Please familiarise yourself with AAT's Online Community rules.

AAT Forums Privacy Policy

AAT_TeamAAT_Team Administrator Posts: 398
PRIVACY POLICY

This policy was last updated on 23-05-18

As an AAT Forum user, there are many ways you can use the services we offer, some of which require you to share your personal data with us. In these instances, we act as the data controller, making us responsible for deciding the purpose and means for dealing with your personal data.

AAT (Association of Accounting Technicians), a company limited by guarantee (No. 1518983), and a registered charity (No. 1050724), (“AAT”,“we”, “us”, “our”) and is committed to the privacy of your personal data.

Our Privacy Policy explains:

• what personal data we collect about you in the course of your engagement with our services, why we collect it, who it goes to and how long we keep it
• how we use your personal data
• how we protect your personal data
• your legal rights in respect of your personal data, including how to access and update the information we hold about you.

By continuing to use our services, you agree to our use of your personal data on the terms outlined in this policy.

ABOUT THE POLICY
This policy provides you with information on how we’re using your information and the actions we take to protect your privacy.

On specific occasions, we may provide you with additional information when we collect your personal data. This policy is designed to supplement any specific notices and they should always be read in conjunction with each other, so you’re fully aware of how and why we’re using your data.

If you have an AAT Forum account, it’s important that your personal data is accurate and up to date, so we can effectively provide our services to you. You can check and update your details by logging in to your Forum account.


WHAT DATA ARE YOU COLLECTING?
We collect personal data, meaning data that can be used to identify you. This can include, among other things, any personal data you provide to us through our website, forums.at.org.uk and via your communications with us through email.

Some of the services you receive from us may require the collection, storage and transfer of different kinds of personal data. To find out more about the ones that relate to you, select the relevant category from the section “Specific information about my data” below.

Like with most other websites, we use cookies to gather limited information about how you use our website, how you reached it and what sort of device you were using. To find out more, read our cookie policy.

WHY ARE YOU COLLECTING MY DATA?

We can only process your personal data if we have a legal basis to do so. In addition to the specific instances where you’ve provided your consent, we may also process your personal data when it’s necessary for one or more of the following:

• meeting our legal obligations
• our legitimate interests
• performing our contract with you.

To find out what we mean by each of these legal bases, and to see which purposes and legal bases concern you, select the relevant category from the section “Specific information about my data” below.

On occasions, it may be necessary to process your data for reasons unrelated to those outlined in this policy. On these occasions, we’ll notify you and explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

WILL MY PERSONAL DATA BE SHARED WITH ANYONE?
In general, we don’t sell or share your personal data with third parties. However, it might be necessary for us to do so on occasion, to deliver the required service to you or to comply with our legal obligations. If so, we’ll always tell you first.

AAT’s Forums are hosted through our chosen supplier Vanilla Forums who manage the server that holds all of the data our forums contain. For details on their privacy policy please see the following link: https://vanillaforums.com/en/legal/privacy-policy/

When we do share your personal data with third parties, they will be required to follow our privacy policy to ensure your personal data is only used and processed for the specified purposes, to process your data in accordance with our instructions and to adhere to the technical requirements and other regulations required by law.

We take your email and communication privacy seriously and will not pass your contact details to third parties for marketing purposes without your prior consent. You can check and change your notification preferences at any time through your Forum account.

HOW LONG WILL YOU KEEP MY DATA?
We keep your data for as long as it’s necessary to meet the relevant purposes for which we’ve collected the data, including for the purpose of satisfying any legal, accounting or reporting requirements.

To determine the appropriate length of time for holding your data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm, from unauthorised use or disclosure of your personal data, the purpose for which we process your data and whether we can achieve those purposes through other means, along with the applicable legal requirements.

We will not delete your account or any of the content that you have posted unless it is in contradiction to our community rules. The AAT forum is used to facilitate and record conversations between users and is used by new accounting students and professionals to help expand their knowledge. If you desire to have any piece of content deleted please contact the community team and we will process your request. (communityteam@aat.org.uk)

And in all cases, data may be retained for longer for research and archiving purposes or if it cannot be deleted for legal, regulatory, verification of achievements, statistical or technical reasons. In these cases, steps will be taken to ensure that data is held securely and processing is restricted.

WHERE DO YOU GET MY DATA FROM?

In general, you provide your personal data to us directly, when you communicate with us through various channels, such as our website, social media channels, email or face to face meetings with our representatives. The instances when you might provide us with your personal data include when you:
• Register as an AAT forum account
• When you post content onto the forum

SPECIFIC INFORMATION ABOUT MY DATA
The reasons and methods for collecting, using and transferring your personal data varies depending on why and how you’re using our services. Please see the relevant category from the below list to see more specific information regarding how we process your personal data in connection with the services you receive from us.


AAT Forum account holder
• You’ll have supplied us with your email address, in order to set up and access your own personalised account. This will allow you to access the forum, post new threads and respond to others. You’ll also be able to manage your own profile and notification settings.
• We also capture your IP address. This enables us to maintain the security of the forums and allows us to ban any hostile users of the forums who may be looking to harass users or disrupt the service we provide.


WILL MY PERSONAL DATA BE SENT ABROAD?
If you are a UK-based member of our services, we will generally only process your
personal data within the EEA. However, some Vanilla Forums are based outside of the European Economic Area (“EEA”).]

This may require us to transfer some of your personal data outside the EEA (including to countries which may not be subject to equivalent standards of data protection laws). We’ll ensure that any such international transfers are made subject to appropriate safeguards (including the use of EU Commission approved standard contractual clauses) as required by data protection laws to ensure a similar degree of protection is afforded to your personal data.

You may request further information on the specific recipient countries of your personal data or the legal rules and copies of the model clauses in use for transferring data outside the EEA by contacting the online community team via e-mail on communityteam@aat.org.uk.


HOW DO YOU PROTECT MY DATA?
We’re committed to protecting the security of your personal data, and as such we’ve put in place appropriate measures to:

• prevent your data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed
• deal with, and notify you and any applicable regulators, of any suspected personal data breaches where we’re legally required to do so
• limit access to your personal details to only those employees, agents, contractors and other third parties who have a business need. They will only be able to process your personal data on our instructions and will be subject to a duty of confidentiality.

Vanilla Forums take the security of your data very seriously and more details on the steps thay have taken can be found here: https://images.v-cdn.net/vfcom/docs/VanillaForumsSecurityOverview.pdf

WHAT ARE MY RIGHTS?
You may have the right to:

• request access to your personal data. You’ll be able to request a copy of the personal data we hold about you and check that we’re processing it legally.
• request correction of your data. You’ll be able to correct and update any incomplete or inaccurate data we hold about you, however, we may need to verify the accuracy of the new data you provide.
• request erasure of your personal data. You’ll be able to ask that we delete or remove your personal data where there is no good reason for continued processing. You’ll also have the right to ask that we delete or remove your personal data where an objection to processing has been successful, where we may have processed your data unlawfully or where we’re required to delete data to comply with local law. When requested we will delete your personal data within 30 days.
• object to processing of your data. You’ll be able to request that we stop using your personal data:
- for direct marketing purposes
- which is being processed on the basis of legitimate interest (see your relevant category in the ‘Specific information about my data’ section above, when you feel the processing impacts on your fundamental rights and freedom. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which would override your request.
• request restriction of processing your personal data. This enables you to ask us to suspend processing your personal data in the following scenarios:
- if you want us to establish the data’s accuracy
- where our use of the data is unlawful but you don’t want us to delete it
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend a legal claim
- you’ve objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
• right to withdraw consent, where we’re relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out prior to your request. If you withdraw your consent, we may not be able to provide certain products or services to you. We’ll advise you if this is the case when you request to withdraw your consent.

What are the requirements and consequences of making a request?
Requests relating to changes to our handling of your personal data will generally be free of charge, and we’ll aim to respond to all requests within one month. However, please note:
• we may need you to supply additional information to confirm your identity and ensure your right to access your personal data (or exercise your rights). This is to ensure that personal data is not disclosed unlawfully
• we may need to contact you to help speed up the resolution of your request
• an administrative fee may be charged for any unfounded, repetitive or excessive requests, or for additional copies of personal data you request
• occasionally, it may take longer than one month to resolve your request, but in these cases we’ll notify you and keep you updated on timing
• any requests to restrict or delete your data will limit your ability to access our services and products, and/or result in ending your relationship with us.

Please note that these rights apply by law, only to certain types of personal data and processing, and may not be applicable to your circumstances.

If you have any concerns about how we handle your data, please contact us. If you are not satisfied after we’ve tried to resolve your issue, you’ll be entitled to lodge a complaint with our data protection regulator, the Information Commissioner’s Office (ICO). Please see the ICO website for further details, www.ico.org.uk

If you wish to exercise any of the above rights, you’ll need to contact us in writing.

THIRD PARTY WEBSITES
Our website includes links to external, third-party websites. Clicking on these links may allow the collection or sharing of your personal data in ways which will differ to those detailed in our Privacy Policy. We’d encourage you to read the privacy policies of the external websites you visit from our website.

CONTACT US
If you have any queries related to this privacy policy, including requests to access or modify the use of your personal data, please contact our Data Protection Officer by email to dataprotection@aat.org.uk or by writing to us at:

AAT, Data Protection
140 Aldersgate Street
London
EC1A 4HY

We reserve the right to make changes to or update the terms of this policy from time to time. If there are any significant changes made to the policy we’ll let you know. All personal information held by us will be governed by the most recent Privacy Policy posted on this website.
This discussion has been closed.