The Institute of Internal Auditors Philippines (IIAP) Privacy Policy
Revised March 2018
Introduction
The Institute of Internal Auditors Philippines (IIAP) respects the privacy of its members, affiliates, and visitors to its websites and is strongly committed to each visitor’s right to privacy. This privacy policy has been developed as a codification of The IIAP’s commitment in this area.
The privacy policy explains the IIAP’s information gathering and handling practices. If you have any questions regarding IIAP privacy policy or do not feel that your concerns have been otherwise addressed, please contact the data privacy officer by sending an e-mail to [email protected].
Consent
By using the IIAP’s websites and its online portal, you signify your acceptance of our privacy policy. If you, as a visitor, choose to log on as a member, register for courses or events, purchase products, apply for membership or certification, or otherwise submit personally identifiable information, you are consenting to the IIAP’s use of such data in accordance with its privacy policy.
Scope
It is the intent of the IIAP to be in compliance with the principles of the Republic Act 10173 – Data Privacy Act of 2012 Republic of the Philippines, and selected legislation worldwide regarding privacy of data. If any provision of this policy is in conflict with such legislation, the provisions of this policy shall apply, except when otherwise required by law.
This policy guides how the IIAP stores and uses personal information that is collected by the IIAP or provided to the IIA through IIAP, whether through our websites or by other methods such as an application, enrollment, registration or order form, or other means. This policy covers all of the IIAP’s websites. However, this policy does not cover affiliate websites whether or not linked to the IIAP’s sites.
Membership Identity Number and Password
All individual IIAP members (not corporations) are entered into the global membership database of the IIA and are assigned a unique membership number. When members log on to The IIA Global website, they will be asked to enter their e-mail address and to create a unique password to authenticate their membership. Membership numbers are delivered to members together with basic information about membership benefits and services either directly from The IIA or via IIAP.
Collection and Use of Information
Even if you do nothing during your visit other than navigate the IIAP website, read pages, or download information, we will automatically gather and store certain information about your visit. In order to ensure our websites are as useful and effective an information source as they can be, we analyze information that identifies visitors by categories such as the location of visitors (by domain, not by personal e-mail address) and browser types. We also measure, in the aggregate, indicators such as number of visits, average time spent on the sites, and pages viewed. The IIAP uses these statistics to improve site content and usability; this information does not identify visitors personally.
However, when a visitor enters an e-mail address and password obtained by the means described above on an IIAP website for the purpose of logging in to restricted pages, a “temporary cookie” is deployed. This cookie — a small text file stored temporarily on the visitor’s browser — enables the website to “remember” this authentication information during movement from one page to another. This makes it unnecessary to log in again on each page. The cookie will expire when the visitor leaves and no personal data is retained. In addition, to help prevent unauthorized users from using your identifying information, the cookie will expire if your session is idle for approximately 20 minutes. If you have set your internet browser to reject cookies, access may be denied to secured areas of the IIAP’s website.
With the exception of specific secured pages, visitors are not required to be IIA members in order to gain access to IIAP websites, although non-members may be required to register to receive all benefits available to users of the sites.
The IIAP may use personally identifiable information you have voluntarily provided on our websites or by other means to notify you via e-mail or printed material of IIAP events or other relevant products and services offered by the IIAP. If you are a member of an IIAP committee or a CIA exam candidates the IIAP may directly contact you. If you are a member of an IIAP committees or initiative or special forums and events, the IIAP may produce a directory of such participants for networking purposes. If you do not want to receive notice of such events or be included in specialty directories, you may choose to opt out by the means detailed in the “Withdrawal of Consents” section of this policy.
The IIAP collects, at a minimum, the names of IIAP members who join the IIAP worldwide and records these in the IIA Global database in order for the IIAP to issue unique membership numbers. Members who wish to access the website will also have to provide e-mail addresses. Transfer and update of data between IIAP and the IIA Global is allowed through an explicit consent of its members, or through adherence of IIAP to the Republic Act 10173 – Data Privacy Act of 2012, or other privacy policies worldwide. The amount of personal information recorded in the database depends on the services selected by or the member and the preferred method of delivery. Members who do not wish to be contacted by IIAP may choose so, while members who wish to access additional services may provide additional personal data either directly on The IIAs website or via IIAP.
The IIAP collects limited personal data from members and or non-members when they register to participate in any of IIAP events or trainings either online format or downloaded printed copy of the registration for an IIAP member or non-member who do not with their personal data to be transferred should request exclusion through their Institute or through the “Withdrawal of Consent” section of this policy.
Disclosure of Information to Third Parties
If you voluntarily provide the IIAP with personally identifiable information, the IIAP may share personal information with companies, organizations or individuals outside of the IIAP when we have your consent to do so. the IIAP requires opt-in consent for the sharing of any sensitive personal information. the IIAP may release information on a selective basis to outside organizations whose products and services are of perceived benefit. These organizations include, but are not limited to:
Various companies that authenticate credit cards on behalf of The IIAP if you provide a credit card for the purchase of products or services.
- If you do not want The IIAP to provide your personally identifiable information to third parties other than IIAP chapters or as noted above, please see “Opting Out” section of this policy.
Disclosure of Information for Legal Reasons
The IIAP will share personal information with companies, organizations or individuals outside of the IIAP if the IIAP has a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to:
- Meet any applicable law, regulation, legal process or enforceable governmental request.
- Enforce applicable Terms of Service, including investigation of potential violations.
- Detect, prevent, or otherwise address fraud, security or technical issues.
- Protect against harm to the rights, property or safety of the IIAP, our members or the public as required or permitted by law.
There are other instances in which the IIAP may divulge your personal information. the IIAP may provide your personal information if necessary, in the IIAP’s good faith judgment, to comply with laws or regulations of a governmental or regulatory body or in response to a valid subpoena, warrant or order, or to protect the rights of the IIAP or others.
Disclosure of Sensitive Personal Information to Third Parties
The IIAP requires opt-in consent for the sharing of any sensitive personal information. Sensitive personal information is a particular category of personal information relating to confidential medical facts, racial or ethnic origins, political or religious beliefs or sexuality.
Data Access and Corrections
The IIAP is dedicated to providing reasonable access to IIAP members and others who want to review their personal information maintained by the IIAP and correct any inaccuracies therein. IIAP Members may view and update their data by accessing their Member Profile, available upon logging in to www.iia-p.org. Institute members and Non-members may also verify and/or change their data by e-mailing [email protected] or IIAP, Unit 702, 139 Corporate Center Valero St., Salcedo Village Makati City Philippines. The IIAP, however, is not responsible for verifying the continued accuracy of either member or non-member information.
Security
Although the IIAP does not monitor the websites, the IIAP has reasonable policies in place to protect from misuse the personally identifiable information provided by its users.
Links
The IIA’s websites contain “links” to other sites, including sites operated by The IIA Global Institutes and chapters. The IIAP does not control, and is not responsible for, the accuracy, timeliness, security, or even the continued availability or existence of this outside information. Opinions expressed on other sites linked from the IIAP’s websites are not necessarily those of the IIAP, nor does the IIAP endorse, warrant, or guarantee products or services described or offered on those other sites. Neither is the IIAP responsible for the contents of any websites that choose to link to the IIAP’s websites with or without the IIAP’s consent.
Other organizations linked to the IIAP’s websites may collect information about you when you view or click on these sites. The IIAP cannot control this collection of information. You should contact these organizations directly if you have any questions about their use of the information they collect.
Changes to Privacy Policy
The IIAP’s Privacy Policy may change from time to time. The IIAP will not reduce your rights under this Privacy Policy without your explicit consent. The IIAP will post any privacy policy changes on this page and, if the changes are significant, The IIAP will provide a more prominent notice (including, for certain services, email notification of privacy policy changes). The users of the IIAP’s websites should reference this policy periodically to ensure that they have knowledge of the current provisions of the IIAP’s privacy policy.
DISCLAIMERS
THIS WEBSITE AND ITS CONTENT ARE PROVIDED “AS IS” AND THE IIAP EXCLUDES TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW ANY WARRANTY, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, SATISFACTORY QUALITY OR FITNESS FOR A PARTICULAR PURPOSE. THE FUNCTIONS EMBODIED ON, OR IN THE MATERIALS OF, THIS WEBSITE ARE NOT WARRANTED TO BE UNINTERRUPTED OR WITHOUT ERROR. YOU, NOT THE IIAP, ASSUME THE ENTIRE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION DUE TO YOUR USE OF THIS WEBSITE.
Except as specifically stated in this Policy, or elsewhere on this website, or as otherwise required by applicable law, neither the IIAP nor its trustees/officers, employees, content providers, affiliates or other representatives will be liable for damages of any kind (including, without limitation, lost profits, direct, indirect, compensatory, consequential, exemplary, special, incidental, or punitive damages) arising out of your use of, your inability to use, or the performance of this website or the Content whether or not we have been advised of the possibility of such damages.
The IIAP uses reasonable efforts to ensure the accuracy, correctness and reliability of the Content, but we make no representations or warranties as to the Content’s accuracy, correctness or reliability.
Some US states and foreign countries do not permit the exclusion or limitation of implied warranties or liability for certain categories of damages. Therefore, some or all of the limitations above may not apply to you to the extent they are prohibited or superseded by state or national provisions.
Opting In and Opting out of the Release of Personal Information
Members in Philippines are entered into The IIA Global membership database and given the choice to opt-out of receiving communications from the IIAP or its chapter. To opt out, send your request via e-mail to: [email protected].
Members reported via their IIAP chapters are entered in The IIA Global membership database and given the choice to opt-in to receiving communications and additional services from IIAP. IIAP Chapter members will not be contacted by IIAP unless they opt-in either by instructing their IIAP Chapter or by logging into their profile on the IIAP website and selecting to receive optional services and communications.
However, if you choose to provide the IIAP with personally identifiable information by purchasing a product, registering for an event, or requesting other services, the IIAP may use that information to provide you with the purchased products or services, for billing purposes, to send immediately relevant information to you, and for other purposes related to the reason you provided the information even if you opt out of the use of your information by the means detailed in this privacy policy.
For any clarifications and inquiries on one policy, you may send an email to:
Chief Data Privacy Officer
Institute of Internal Auditors Philippines, Inc.
Unit 702, 139 Corporate Center, Valero St., Salcedo Village, Makati City, Philippines
Tel. +63 2 940.9551, Fax. +632 325 0414
E-mail: [email protected]