Skip to main content

Chartered Banker Institute PRB Academy Privacy Notice

 

The Chartered Banker Institute is a professional Institute incorporated under Royal Charter, which is registered as a charity in Scotland (number SC013927) and having its principal office at:

Chartered Banker Institute
2nd Floor 
39 George Street 
Edinburgh 
EH2 2HN 

The Chartered Banker Institute is contracted by UNEP FI to provide responsible banking education and learning through the formation of the PRB Academy. The Chartered Banker Institute is responsible for data management aspects of the PRB Academy and all legal obligations will be upheld at all times.

This Privacy Notice explains the Institute’s approach to how we use and protect the information that you provide to us to access the PRB Academy. The Institute must comply with the UK Data Protection Act 2018 and the UK General Data Protection Regulation.

Last modified: Thursday 20 October 2022

Effective from: Monday 31 October 2022

PRIVACY POLICY

Our commitment

We are fully committed to handling personal data safely and securely, and in accordance with the applicable data protection legislation, guidance, and best practice. This means that your personal data will be:

  1. Processed lawfully, fairly, and in a transparent manner.
  2. Collected for specified, explicit and legitimate purposes.
  3. Only collected so far as required for our lawful purposes.
  4. Kept as accurate and up to date as possible.
  5. Retained for a reasonable period of time, in accordance with our retention policy.
  6. Processed in a manner which ensures an appropriate level of security.

Whether through this notice or otherwise, we hope to be as transparent as possible. We aim to ensure that you understand how and why we use your personal data, and the rights you may have as a data subject.

 

What personal data does the PRB Academy collect?

We collect personal data to fulfil our responsibility to the UNEP FI to provide responsible banking education, training and learning materials. As there are different aspects to this function, the information requested and collected may vary.

 

From UN Signatory Banks / UN Banking Professionals / Access via PRB Services
For us to provide the service we are contracted to deliver by UNEP FI, we will collect the following personal data from those signing up to the PRB Academy. This will be collected either:

  1. Directly from website registration when UN banking professionals give consent to submit their own data to access resources;
  2. From UN Signatory Banks who obtain employee consent to use the PRB Academy and provide us with ‘bulk enrolment’ data through agreed secure methods.

We will collect:

  • Personal identifiers, such as name Contact details (including home and business addresses, email, telephone number);
  • Employment details (employer name);
  • Information connected to education and training (including assessment data);
  • Records of learning and development activity (CPD records);
  • Information regarding investigation and disciplinary processes;
  • Records of enquiries, meetings and other engagement;
  • Copies of physical and electronic correspondence;
  • Payment information (e.g., debit/credit card details for paying membership subscriptions);
  • Any special circumstances and reasonable adjustments that will help us ensure we develop our services in a way that supports you and that you find accessible.

 

From non-UN Signatory Banks / UN Banking Professionals:
Such individuals might include members of the public, business contacts, or those interested in the work of the PRB Academy or individuals attending events we have organised. The personal data most commonly collected from these individuals are:

  • Name
  • Contact details (including home and business addresses, email, telephone number)
  • Records of enquiries, meetings, and other direct engagement
  • Information regarding investigation and disciplinary processes
  • Copies of physical and electronic correspondence

When people access our online services, for example via our website: www.prbacademy.com we may also collect information. We use this information to improve the user experience, and to help us better understand the ways in which our website is used. (When people access our online services through www.charteredbanker.com, the CBI Privacy Policy applies). This may include information about:

  • The computer or device type
  • IP address
  • Operating system
  • Browser type and version
  • Time zone setting and browser plug-in types and versions.

This is statistical data about users browsing actions and patterns. It is collected on an anonymous, aggregated basis, and does not identify individual users.

 

Does the PRB Academy collect or process any special categories of personal data?

  • The PRB Academy will not collect any special categories of personal data.

 

Why does the PRB Academy need to process personal data?

The Chartered Banker Institute use and store the personal data we collect so that we can support their professional development in our role as a responsible banking education provider. The personal data we collect will also enable us to contact you concerning your queries regarding our services and functions.

This includes (but is not limited to):

  • Quality and training purposes;
  • Providing a wide range of member services;
  • Providing a wide range of training services;
  • Awarding of qualifications upon completion;
  • Data analysis and management information purposes;
  • Acknowledgment of special circumstances and reasonable adjustments;
  • Recognition of learning and development activity;
  • Notifying you of updates and changes to our services.

 

How does the PRB Academy collect personal data?

Like most organisations that handle personal data, there are various ways in which we collect personal data including:

  • Email and written correspondence;
  • Telephone discussions;
  • Visitors to our website;
  • Social media;
  • Application forms and other information requests;
  • From bank enrolments (e.g., when a bank enrols its employees for one of our learning modules);
  • Direct contact at our offices and elsewhere.

In nearly all instances, it should be obvious to you that we are collecting your personal data.

 

What is the lawful basis for the PRB Academy’s processing activities?

The Chartered Banker Institute will only process your personal data where we believe we have a lawful basis to do so.

The basis for processing will vary from activity to activity. Our legal basis for the processing of personal data is as follows:

Consent: you have given clear consent to the PRB Academy to process your personal data;

Contract: the processing is necessary for the fulfilment of a contract;

Legal obligation: the processing is necessary for the PRB Academy to comply with the law;

Vital interests: the processing is necessary to protect your vital interests, including the protection of rights and freedoms;

Public interests: the processing is within the official authority of the PRB Academy and in the public interest;

Legitimate interests: the processing is necessary for the PRB Academy’s legitimate interests or legitimate interest of a third party, unless the processing is overridden by the vital interests, including rights and freedoms.

 

Consent

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.

In circumstances where consent is required for the PRB Academy to process personal data, it must be explicitly given. For sensitive personal data we will always tell you why and how the information will be used.

Consent can be removed at any time by contacting the Chartered Banker Institute. The Institute also provide a dedicated email for this purpose: [email protected].

Once the form has been completed, processing of the data is stopped in accordance with the relevant process.

 

Does the PRB Academy share personal data with third parties?

The Chartered Banker Institute is responsible for all data management aspects of the PRB Academy.

Some of the processing activities set out above require the PRB Academy to share personal data with third parties. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party.

In some circumstances the disclosure of Personal Data to third parties may involve the transfer of data outside of the UK in accordance with the requirements of the applicable data protection legislation. We will only transfer Personal Data outside of the UK where we are satisfied that:

  • The country has Data Protection laws similar to the laws in the UK;
  • The recipient will protect the information to EU GDPR standards.
  • We have obtained consent from relevant data subjects to the transfer. If, in order to provide you with our services, we must transfer data outside of the UK, to a country which has not received an adequacy decision, then we will require additional safeguarding measures be put in place.

The main third parties with whom the PRB Academy shares personal data include (but are not limited to):

  • Corporate customers in the instance where your participation is funded by your employer
  • UNEP FI
  • Software providers who allow the Institute to operate efficient digital processes
  • Other suppliers who allow the Institute to provide services

  • For practical reasons, this is an indicative, but not exhaustive list and is kept under review.

 

For how long does the PRB Academy retain personal data?

The periods for which the PRB Academy retains personal data will depend on the purpose for which the data has been obtained. In general terms, we will retain personal data indefinitely on our Client Relationship Management System to deliver you the best possible service. We will also retain personal data on our Learning Management System however individuals will lose access to modules 12 months after registration. Alternatively, individuals will lose access to the Learning Management System 12 months after their last registration, so long as required by law, or as may be required for record keeping and legal claims purposes.

Please note that for the displaying of digital badges, the PRB Academy will need to retain certain information for the duration the badge is displayed, such as the details about the learning achievement which qualifies the individual to display the badge. .

If you would like more information about our Retention Schedule, please contact the Institute’s Data Protection Representative by email: [email protected]

 

How does the PRB Academy process cookie files?

Our website makes use of cookie files to distinguish you from other users of our site, and to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.

We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies.

You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.

Information on our cookie policy is available here.

 

Your rights where the Institute is processing your personal data

At any point while we are in possession of or processing personal data, you have the following rights:

  • Right of access to your personal data
    You have the right to request a copy of the personal data that the Institute holds about you.
  • Right of rectification
    We want to make sure that your personal data is accurate, complete, and up to date, and so you may ask us to correct any personal data about you that you believe does not meet these standards. You can do this by emailing: [email protected].
  • You may also update your own details at any time through your PRB Academy account which can be accessed through www.prbacademy.com.
  • Right to erasure
    You have the right to ask us to delete personal data about you, where:
  • You consider that we no longer require the personal data for the purposes for which it was obtained
  • We are using the personal data with your consent, and you have withdrawn your consent
  • You have validly objected to our use of your personal data
  • Our use of your personal data is contrary to law or the Institute’s other legal obligations.

Please note that as an awarding and membership body, the Institute is required to retain certain information about you, such as your membership details and any eLearning completions. Should you enact your right to erasure, such data will be anonymised and retained in a secure archive.

  • Can I change how you use my data?
    You have a right called the right to restrict processing. This means you can ask us to only use or store your information for certain purposes or as us to restrict how we use your personal data.

    For example, we are constantly aiming to provide you with more services in areas you are interested in and you may have shared preferences with us to do so. However, if you don’t want us to use your information in this way, then you can ask us to stop, or you change your preference settings online.

The right might also apply if the PRB Academy no longer has a basis for using your personal data, but you don't want us to delete the data.  Where this right is validly exercised, we may only use the relevant personal data with your consent, for legal claims, or where there are other public interest grounds to do so.

Sometimes we can meet your request to change how we use your information. However, other times it’s just not possible, like if the law tells us we can’t or in order to meet our role.

  • What about marketing?

    We will only use your data to provide you with information about PRB Academy services that you have requested. We will also use your data to provide you with further information about continuous development opportunities through UNEP FI and The Chartered Banker Institute if you have opted in.
    You have the right at any time to require the PRB Academy to stop using your personal data for direct marketing purposes.  Users must provide their preference to opt in / out of marketing emails (related to the PRB Academy) upon registration but can withdraw consent at any time by emailing [email protected]. Our PRB Academy newsletters and other PRB Academy marketing and events communications also make unsubscribing easy by following the option to unsubscribe. You can of course always contact us if you wish to make changes.
  • Withdrawing consent to using your information
    Where we use your personal information with your consent, you may withdraw that consent at any time, and we will stop using your personal information for the purpose(s) for which consent was given.

In some cases, you may ask us to restrict how we use your personal data. This right might apply, for example, where we are checking the accuracy of personal data we hold about you, or assessing the validity of any objection you have made to the PRB Academy's use of your personal data. The right might also apply if the PRB Academy no longer has a basis for using your personal data, but you don't want the PRB Academy to delete the data. Where this right is validly exercised, the PRB Academy may only use the relevant personal data with your consent, for legal claims, or where there are other public interest grounds to do so.

If you wish to exercise any of these rights, please contact us – please see the ‘Raising a Concern’ section of this policy. Any requests will be forwarded on to the Institute’s Data Protection Representative without undue delay. A record of the request will be kept for compliance purposes and confirmation will be sent once the request has been actioned. If any third parties are involved in the processing of the data, they will also be informed.

 

Raising a concern

In the event that you wish to raise a concern or make a complaint about how your personal data is being processed by the Institute (or third parties as described above), or are concerned about how your data has been handled by us, you have the right to lodge a complaint with the Chartered Banker Institute or directly with the Information Commissioner’s Office (ICO).

The ICO also provides some useful guidance on how to raise a concern: https://ico.org.uk/your-data-matters/raising-concerns.

You can raise a concern or lodge a complaint with the Institute in the following ways:

  • By emailing the Data Protection Representative directly at [email protected]
  • By writing FAO The Data Protection Representative, Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh EH2 2HN 

You can raise a concern or lodge a complaint with the ICO in the following ways:

  • By telephoning - 0303 123 1113 (local rate) or 01625 545 745
  • Via the ICO website: https://ico.org.uk/concerns
  • By writing to: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

In addition, if you are not satisfied with any aspect of our service you can tell us about your concerns or complaints in the following ways:

  • By email: [email protected]
  • By writing FAO Head of Membership Experience and Strategy, Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh EH2 2HN 

 

Changes to our privacy notice

We keep this notice under regular review and will place any updates on our website.  Paper copies of the privacy notice may also be obtained by emailing [email protected] or in writing to our office at Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh, EH2 2HN, United Kingdom.

 

Contact information and further advice

If you have any questions which are not covered in this notice, we suggest that you contact our Data Protection Representative by emailing: [email protected]

To help us deal with your query as quickly as possible, we recommend that you include the following in the email subject ‘FAO Data Protection Representative’.

Please note that during the Covid-19 pandemic, we are working remotely and therefore recommend that you contact us by email in the first instance.

However, should you prefer to submit your questions in writing, these can be addressed to our office at Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh, EH2 2HN, United Kingdom, addressing your letter to the Data Protection Representative – uplift and forwarding of mail will depend on the particular restrictions in operation at that time.

 

Visit our Partner websites UNEP FI Chartered Banker Institute GIZ

Terms & Conditions

Privacy Policy