CFA Institute Privacy Policy
Last Updated: 23 May 2023
CFA Institute is a not-for-profit professional membership association committed to leading the investment profession globally. Our headquarters is located at 915 East High Street, Charlottesville, VA, 22902, and we own and operate this website (the "Site").
This privacy policy ("Privacy Policy"):
• Describes how we gather and protect individually identifiable information ("Personal Information").
• How we use, process, transfer, and share Personal Information.
• Describes your personal data privacy rights.
This Privacy Policy applies to Personal Information that we collect through any means, including the CFA Institute website, digital advertising, events and conferences, employment processes and direct interactions with CFA Institute staff. When we refer to Personal Information in this Policy, we are also referencing “personal data” as it is defined under the General Data Protection Regulation (EU) 2016/679 (GDPR) and the UK GDPR; as well as “personal information” as it is defined under the Personal Information Protection Law (PIPL) of China.
Summary of Key Points
- By using the Site or providing Personal Information to us you consent to our processing and transfer of your Personal Information as we describe here. Learn more.
- We collect Personal Information when you provide information to CFA Institute through the Site or our Mobile Apps, when you sign up for CFA Institute information through digital advertising, when you register for an exam or an event, or through other communications with CFA Institute and CFA Institute personnel. We use Personal Information to provide CFA Institute products and services to you. Learn more about the information that CFA Institute collects and how we use it.
- We transfer Personal Data to the United States and jurisdictions outside of your home country as necessary for the purposes described in this Policy, including to jurisdictions that may not provide the same level of data protection as your home country. Learn more about cross-border transfers.
- We use cookies and other technologies to track the use of our Site and for advertising purposes. Learn more about the use of cookies and technologies, and about opportunities to choose not to allow cookies.
- We share Personal Information with member societies, exam preparatory providers and other partners which provide products and services that may be of interest to you. We also share Personal Information that you post on our Social Media and Networking Sites. Learn more about setting your preferences and how to opt out of such disclosures.
- If you have an account with us, you can change your preferences for how we contact you and view your Personal Information on file with us at any time by visiting Your Account.
- When we process your Personal Information based on your consent, you have a right to withdraw your consent. We also provide you additional rights to access, rectify, and erase your Personal Information, to obtain a portable copy of your Personal Information, and to restrict or object to our processing of your Personal Information. These rights are limited under the applicable local data protection law. Learn more about your data rights.
- We maintain reasonable and appropriate technical, physical, and administrative measures to protect the security of your Personal Information. Access to Personal Information is limited. Learn more about security.
- Our Site and Mobile Apps may have links to other sites that we do not control. Their privacy policies may differ from ours. We encourage you to read the privacy statement of any website you may visit. Learn more about links.
- If we make any material changes to our privacy practices, we will post a prominent notice on our Site notifying users of the change. Learn more about changes.
Consent
When necessary, we may ask you to provide us with “sensitive” Personal Information, which includes information like:
• Ethnic or racial origin for statistical purposes.
• Religious or philosophical beliefs.
• Health or medical conditions in instances to process accommodations.
• Photo identification to verify your identity and to report to government regulators depending on your jurisdiction.
• Address and other personal contact information in order to provide notices.
Providing us with your information constitutes your consent to the collection, use, transfer, and sharing of that information for the purposes described in the record where you provide the information and in this Privacy Policy. If a specific element of our processing of your Personal Information relies upon your consent, you may withdraw your consent as described below in "Your Rights."
Cross-Border Data Transfers
CFA Institute has its headquarters in the United States. By providing CFA Institute with your Personal Information, you acknowledge that some of your Personal Information may be transferred to the United States and will be processed and stored in the United States by CFA Institute and third-party data processors that we select. We provide appropriate protections for cross-border transfers as required by law for international data transfers through data processing agreements and model clauses or standard contractual clauses, whenever appropriate. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below. We only transfer the personal data to the United States that is necessary to provide services to you. For more information on where your information is stored, please reach out to the Data Privacy Officer listed below.
The Information We Collect
We collect Personal Information to help us better understand your needs, to provide you with personalized and efficient service, and for other purposes described in this Privacy Policy. We generally obtain Personal Information directly from you. We also may obtain Personal Information automatically, through the use of cookies and other technologies, and in some instances from third parties, such as companies that sponsor programs or conferences in which CFA Institute participates. We do not knowingly collect any Personal Information from children under the age of 16, and users under the age of 16 should not submit any Personal Information to us.
Bases for Processing
Our bases for processing your Personal Information are:
- Contractual Necessity
- Legitimate Interests of CFA Institute, where permitted
- Compliance with Legal Obligations
- Where necessary, Consent
Before we process Personal Information on the basis of the legitimate interests of CFA Institute, we review our processing in light of the interests and fundamental rights and freedoms of the data subject taking into account their reasonable expectations. Where we believe those interests or fundamental rights and freedoms override our legitimate interests, we will seek another valid basis for processing your Personal Information or refrain from that processing activity. Examples of our “legitimate interests” for processing your Personal Information include (but are not limited to):
- Processing for direct marketing purposes or preventing fraud
- Transmission of personal data for internal administrative purposes and data analysis
- Processing for the purposes of ensuring network and information security
- Reporting possible criminal acts or threats to public security to a competent authority
Information You Provide to CFA Institute
The Personal Information We Collect
Listed below are the classes of Personal Information that we collect. Please note, however, we do not collect all this Personal Information from everyone. For example, information on religious affiliation is only collected from candidates in our credentialing programs who request a religious alternate testing date. Similarly, clear GIFs are only collected from visitors to the Site.
• Contact Data (name; personal contact information (phone, email address, physical address)
• Financial information
• Credit card data
• Gender
• Birthdate
• Passport information
• Educational background
• Criminal history
• Civil liability history
• Professional complaints, or investigations
• CFA Institute ID
• Reference letters
• Government identification number
• Health information
• Dietary needs
• Religious affiliation
• Work experience
• Professional conduct statement by employer/sponsor
• Username
• Password
• Video recordings
• Individual's status in CFA's programs
• Behavioral data (how members use our content and offerings)
• Work location
• Job/position title
• Work contact data (telephone and fax numbers and email address)
• IP Address or Mobile Device ID
• Clear GIFs
• Referring website
• Type of Browser
• Type of Operating System
Purposes for Which We Use Personal Information
The purposes for which we process your Personal Information are listed below:
For Members, Candidates and Attendees at our Events:
• General membership and account management• Processing your orders
• Processing applications and registrations that you submit to us
• Providing examination services and administering and scoring examinations
• Marketing
• Website Management
• Scholarship Program Award and Administration
• Measuring effectiveness of our products and services
• Maintain the online CFA Institute Member directory
For visitors to the Site:
• General account management and CFA Institute administration
• Marketing
• Website Management
• Website Improvement
• Scholarship Program Award and Administration
Cookies and Other Tracking Technology
Our Site and Mobile Apps use cookies and other tracking devices to collect information automatically which we may use for purposes outlined in this Privacy Policy such as targeted advertising. These tracking devices may be placed by us or by our third-party partners or vendors. By using the Site, you agree to the use of cookies and other tracking devices as described below. You may configure your internet browser to notify you when a cookie is sent (giving you the option to decide whether to accept it or not), and to reject or remove cookies. To remove cookies, please follow your browser's instructions or contact your browser provider for more information. You may also manage many of the cookies on our Site through your Profile. By removing or refusing to accept cookies, you may be unable to use or access some features of our Site.
Cookies
Cookies are small pieces of information that a website transfers to your computer. Our Site uses session ID cookies (expire when you close the browser) and persistent cookies (persist even after you close the browser), which help our Site run more smoothly and tailor content for you. Our Site includes a mechanism to manage the cookies that we use on our Site through your Profile. Additionally, most web browsers have options that allow you to control whether to accept cookies and give you the option to delete all cookies. However, disabling may prevent access to some parts of our Site. Do Not Track Signals: If you wish to not be tracked during your visit to our Site, please follow your browser's “Do Not Track” instructions or contact your browser provider for more information. By sending a Do Not Track Signal, you may be unable to use or access some features of our Site.
Device IDs
Some portions of this Site and our mobile app collect and store a unique device ID associated with your particular device to track the number of unique visitors using our Site or mobile applications and to enable you to interact with and use those resources. We link your device ID with the technical information accessed through your use of our Site or the mobile application for the uses described in this Privacy Policy.
Clear Gifs (Web Beacons/Web Bugs)
Our Site may employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), which helps us to better manage content on our Site by informing us what content is viewed or clicked on. Clear gifs are tiny graphics with a unique identifier similar in function to cookies. In contrast to cookies, which are stored on a visitor's computer, clear gifs are embedded invisibly on web pages and e-mails and are about the size of a period.
Log Files
We also gather Personal Information automatically and store it in log files. For instance, when you visit our Site or use our mobile app, the server may automatically recognize information about you, including: the date and time you visited our Site, the pages you visited, the referrer (the website you came from), the type of browser you are using (e.g., Firefox, Internet Explorer), the type of operating system you are using (e.g., Windows or Mac OS), and the domain name and address of your internet service provider.
How We Share Information
Third Party Processors and Transaction Processing
We engage third parties to perform services in connection with the operation of this Site and our organization. Examples of these third parties include website hosting service providers, testing vendors, technology service providers, payment processors, legal advisers and consultants, examination centers, research centers, and/or related services. We share Personal Information with these third parties, but we authorize them to use this Personal Information only in connection with the services they perform on our behalf. Such parties are bound by contract to establish appropriate measures to protect your Personal Information from unauthorized access, use, or disclosure. In addition, we share certain Personal Information with third parties as necessary to facilitate our offering of products and services to you.
Digital Advertising and Remarketing
CFA Institute uses remarketing services (sometimes called interest-based advertising) to show relevant content on sites across the internet to previous visitors to our Site (as described below in “online behavioral advertising”) and email subscribers. These services allow us to tailor our advertising and marketing content so that it is relevant and suits your needs. If you have consented to receiving marketing communications from us, we may share certain pseudo-anonymized (hashed) portions of your Personal Information (e.g., your email) with social media and eCommerce platforms such as Facebook, Instagram, LinkedIn, Verizon Media and Amazon. If you have an account on one of these platforms, this data sharing facilitates delivery of CFA Institute advertising or messages while you are using those social media networks. If you do not want your Personal Information shared in this manner, you may withdraw consent to CFA Institute marketing communications as described below, or you may adjust your settings in the relevant platforms so those networks may not use your Personal Information in this manner.
Online Behavioral Advertising
Our Site places and recognizes cookies, third-party web beacons and similar technologies on your browser or device when you visit it for purposes of serving you targeted advertising (a.k.a. "online behavioral advertising"). We also work with third party analytics and advertising companies who place their own cookies or similar cookieless technology on your browser or device when you visit our Site and other third-party websites, in order to provide analytics to us or serve customized advertisements to you. We work with advertising and analytics partners such as Google Ads, DoubleClick Floodlight, The Trade Desk, Xaxis, Flashtalking, Teads, Dstillery, LinkedIn, Facebook, Twitter, Amazon, Verizon Media, and Yoyi Digital.
As noted above in the Cookies section of this Policy, you can set your device or browser to accept or reject most cookies, or at least notify you in most situations that the technology is offered. You can also manage the cookies you receive through your Profile. As an additional step, some of these advertising companies participate in one of the following self-regulatory programs for online behavioral advertising, with corresponding user opt-outs:
- Networking Advertising Initiative
- Digital Advertising Alliance
- Digital Advertising Alliance Canada
- DAA AppChoices Mobile App - For mobile devices (e.g., smartphones, tablets)
- European Interactive Digital Advertising Alliance in Europe
Please note that even if you reject these devices, you may continue to receive advertisements, but the advertisements will not be tailored to your browsing activities and interests.
Back to topThird Party Products and Services
If you authorize us to do so by opting in, we may share your Personal Information with select third parties that offer services or products that we believe may be of interest to you. These third parties may contact you with communications regarding their own services or products. Such third parties may include exam preparatory providers, exhibitors at and sponsors of CFA Institute events, University Program Partners, and other CFA Institute partners, such as the Research Foundation. Please note that if you receive any communications from these third parties, you may contact them directly to opt-out of receiving further communications from them.
Member Societies and Employers
If you create an account on our Site and provide your mailing address, register for a CFA Institute educational program or certificate, or become a CFA Institute Member, we will share your Personal Information with the CFA Institute Member Society closest to your mailing address. This will enable the Member Society to contact you to communicate the broad range of educational, networking, and career support benefits that societies offer and which complement CFA Institute products and services. To identify the Member Society closest to your location, please see our “Find a Society” page. If you receive these Member Society communications and decide you no longer wish to receive them, you may opt-out with the Member Society directly.
Under certain circumstances, we may share Personal Information of Candidates, Members, or other customers with their employers in order to validate membership or program status.
CFA Institute Member Directories
We make Member name, location, and charter status information publicly available through the CFA Institute online Member Directory, which is searchable on the CFA Institute public website, as well as by phone and email upon a third party's request. Members may choose to make additional information available on the Member Directory by changing their account preferences. Names of individuals holding any CFA Institute issued certificate is available to the general public.
Event Attendees
For some CFA Institute events, we may make certain Personal Information of all event attendees available to other event attendees and event sponsors. The Personal Information made available may include name, employer, address, and email address.
Legal Compliance
We share Personal Information of CFA charterholders with government regulators in connection with CFA charterholder reporting obligations. In China, Personal Information of CFA charterholders is shared with the Occupational Skill Testing Authority (OSTA) of the Ministry of Human Resources and Social Security (MOHRSS). We keep your information for the following time periods: 1) if you register for any exam and or are a CFA charterholder, we retain some of your personal information indefinitely for statistical and historical purposes, 2) We retain communication history via email for up to seven (7) years and we retain marketing communications for up to three (3) years.
We also share Personal Information with our Professional Conduct Hearing Panels and otherwise share Personal Information as required by law or at the request of government regulators or other law enforcement officials and the courts.
CFA Institute Networking Sites and Social Media Sites
The Site and our Mobile Apps offer opportunities to engage in social networking, interact with others and/or submit or post messages or other content, such as on CFA Institute blogs ("CFA Institute Networking Sites"). The Site and our Mobile Apps may also provide for interactions with third party websites or services including social media websites through plug-ins. Please note that any information or materials that you post or submit through such CFA Institute Networking Sites will be publicly posted to everyone that has access to the relevant Site. Posts to third party social media or other sites ("Social Media Sites"), including any content on our Site that you "share" or "like," will be controlled by and subject to the terms of such social media or other sites. We encourage you to use caution when you submit any information or materials on or through any CFA Institute Networking Site or interact with third party websites or services through plug-ins.Your use of CFA Institute Networking Sites is governed by our Terms & Conditions.
Back to topYour Communication Preferences
You may change your preferences for how we contact you at any time by visiting "My Account" and selecting "Preferences" on the CFA Institute website, or by contacting us using the information provided under the “Contact Us” section of this Policy. (Back to Third Party Products and Services)
In order to provide you with superior service, we may contact you to resolve a problem even if you have asked us not to contact you for other purposes. For example, if you are a Member and we cannot deliver your Annual Dues Bill and Professional Conduct Statement, we may contact you to verify delivery details.
Accessing and Updating Your Personal Information
You may view your Personal Information on file with us at any time by visiting Your Account (account login required) on the CFA Institute website, where you may change some of your Personal Information. Please note that we may require additional information to authenticate your identity.
Your Rights
We provide you with the rights to:
- Withdraw your consent to processing your Personal Information. Learn more.
- Request access to your Personal Information. Learn more.
- Request rectification of your Personal Information. Learn more.
- Request erasure of your Personal Information. Learn more.
- Request restriction of processing of your Personal Information. Learn more.
- Request data portability. Learn more.
- Object to the processing of your Personal Information (including objection to profiling). Learn more.
Please note that all of these rights are limited under your applicable local data protection law. If you exercise or seek to exercise any of those rights, our obligations to respond are limited by and subject to applicable law.
Right to withdraw your consent: If a specific element of our processing of your Personal Information relies upon your consent (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you may withdraw your consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
The “Your Communications Preferences” section of this Privacy Policy above describes communication-specific options we provide to you to allow you to easily withdraw consent for certain elements of our processing (i.e., email marketing, SMS/MMS, mobile push notifications, cookies, location choices, and sharing with test prep providers). You may also withdraw your consent regarding the receipt of direct marketing communications directly through your CFA Institute account. In particular, in instances where you have opted-in to sharing your Personal Information with test prep providers or other third parties, you may contact us to opt-out of future sharing of your Personal Information with such parties in the future; however, such withdrawal will not affect the lawfulness of the transfers that occurred prior to the consent withdrawal.
If you do not have an account with us, but are subscribed to CFA Institute marketing emails, you may withdraw your consent to receive such emails through the unsubscribe link contained in each email or by contacting us directly via email.
Right to request access: As described above, you may view your Personal Information on file with us at any time by visiting Your Account (account login required) on the CFA Institute website, where you may change some of your Personal Information. You may also contact us via email if you do not have an account.
You also have the right to obtain from us confirmation as to whether Personal Information concerning you is being processed, and, where that is the case, to request access to the Personal Information. This access information includes:
- The purposes of the processing,
- The categories of Personal Information concerned, and
- The recipients or categories of recipient to whom the Personal Information have been or will be disclosed.
However, this is not an absolute right and the interests of other individuals can restrict your right of access.
You have the right to obtain a copy of the Personal Information undergoing processing free of charge. For further copies requested by you, we will charge a reasonable fee based on administrative costs.
Right to request rectification: You have the right to obtain from us the rectification of inaccurate Personal Information concerning you. Depending on the purposes of the processing, you may have the right to have incomplete Personal Information completed, including by means of providing a supplementary statement. You may also change some of your Personal Information by visiting Your Account as described above in “Accessing and Updating Your Personal Information”.
Right to request erasure (“Right to be forgotten”): Under some circumstances, you have the right to obtain from us the erasure of Personal Information concerning you. This is not an absolute right and may be limited by our need to retain data to support our business operations or comply with legal or regulatory requirements.
Right to request restriction of processing: Under some circumstances, you have the right to obtain from us restriction of processing your Personal Information. In such case, the respective data will be marked and may only be processed by us for certain purposes.
Right to request data portability: Under certain circumstances, you have the right to receive the Personal Information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you have the right to transmit those data to another entity without hindrance from us.
Right to object: Under certain circumstances, you have the right to object, on grounds relating to your particular situation, at any time to the processing of your Personal Information by us and we can be required to no longer process your Personal Information. Such right to object may especially apply if we collect and process your Personal Information for profiling purposes in order to better understand your interests in our products and services or for direct marketing. If you have a right to object and you exercise this right, your Personal Information will no longer be processed for such purposes by us. You may exercise this right by contacting us as stated in the “Contact Us” section of this Privacy Policy. Such a right to object may, in particular, not exist if the processing of your Personal Information is necessary to take steps prior to entering into a contract or to perform a contract already concluded.
To exercise your rights, please contact us as stated under “Contact Us”. In some cases you also have the right to lodge a complaint with the competent data protection supervisory authority.
Security
We maintain reasonable and appropriate technical, physical, and administrative measures to protect the security of your Personal Information. Access to Personal Information is limited to only those employees, contractors, or authorized agents of CFA Institute who have authorization to access such Personal Information and such access is limited to the extent such information is needed to fulfill the task for which the Personal Information was collected. While we strive to protect your Personal Information, we cannot ensure the security of the information you transmit. We recommend you take every precaution in protecting your Personal Information when you are on the internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.
Back to topLinks
This Site and our Mobile Apps provide links to websites or services created and maintained by other individuals or organizations, including CFA Institute Member Societies. Please note that these websites' privacy policies may differ from this Privacy Policy. We encourage you to read the privacy statement of any website you may visit, as we are not responsible for such websites’ content and policies. We do not control these links or sites nor are we responsible for the accuracy, timeliness, security, or continued availability or existence of the information provided on these sites. Other organizations linked from the Site or our Mobile Apps may collect information about you when you visit their websites. We cannot control this collection of information. You should contact these companies directly if you have any questions about how they use the information they collect.
Changes to This Policy
Except where limited by applicable law, we reserve the right to update this Policy to reflect changes to our information practices by prominently posting notice of the update on this Site, and, if required, obtaining your consent. Any updates will become effective immediately after posting the updates to this Policy and apply to all information collected about you, or where required, upon your consent. You agree that you will review this Policy periodically. If we make any changes to this Policy, we will change the "Last Updated" date above. You are free to decide whether or not to accept a modified version of this Policy, but accepting this Policy, as modified, is required for you to continue using the Site.
If we make any changes to this Policy that materially and adversely impacts previously collected information about you, we will obtain your consent for processing information previously collected about you in such a manner.
Contact Us
For further information about CFA Institute's privacy practices, please contact us.
For purposes of services provided to residents of Mainland China, Si Wei (Beijing) Enterprise Management Consulting Co. Ltd., Unit 5501, 55/F China World Tower B, No. 1 Jianguomenwai Avenue, Chaoyang District, Beijing 100004, China, serves as the handler of personal information. You may contact CFA Institute’s China Data Privacy Representative at: [email protected].