Privacy notice

We attach great importance to the personal data our customers share with us and use a range of measures to protect this data and ensure it is used in line with our customers’ expectations. We aim to make our use of your personal data as transparent as possible and this notice sets out how we may collect, process, share and dispose of your data and the individual rights that are available to you. We use and protect your personal data taking into account relevant legislation including the General Data Protection Regulation and the UK Data Protection Act (2018).

We hope you will find it answers any questions you may have, but if you require further help you can find our contact details at the bottom of this notice.

1. Introduction

2. What is LIBF LIMITED?

3. What is your lawful basis for using my personal data?

4. When do you collect my personal data?

5. What type of personal data do you collect?

6. How do you use my personal data?

7. How do you protect my personal data?

8. How long will you keep my personal data?

9. Who do you share my personal data with?

10. Where might my personal data be processed?

11. What are my rights over my personal data?

12. How can I manage my marketing preferences?

13. Who is the regulator for data protection?

14. Who should I contact to exercise my rights or seek further information?

We attach great importance to the personal data our customers share with us and use a range of measures to protect this data and ensure it is used in line with our customers’ expectations. We aim to make our use of your personal data as transparent as possible and this notice sets out how we may collect, process, share and dispose of your data and the individual rights that are available to you. We use and protect your personal data taking into account relevant legislation including the General Data Protection Regulation and the UK Data Protection Act (2018).

We hope you will find our Privacy Policy answers any questions you may have, but if you require further help you can find our contact details at the bottom of this notice.

We may update this notice from time to time but will communicate any changes in advance where they may have a material effect on your privacy rights. The latest version and date can be found at the end of the policy.

We provide outstanding education and thought leadership in banking and finance for businesses, individuals and society.

LIBF LIMITED, trading under LIBF and The London Institute of Banking and Finance, is a company registered in England and Wales. Registered No. 13621269 (herein referred to as “LIBF”, “we” and “us”). LIBF is part of the IU Group N.V. group of companies and is made up of different legal entities as set out below.

• LIBF Limited: https://www.libf.ac.uk

• LIBF MENA: https://mena.libf.ac.uk

• LIBF APAC: https://apac.libf.ac.uk

• LIBF India: https://libf.in/

• IU Group N.V.: https://www.iu-group.com/

We are a Data Controller registered with the following:

• the Information Commissioner’s Office in the UK. Our entry details can be found on the Data Protection Public Register.

• the ADGM Registration Authority in Abu Dhabi. Our entry details can be found on the Public Register using identifier 000001628.

Data protection legislation requires organisations to have a lawful basis for collecting and processing your personal data. We have set out below the six lawful bases that can be used and examples where we will commonly rely on each.

Consent

We typically use consent for our marketing activities and where we process special category data, for example, health information you provide to us to make a reasonable adjustment to your exam.

Contract

When you register with us to receive a product or service – such as studying a qualification or attending an event – we will normally process your personal data on a contractual basis to fulfil the service or product you have requested.

Legal obligation

We may rely on this basis where we are legally obliged or have a statutory obligation to process your personal data. This may include providing statistical information to regulatory agencies such as the Higher Education and Statistics Agency (HESA) and in the UAE and information for the prevention, detection or prosecution of crimes.

We will only share your data where it’s essential and we have clearly identified the source of the legal obligation.

Vital interests

We would only use this basis to process your data where we feel it is necessary to protect your life. For example, should you be taken ill whilst on our premises and are unable to give consent yourself, then we may share any health information we hold with the emergency services.

Public task

This basis would usually be used by public authorities to carry out public functions and powers set in law or tasks by organisations within the public interest. We would not expect to have to process your personal data on this basis.

Legitimate interests

We may rely on this basis where we determine we have a legitimate interest in processing your data. We would use this basis where we determine you would reasonably expect us to process your data in this way and it has minimal impact on your privacy. For example, we may determine that it is in our interests to communicate changes in regulatory requirements to previous customers, that you would reasonably expect this and that it has minimal impact on your privacy.

We may use legitimate interest for some of our marketing activities, particularly where you have recently made a transaction with us. Please refer to section 12 below on how to change your marketing preferences.

We may also rely on this basis to protect the integrity of our qualifications and prevent fraudulent activity including but not limited to student malpractice and centre maladministration.

When you first contact us, we create a record in your name and allocate you a unique ID number. Any information you give us, or we generate, is added to your record from then on.

We endeavour to ensure the accuracy of all records, but we rely on you to keep your personal data up to date – either online through MyLIBF or by informing our Student and Customer Services team of any changes. You can contact them by email on customerservices@libf.ac.uk or by calling on +44 (0)12 2781 8609.

Information collected automatically

When you visit our website, we automatically collect anonymised data about your visit using GA4 (Google Analytics). We use this to improve user experience, navigation of our website and the services we offer you. The type of data we collect with no identifying markers includes:

• session duration

• page views

• traffic source

• browser

• device

• IP address, and

• actions taken – eg, downloads, clicks and form submissions (events).

Remarketing

Remarketing is a form of online advertising that enables us (LIBF) to show you targeted adverts after you’ve visited our website. It works by placing a tracking code – a cookie – on people’s browsers when they visit our website. It will then serves ads to those with that cookie, specifically, on the display and search networks on different web browsers. This code will last for six months and is then removed automatically.

To opt out of remarketing, you should decline our cookies when you first visit our website. You can also opt out by clearing the history on your web browser and changing your web browser settings so that they don’t allow third-party tracking.

Advertising reporting features

To help us get a better understanding of our users, we have enabled ‘advertising reporting’ features like:

• audience demographics and interests reporting

• DoubleClick campaign manager reporting

• DoubleClick bid manager reporting, and

• Google display network impression reporting.

You can opt out of Google’s use of cookies through your browser settings or by visiting Google’s Ads Settings or Google Analytics' currently available opt-outs.

Alternatively, you can opt out of third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page.

The option to opt-out of our marketing cookies, analytical cookies and our functional cookies can be managed via our cookies management platform available in the bottom left hand corner across our site.

Live chat

We use live chat software on our website. This is provided by Click4Assistance, a third-party UK-based software company. You can see what data is collected and how it is processed by visiting the Click4Assistance website.

Register your interest

You may register your interest with us, typically using a form on our website, to receive more information about our qualifications and services. The information we send will be specific to the areas you’ve registered your interest in.

Online invigilation services

We provide online invigilation as a service through our suppliers, Pearson VUE.

When you take an examination using online invigilation, you and your workspace will be monitored through your webcam and microphone during the exam session. You will be required to capture an image of yourself and your photo identification.

Whilst not required, additional personal information may be inferred as a result of using video such as visible health conditions, racial/ethnic origin and religious beliefs. This information will not be used. We will also process technical data connected to you such as device type and IP address to administer the exam.

WhatsApp

We offer WhatsApp as an optional communication method as part of your application for admission or during your studies for the Online Degree Programme. If you choose to use this method of communication, we will process your personal data, such as your telephone number, your picture, your status information and your name if you provide us with this information. In addition, we process any personal data that you share with us using WhatsApp. We recommend that you only provide us with the information that is absolutely necessary to answer your request and refrain from providing any additional information. You can find further information in WhatsApp’s Privacy Policy.

WhatsApp is a telecommunications service offered by WhatsApp Ireland Limited and a company of Facebook Inc. We use a software solution from Messenger People, which does not require the application to be installed. While the use of this software significantly restricts data access by WhatsApp, it is still possible for employees of WhatsApp or Facebook to potentially access your personal data. Likewise, it cannot be ruled out that your data will be stored on WhatsApp servers in the United States of America. For this purpose, a contract that incorporates the EU, and therefore the UK, standard contractual clauses has been concluded.

We seek to only collect the personal data we require to respond to your request, deliver a product or service or meet a statutory reporting obligation. We have provided some typical examples below.

New customer enquiries

When you contact us for the first time we may ask you to provide some basic personal data (eg name and contact information) to allow us to respond to your enquiry and send any links, forms, documents etc. A record will be created in your name under a unique ID number (an LIBF number) and your personal data stored securely.

Existing customer enquiries

When you contact us again we may request information that will help us to establish your identity and prevent fraud. Once we have verified your identity, any further personal data you provide will be stored securely on your existing record.

Study and membership application/registration

When you complete an application to study one of our programmes or become a member of LIBF you will be asked to provide sufficient personal data to:

• register you for a programme of study

• allow distribution of study materials/correspondence

• allow communication when required

• confirm bank details and authorise to debit the account of the student

• confirm your job title and employer, if applicable

• obtain statistics for future marketing campaigns, eg, where did you hear about us etc

• confirm that you meet any entry criteria, if applicable

• confirm that coursework assignments will be your own work, if applicable.

Event registration

When you register online to attend an event managed by LIBF you will be asked to provide sufficient personal data to:

• identify you

• register you for the event

• communicate with you regarding the event.

Special category data

Special category data is data that is more sensitive and requires extra protection. This type of data includes:

• race

• ethnic origin

• politics

• religion

• trade union membership

• genetics

• biometrics, where used for ID purposes

• health

• sex life or sexual orientation.

We only collect and process special category data where necessary and will always seek your consent to process it. We currently collect ethnicity data for students studying our HE programmes at LIBF Ltd to comply with statutory reporting requirements. We may process health information which you choose to share with us to:

• make reasonable adjustments to your assessment for a short or long-term disability, or

• give special consideration of extenuating circumstances, for example should you be unable to take an assessment for health reasons.

If you have any concerns or questions over the personal data we collect, please do contact us and we will be happy to discuss this with you.

Depending on the product or service you have requested from us, we will use your personal data in the following ways.

• To process your application/registration for the study of modules and qualifications, which may also require your personal information to be passed to a third party for the delivery of study materials, or the provision of teaching or examination facilities. We may also contact other institutions to confirm your qualifications.

• To administer and process applications for chartered status of The London Foundation for Banking & Finance (LFBF)

• To process your application for a Statement of Professional Standing (SPS) or Certificate of Professional Achievement (CPA)

• To process any application you make for membership and to maintain that membership

• To maintain our public Professional Services Register, a searchable register of current members and those who hold one or more of our professional services

• To process and issue certificates and/or digital badges to eligible students and customers (please refer to section 9 for details of who we share data with for digital badges)

• To process any application for additional services, such as CPD, seminars or conferences

• To process payments and undertake fraud prevention

• To provide information about additional services and products that may be of interest to you

• To undertake research in order to help us plan and improve our services

• To provide information to UK government bodies, such as Ofqual, the FCA, the Student Loans Company (SLC) and Higher Education Statistics Agency (HESA), in accordance with statutory and government requirements.

The HESA Student Collection Notice

Your course results may be:

• disclosed to your employer if your application included details of your employer

• disclosed to your provider of tuition

• published when you have completed the qualification and the information published may include your name, the name of your employer and details of your qualification.

We use a range of technical and organisational measures to protect your personal data, including:

• training all staff on the principles of data protection and including terms within contracts and annual compliance checks

• secure processing of all transactions via our website

• applying secure storage and encryption methods to personal data held on our computer systems

• ensuring appropriate contracts are in place where we deliver our services with third parties and undertaking compliance audits where relevant

• industry standard security and encryption employed for the transfer of personal data between sites and third parties

• CCTV to monitor and record building entry and exit points, key card entry to office buildings and coded security access to server rooms.

• monitoring our systems and undertaking annual penetration testing and monthly vulnerability scanning to identify and strengthen any vulnerabilities identified

• our IT Systems and Controls comply with the Cyber Essentials Certification.

We will only keep your personal data for as long as is necessary for the purpose it was collected, as in the following examples.

Study records

We will keep personal data relating to your studies (academic record) permanently. This forms part of our core records and enables us to provide verification of any awards you achieve, issue replacement transcripts/certificates and meet any legal obligations including the prevention of fraud.

Reasonable Adjustments and Special Consideration

Information you provide to request reasonable adjustments for a short or long-term disability, or special consideration of extenuating circumstances, will be kept for as long as required to support your studies and meet the requirements of our assessment boards.

Financial transactions

We are legally obliged to keep a record of all financial transactions for six years.

We share your data internally across all entities within the IU Group N.V. where we have a lawful basis to do so. We will also share your personal data with third parties where necessary to deliver our products and services, including:

• other organisations we work with to deliver training and qualifications

• couriers for delivery of study materials

• printing and scanning services for production and marking of assessment materials

• venues we use for the delivery of assessments to enable booking and identification of candidates

• delivery of online proctoring (remote invigilation) services for remotely assessed examinations

• delivery of digital badges and certificates to eligible students and customers

• The London Foundation for Banking & Finance (LFBF) to administer and process applications for chartered status

• venues and speakers we use for the delivery of events

• government and other regulatory departments where we have a legal obligation or legitimate interest to do so.

Where we share personal data with third parties we will:

• have an appropriate agreement specifying how the data may be used

• only share as much information as is required to deliver the specified service

• require they have suitable technical and organisational measures in place to protect your personal data, and

• ensure your personal data is securely disposed of when it is no longer required to deliver the service or on termination of our agreement with the third party.

We will not share or sell your data to third parties to use for their own purpose. We do sometimes identify third-party products or services that may be of interest to our customers and may share this ourselves with customers who have opted-in to receive this information. (See 12. How can I manage my marketing preferences?)

The majority of personal data we collect is processed within the UK, and Abu Dhabi for our MENA students, and may be stored on servers within the EU. However, we have students and members throughout the world and the personal data of those students and members is necessarily transferred overseas when fulfilling their applications for study, membership or other services.

In some cases, such as for the delivery of examinations through our suppliers, personal data may be stored and processed in the US on our behalf. All data is transferred and held in compliance with applicable laws and appropriate safeguards such as the use of ‘standard contractual clauses’ to protect your individual rights over your personal data.

Under the General Data Protection Regulation and the ADGM Protection Regulations 2021, you can exercise the following individual rights over your personal data:

To be informed how we will use your personal data

We will inform you of how we will use your data by short processing statements, typically provided at the point you request a product or service from us, and in more detail in this Privacy Notice. We will also endeavour to answer any further questions you may have on how we use your personal data.

To have access to your personal data

You can gain access to most personal data we hold for you by logging into your MyLIBF account. You can also gain access to any further information we may hold by submitting a Subject Access Request (SAR), which is free of charge in most cases.

To correct your personal data

You can request we correct any personal data for you which may be inaccurate, incomplete or out of date. You can amend most of your personal data by logging into your MyLIBF account.

To have your data deleted

You can request that we delete personal data that we hold for you. We will consider all requests for deletion and endeavour to fulfil the request where possible.

We will not normally delete records of qualifications as this forms part of our core academic record and may be necessary to prevent fraudulent activity.

We may also be legally obliged to retain some personal data for a specified period of time such as financial transactions and to meet statutory reporting requirements. We will highlight as far as possible the implications of deleting any personal data but may not be able to foresee all circumstances and the final decision to accept the deletion will need to be yours. We will hold a record to be able to confirm we have processed a deletion request.

To have your personal data provided in a portable format

You can request that we provide a copy of your personal data in a format that can be easily shared with another organisation. We will normally provide this in a comma-separated values (CSV) format, compressed within a zip file, but will endeavour to meet any other requests.

To restrict the processing of your data

You can request that we restrict how we process your data. This may be used as an alternative to having data deleted, allowing us to store your personal data but not process it. This may affect the products or services we can provide to you and there may be some limitations where we have a legal obligation to still process.

To object to the processing of your personal data

You have the right to object to direct marketing at any time. You can do this by logging into your MyLIBF account and changing your preferences to opt-out or by clicking the link included at the bottom of all marketing emails we send. This will not affect transactional emails we send that are necessary for delivering any product or service.

To have your personal data amended or to object to direct marketing please login to your MyLIBF account or contact Student and Customer Services by calling +44 (0)12 2781 8609.

For any other requests please complete the Individual Rights Request Form and email to dataprotection@libf.ac.uk.

If we are unable to fulfil a request, we will confirm this with you and provide an explanation.

You can change your preferences at any time by using the link at the bottom of all our marketing communications. Alternatively, you can request a link to be sent to you by logging into MyLIBF and selecting ‘Send subscription options email’ in the ‘My Details’ area or by contacting the Student & Customer Services team.

This will only affect marketing communications. You will still receive transactional communications necessary to deliver the products and services you have requested.

We use videos on our site that are embedded from YouTube. This means cookies may be added to your browser when you:

• watch our videos using the YouTube player option, or

• visit the YouTube website to view our videos.

Google own YouTube and govern policies on these cookies. You can find out more about these cookies and how they work by reading Google’s Privacy Policy.

You can opt out of Google’s use of cookies through your browser settings or by visiting Google’s Ads Settings or Google Analytics' currently available opt-outs. Alternatively, you can opt out of third-party vendor's use of cookies by visiting the Network Advertising Initiative opt out page.

If you’re unhappy with the way we have used your personal data or how we have responded to a request, you have the right to complain to the Information Commissioner’s Office (ICO).

If you are based within MENA, you have the right to complain to the ADGM Commissioner of Data Protection.

If you are based within Germany, you have the right to complain to Der Thüringer Landesbeauftragte für den Datenschutz, Häßlerstraße 8, 99096 Erfurt.

If you are based outside of any areas mentioned above, you may have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

If you have any questions, require further guidance or would like to submit a rights request, please contact our Data Protection Co-ordinator by:

• emailing dataprotection@libf.ac.uk, or

• writing to Data Protection Co-ordinator, 4-9 Burgate Lane, Canterbury, Kent, CT1 2JX, UK.

if you are a MENA student, you can also write to Data Protection Coordinator, Al Maqam Tower 7th Floor, Al Maryah Island, Abu Dhabi, UAE.

V8.0

Last updated March 2024