Privacy Policy

Effective 09 April, 2021

Version 3.1

CIMA Council & Committee Privacy Policy

This Privacy Policy describes the ways in which your personal data is collected and used by the Chartered Institute of Management Accountants (CIMA), the Association of International Certified Professional Accountants (the Association), and the American Institute of CPAs (AICPA) (collectively referred to herein as “the controllers”, “we”, “us”, “our”) in relation to Council, Committee and/or other volunteer opportunities. By providing your personal data to us, you acknowledge and agree that your data may be shared between and/or processed by any of the three controllers.

It is your responsibility to review and understand this Privacy Policy prior to providing your personal data to us. If you do not accept and agree to the Privacy Policy, please refrain from providing your personal data to us.

Collection of Personal Data 
We collect and process personal data from Council, Panel & Committee member applicants and candidates for volunteer opportunities in order to determine eligibility for opportunities, as well as the other purposes outlined in the “Use of Information” section below. We may collect information from you such as, but not limited to, your name, email address, mailing address, phone/fax numbers, age, gender, geographic region, education history, employment information, information related to your professional qualifications, designations and memberships, (“Personal Data”).

You are not required to provide us with all of the Personal Data listed above, but if you do not do so, we may not be able to effectively evaluate your eligibility for Council and/or Committee opportunities.

If you are selected for a Council and/or Committee opportunity, we may collect additional information related to you and/or your family members such as, but not limited to, your passport, driving license, and visa application. This information is collected to facilitate international travel which we book on your behalf.

Additionally, we collect and hold the outcomes of conduct and financial checks for independent panel members to ensure our panel members remain in good standing.

See “Use of Information” section below for details regarding the ways that we use and process your personal data.

Use of Information 
Your Personal Data may be used in the following ways:

  • To determine eligibility for Council, Committee and/or other volunteer opportunities
  • To ensure that we comply with our internal diversity standards for Council and Committee opportunities (this may include the use of your demographic information such as your age, gender and/or geographic region. If you are located in the United States, we may also use information related to whether you are part of a minority group.)
  • To process payments to you, such as reimbursements
  • To facilitate the booking of international travel on your behalf
  • To communicate with you regarding Council, Committee and/or other volunteer opportunities
  • To respond to your requests and inquiries
  • To enhance and improve our services and volunteer opportunities, for example, by performing internal research or measuring demographics and interests
  • Internal purposes, such as website and system administration or internal audits and reviews
  • To request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our services and volunteer opportunities
  • To publish a web directory containing details of our committee, council and panel members
  • To evaluate your performance and productivity while serving as a volunteer, committee member or council member. Based on this evaluation, we may assign you with a rating which is used for internal purposes only.
  • To comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order) or to carry out professional ethics/conduct investigations

We will process your Personal Data for the purposes identified above on the following bases:

  1. Our legitimate interests, which include processing such Personal Data for the purposes of providing and enhancing the provision of our services and volunteer opportunities;
  2. Where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you; and
  3. As necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements. 

Unless a longer retention period is required by applicable law, we will retain your information for as long as your account is active, as well as for a short additional period afterwards to cover any outstanding issues or queries that may arise in relation to your account (for example, outstanding payments). This period of retention is subject to our review and alteration.

Sharing and Disclosure to Third Parties 
We may disclose your Personal Data to third parties from time to time under the following circumstances:

  1. You request or authorize the disclosure of your personal details to a third party.
  2. The information is disclosed as permitted by applicable law(s) and/or in order to comply with applicable law(s) (for example, to comply with a search warrant, subpoena or court order).
  3. The information is provided to our agents, vendors or service providers who perform functions on our behalf. See below for additional details.

It is likely that the identity and categories of such third parties will change during the life of your account but, depending on your use of the Site, it is anticipated that your Personal Data will be disclosed to the following categories of third-party service providers who perform functions on our behalf. We require that our third-party service providers only use your Personal Data as necessary to provide the requested services to us and each service provider is subject to a set of terms consistent with this Privacy Policy.

  • Hosting providers for the secure storage and transmission of your data
  • Identity management providers for authentication purposes
  • Database software providers for the management and tracking of your data
  • Legal and compliance consultants, such as external counsel, external auditors, or tax consultants
  • Travel agents who book travel on our behalf
  • Advertising partners, including social media providers, for the delivery of targeted advertisements
  • Marketing providers who send communications on our behalf regarding our products and services
  • Payment solution providers for the secure processing of payments we make to you
  • Technology providers who assist in the development and management of our web properties
  • Our volunteers or committee members who perform various functions on our behalf
  • Survey and research providers who perform studies on our behalf
  • Postal vendors who send and/or deliver mail on our behalf
  • Electronic meeting packet and document providers

Collection of Information Through Cookie Use 
If you utilize our websites, we may obtain information about your general internet usage by using a “cookie” file. A cookie is an element of data that a website can send to your browser, which may then be stored on your hard drive. If you do not agree, you can choose to not receive a cookie file by enabling your web browser to refuse cookies or to prompt you before you accept a cookie.

The following types of cookies may be used on our websites:

  1. Essential Cookies: These cookies are necessary for our websites to work properly. They are usually only set in response to actions you take such as logging in or completing online forms. You can set your browser to block or alert you about these cookies, but some parts of our sites will not function if these cookies are blocked.
  2. Functionality Cookies: These cookies enhance the functionality of our websites by storing your preferences (such as your preferred language or the region that you are in) and allow us to provide enhanced features on our sites such as videos. These cookies may be set by us or by third-party content that we have placed within our pages. If you do not allow these cookies, some of the features on our websites may not function properly and you may not receive a personalized experience when visiting our sites.
  3. Performance Cookies: These cookies allow us to count page visits and traffic sources so we can measure and improve the performance of our sites. They help us to understand which pages are visited most frequently and how visitors interact with our sites. Any information collected by performance cookies is aggregated and therefore not identifiable. If you do not allow these cookies we will not receive data related to your visits to our sites.
  4. Third-Party Cookies: These cookies may be set through our site by our advertising partners, such as Google or Adobe. They may be used by these companies to enable them to build a profile of your interests and show relevant advertisements on other sites. These cookies are based on identifying your browser and internet device. If you do not allow these cookies, you will experience a decrease in the targeted advertisements that you see online.

If you opt in to use the “Remember me” feature on our websites, we will place a persistent cookie on your hard drive and you will not be required to log in for every session. By disabling cookies on your machine or clearing your browsing history you may deactivate the persistent cookie.

All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage your preferences related to cookies, please consult the privacy features within your browser.

Further information about cookies:

Communication Preferences
We strive to provide you with relevant and useful information related to our Council, Committee and/or other volunteer opportunities. If you no longer wish to receive such communications from us, please contact us at to opt out.

Transfer of personal data internationally
By providing us with your Personal Data, you acknowledge and agree that we may from time to time transfer any of your Personal Data to any of our offices or to the offices of any of our affiliates, agents or appointed representatives located around the world. Where personal data is transferred outside of the European Economic Area (EEA) to a country or framework that does not ensure an adequate level of protection as determined by the European Commission, these transfers will be subject to an agreement which covers European Union requirements, such as standard contractual clauses. Please do not submit any Personal Data to us if you do not wish for your data to be transferred internationally. 

Security and Other 
We use reasonable measures to strive to safeguard and secure the personal data we collect. Any transmission of personal information is at your own risk. Technology, such as, but not limited to, Transport Layer Security (TLS) and Secured Socket Layer (SSL), is used to enhance security and reduce risk of loss. Our security practices, processes or technology do not guarantee absolute security of your information and you should take all normal personal precautions such as, but not limited to, not sharing passwords, closing browsers, and not using public networks (e.g., internet cafes, etc.).

Parents and Children 

We do not knowingly collect personal information from children under the age of 13. Parents have the right to terminate the registration of a child under the age of 13 by contacting us using the information listed at the bottom of this policy.

Subject Access/User Rights

As a user, you are subject to the following rights:

  • The right to be informed of the use of your Personal Data
  • The right to access and/or to require the correction or erasure of your Personal Data
  • The right to block and/or object to the processing of your Personal Data
  • The right to not be subject to any decision based solely on automated processing of your Personal Data
  • In limited circumstances, you may have the right to receive Personal Data in a format which may be transmitted to another entity.
  • If you have a complaint in relation to the processing of your data carried out under this Privacy Policy, you have the right to lodge a complaint with your local supervisory authority. If you are located in the European Union, you can find the details of your local supervisory authority here.

You may seek to exercise any of these rights by updating your information online (where possible) or by sending a written request to our Data Protection Officer using the contact details listed below:

Jonathan Mabe, Data Protection Officer
Association of International Certified Professional Accountants
220 Leigh Farm Rd.
Durham, North Carolina 27707

Contact Information 
You are encouraged to report any improvements, suggestions, or any suspected breaches of privacy or security to us by using the contact information listed below.

Chartered Institute of Management Accountants

The Helicon
One South Place
United Kingdom