We attach great importance to the personal data our customers share with us and use a range of measures to protect this data and ensure it is used in line with our customers’ expectations. We aim to make our use of your personal data as transparent as possible and this notice sets out how we may collect, process, share and dispose of your data and the individual rights that are available to you.
We use and protect your personal data taking into account relevant legislation including the General Data Protection Regulation and the UK Data Protection Act (2018).
We hope you will find it answers any questions you may have, but if you require further help you can find our contact details at the bottom of this notice.
The London Foundation for Banking & Finance
- What is The London Foundation for Banking & Finance?
- What is your lawful basis for using my personal data?
- When do you collect my personal data?
- What type of personal data do you collect?
- How do you use my personal data?
- How do you protect my personal data?
- How long will you keep my personal data?
- Who do you share my personal data with?
- Where might my personal data be processed
- What are my rights over my personal data?
- How can I manage my marketing preferences?
- Who is the regulator for data protection?
- Who should I contact to exercise my rights or seek further information?
We attach great importance to the personal data our customers share with us and use a range of measures to protect this data and ensure it is used in line with our customers’ expectations. We aim to make our use of your personal data as transparent as possible and this notice sets out how we may collect, process, share and dispose of your data and the individual rights that are available to you. We use and protect your personal data taking into account relevant legislation including the General Data Protection Regulation and the UK Data Protection Act (2018).
We may update this notice from time to time but will communicate any changes in advance where they may have a material effect on your privacy rights. The latest version and date can be found at the end of the policy.
2. What is The London Foundation for Banking & Finance?
We are a charity incorporated by Royal Charter dedicated to the advancement of knowledge of and education and research in financial services.
We are a Data Controller registered in the UK with the Information Commissioner’s Office.
3. What is your lawful basis for using my personal data?
Data protection legislation requires organisations to have a lawful basis for collecting and processing your personal data. We have set out below the six lawful bases that can be used and examples where we will commonly rely on each.
We typically use consent for our marketing activities and where we process special category data, for example, health or other information you provide to us to when applying for a bursary, scholarship, grant or chartered status.
When you register with us to receive a service – such as applying for a bursary, scholarship, grant or chartered status – we will normally process your personal data on a contractual basis to fulfil the service you have requested.
We may rely on this basis where we are legally obliged or have a statutory obligation to process your personal data. This may include providing statistical information to regulatory agencies and information for the prevention, detection or prosecution of crimes.
We will only share your data where it’s essential and we have clearly identified the source of the legal obligation.
We would only use this basis to process your data where we feel it is necessary to protect your life. For example, should you be taken ill whilst on our premises and are unable to give consent yourself, then we may share any health information we hold with the emergency services.
This basis would usually be used by public authorities to carry out public functions and powers set in law or tasks by organisations within the public interest. We would not expect to have to process your personal data on this basis.
We may rely on this basis where we determine we have a legitimate interest in processing your data. We would use this basis where we determine you would reasonably expect us to process your data in this way and it has minimal impact on your privacy. For example, we may determine that it is in our interests to communicate changes in regulatory requirements or eligibility for chartered status, that you would reasonably expect this and that it has minimal impact on your privacy.
We may use legitimate interest for some of our marketing activities, particularly where you have recently made a transaction with us. Please refer to section 12 below on how to change your marketing preferences.
We may also rely on this basis to protect the integrity of our grants and prevent fraudulent activity.
4. When do you collect my personal data?
When you first contact us, we create a record in your name and allocate you a unique ID number. Any information you give us, or we generate, is added to your record from then on.
We endeavour to ensure the accuracy of all records, but we rely on you to keep your personal data up to date by informing our Student and Customer Services team of any changes. You can contact them by email or by calling on +44 (0)12 2781 8609.
Information collected automatically
When you visit our website, we automatically collect anonymised data about your visit using GA4 (Google Analytics). We use this to improve user experience, navigation of our website and the services we offer you. The type of data we collect with no identifying markers includes:
- page views
- traffic source
- actions taken – eg, downloads, clicks and form submissions (events).
Remarketing is a form of online advertising that enables us to show you targeted adverts after you’ve visited our website. It works by placing a tracking code – a cookie – on people’s browsers when they visit our website. It then serves ads to those with that cookie, specifically, on the display and search networks on different web browsers. This code will last for six months and is then removed automatically.
To opt out of remarketing, you should decline our cookies when you first visit our website. You can also opt out by clearing the history on your web browser and changing your web browser settings so that they don’t allow third-party tracking.
Advertising reporting features
To help us get a better understanding of our users, we have enabled ‘advertising reporting’ which includes features like:
- audience demographics and interests reporting
- DoubleClick campaign manager reporting
- DoubleClick bid manager reporting, and
- Google display network impression reporting.
The option to opt-out of our marketing cookies, analytical cookies and our functional cookies can be managed via our cookies management platform available in the bottom right hand corner across our site.
5. What type of personal data do you collect?
We seek to only collect the personal data we require to respond to your request, deliver a product or service or meet a statutory reporting obligation. We have provided some typical examples below.
New customer enquiries
When you contact us for the first time we may ask you to provide some basic personal data (eg name and contact information) to allow us to respond to your enquiry and send any links, forms, documents etc. A record will be created in your name under a unique ID number and your personal data stored securely.
Existing customer enquiries
When you contact us again we may request information that will help us to establish your identity and prevent fraud. Once we have verified your identity, any further personal data you provide will be stored securely on your existing record.
When you complete an application to for a grant, bursary, scholarship or chartered status you will be asked to provide sufficient personal data to:
- register you
- allow distribution of correspondence
- allow communication when required
- confirm bank details
- confirm your job title and employer, if applicable
- obtain statistics for future marketing campaigns, eg, where did you hear about us etc
- confirm that you meet any criteria, if applicable.
Special category data
Special category data is data that is more sensitive and requires extra protection. This type of data includes:
- ethnic origin
- trade union membership
- biometrics, where used for ID purposes
- sex life or sexual orientation.
We only collect and process special category data where necessary and will always seek your consent to process it.
If you have any concerns or questions over the personal data we collect, please do contact us and we will be happy to discuss this with you.
6. How do you use my personal data?
Depending on the product or service you have requested from us, we will use your personal data in the following ways.
- To process your application for a grant, bursary, scholarship or chartered status, which may also require your personal information to be passed to a third party for example, The London Institute of Banking & Finance Limited (LIBF) for processing applications for chartered status or other relevant institutions to confirm your qualifications.
- To process any application you make for membership and to maintain that membership
- To process payments and undertake fraud prevention
- To provide information about additional services and products that may be of interest to you
- To undertake research in order to help us plan and improve our services
- To provide information to government bodies, such as Ofqual, the FCA, the Student Loans Company (SLC) and Higher Education Statistics Agency (HESA), in accordance with statutory and government requirements.
7. Who is the regulator for data protection?
We use a range of technical and organisational measures to protect your personal data, including:
- training all staff on the principles of data protection and including terms within contracts and annual compliance checks
- secure processing of all transactions via our website
- applying secure storage and encryption methods to personal data held on our computer systems
- ensuring appropriate contracts are in place where we deliver our services with third parties and undertaking compliance audits where relevant
- industry standard security and encryption employed for the transfer of personal data between sites and third parties
- CCTV to monitor and record building entry and exit points, key card entry to office buildings and coded security access to server rooms
- monitoring our systems and undertaking annual penetration testing and monthly vulnerability scanning to identify and strengthen any vulnerabilities identified
- our IT Systems and Controls comply with the Cyber Essentials Certification.
8. How long will you keep my personal data?
We will only keep your personal data for as long as is necessary for the purpose it was collected, as in the following examples.
We will keep personal data relating to your studies (academic record) permanently. This forms part of our core records and enables us to provide verification of any awards you achieve, issue replacement transcripts/certificates and meet any legal obligations including the prevention of fraud.
We are legally obliged to keep a record of all financial transactions for six years.
9. Who do you share my personal data with?
We will share your personal data with third parties where necessary to deliver our products and services, including:
- LIBF Limited (trading as ‘The London Institute of Banking & Finance’ and ‘LIBF’)
- delivery of digital badges to eligible students and customers
- government and other regulatory departments where we have a legal obligation or legitimate interest to do so.
Where we share personal data with third parties we will:
- have an appropriate agreement specifying how the data may be used
- only share as much information as is required to deliver the specified service
- require they have suitable technical and organisational measures in place to protect your personal data, and
- ensure your personal data is securely disposed of when it is no longer required to deliver the service or on termination of our agreement with the third party.
We will not share or sell your data to third parties to use for their own purpose. We do sometimes identify third-party products or services that may be of interest to our customers and may share this ourselves with customers who have opted-in to receive this information. (See 12. How can I manage my marketing preferences?)
10. Where might my personal data be processed?
The majority of personal data we collect is processed within the UK and may be stored on servers within the EU. However, we have students and members throughout the world and the personal data of those students and members is necessarily transferred overseas when fulfilling their applications for grants, scholarships, bursaries, chartered status or other services.
In some cases, personal data may be stored and processed in the US on our behalf. All data is transferred and held in compliance with applicable laws and appropriate safeguards such as the use of ‘standard contractual clauses’ to protect your individual rights over your personal data.
11. What are my rights over my personal data?
Under the General Data Protection Regulation you can exercise the following individual rights over your personal data.
To be informed how we will use your personal data
We will inform you of how we will use your data by short processing statements, typically provided at the point you request a product or service from us, and in more detail in this Privacy Notice. We will also endeavour to answer any further questions you may have on how we use your personal data.
To have access to your personal data
You can gain access to most personal data we hold for you by contacting Student and Customer Services by calling +44 (0)12 2781 8609. You can also gain access to any further information we may hold by submitting a Subject Access Request (SAR), which is free of charge in most cases.
To correct your personal data
You can request we correct any personal data for you which may be inaccurate by contacting Student and Customer Services by calling +44 (0)12 2781 8609.
To have your data deleted
You can request that we delete personal data that we hold for you. We will consider all requests for deletion and endeavour to fulfil the request where possible.
We may be legally obliged to retain some personal data for a specified period of time such as financial transactions and to meet statutory reporting requirements. We will highlight as far as possible the implications of deleting any personal data but may not be able to foresee all circumstances and the final decision to accept the deletion will need to be yours. We will hold a record to be able to confirm we have processed a deletion request.
To have your personal data provided in a portable format
You can request that we provide a copy of your personal data in a format that can be easily shared with another organisation. We will normally provide this in a comma-separated values (CSV) format, compressed within a zip file, but will endeavour to meet any other requests.
To restrict the processing of your data
You can request that we restrict how we process your data. This may be used as an alternative to having data deleted, allowing us to store your personal data but not process it. This may affect the products or services we can provide to you and there may be some limitations where we have a legal obligation to still process.
To object to the processing of your personal data
You have the right to object to direct marketing at any time. You can do this by clicking the link included at the bottom of all marketing emails we send. This will not affect transactional emails we send that are necessary for delivering any product or service.
To have your personal data amended or to object to direct marketing please contact Student and Customer Services by calling +44 (0)12 2781 8609.
For any other requests please email email@example.com.
If we are unable to fulfil a request, we will confirm this with you and provide an explanation.
12. How can I manage my marketing preferences?
You can change your preferences at any time by using the link at the bottom of all our marketing communications.
This will only affect marketing communications. You will still receive transactional communications necessary to deliver the products and services you have requested.
We use videos on our site that are embedded from YouTube. This means cookies may be added to your browser when you:
- watch our videos using the YouTube player option, or
- visit the YouTube website to view our videos.
13. Who is the regulator for data protection?
If you’re unhappy with the way we have used your personal data or how we have responded to a request, you have the right to complain to the Information Commissioner’s Office (ICO).
If you are based outside of the UK, you may have the right to lodge a complaint with the data protection supervisory authority in your country of residence.
14. Who should I contact to exercise my rights or seek further information?
If you have any questions, require further guidance or would like to submit a rights request, please contact our Data Protection Co-ordinator by:
- emailing: firstname.lastname@example.org
- writing to Data Protection Co-ordinator, 4-9 Burgate Lane, Canterbury, Kent, CT1 2JX, UK
Last updated 1 April 2023