The Chartered Banker Institute is a professional Institute incorporated under Royal Charter, which is registered as a charity in Scotland (number SC013927) and having its principal office at:
Chartered Banker Institute
39 George Street
The Chartered Banker Institute is contracted by UNEP FI to provide responsible banking education and learning through the formation of the PRB Academy. The Chartered Banker Institute is responsible for data management aspects of the PRB Academy and all legal obligations will be upheld at all times.
This Privacy Notice explains the Institute’s approach to how we use and protect the information that you provide to us to access the PRB Academy. The Institute must comply with the UK Data Protection Act 2018 and the UK General Data Protection Regulation.
Last modified: Thursday 20 October 2022
Effective from: Monday 31 October 2022
We are fully committed to handling personal data safely and securely, and in accordance with the applicable data protection legislation, guidance, and best practice. This means that your personal data will be:
Whether through this notice or otherwise, we hope to be as transparent as possible. We aim to ensure that you understand how and why we use your personal data, and the rights you may have as a data subject.
What personal data does the PRB Academy collect?
We collect personal data to fulfil our responsibility to the UNEP FI to provide responsible banking education, training and learning materials. As there are different aspects to this function, the information requested and collected may vary.
From UN Signatory Banks / UN Banking Professionals / Access via PRB Services
For us to provide the service we are contracted to deliver by UNEP FI, we will collect the following personal data from those signing up to the PRB Academy. This will be collected either:
We will collect:
From non-UN Signatory Banks / UN Banking Professionals:
Such individuals might include members of the public, business contacts, or those interested in the work of the PRB Academy or individuals attending events we have organised. The personal data most commonly collected from these individuals are:
This is statistical data about users browsing actions and patterns. It is collected on an anonymous, aggregated basis, and does not identify individual users.
Does the PRB Academy collect or process any special categories of personal data?
Why does the PRB Academy need to process personal data?
The Chartered Banker Institute use and store the personal data we collect so that we can support their professional development in our role as a responsible banking education provider. The personal data we collect will also enable us to contact you concerning your queries regarding our services and functions.
This includes (but is not limited to):
How does the PRB Academy collect personal data?
Like most organisations that handle personal data, there are various ways in which we collect personal data including:
In nearly all instances, it should be obvious to you that we are collecting your personal data.
What is the lawful basis for the PRB Academy’s processing activities?
The Chartered Banker Institute will only process your personal data where we believe we have a lawful basis to do so.
The basis for processing will vary from activity to activity. Our legal basis for the processing of personal data is as follows:
Consent: you have given clear consent to the PRB Academy to process your personal data;
Contract: the processing is necessary for the fulfilment of a contract;
Legal obligation: the processing is necessary for the PRB Academy to comply with the law;
Vital interests: the processing is necessary to protect your vital interests, including the protection of rights and freedoms;
Public interests: the processing is within the official authority of the PRB Academy and in the public interest;
Legitimate interests: the processing is necessary for the PRB Academy’s legitimate interests or legitimate interest of a third party, unless the processing is overridden by the vital interests, including rights and freedoms.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
In circumstances where consent is required for the PRB Academy to process personal data, it must be explicitly given. For sensitive personal data we will always tell you why and how the information will be used.
Consent can be removed at any time by contacting the Chartered Banker Institute. The Institute also provide a dedicated email for this purpose: [email protected]
Once the form has been completed, processing of the data is stopped in accordance with the relevant process.
Does the PRB Academy share personal data with third parties?
The Chartered Banker Institute is responsible for all data management aspects of the PRB Academy.
Some of the processing activities set out above require the PRB Academy to share personal data with third parties. Whenever we share personal data, we take all reasonable steps to ensure it will be handled appropriately and securely by the third party.
In some circumstances the disclosure of Personal Data to third parties may involve the transfer of data outside of the UK in accordance with the requirements of the applicable data protection legislation. We will only transfer Personal Data outside of the UK where we are satisfied that:
The main third parties with whom the PRB Academy shares personal data include (but are not limited to):
For how long does the PRB Academy retain personal data?
The periods for which the PRB Academy retains personal data will depend on the purpose for which the data has been obtained. In general terms, we will retain personal data indefinitely on our Client Relationship Management System to deliver you the best possible service. We will also retain personal data on our Learning Management System however individuals will lose access to modules 12 months after registration. Alternatively, individuals will lose access to the Learning Management System 12 months after their last registration, so long as required by law, or as may be required for record keeping and legal claims purposes.
Please note that for the displaying of digital badges, the PRB Academy will need to retain certain information for the duration the badge is displayed, such as the details about the learning achievement which qualifies the individual to display the badge. .
If you would like more information about our Retention Schedule, please contact the Institute’s Data Protection Representative by email: [email protected]
How does the PRB Academy process cookie files?
Our website makes use of cookie files to distinguish you from other users of our site, and to provide you with a bespoke user experience tailored to your individual preferences. A cookie file (a small file of letters and numbers) will be placed on your computer or other access device each time you visit our site.
We also use analytical cookie files. These allow us to recognise and count the number of visitors to our site and to see how visitors move around our site when they are using it. This helps us to improve the way our site works, for example, by ensuring that users are finding what they are looking for easily. If you wish to delete any such cookie files, please refer to the instructions for your file management software to locate the file or directory that stores cookies.
You may refuse to accept cookie files when visiting our site, by activating the setting on your browser which allows you to refuse the setting of cookies. However, if you choose this setting, you may not get an optimal web site experience and be unable to access certain parts of our site.
Your rights where the Institute is processing your personal data
At any point while we are in possession of or processing personal data, you have the following rights:
Please note that as an awarding and membership body, the Institute is required to retain certain information about you, such as your membership details and any eLearning completions. Should you enact your right to erasure, such data will be anonymised and retained in a secure archive.
The right might also apply if the PRB Academy no longer has a basis for using your personal data, but you don't want us to delete the data. Where this right is validly exercised, we may only use the relevant personal data with your consent, for legal claims, or where there are other public interest grounds to do so.
Sometimes we can meet your request to change how we use your information. However, other times it’s just not possible, like if the law tells us we can’t or in order to meet our role.
In some cases, you may ask us to restrict how we use your personal data. This right might apply, for example, where we are checking the accuracy of personal data we hold about you, or assessing the validity of any objection you have made to the PRB Academy's use of your personal data. The right might also apply if the PRB Academy no longer has a basis for using your personal data, but you don't want the PRB Academy to delete the data. Where this right is validly exercised, the PRB Academy may only use the relevant personal data with your consent, for legal claims, or where there are other public interest grounds to do so.
If you wish to exercise any of these rights, please contact us – please see the ‘Raising a Concern’ section of this policy. Any requests will be forwarded on to the Institute’s Data Protection Representative without undue delay. A record of the request will be kept for compliance purposes and confirmation will be sent once the request has been actioned. If any third parties are involved in the processing of the data, they will also be informed.
Raising a concern
In the event that you wish to raise a concern or make a complaint about how your personal data is being processed by the Institute (or third parties as described above), or are concerned about how your data has been handled by us, you have the right to lodge a complaint with the Chartered Banker Institute or directly with the Information Commissioner’s Office (ICO).
The ICO also provides some useful guidance on how to raise a concern: https://ico.org.uk/your-data-matters/raising-concerns.
You can raise a concern or lodge a complaint with the Institute in the following ways:
You can raise a concern or lodge a complaint with the ICO in the following ways:
In addition, if you are not satisfied with any aspect of our service you can tell us about your concerns or complaints in the following ways:
Changes to our privacy notice
We keep this notice under regular review and will place any updates on our website. Paper copies of the privacy notice may also be obtained by emailing [email protected] or in writing to our office at Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh, EH2 2HN, United Kingdom.
Contact information and further advice
If you have any questions which are not covered in this notice, we suggest that you contact our Data Protection Representative by emailing: [email protected]
To help us deal with your query as quickly as possible, we recommend that you include the following in the email subject ‘FAO Data Protection Representative’.
Please note that during the Covid-19 pandemic, we are working remotely and therefore recommend that you contact us by email in the first instance.
However, should you prefer to submit your questions in writing, these can be addressed to our office at Chartered Banker Institute, 2nd Floor, 39 George Street, Edinburgh, EH2 2HN, United Kingdom, addressing your letter to the Data Protection Representative – uplift and forwarding of mail will depend on the particular restrictions in operation at that time.