Date last updated: 1 February 2021
1. Controller Details
MIA’s Data Protection Officer is Maria Mifsud Farrugia who may be contacted by email at email@example.com and by telephone at 22581900.
2. Personal Data
The term “personal data” refers to all personally identifiable information voluntarily provided to us for the registration and administration of studentship covering the ACCA and MIA Joint Examination Scheme (JES).
For the purposes of the JES we typically collect the following categories of data: identification data and residence data, contact data, student and examination data, payment details, referee/supervisor details, information about your employment, educational and professional qualifications.
We only collect information, including personal data that we believe to be relevant and required for the MIA to carry out its functions and activities within the JES and to conduct its business as required by law and regulatory obligations.
3. Third Party Data
Where you provide us with personally identifiable information relating to other people, such as your directors, officers, employees, advisors, referees/supervisor or other related persons, you shall be solely responsible for making sure that the provision of such data by you to the MIA fully complies with applicable data protection law and the relevant person in regard to whom the data relates has been provided with the necessary information at law regarding the MIA’s processing of his personal data and where necessary you will obtain their consent to our use of their information.
Any information notices, consents or other applicable requirements that may be required to be fulfilled for the provision of third party data to us shall be borne solely by you and you hereby fully indemnify the MIA and shall render the MIA completely harmless against all costs, damages or liability of whatsoever nature resulting from any claims or litigation (instituted or threatened) by any third party against the MIA as a result of the provision of any third party personal data by you to the MIA.
4. Purposes of Processing
Typically, for the purposes of the JES, the MIA will process your personal data to register and administer your studentship, to operate your account within MIA database, to improve the service, to respond to general enquiries, to invite affiliates to the Institute organised ceremony, supporting students and to fulfil any other requirements in relation to your JES studentship.
The MIA may also contact Third parties in order to fulfil the above requirements.
5. How do we collect your personal data
We will collect data directly from you (for example by creating your profile in MIA system, from emails, registration forms, change of details forms, and re-registration forms), will create some data internally (e.g. when we assign you an ACCA registration number or docket with regard to examination results) and from our ACCA partners (E.g. examination results and JES student data).
We may also collect some data from external sources for instance from your employer or learning provider who may provide MIA with relevant information on students employed by and/or training with them.
From time to time MIA would also like to contact students about its products and services, promotional offers, marketing as well as information in relation to the products and services provided by third parties (“Marketing”).
Marketing will be carried out primarily through the circulation of e-mails. Other means of communication may also be used, however the MIA shall always seek your prior consent.
You may withdraw consent to the processing of personal data for Marketing purposes at any time by sending us an e-mail on: firstname.lastname@example.org. Alternatively, you may unsubscribe to such communications by clicking the “Unsubscribe” link contained in the footer of any Marketing email you will receive from us. However, please note withdrawal of consent for Marketing communication does not affect the lawfulness of the processing of personal data based on such consent prior to its withdrawal.
7. Legal Basis
The following information below summarises the basis on which we process personal information.
1. For the purpose of effecting the registration form concluded with the MIA (including the taking of the steps necessary to complete the registration form or any amendments) with regard to the processing for the purposes of registering a student with the MIA or for the JES;
2. For the purposes of performing our contract with you. This includes JES examinations.
3. Where we have a legitimate interest in using it, such as, day to day operational and business purposes, including, maintaining our membership or studentship database or for the purposes of managing our contracts and relationships with our members, students, non-member users, suppliers, partners or service providers;
4. For compliance with our legal or regulatory obligations; and
5. If we need and you have given your consent to use of your personal data for a particular purpose, including Marketing consent.
The recipients of the personal data are:
a. selected individuals within the Institute;
b. MIA’s affiliates/subsidiary/partners;
c. Governmental bodies including but not limited to the Malta Financial Services Authority;
d. Third parties/Subcontractors to whom disclosure is required for the performance of the membership including IT service providers, Member Relationship Management system provider and other online system, website hosting and management and cloud storage services;
e. Professional advisors including legal advisors if necessary, to establish, exercise or defend MIA legal rights and obtain advice in connection with the running of the operation. Personal data may be shared with these advisors as necessary in connection with the services they have been engaged to provide;
f. Payment gateways;
g. Online conferencing platforms;
h. third parties to whom disclosure may be required as a result of legal obligations imposed on the MIA.
The MIA’s recipients of personal data are mainly located within the EU. However, please note that we do transfer some personal data to entities located outside of the EEA, including to entities located in the United States. Prior to transferring personal data outside the EAA, we ensure that appropriate transfer safeguards, as set out in Chapter V of the GDPR, are implemented. The safeguards that we typically implement are the Standard Contractual Clauses. These are pre-determined sets of contracts approved by the European Commission which require the parties signing the contracts to adhere to an adequate level of data protection. You may request more information on the way in which we transfer personal data outside of the EEA by contacting our Data Protection Officer via email at email@example.com and by telephone at 22581900. The entities located outside the EEA that we transfer personal data to include:
- Wild Apricot Inc (US) – they run our membership management platform;
- Microsoft Inc (US) – cloud storage service provider;
- Zoom Video Communications, Inc. (US) – online video conferencing platform;
- Association of Chartered Certified Accountant (UK).
9. Processing Requirement
The processing of personal data is not a statutory requirement: it is a requirement in order to complete the registration form. Failure to provide personal data impedes us from being in a position to conclude registration for the JES.
10. Automated Decision-Making and Profiling
Your personal data will not be used for any automated decision-making or profiling.
11. Data Retention
Information will be retained for the lifetime duration of membership of the Institute and for a period of time thereafter to allow recovery of accounts should anyone decide to reapply for membership, to analyse the data for MIA’s own operations, and for historical and archiving purposes associated with MIA’s history as a membership association. Data will not be retained for no longer than is necessary for the purpose for which it was obtained by us, or as required or permitted for legal and regulatory purposes, and for legitimate business purposes. In certain circumstances, where required by law or applicable regulations or where the Institute deems it necessary for our legitimate business, regulatory and / or legal purposes, we may hold the data for a longer or shorter period.
Information will be retained for no longer than is necessary for the purpose for which it was obtained by us, or as required or permitted for legal and regulatory purposes, and for legitimate business purposes. In certain circumstances, where required by law or applicable regulations or where the Institute deems it necessary for our legitimate business, regulatory and / or legal purposes, we may hold the data for a longer or shorter period.
For as long as we hold personal data about an individual, that individual may (where applicable):
a. request access to and rectification of personal data where incomplete or inaccurate;
b. request erasure of his personal data;
c. request restriction of processing of his personal data;
d. object to the processing of his personal data;
e. request provision of his personal data in a structured, commonly used and machine-readable format; and
f. request transmission to himself or another controller indicated by the individual.
Please note that your rights are not absolute.
MIA and its Data Protection Officer may be contacted on complaints regarding the processing of personal data at the details indicated above. A right to lodge a complaint with the Office of the Information and Data Protection Commissioner in Malta (www.idpc.gov.mt) is also in place.