DATA PROTECTION & PRIVACY POLICY

1. Introduction

The Institute of Information Management (IIM), operating with chapters in Nigeria, Ghana, South Africa, United States, Canada, United Kingdom, Australia, Switzerland, and India, is committed to safeguarding the privacy and security of personal information. This Data Protection and Privacy Policy outlines our commitment to respecting and protecting the personal data of individuals and complies with applicable data protection laws across all the jurisdictions in which we operate.

2. Definitions

• Personal Information: Personal Information consists of any data that relates to an individual and/or information from which an individual can be identified, directly or indirectly. It includes but is not limited to names, contact details, date of birth, photographs, and biometric data, such as facial recognition data.

3. Data Collection

3.1 Types of Personal Information Collected

IIM may collect, use, store, and transfer different kinds of Personal Information about members and customers, including prospective members. This Personal Information includes, but is not limited to:

• Names
• Contact details
• Date of birth
• Membership history and details
• Payment information and reasons for resignation
• Membership of local institutes
• Examination results and qualifications
• MCPD details
• Job role, position, and company information
• Employment information
• Queries and complaints
• Provision of data
• Events & Training Pictures, Video, and Audio

IIM may also collect biometric data, including facial recognition data, as part of the Personal Information.

3.2 Consent and Opt-In/Opt-Out

When collecting data, including biometric, facial recognition, fingerprints, or other unique biological identifiers, the Institute of Information Management (IIM) shall obtain the explicit, informed, and unambiguous consent of the data subject before any processing occurs. By voluntarily providing such data, individuals consent to its use solely for the stated and legitimate purposes as outlined in this policy. Consent shall be freely given, specific, informed, and revocable at any time. Data subjects reserve the right to withdraw their consent or opt-out of data processing at any time, without any negative consequences. To exercise this right, individuals may click unsubscribe, reply to message with Subject "Opt-Out" or contact IIM Data Protection Officer (DPO) at: dpo@iim-africa.org

3.3 How Personal Information is Collected

IIM collects information through various means, including but not limited to:

• Membership applications
• Examination registration
• Events and training participation
• Contacting our customer service team
• Information obtained from third parties, such as employers, regulatory bodies, and members of the public, to fulfill the purposes for which data was collected.

4. Purpose of Data Collection

IIM may use the Personal Information, including biometric data, for the following purposes:

• To administer and manage memberships
• Liaising with relevant entities to update records
• Maintaining details of accreditations and qualifications
• Providing training courses and study materials
• Recording examination performance
• Maintaining MCPD records
• Sharing market events and sector network information
• Offering learning and development services
• Providing market news, opinions, and key industry developments
• Enhancing and improving IIM's services and qualifications
• Offering customer service support and training
• Maintaining and reviewing order histories and invoices
• Fulfilling disciplinary and regulatory functions
• For marketing purposes

5. Sharing of Personal Information

IIM may share Personal Information, including biometric data, with:

• Third parties, such as employers, for the performance of membership contracts and lawful purposes.
• Accountants, legal teams, regulators, and other professional bodies for contract fulfillment and legal obligations.
• Third-party service providers, including but not limited to payroll, logistics, assessment services, and membership retention functions, for contract fulfillment and legitimate interests.
• Legal authorities in connection with legal proceedings, and when disclosure is reasonably likely to be ordered by a court or competent authority.

IIM will never sell any Personal Information to third parties.

6. Data Security

IIM implements appropriate physical and technical measures to safeguard the Personal Information, including biometric data. Access to this data is restricted to authorized personnel who are subject to a duty of confidentiality. While all reasonable measures are taken to protect data, no system is entirely secure, and IIM cannot guarantee the security of Personal Information.

7. Data Retention

IIM retains Personal Information for as long as necessary to fulfill the purposes for which it was collected, in accordance with applicable laws. When data is no longer needed, it will be deleted or returned in compliance with applicable law.

8. Data Subject Rights

Under applicable Data Protection Laws, individuals have the following rights concerning their Personal Information, including biometric data:

• Right to request access to and copies of their data (Subject Access).
• Right to withdraw consent (if applicable).
• Right to data portability (under certain circumstances).
• Right to rectify inaccurate data.
• Right to erasure in specific situations.

9. International Data Transfers

IIM may transfer Personal Information across borders when necessary. These transfers will be carried out in accordance with applicable data protection regulations and may involve mechanisms such as Standard Contractual Clauses.

10. Compliance with Specific Regulations

IIM commits to compliance with all applicable data protection regulations in the jurisdictions where it operates, including but not limited to GDPR, CCPA, and relevant local data protection laws.

11. Changes to this Policy

IIM may update this Data Protection and Privacy Policy from time to time. Material changes will be communicated to individuals as required by applicable law. Updates will be effective upon posting the revised policy on our website.

Please ensure that you read and understand this Data Protection and Privacy Policy. By continuing to engage with IIM's services, you signify your consent to this policy.