Privacy Policy

1. Scope

This Privacy Policy applies to the iafcom website, membership pre‑application forms, member portal interactions, newsletters, events registration, technical committees and any digital services operated directly by IAF. Where third‑party systems are used (e.g. secure payment processors, webinar platforms), their own privacy notices also apply.

2. Data We Collect

We do not collect: unnecessary personal profiling data, marketing demographics purchased from brokers, or special categories of data unless explicitly provided for accreditation justification.

3. How We Collect

Data is obtained directly from you (forms, email, portal, events), automatically through essential technical logs, or indirectly where an organisation nominates you as a representative (with your knowledge). We do not use covert tracking scripts or third‑party advertising beacons.

4. Lawful Basis

• Legitimate interests – operating membership & cooperation structures.
• Contract – administering accepted membership agreements.
• Legal obligation – compliance, audit traceability.
• Consent – optional newsletters, non‑essential cookies.

5. Use of Data

• Evaluate pre‑applications and manage onboarding.
• Facilitate working groups, committees and collaboration.
• Provide secure member portal access & role management.
• Circulate technical or governance communications.
• Maintain integrity & security of digital systems.
• Aggregate non‑identifiable analytics to improve services.

6. Disclosures & Sharing

We limit sharing to what is operationally required:

• Internal secretariat & authorised committee facilitators.
• Trusted processors (secure hosting, email distribution) under data processing agreements.
• Regulatory or legal authorities when lawfully required.

We do not sell personal data or provide member lists to advertising networks.

7. Retention

Personal data is retained only for the lifecycle necessary to evaluate, establish, maintain or document membership and related activities, after which it is securely deleted or anonymised. Core governance records may be archived for statutory or audit obligations.

8. Security

Controls include role‑based access, encryption at rest for infrastructure‑level storage, TLS for transport, integrity monitoring, least‑privilege principles, and periodic security reviews. While no system is infallible, we continuously enhance resilience against emerging threats.

9. International Transfers

Data may be processed in jurisdictions where our secure hosting or processors operate. Where required, standard contractual safeguards or equivalent mechanisms are applied to protect cross‑border transfers.

10. Cookies & Tracking

The site currently uses only essential functional cookies. If we introduce optional analytics or preference cookies in the future, a consent banner will be implemented in compliance with applicable regulations.

11. Your Rights

Depending on jurisdiction, you may request: access, rectification, deletion, restriction, objection, portability and withdrawal of consent (where relied upon). We will respond in a reasonable timeframe subject to verification.

12. Children

This site is not directed to children under 16. We do not knowingly process data of minors without appropriate guardian consent where legally necessary.

13. Policy Updates

Material changes will be posted on this page with a revised "Last Updated" date. Where required, we will notify active members via email or portal notices.

14. Contact

To exercise rights or ask questions about this policy, contact:
Email: [email protected] (example)
Subject: Privacy Request / Inquiry

If applicable in your region, you may lodge a complaint with a supervisory authority; however, we encourage contacting us first so we can address concerns directly.