We are the Institute and Faculty of Actuaries (IFoA) and our subsidiaries: Continuous Mortality Investigation (CMI) Limited, ICA 98 Limited, and Institute and Faculty Education (IFE) Limited. We are the chartered professional body dedicated to educating, developing and regulating actuaries based both in the United Kingdom and internationally
We are registered as Data Controllers with the Information Commissioners Office (ICO) in the United Kingdom:
The IFoA registration number: Z4899224
The CMI Registration number: ZA121735
We maintain offices in England, Scotland, China, Malaysia, and Singapore.
For general enquiries, visit the contact us page.
For CMI specific enquiries: firstname.lastname@example.org
For enquiries about this notice or your information rights: our Data Protection Officer can be contacted by:
Telephone: +44 (0) 131 240 1311
Depending on our reasons for processing your data the sources of this data may be:
|Who you are:||Why we process your data:|
A member of the IFoA
|To facilitate your membership of the IFoA and to assist in the fulfilment of our role as a regulator|
|A member of another actuarial association undertaking IFoA examinations or applying for mutual recognition||To administer the setting of assessments or in considering applications for mutual recognition status|
|A prospective member of the IFoA or non-member wishing to sit IFoA examinations that are available to non-members||To process your application to join the IFoA. If you are sitting IFoA assessments independently as a non-member, we need to use your personal data in the course of setting assessments|
|A non-member attendee or speaker at an IFoA event||To administer your attendance at specific events|
|A non-member undertaking voluntary work for the IFoA||To support the administrative and communications activity required to manage volunteers|
|An organisational representative or contact under the IFoA Quality Assurance Scheme (QAS)||In the course of processing your organisation’s application for QAS status and any subsequent administration associated with the QAS. You can read the QAS privacy notice here|
An organisational representative or contact under the IFoA Designated Professional Body Scheme (DPB)
|In the course of your organisation’s application for DPB status and any subsequent administration associated with DPB|
|A customer or supplier of goods or services to the IFoA||To communicate with you, place or fulfil orders for goods or services and to send and receive payments|
|A job applicant||To assist with the administration of the recruitment and selection process|
|A member of IFoA staff or someone engaged in a paid role||For the day to day administration of your employment or engagement with us|
A user of the IFoA website
|To analyse site performance and, if you are a registered user, to provide account related functionality|
|Someone interested in a career as an Actuary (including school children)||To keep you up to date with relevant information about actuarial careers|
The IFoA only process personal data where there is a lawful basis for doing so. These are:
In line with our role as a regulator we may also process personal data where there is a substantial public interest. This means we may process data without consent in order to protect the public from dishonesty, or in the investigation of malpractice, unlawful acts or improper conduct.
Depending on our reasons for processing your data we may process your:
If you browse our website, we may capture and process:
From time to time we may collect ‘special category data’ for the purpose of diversity monitoring. This includes data about ethnicity, health, religious beliefs, and sexual orientation. The data is only collected with the consent of the data subject, is subject to additional security measures, and is held only as long as necessary for the intended purpose. Data about diversity is anonymised and reported in aggregate.
Personal data received by the IFoA will be held in accordance with our information security standards. When we share data with third parties we ensure the required technical and organisational controls are in place to keep the data secure. When sharing personal data we use appropriate controls and safeguards. These will be specified in our individual Data Sharing agreements. Examples include only dealing with authorised individuals, adhering to internal policy controls and the use of secure file sharing portals and encryption.
From time to time the IFoA processes the personal data of children. This may be to facilitate entry to IFoA sponsored academic competitions, recognise excellence in mathematics at secondary education level or to keep aspiring actuaries up to date with relevant careers information. When we do this the lawful basis is our legitimate interests as the chartered body for actuaries in the United Kingdom. Children's data is kept securely at all times, processed in accordance with the Information Commissioner's Office 'Age Appropriate Design Code ('Children's Code') and available only to those employees that require access to it for their job.
We will share, where appropriate, your personal data with the following organisations:
Where we share your personal information with other regulators, this is part of our regulatory function, and extends to disclosures relating to disciplinary actions, as well as periodic auditing of our activity by competent authorities. In line with our rules and byelaws, we will not seek your consent for these disclosures.
Illustrative examples of data sharing with third parties:
|Category of third party recipient||Whose data||Examples of data sharing|
|Other IFoA members acting on behalf of the IFoA||IFoA members volunteering or applying for volunteer vacancies||
|Employers of actuaries||IFoA members||
|Other actuarial associations||
Members of other actuarial associations, applicants for the CERA mark
|Universities, colleges and educational providers||Prospective and current student members of the IFoA and other actuarial associations||
|Regulators and competent authorities||IFoA members||
|Organisations and individuals involved in the assessment and delivery of the examinations of the IFoA||Student members of the IFoA, non-member candidates and members of other actuarial organisations sitting IFoA examinations||
|Suppliers of member related services||IFoA members and non-members that have registered their interest in our qualifications or services||
|Publishers and digital content providers||IFoA members and non-member subscribers||
|Employment agencies||Job applicants||
|Members of the public making a complaint about an actuary||IFoA members||
We have separate terms and conditions for our social media channels covering issues around data sharing with channel owners, content and behaviour. These are available to review here
As an international body, to facilitate the delivery of regulatory objectives or services related to membership and learning we regularly transfer personal data across jurisdictions.
We routinely store or process personal data:
As required under EU GDPR our representative within the EU is ‘Data Protection Representative Limited’. You can contact them at email@example.com, quoting ‘Institute and Faculty of Actuaries’ in the subject line of your email, or by post to DataRep, The Cube, Monahan Road, Cork, T12 H1XY.
You can access our representative services from any EU state. Further details can be found at: How to contact IFoA via their data protection representative (1.54 MB PDF)
We only retain personal data for as long as legally required or as long as required by the objects in our Royal Charter.
We securely dispose of personal data when the retention period has expired.
Copies of our Records Retention Schedule can be requested via our Data Protection Officer: firstname.lastname@example.org
If we send you information based on our legitimate interests as a professional body such as professional newsletters, updates on our activity, Continuous Professional Development opportunities and notices of events you are able to opt out of receiving this at any time.
By Royal Charter, we are obliged to act in the public interest. Pursuant to our role as a regulator and the objects of our Charter you cannot opt-out of receiving certain types of regulatory and governance related information.
You have the right to:
In addition, where the lawful basis for processing your data is consent, you may withdraw this at any time by contacting the Data Protection Officer.
If you wish to exercise any of your rights please contact the Data Protection Officer with your request: email@example.com
In the first instance, please contact our Data Protection Officer so that we can deal with your enquiry. If you are unhappy with how we deal with your concerns you have the right to make a complaint to a Supervisory Authority about how we process your personal data.
In the United Kingdom the Supervisory Authority is the Information Commissioner’s Office
We updated this notice on the 3rd of September 2021: