GDPR

The Institute for Professional Development (IPD) - GDPR Policy

Introduction:

The Institute for Professional Development (IPD) is dedicated to safeguarding the privacy and personal data of its members, partners, and stakeholders. This General Data Protection Regulation (GDPR) policy outlines how IPD collects, processes, stores, and protects personal data in compliance with applicable data protection laws.

1. Data Controller:

IPD is the data controller responsible for the processing of personal data. Contact details for IPD can be found at the end of this policy.

2. Data Collected:

IPD may collect and process the following categories of personal data:

Contact Information (name, email address, phone number)

Professional Information (job title, company, industry, educational information)

Membership Information (membership status, renewal dates)

Event Participation Information (attendance history, preferences)

Financial Information (payment details for membership fees)

3. Purpose of Data Processing:

IPD processes personal data for the following purposes:

Membership management and communication

Event organization and participation

Providing relevant industry updates and information

Processing payments and financial transactions

Legal compliance and reporting

4. Legal Basis for Processing:

IAofEP will only process personal data when there is a legal basis to do so, including:

Consent

Contractual necessity

Compliance with legal obligations

Legitimate interests pursued by IAofEP or a third party

5. Data Security:

IAofEP employs appropriate technical and organizational measures to ensure the security of personal data, including encryption, access controls, and regular security assessments.

6. Data Retention:

IPD will retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. Members have the right to request the deletion of their data, subject to legal and contractual obligations.

7. Data Subject Rights:

Members have the following rights under GDPR:

Right to access and rectify personal data

Right to erasure

Right to restrict processing

Right to data portability

Right to object to processing

Requests regarding these rights should be submitted to IPD using the contact information provided at the end of this policy.

8. Data Sharing:

IPD may share personal data with trusted third-party service providers for the purposes outlined in this policy. IAofEP ensures that these third parties comply with GDPR and have appropriate safeguards in place.

9. International Transfers:

In cases of international data transfers, IPD ensures that adequate data protection safeguards are in place, such as standard contractual clauses or other legally approved mechanisms.

10. Data Breach Response:

IPD has implemented procedures to detect, report, and investigate any personal data breaches promptly. In the event of a breach, affected individuals and relevant authorities will be notified as required by law.

11. Privacy by Design:

IPD integrates privacy considerations into its systems, processes, and activities from the outset to ensure the protection of personal data.

12. Policy Review:

This GDPR policy will be regularly reviewed and updated to reflect changes in IAofEP's data processing activities or applicable data protection laws.

GDPR (General Data Protection Regulation) Statement

The Institute for Professional Development is committed to protecting the privacy and security of personal data in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws. The following statement outlines our data processing practices:

1. Lawful Basis for Processing: We will only process personal data when we have a lawful basis to do so, such as with the consent of the individual, for the performance of a contract, to comply with legal obligations, or for legitimate interests pursued by the school or a third party.
2. Data Minimization: We will only collect and process personal data that is necessary for the purposes for which it was collected.
3. Data Security: We will implement appropriate technical and organizational measures to ensure the security of personal data and protect it from unauthorized access, disclosure, alteration, or destruction.
4. Individual Rights: We will respect the rights of individuals regarding their personal data, including the right to access, rectify, delete, restrict processing, and data portability. Individuals also have the right to object to the processing of their personal data in certain circumstances.
5. International Data Transfers: If we transfer personal data to countries outside the European Economic Area (EEA), we will ensure adequate safeguards are in place to protect the data, such as by using standard contractual clauses or relying on other legal mechanisms permitted by the GDPR.
6. Data Breach Notification: In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority and affected individuals in accordance with our legal obligations.
7. Data Protection Officer: We have appointed a Data Protection Officer (DPO) who is responsible for overseeing compliance with data protection laws and handling data protection inquiries and requests.

If you have any questions or concerns about our data processing practices or your rights under the GDPR, please contact our Data Protection Officer at [DPO contact information].

By enrolling in our programs or using our services, you consent to the processing of your personal data in accordance with this statement.

Date of Last Review: 2-26-24

By accepting courses, membership or participating in IPD events, courses, individuals acknowledge and agree to the terms outlined in this GDPR policy.