as Acxiom.

See “Use of Information” section below for details regarding the ways that we use and process your personal data.

Use of Information
Your Personal Data may be used in the following ways:

To provide our products and services to you
To enhance and improve our products and services, for example, by performing internal research, analyzing user trends and measuring demographics and interests
To analyze the demographics of our membership body and the accounting profession as a whole. This includes internal research related to diversity and may include the use of your demographic information such as your age, gender, ethnicity and/or geographic location. Please note that the collection of special categories of Personal Data, including ethnicity and gender, is voluntary and based on your explicit consent.
To process payments from you (including, but not limited to, membership dues and subscriptions, registration fees, voluntary contributions, examination fees, credential and designation fees, or payments for any products or services that you choose to purchase from us)
To process payments to you (including, but not limited to, refunds or reimbursements)
Internal purposes, such as website and system administration or internal audits and reviews
To provide access to restricted parts of our websites.
To determine eligibility for membership, credentials, designations and volunteer opportunities
To communicate with you regarding your membership and products/services that may be of interest to you
To respond to your requests and inquiries
To serve relevant advertisements to you when you visit our sites or other third-party sites (including social media platforms)
To request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and services
To evaluate your performance on continued learning courses and assist you in the tracking of your progress
For examination scheduling, administration and registration purposes
To publish a membership and credential holder directory for the purposes of membership verification and networking. If you do not wish to be included in these public directories, you may choose to opt out by contacting us using the contact information listed at the bottom of this Privacy Policy.
To comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order) or to carry out professional ethics/conduct investigations
From time to time we may provide statistics about the usage levels of the Site and other related information to reputable third parties, but these statistics will not include information which will allow you to be identified
We may use the information you provide to us and which we obtain from other sources to better understand your interests so we can try to predict what other products, services and information you might be most interested in. This practice is called “profiling”, which involves making automated decisions about you based on this information in order to better enable us to tailor our interactions with you to make them more relevant and interesting. You may object to such profiling at any time by contacting us (see Contact Information/User Rights below).

We will process your Personal Data for the purposes identified above on the following bases:

Our legitimate interests, which include processing such Personal Data for the purposes of providing and enhancing the provision of our products, services and information, as well as advertising further products, credentials, designations, services and information to you.
Where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you.
Your explicit consent, when collecting and processing special categories of Personal Data such as your ethnicity, gender or confidential medical information.
As necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements.
Where such processing is necessary to comply with our obligations to protect members of the public and the public interest, including but not limited to, the maintenance of a member and student directory, regulatory activities and disciplinary actions.

Unless a longer retention period is required by applicable law, we will retain your information for as long as your account is active, as well as for a short additional period afterwards to cover any outstanding issues or queries that may arise in relation to your account (for example, outstanding payments). This period of retention is subject to our review and alteration.

Sharing and Disclosure to Third Parties
We may disclose your Personal Data to third parties from time to time under the following circumstances:

You request or authorize the disclosure of your personal details to a third party.
The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order).
The information is disclosed to your employer, university or tuition provider in the event they have an interest in your data (e.g. they support your exam, tuition, or membership fees). In certain circumstances, you may be able to update your choices regarding the sharing of personal data with your employer, university or tuition provider by updating your consents within your online account.
The information is published in our public membership and credential holder directories for verification and networking purposes. If you do not wish to be included in these public directories, you may choose to opt out by contacting us using the contact information listed at the bottom of this Privacy Policy
If you are located in the United States, your Personal Data may be shared with our trusted business partners, including Aon Insurance, CPA.com and State CPA Societies, so that they can offer products and services that may be of interest to you. Although we do not directly monetize your Personal Data, this sharing may qualify as a “sale” under certain privacy laws.
The information is provided to our agents, vendors or service providers who perform functions on our behalf. See below for additional details.

It is likely that the identity and categories of such third parties will change during the life of your account but, depending on your use of the Site, it is anticipated that your Personal Data will be disclosed to the following categories of third-party service providers who perform functions on our behalf. We require that our third-party service providers only use your Personal Data as necessary to provide the requested services to us and each service provider is subject to a set of terms consistent with this Privacy Policy.

Hosting providers for the secure storage and transmission of your data
Learning technology and online event providers for the delivery and improvement of web events and learning programs and the tracking of your progress
Digital credential providers for the delivery of digital badges earned through your participation in learning programs
Examination providers for the scheduling and delivery of credential and designation examinations
Identity management providers for authentication purposes
Database software providers for the management and tracking of your data
Legal and compliance consultants, such as external counsel, external auditors, or tax consultants
Advertising partners, including social media providers, for the delivery of targeted advertisements
Marketing providers who send communications on our behalf regarding our products and services
Payment solution providers for the secure processing of payments you provide to us
Publishers and learning providers who develop products on our behalf
Technology providers who assist in the development and management of our systems and web properties
Outbound call center providers, who may perform outreach on our behalf regarding our products and services
Fulfillment and postal vendors for the fulfillment of our products and services
Our volunteers or committee members who perform various functions on our behalf
Survey and research providers who perform studies on our behalf

Collection of Information Through Cookie Use
We may obtain information about your general internet usage by using a “cookie” file. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. The following types of cookies may be used on our websites:

Necessary Cookies: These cookies are necessary for our websites to work properly. They are usually only set in response to actions you take such as logging in or completing online forms. You can set your browser to block or alert you about these cookies, but some parts of our sites will not function if these cookies are blocked.
Functionality Cookies: These cookies enable our websites to provide enhanced functionality and personalization by storing your preferences (such as your preferred language or the region that you are in), allowing us to provide enhanced features on our sites such as videos, and allowing us serve you with advertisements for our products and services that may be of interest to you. These cookies may be set by us or by third-party content that we have placed within our pages. If you do not allow these cookies, some of the features on our websites may not function properly and you may not receive a personalized experience when visiting our sites.
Performance Cookies: These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our sites. They help us to understand which pages are visited most frequently and how visitors interact with our sites. If you do not allow these cookies we will not receive data related to your visits to our sites.
Third-Party Advertising Cookies: These cookies may be set through our site by our advertising partners, such as Google or Adobe. They may be used by these companies to enable them to build a profile of your interests and show relevant advertisements on other sites. These cookies are based on identifying your browser and internet device. If you do not allow these cookies, you will experience a decrease in the targeted advertisements that you see online.

If you opt in to use the “Remember me” feature on our websites, we will place a persistent cookie on your hard drive and you will not be required to log in for every session. By disabling cookies on your machine or clearing your browsing history you may deactivate the persistent cookie.

You can view a complete list of the cookies and their purposes used on our website and manage your preferences at any time by clicking on the cookie icon at the bottom left-hand corner of the page.

Additionally, all major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage your preferences related to cookies, please consult the privacy features within your browser.

Further information about cookies:

How to manage your preferences related to targeted advertising

Communication Preferences
We strive to provide you with relevant and useful information related to our products, services and industry news. You can update your communication preferences at any time by visiting the preference center within your online account on our website(s). Additionally, you can contact us using the information listed at the bottom of this policy to make changes to your communication preferences. Any promotional emails that we send will include a link at the bottom of the email to unsubscribe.

If you have opted in to receive text messages from us, you can opt out at any time by responding with the word STOP. You will receive a confirmation text of your choice to opt out.

Transfer of personal data internationally
By providing us with your Personal Data, you acknowledge and agree that we may from time to time transfer your Personal Data to any of our offices or to the offices of any of our affiliates, agents or appointed representatives located around the world. Where we transfer personal data internationally from one of our global office locations, we ensure the transfer is subject to an appropriate safeguard as recognized by local data protection law. Please do not submit any Personal Data to us if you do not wish for your data to be transferred internationally.

Data Privacy Framework – For EU and UK Individuals Whose Data is Transferred Into The US
As applicable, we comply with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF as set forth by the U.S. Department of Commerce. The Association of International Certified Professional Accountants and the American Institute of CPAs have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, we commit to resolve DPF Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF should first contact the Association of International Certified Professional Accountants at:

Jonathan Mabe
Data Protection Officer
SecurityandPrivacyOffice@aicpa-cima.com

We are committed to cooperate and comply with the advice of the panel established by the EU data protection authorities (DPAs), the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

Pursuant to the Data Privacy Framework Principles, we are obligated to inform EU and UK individuals whose data is transferred to the United States that we may be required to release that information in response to lawful requests by public authorities including to meet national security and law enforcement requirements. We remain responsible and liable under the Data Privacy Framework Principles if third-party agents that we engage with process the personal data in a manner inconsistent with the Data Privacy Framework Principles, unless we can prove we are not responsible for the event giving rise to the damage.

The Federal Trade Commission has jurisdiction over our compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF. Under certain conditions, individuals have the possibility to invoke binding arbitration for complaints regarding DPF compliance not resolved by any of the other DPF mechanisms listed above. Click here to learn more.

Individuals wishing to exercise their rights or submit general inquiries or complaints related to our participation in the Data Privacy Framework should contact us via the methods detailed below under the heading “User Rights and Data Protection Officer.”

Security and Other
We use reasonable measures to strive to safeguard and secure the personal data we collect. Any transmission of personal information is at your own risk. Technology, such as, but not limited to, Transport Layer Security (TLS) and Secured Socket Layer (SSL), is used to enhance security and reduce risk of loss. Our security practices, processes or technology do not guarantee absolute security of your information and you should take all normal personal precautions such as, but not limited to, not sharing passwords, closing browsers, and not using public networks (e.g., internet cafes, etc.).

Parents and Children
We do not knowingly collect personal information from children under the age of 13. Parents have the right to terminate the registration of a child under the age of 13 by contacting us using the information listed at the bottom of this policy.

User Rights and Data Protection Officer
Your rights regarding your Personal Data depend on the local law in the jurisdiction where you reside.

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), you may be subject to certain rights in relation to your Personal Data under the General Data Protection Regulation (GDPR) and the Data Protection Act 2018, as outlined below:

The right to be informed of the use of your Personal Data
The right to access and/or to require the correction or erasure of your Personal Data
The right to block and/or object to the processing of your Personal Data
The right to not be subject to any decision based solely on automated processing of your Personal Data
In limited circumstances, you may have the right to receive Personal Data in a format which may be transmitted to another entity.
If you have a complaint in relation to the processing of your data carried out under this Privacy Policy, you have the right to lodge a complaint with your local supervisory authority. If you are located in the European Union, you can find the details of your local supervisory authority here.

You may seek to exercise any of these rights by completing our GDPR Request Form online, updating your information online (where possible) or by sending a written request to our Data Protection Officer using the contact details listed below.

If you are located in California, United States, you may be subject to certain rights in relation to your personal information under the California Consumer Privacy Act (CCPA), as outlined below:

The right to know about the personal information that we collect about you, including the categories of personal information collected, how it is used and how it is shared;
The right to delete the personal information we have collected about you (with some exceptions);
The right to opt out of the sale of your personal information; and
The right to non-discrimination for exercising your CCPA rights.

You may seek to exercise any of these rights by completing our CCPA Request Form online, updating your information online (where possible) or by sending a written request to our Data Protection Officer using the contact details listed below.

If you are a California resident and would like to opt out of the sale of your personal information, please click here: Do not sell or share my personal information

Data Protection Officer Contact Information:

Jonathan Mabe, Data Protection Officer
Association of International Certified Professional Accountants
220 Leigh Farm Rd.
Durham, North Carolina 27707
United States
SecurityandPrivacyOffice@aicpa-cima.com

Contact Information
You are encouraged to report any improvements, suggestions, or any suspected breaches of privacy or security to us by using the contact information listed below.

Association of International Certified Professional Accountants Contact Information:

The Chartered Institute of Management Accountants The Helicon One South Place London EC2M 2RB United Kingdom P: +44 (0)20 8849 2251 Hours of Operation: (9am – 5pm, UK time, M-F) https://www.aicpa-cima.com/hel...	American Institute of CPAs 220 Leigh Farm Road Durham, NC 27707 P: 1.888.777.7077 F: 1.800.362.5066 Hours of Operation: (9am – 6pm, ET, M-F) Email: service@aicpa-cima.com

Additional Notice for California Users
The information below applies solely to members, students, customers and other users (“Users”) who reside in the State of California. This information is being provided in accordance with the requirements of the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.

Please review the Privacy Policy above in its entirety for more detailed information regarding the Personal Information that we collect, including how it is used and shared, as well as information regarding your rights under the CCPA.

Personal Information Collected:
We have collected and shared the following categories of personal information during the past twelve (12) months. Please note that the list of examples for each category is intended to be illustrative and not exhaustive.

Identifiers
◦ Examples: Name, Address, Email Address, Username
Customer Records Information
◦ Examples: Name, Address, Telephone Number, Payment Information
Characteristics of protected classifications under California or federal law
◦ Examples: Ethnicity, Gender
Commercial Information
◦ Examples: Records of product or services purchased or considered
Internet Usage Information
◦ Examples: Browsing or search history, information regarding your interactions with our websites
Geolocation Data
◦ Examples: Precise Physical Locations
Sensory Data
◦ Examples: Audio recordings of customer service calls, video footage and photographs from events
Professional or Employment Information
◦ Examples: Employer, Position, Employment history
Education Records
◦ Examples: Education history, Schools attended, Academic records
Inferences
◦ Examples: Preferences, Behaviors

Sources of Personal Information
We obtain the personal information listed above from the following sources:

Directly from you. For example, when you provide the information to us on our websites.
Indirectly from you. For example, from observing your actions on our websites via automatic data collection technologies.
From third parties. For example, your employer or university/school, your tuition provider, State CPA Societies, our credential and designation examination providers, course providers or data brokers such as Acxiom.