Revised June 15, 2007
ScopeIt is the intent of The IIA to be in compliance with the principles of the Personal Information Protection and Electronic Documents Act of Canada, the European Union Safe Harbour Act, the Data Protection Act of the United Kingdom, and selected legislation worldwide regarding privacy of data. If any provision of this policy is in conflict with such legislation, the provisions of this policy shall apply, except when otherwise required by law. This policy guides how The IIA stores and uses personal information that is collected by The IIA or provided to The IIA, whether through our Web sites or by other methods such as an application, enrollment, registration or order form, or other means. This policy covers all of The IIA's Web sites. However, this policy does not cover institute Web sites whether or not linked to The IIA's sites.
Membership Identitiy Number and PasswordAll individual IIA members (not corporations) are entered into the global membership database and are assigned a unique membership number and password. The membership number and password represent the only means of authenticating an individual's membership and his/her identity upon login on The IIA's Web site. Membership number and password are delivered to members together with basic information about membership benefits and services either directly from global IIA or via their IIA institute.
Collection and Use of InformationEven if you do nothing during your visit other than navigate an IIA Web site, read pages, or download information, we will automatically gather and store certain information about your visit. In order to ensure our Web sites are as useful and effective an information source as they can be, we analyze information that identifies visitors by categories such as the location of visitors (by domain, not by personal e-mail address) and browser types. We also measure, in the aggregate, indicators such as number of visits, average time spent on the sites, and pages viewed. The IIA uses these statistics to improve site content and usability; this information does not identify visitors personally. However, when a visitor enters a membership number and password obtained by the means described above on an IIA Web site for the purpose of logging in to restricted pages, a "temporary cookie" is deployed. This cookie - a small text file stored temporarily on the visitor's browser - enables the Web site to "remember" this authentication information during movement from one page to another. This makes it unnecessary to log in again on each page. The cookie will expire when the visitor leaves and no personal data is retained. In addition, to help prevent unauthorized users from using your identifying information, the cookie will expire if your session is idle for approximately 20 minutes. If you have set your Internet browser to reject cookies, access may be denied to secured areas of The IIA's Web sites. With the exception of specific secured pages, visitors are not required to be IIA members in order to gain access to The IIA's Web sites, although nonmembers may be required to register to receive all benefits available to users of the sites. The IIA may use personally identifiable information you have voluntarily provided on our Web sites or by other means to notify you via e-mail or printed material of IIA events or other relevant products and services offered by The IIA. If you are a member of an IIA specialty section, The IIA may produce a directory of such participants for networking purposes. If you do not want to receive notice of such events or be included in specialty directories, you may choose to opt out by the means detailed in the "Opting Out" section of this policy.
Collection of Personal Data from IIA InstitutesThe IIA collects, at a minimum, the names of IIA members who join IIA institutes worldwide and records these in the global membership database in order to issue unique membership numbers and Web site passwords. Transfer and update of data between IIA and its institutes is allowed through an explicit consent of its members, or through adherence of IIA institutes to the Safe Harbour Act in Europe, Data Protection Act in the UK, or other privacy policies worldwide. The amount of personal information recorded in the database depends on the services selected by each institute or the member and the preferred method of delivery. Members who do not wish to be contacted by global IIA may choose so, while members who wish to access additional services may provide additional personal data either directly on The IIA's Web site or via their IIA institute. The IIA collects limited personal data from IIA institutes worldwide in order to provide limited membership services to individuals who belong jointly to these institutes and to The IIA. When you submit personal information to The IIA through this site, you understand and agree this information may be transferred across national boundaries and may be stored and processed in any of the countries in which The IIA and its institutes and subsidiaries maintain offices, including without limitation, the United States. Members of IIA institutes who do not wish their personal data to be transferred should request exclusion through their institute or through the "Opting Out" section of this policy. In order to reduce errors in our database, authenticate our users and prevent abuse of our system, we may on occasion supplement the personal information you submit to us with information from third-party sources. For example, we may supplement your registration information with address information provided by the U.S. Postal Service to qualify your information and prevent errors in our database.
Disclosure of Information to Third PartiesIf you voluntarily provide The IIA with personally identifiable information, The IIA may release that information on a selective basis to outside organizations whose products and services are of perceived benefit. These organizations include, but are not limited to:
For purchase of educational products, PBD Inc., which is The IIA's distribution/fulfillment house in Alpharetta, Ga. Various companies that authenticate credit cards on behalf of The IIA if you provide a credit card for the purchase of products or services. If you register as a certification candidate, to the examination site. Registrant's information may be released to providers of CIA exam preparation products, who subsequently may send you information concerning their products and services. IIA institutes or chapters, which may solicit you for local participation or membership. In the case of IIA members, the IIA institute or chapter may publish your name in a directory or use your data to mail or e-mail local materials, unless you contact the institute or chapter and opt out of such disclosure. For some North American members, The IIA may provide mailing information to other organizations whose products and services are of perceived benefit. If you do not want The IIA to provide your personally identifiable information to third parties other than IIA chapters or as noted above, please see "Opting Out" section of this policy. There are other instances in which The IIA may divulge your personal information. The IIA may provide your personal information if necessary, in The IIA's good faith judgment, to comply with laws or regulations of a governmental or regulatory body or in response to a valid subpoena, warrant or order or to protect the rights of The IIA or others.
Right of AccessThe IIA is dedicated to providing reasonable access to members and others who want to review their personal information maintained by The IIA and correct any inaccuracies therein. Members may view and update their data by accessing their Member Profile, available upon logging in to www.theiia.org. Nonmembers may verify and/or change their data by e-mailing email@example.com or by writing Customer Service, The IIA, 247 Maitland Ave., Altamonte Springs, FL 32701, USA. The IIA, however, is not responsible for verifying the continued accuracy of either member or nonmember information.
SecurityAlthough The IIA does not monitor the Web site, The IIA has reasonable policies in place to protect from misuse the personally identifiable information provided by its users.
LinksThe IIA's Web sites contain "links" to other sites, including sites operated by IIA institutes and chapters. The IIA does not control, and is not responsible for, the accuracy, timeliness, security, or even the continued availability or existence of this outside information. Opinions expressed on other sites linked from The IIA's Web sites are not necessarily those of The IIA, nor does The IIA endorse, warrant, or guarantee products or services described or offered on those other sites. Neither is The IIA responsible for the contents of any Web sites that choose to link to The IIA's Web sites with or without The IIA's consent. Other organizations linked to The IIA's Web sites may collect information about you when you view or click on these sites. The IIA cannot control this collection of information. You should contact these organizations directly if you have any questions about their use of the information they collect.