CFA Institute Privacy Policy
CFA Institute is a not-for-profit professional membership association committed to leading the investment profession globally. Our headquarters is located at 915 East High Street, Charlottesville, VA, 22902, and we own and operate this website (the "Site").
This Privacy Policy explains how we collect, use, share, and protect your personally identifiable information (“Personal Information”), and what rights you have regarding your data.
Scope
This Privacy Policy applies to Personal Information we collect through any means, including our websites, mobile apps, digital advertising, events and conferences, and direct interactions with CFA Institute staff.
When we use the term “Personal Information,” we also mean “personal data” and “personal information” as defined under relevant global data privacy laws. By using the Site or otherwise providing us with Personal Information you consent to our processing and transfer of your Personal Information as we describe here.
Cross-Border Transfers
CFA Institute is headquartered in the United States. We may transfer and store your Personal Information outside your home country, including in countries that may not provide the same level of data protection.
We implement appropriate safeguards for such transfers, such as standard contractual clauses where required. You may contact us for more information.
Information We Collect
We collect information from the following sources:
- Directly from you: when you create an account, register for exams or events, enroll in programs, apply for scholarships, communicate with us, or submit documents.
- Automatically through your use of the site: through cookies and similar technologies when you use our Site, or other digital services.
- From third parties: we may receive information about you from service providers, business partners, event sponsors, publicly available databases, and professional or social networking platforms. When we combine or link information we receive from third parties with information we already hold, we treat the combined data as Personal Information and handle it in accordance with this Privacy Policy.
We collect the following categories of Personal Information:
- Identifiers and contact data (name, address, email, phone, CFA ID)
- Professional and educational data (employment and education information, credentials, qualifications)
- Professional discipline history, criminal and civil liability history
- Financial and transactional data (payment details, order history)
- Sensitive data, when necessary and with consent (health or dietary information; demographic data)
- Technical and Site usage data (IP address, device ID, browser type, interactions with our Site and content, referring website)
- Communications and submissions related to CFA Institute activities (scholarship applications, survey responses, event interactions)
We do not knowingly collect information from individuals under 18.
How We Use Your Information
We use Personal Information to:
- Provide and manage membership, programs, exams, and events
- Process applications, orders, and payments you submit to us
- Communicate with you, including marketing (where permitted)
- Improve and personalize our offerings and digital services
- Conduct research and analytics
- Deliver advertising
- Support compliance with laws and regulations
- Administer scholarships and professional conduct processes
Due diligence and Misconduct Screening: We use third-party due diligence databases that compile publicly available information (such as news reports, regulatory announcements and sanctions lists) to help us identify potential misconduct or risks related to our members and candidates. These tools may use automated matching techniques to compare names and profile data against publicly available sources in order to generate possible matches. All results are subject to human review. We do not make decisions that produce legal or similarly significant effects solely based on automated processing.
Legal Bases for Processing
Where required by law (e.g., GDPR, PIPL, DPDPA), we rely on one or more of the following bases:
- Contractual necessity (to deliver services you request)
- Legitimate interests or uses (such as to improve our products and services, detect fraud or misconduct, or marketing when permitted)
- Compliance with legal obligations
- Consent
Sharing Your Information
We may share Personal Information with:
Service providers and vendors. We engage third parties who provide hosting, testing, payment processing, marketing, IT or exam administration services to support our services and other operations. These parties act on our instructions and are under contract to use the Personal Information only in connection with the services they perform on our behalf. Note that online payment processing is handled securely by our third-party payment providers and CFA Institute does not store your full payment card information.
Member Societies. If you create an account on our Site and provide your mailing address, register for a CFA Institute educational program or certificate, or become a CFA Institute member, we will share your Personal Information with the CFA Institute Member Society closest to your mailing address. The Member Society may contact you to communicate the broad range of educational, networking and career support benefits that societies offer and which complement CFA Institute products and services. If you receive these Member Society communications and no longer wish to receive them, you may opt-out with the Member Society directly.
Event sponsors and attendees. For some CFA Institute events, we may make certain Personal Information of attendees available to other attendees and event sponsors. This will be disclosed to event attendees. The Personal information made available may include name, employer, address, and email address.
Employers. Under certain circumstances, we may share Personal Information of Candidates, Members, or other customers with their employers to validate membership or program status.
Regulators, law enforcement authorities, and courts. We share Personal Information as required by law or at the request of government regulatory or other law enforcement officials and the courts. In China, Personal Information of CFA Charterholders is shared with the Occupational Skill Testing Authority (OSTA) of the Ministry of Human Resources and Social Security (MOHRSS). We may also share professional conduct information related to members and candidates with regulators.
Partners such as prep providers, sponsors, educational and research institutions. If you authorize us to do so by opting in, we may share your Personal information with select third parties that offer services or products that may be of interest to you. These third parties include exam preparation providers, exhibitors and sponsors of CFA Institute events, University Program Partners and the CFA Institute Research Foundation.
The general public through our Member Directory. We make CFA Institute Charterholders’ name, location and charter status publicly available through the CFA Institute online Member Directory, which is searchable on our Site, as well as by phone and email upon a third party’s request. Members may choose to make additional information available on the Member Directory by changing their account preferences. Names of individuals holding any CFA Institute-issued certificate is available to the general public.
Cookies, Tracking Technologies, and Digital Advertising
We use cookies and similar technologies (such as web beacons, device identifiers, log files, and local storage) to operate our Site, improve performance, analyze usage, enhance security, personalize content, and deliver advertising. We also work with third-party analytics and advertising companies who place their own cookies or similar technologies on your browser or device when you visit our Site and other third-party websites, in order to provide analytics to us or serve customized advertisements to you.
These technologies can be grouped into categories related to their purpose:
- Essential: enable core functionality of our Site and cannot be turned off
- Targeted advertising: deliver and measure advertising related to our offerings
- Personalization: allow the Site to remember functionality choices you make (e.g., remembering your username) and provide enhanced personalization
- Analytics: measure website performance, user interactions, and identify technical issues
When you visit our site, you may use our cookie banner and preferences management tool to determine select which categories of these technologies are active on our Site during your visit. At any time, you may change your preferences by clicking on the Cookie Preferences link here or in the website footer.
In addition to using cookies and other tracking technologies to serve digital advertising, we also may share limited information (such as your email address) in a hashed or otherwise pseudonymous format with social and professional networking platforms. These platforms use the information to identify users who also have accounts with them and to deliver CFA Institute advertising to those users. If you do not want your Personal Information shared in this manner, you may withdraw consent to CFA Institute marketing communications as described below, or you may adjust your settings in the relevant platforms so those networks may not use your Personal Information in this manner.
Your Privacy Rights
We provide you with the rights to:
- Withdraw your consent to the processing of your Personal Information
- Request access to your Personal information, including details about the categories of Personal Information collected, the purposes for processing, and third parties with whom we share your data.
- Request the correction of your Personal Information.
- Request the deletion of your Personal Information, subject to legal, regulatory, or legitimate business retention requirements.
- Request restriction of processing of your Personal Information, meaning we will continue to store your data but limit further processing under certain conditions.
- Request data portability, allowing you to receive your Personal Information in a structured, commonly used, and machine-readable format for transmission to another entity.
- Object to the processing of your Personal Information (including, objection to profiling). If you object, we will cease processing unless we demonstrate compelling legitimate grounds or require processing for legal claims.
Please note that these rights are limited under your applicable local data protection law. If you seek to exercise any of these rights, our obligation to respond is limited by and subject to the law applicable to you. You also may have the right to lodge a complaint with a relevant data protection authority.
Updating Your Personal Information and Communication Preferences
If you have a CFA Institute account, you may view your Personal Information on file with us at any time by visiting Your Account (account login required) on the CFA Institute website, where you may change update your Personal Information. You may also update your Personal Information through Customer Support.
You may change your preferences for how we contact you at any time by visiting "My Account" and selecting "Preferences" on the CFA Institute website, or by contacting us using the information provided under the “Contact Us” section of this Policy.
Retention
We retain Personal Information for as long as necessary to provide services, comply with legal and regulatory obligations, resolve disputes, and maintain business records. When no longer needed, data will be securely deleted or anonymized.
Retention periods are determined based on:
- Legal and regulatory requirements (e.g., financial, employment, and data protection laws).
- Contractual obligations (e.g., agreements with members and test-takers).
- Business needs (e.g., maintaining certification records for professional verification).
- Fraud prevention and security (e.g., investigating unauthorized access).
- User requests (e.g., data deletion under applicable laws).
For participants in certificate and credential programs, we retain your Personal Information indefinitely as proof of your program status.
Security
We maintain appropriate technical, physical, and administrative safeguards to protect your Personal Information from unauthorized access, disclosure, alteration, or destruction. Access is limited to personnel who need it to perform their roles. While we strive to protect your Personal Information, we cannot ensure the security of the information you transmit. We recommend you take every precaution in protecting your Personal Information when you are on the internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.
Social Media Interactions and Links to Third-Party Sites
The Site may offer opportunities to engage in social networking, interact with others and/or submit or post messages or other content, such as on CFA Institute blogs ("CFA Institute Networking Sites"). The Site may also provide for interactions with third party websites or services including social media websites through plug-ins. Please note that any information or materials that you post or submit through such CFA Institute Networking Sites will be publicly posted to everyone that has access to the relevant Site. Posts to third party social media or other sites ("Social Media Sites"), including any content on our Site that you "share" or "like," will be controlled by and subject to the terms of such social media or other sites. We encourage you to use caution when you submit any information or materials on or through any CFA Institute Networking Site or interact with third party websites or services through plug-ins.
Changes to This Policy
We may update this Policy from time to time. Updates will be posted on our Site with a new “Last Updated” date. If material changes affect previously collected information, we will notify you and obtain consent where required.
Contact Us
For further information about CFA Institute's privacy practices, please contact us.
For purposes of services provided to residents of Mainland China, CFA Institute (USA) Beijing Representative Office, Unit 5501, 55/F China World Tower B, No. 1 Jianguomenwai Avenue, Chaoyang District, Beijing 100004, China, serves as the handler of personal information. You may contact CFA Institute’s China Data Privacy Representative at: [email protected].