The Cayman Islands Institute of Professional Accountants (“CIIPA”) is committed to being a responsible custodian of the information provided to us and the information we collect in the course of our operations. As a data controller, we comply with the Cayman Islands Data Protection Act (2021 Revision) (the “Act”). This privacy notice describes how CIIPA collects, use, share or otherwise process your personal data, outlines your rights in relation to your personal data and how to contact us if you have any questions. This privacy notice applies to the website and all services offered by CIIPA.

View as a PDF.

Personal data we may collect

We may collect and process your personal data in a variety of ways, including when you use, access, or interact with our Website, membership registration and renewal, events registration, subscription to our newsletter, completion of surveys and by participating in any CIIPA activity, services or resources we make available. “personal data” as defined by the Act means data relating to a living individual that can be used to identify that individual and includes data such as: location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental economic, cultural, or social identity of the individual.

Personal data includes a subset of sensitive personal data defined by the Act as consisting of information such as racial or ethnic origin, political opinions, religious or other beliefs of a similar nature, sexual orientation, and medical data. Personal data collected may include, but is not limited to:

• Name, date of birth, age, nationality, gender, marital status, passport, driving licence or other photographic identity details;
• Company, organisation, and job title;
• Contact information including physical address, postal address, email address and telephone number(s);
• Demographic information such as postal code, preferences, and interests;
• Your work status and other required employment or immigration related data;
• Criminal convictions and offenses;
• Details of your employment/education history, if applying for an employment position with us;
• Your IP address and/or MAC address.
• Payment and/or bank information including credit or debit card details; and
• Images and/or expressions of personal opinion when you leave feedback, contact us, or approve its use.
• We may also collect personal data from other sources, such as social media platforms or applications that may share your device information/content and/or how you interact with our social media content.

Personal data we may collect automatically through cookies and similar technologies

We use browser cookies and similar technologies (collectively, “Cookies”) to collect and store certain information when

you use, access, or interact with our Website. We may, for example, collect information about the type of device you use to access the Website, the operating system and version, your IP address, your general geographic location as indicated by your IP address, your browser type, the content you view and features you access on the Website, the web pages you view immediately before and after you access the Website, whether and how you interact with content available on the Website, and the search terms you enter on the Website.. In most instances, a Cookie does not provide us with any of your personal data.

Please note that we do not currently respond to web browser “do not track” signals or other mechanisms that may allow you to opt out of the collection of information across networks of websites and online services as there is no standard for how online services should respond to such signals. As standards develop, we may develop policies for responding to do-not-track signals that we will describe in this privacy notice.

Personal data we may collect from third party sources

We may receive personal data from other sources, including third parties that help us to update, expand, and analyse your membership records, applications, and renewals. We may also receive information about you from social media platforms, including but not limited to, when you interact with us on those platforms or access our social media content. Please note that the information we may receive is governed by the privacy settings, policies, and/or procedures of the applicable social media platform, and we encourage you to review them.

As part of our regulatory function we may enter into information exchange arrangements with regulatory authorities within and outside the Cayman Islands. We may receive your personal data from regulatory authorities under these arrangements, to fulfil our function or legal requirements.

How we use the personal data we collect

We may use the personal data we collect:

• To maintain the membership register;
• To register you as a member, provide you with advice in relation to your registration as a member, to administer and manage your membership;
• To correspond directly with you to deal with enquiries, internal investigations, appeals, complaints or other similar or related matters;
• To market courses and events, to send you marketing communications, and other information or materials that may be of interest to you or which you have expressed an interest in receiving and to send you our member newsletter via email;
• In fulfilling our responsibilities and obligations as a supervisory authority and regulatory function;
• To monitor website use to understand how members use our services and to identify areas of improvements, including generating and analysing website statistics;
• For other business purposes, including data analysis; submitting invoices; detecting, preventing, and responding to actual or potential fraud, illegal activities, or intellectual property infringement;
• To assess the effectiveness of our events, promotional campaigns, and publications; 
• As we believe reasonably necessary, or appropriate, to comply with our legal obligations;
• To respond to requests for information issued by law or under any regulatory code or practice we follow by public or regulatory authorities; and
• To protect your, our, or others’ rights.

Online Payment with CIIPA

In order to make an online payment to us, you are required to mandatorily fill the form with all the correct information.

You shall not provide, update or share any information which belongs to someone else to which you do not have any right to use or is misleading in any way. The information is stored for processing the payment and once the payment is successfully received, the shared information will automatically be deleted. We do not share any of the information received through payment form with any third parties.

A user isn’t required to create an account to make the payment. The payment form will generate the request for processing the payment and not collect the payment directly.

What personal data do we collect through the online payment form?

• Name
• Contact details
• Email ID
• Invoice Details
• Credit/Debit Card details (if you select it as your payment method)

The collected data will be stored in an encrypted form to ensure its security.

We may share the personal data we collect

We may disclose personal data we collect:

• To third-party service providers that perform services on our behalf, such as web-hosting companies, mailing vendors, analytics providers, event hosting services, and information technology providers;
• Employees, agents or contracted third parties may be given access to any personal data which we collect, but their use shall be limited to the performance of their duties and in line with the reason for processing. Our employees are required to keep that personal data confidential and are not permitted to use it for any purposes other than to enable you to use our services or to deal with requests which you submit to us; 
• To law enforcement, other government authorities, or third parties (within or outside the jurisdiction in which you reside) as may be permitted or required by the laws of any jurisdiction that may apply to us; as provided for under contract; or as we deem reasonably necessary to provide our services. In these circumstances, we take reasonable efforts to notify you before we disclose personal data, unless prior notice is prohibited by applicable law, or is not possible or reasonable in the circumstances; and 
• To service providers, advisors, potential transactional partners, or other third parties in connection with the consideration, negotiation, or completion of a transaction in which we are acquired by or merged with another company or we sell, liquidate, or transfer all or a portion of our assets.

Grounds for using your personal data

We rely on the following legal grounds to process your personal data, namely:

Performance of a contract – We may need to collect and use your personal data to enter into a contract with you or to perform a contract that you have with us. For example, when you use our services we will use your personal data to respond to your requests and provide you with the services you have requested;

Consent – We may use personal data as described in this privacy notice subject to your consent. To withdraw your consent you can contact us via email at admin@ciipa.ky or you may be able to disable settings, such as, the sharing of location information in your browser or mobile application settings. Where required by applicable laws, we will rely on your consent for direct marketing and to collect information from your device or computer.

Legitimate interests – We may use your personal data for our legitimate interests to improve our services and the content on our services. Consistent with our legitimate interests and any choices that we offer or consents that may be required under applicable laws, we may use technical information as described in this privacy notice and use personal data for our marketing purposes.

Third-party services and content

Our services may include integrated content or links to content provided by third parties (such as video materials). This privacy notice does not address the privacy, security, or other practices of the third parties that provide such content. We engage third parties that support the operation of our services, such as analytics providers. These third parties may use technologies to track your online activities over time and across different websites and online platforms.

Security and retention of personal data

We are committed to ensuring that your personal data is secure. For this purpose, we will not hold your personal data for any longer than is required by law. Further, we have taken reasonable steps to protect your personal data against unauthorized access and against unlawful processing, accidental loss, damage and destruction. Nevertheless, any personal data submitted by you is at your own risk. We will not transfer your personal data to any third party for the purpose of direct marketing without your permission. We use certain third-party service providers who may have access to your personal data so that they can provide services to us. When this occurs, we have a data protection compliant contract in place with these third parties.

Protection and storage of the personal data we collect

Our services are controlled and operated by us. We may store the personal data we collect in the Cayman Islands or in other countries where we or our service providers have facilities. We may process the personal data we collect in jurisdictions where we or our service providers have facilities.

To ensure that your personal data receives an adequate level of protection we have put in place standard data protection clauses with service providers who we may share information with to ensure that your personal data is treated by third parties in a way that is consistent with this notice. If you require further information about this protective measure, please contact us via email at admin@ciipa.ky.

In addition, we deploy administrative, technical, and physical safeguards designed to comply with applicable legal requirements and safeguard the personal data that we collect. This includes, when required or appropriate and feasible, obtaining written assurances from third parties that may access your personal data that they will protect the data with safeguards designed to provide a level of protection equivalent to that adopted by us.

However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your personal data. Moreover, we are not responsible for the security of personal data you transmit to us over networks that we do not control, including the Internet and wireless networks.

Your choices and rights

If you no longer wish to receive marketing communications from us, you can let us know by sending us an email at admin@ciipa.ky. Where required by applicable laws we will rely on your consent for direct marketing and to collect information from you device or computer. Any electronic marketing communications we send you also contain opt out mechanisms that allow you to opt-out from receiving those communications at any time. We will honour your choice and refrain from sending you such announcements. You may also opt back in to receive those communications at any time.

Subject to the Act, you have certain rights regarding personal data that we have collected and that is related to you. We encourage you to contact us to update or correct your personal data if it changes or if you believe that any personal data that we have collected about you is inaccurate or out of date. You can also ask us to see what personal data we hold about you, to erase your personal data and you may tell us if you object to our use of your personal data.

Your ability to exercise these rights will depend on a number of factors and in some instances, we may not be able to comply with your request, for example because we have legitimate grounds for not doing so, or where the right doesn’t apply to the particular information we hold on you. To learn more about your rights, visit www.ombudsman.ky.

Contact Us

We welcome your enquiries and comments. If you would like to contact us with questions about our privacy or data protection practices, please email: admin@ciipa.ky.

Complaints

We are committed to working with you to obtain a fair resolution of any complaint or concern about your privacy. We aim to resolve enquiries and complaints in a respectful and timely manner.

Changes to this Privacy Notice

We may update this privacy notice from time to time and we encourage you to periodically review this page. If we make any material changes in the way we collect, use, and/or share the personal data that you have provided, we will notify you by posting notice of the changes in a clear and conspicuous manner on the Website.