Privacy Policy

ADVANCE IPSC PRIVACY STATEMENT

Introduction

 This Advance Institute of procurement and supply chain specialists in providing CIPS-Chartered Institute of Procurement and Supply Chain qualifications and competency-based learning. We have developed a solid reputation as a Center of Excellence in Supply Chain Training in providing high-impact courses that have benefited a large number of participants from the private, public, and government sectors. We are the approved centers of the Chartered Institute of Procurement and Supply, UK. Over the past decade of our existence, we have worked closely with our clients in designing, setting up & implementing procurement & supply chain frameworks and competencies.

We have developed a solid reputation as a reliable Centre for CIPS qualification in providing high-impact courses that have benefitted many participants from the private, public, and government sectors. Our presence for the last decade-built credibility in the market through our local and overseas MCIPS qualified trainers

.

About Us:

Advance Institute of Procurement and Supply Chain started its journey

As a successful Supply Chain study center advance IPSC got approval from the CIPS Governing body in 2011. After getting approval Advance IPSC updated their tuition mode and try to outspread locally also make enlighten people about Supply Chain and CIPS value in the profession. From the inception of 2018 Advance, SCS reconstructed its business to Advance IPSC with some long-term vision and mission. In 2019 they spread their business abroad. They started to provide CIPS tuition in Vietnam. Meanwhile exploring the CIPS tuition in this South Asia and Asia Pacific region Advance got the approval as a distant learning partner of CIPS which gives them more opportunity to expand their business beyond the limit and country boundary. In the Middle of 2021, they have been approved as an Exam Center also to facilitate their enrolled student.

 

For all queries relating to this Privacy Statement and our handling of personal data please contact info@AdvanceIPSC.com

Alternatively, you can write to us at:

  • Data Protection ADVANCE IPSC
  • GULSHAN GRACE,
  • House CWS(C) – 8, 2nd Floor,
  • South Avenue,
  • Gulshan -1 1212 Dhaka,
  • Dhaka Division,
  • Bangladesh.

Info@advanceipsc.com

What we collect

 We may collect the following information from you when you join ADVANCE IPSC, place bookings, complete surveys, or application forms, provide services to us, or purchase goods or services from us:

  • your name, date of birth, and gender
  • addresses (home and work), contact email addresses and contact telephone numbers (home, work and mobile)
  • your credit/debit card and /or bank details
  • employment status
  • career details – current job/description of role/employer.
  • company name and address
  • current qualifications (where relevant to ADVANCE IPSC, g., completion of accredited degrees)
  • study center/university details
  • assessment information for qualifications
  • examination marks and results and exemption details
  • learning opportunities are undertaken as part of continuous professional development
  • online self-assessment tools use and scoring
  • competency questionnaires use and scoring
  • skills and interests
  • date of joining ADVANCE IPSC, membership status, and grade
  • purchases you have made from ADVANCE IPSC Brands
  • inquiries and contacts, you have made to ADVANCE IPSC Brands
  • data related to election ballots and results
  • username and password, you use to sign in
  • the IP address you use to log in
  • personal data you supply when you are using the Supply Management Jobs services (these services allow you to receive job alerts, upload your CV and share your details with recruiters)
  • photos and video footage (were captured at our events)

Sensitive data that we may collect (this includes Special Categories of personal data as defined by GDPR)

  • annual household income and savings – only applicable to ADVANCE IPSC Foundation applicants
  • evidence of your health (medical history, diagnosis, or special requirements), where needed for reasonable adjustments, special consideration, exam deferrals, ADVANCE IPSC Foundation applications, or accommodating your requirements when attending ADVANCE IPSC Brands events/courses
  • information you provide us when applying for special consideration, discretionary membership discounts or to defer an exam
  • information you provide us regarding any specific needs you have for attending our events or training courses

How your information is collected

We collect information from you, for example, when you:

  • make inquiries with us
  • submit an application for membership, to sit an exam, or to apply for a membership upgrade
  • book onto an event/training course
  • purchase learning materials
  • choose to upload your information via your My ADVANCE IPSC or Supply Management Jobs account
  • sign up to and/or make use of the services we (ADVANCE IPSC Brands) have available (such as E-Learning, the Self-Assessment, Skills Gap Analysis tools or Supply Management Jobs)
  • use our website (see our Cookies policy below)

We may also collect information about you from third parties, such as:

  • your employer or sponsor (for instance, where you have been enrolled in one of our corporate programs)
  • our study center (if you have chosen to study through one)
  • partners that we work with

What we do with the information we collect

 We require this information to understand your needs and provide you with a better service, and for the following reasons:

  • to respond to your inquiries
  • to administer your membership and provide the benefits set
  • allow you access to the ADVANCE IPSC Brands site(s) and services
  • to fulfill our obligations arising from any contracts entered between you and ADVANCE IPSC Brands, and for their general management – this includes providing the products and services that we offer, where Terms and Conditions apply
  • to administer and manage the examination and assessment processes including the performance of study centers
  • to organize and deliver ADVANCE IPSC Brands events and training courses, and fulfill any specific needs you may have
  • process payments from or to you
  • maintain CPD records
  • to run elections
  • evaluate your professional attributes, where necessary for CIPS, Executive Diploma & CIPS applications
  • notify and remind you when your membership is due for renewal
  • provide you with information relating to your studies
  • notify you of governance updates, including sending you invitations to vote in our Annual General
  • provide you with news, products, services, and membership updates
  • invite you to provide feedback on our products and services, for example in surveys
  • invite you to take part in research campaigns and surveys
  • fulfilling prize draws and competitions
  • using photo and video footage in post-event publicity (please notify us when booking onto an event if you object to this)
  • to notify you of changes to our membership offering
  • monitor how you respond to our communications
  • to allow us to monitor usage statistics as a basis for future improvements to relevant website processes
  • to monitor and improve our products and services
  • to meet security/health and safety requirements where you attend an event or training course
  • to verify your identity
  • to enable us to track system used by user
  • internal record keeping
  • to periodically conduct quality checks on the data we hold on you

 

Professional Register

 ADVANCE IPSC provides a professional register, accessed through our website, listing the names, membership grades, achievement of the ethics mark and chartered status, and country of current ADVANCE IPSC members.

We do this as we believe that it is in the public interest for individuals and organizations to be able to easily identify those professionals who have achieved or are working towards professional recognition, CIPS and ADVANCE IPSC/CIPS Chartered Professional, and who remain current members of CIPS.

When registering for membership you will automatically appear on the register. If you do not want your member details to be shown, then simply log in to your My ADVANCE IPSC profile and tick the opt-out checkbox.

 

Our lawful bases for processing your information

 We will only use your personal information where one of the following applies:

  • You have given us your consent, such as to send you marketing communications or information about third parties which we think you may find interesting. You can withdraw your consent anytime by clicking unsubscribe on the link located at the bottom of the emails you receive from us. Please be advised, that changes to your preferences may take up to 10 days to fully
  • It is necessary for performing a contract that we have with you, such as the fulfillment of a service you have signed up for as a
  • For our own (or a third party’s) legitimate interests provided your rights do not override these interests, such as:
    • Fraud prevention
    • Sending appropriate targeted communications to you based on previous purchases or interest in ADVANCE IPSC services
    • Monitoring and improving our products and services
    • Enhancing the learning experience (for example, tailoring our events/training courses to the audiences attending or sharing information relevant to your studies with your study center)
    • Fulfilling the requirements of our Charter
    • Enhancing the networking opportunities that we offer
    • Managing the data, we hold
  • We need to comply with a legal obligation, such as the BD Act Your personal information will only be used for the purpose or purposes it was collected. It will not be sold, shared, or distributed to third parties unless we have your permission or where it is necessary for one of the reasons listed

Recipients with whom we may share your data with

  • Agents and organizations contracted to perform business functions on our behalf (for example we work with Rakib who support ADVANCE IPSC Helpdesk including providers of third-party application used for the purposes of delivering products/services to you (for example Tamanna who provide our Skills Assessment tool)
  • Venues hosting ADVANCE IPSC Brands events (where necessary to meet security and safety requirements, and fulfill any specific needs you may have)
  • ADVANCE IPSC Brands event sponsors (we will only share your name, job title, and company name – this is done to tailor the event content to the audience. Please notify us when booking if you do not want your data to be shared in this way)
  • If you apply for a job via Supply Management Jobs, your details will be shared with the recruiter promoting the specific role. At your request, we will share your data with Top CV and/or allow recruiters to access your CV
  • Third-party IT and payment processing providers
  • Email service providers (we use A2 Hosting as our provider).
  • Third-party analytical services
  • Knowledge Partners whom we run joint research campaigns with

We may publish or share anonymized statistics under the condition that no personally identifiable information can be derived from such statistics by third parties, such as our recognized study center partners.

 

How long do we hold your Information for

ADVANCE IPSC Brands has a variety of obligations to keep the data that you provide us. These include ensuring that transactions are processed correctly, identifying fraud, and complying with any laws and rules that apply to us and to our service providers. ADVANCE IPSC Brands has a Data Retention Policy to ensure that your data is not held for longer than is necessary. We hold the information that you provide to us while you are an active, registered user and member, and when you register for our services. Therefore, even if you close your account or membership with us, we may keep certain data (such as membership information) to meet our obligations but for no longer than required or permitted by law.

Where your information is stored

Your information is held securely within the BD, however, may be stored and processed in any country in which our Regional Offices or agents operate in order to provide our products/services within those respective regions and/or to adhere to audit and regulatory requirements.

If your information is transferred outside the UK for these purposes, then we will take measures to ensure that your data always remains protected to the standard imposed by the General Data Protection Regulation. We require our trusted third parties to meet ADVANCE IPSC Brands’ data protection standards. In certain circumstances, courts, law enforcement agencies, regulatory agencies, or security authorities in those other countries may be entitled to access your personal data.

Keeping your personal information secure

To prevent unauthorized access or disclosure, we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online. ADVANCE IPSC Brands’ websites are maintained on a secure server. All our suppliers and contractors meet the standards we require. Restrictions are also in place so that users only have access to data that is required for them to do their job. Staff training is undertaken regularly, and checks are made by IT staff to ensure data quality is maintained.

All payment card details are processed by a third-party payment processor who encrypts the details using SSL (Secure Socket Layer) technology. Once orders have been processed all encrypted credit card information on the webserver is deleted.

We also have in place a comprehensive email security Policy; all incoming and outgoing email is scanned by multiple security systems before being accepted or sent out. These security systems will block and hold messages that contain viruses and malware, spam messages, or other inappropriate content.

Where appropriate, senders will be informed that their message has been held by our systems and if held in error the message can be released and successfully sent.

Unfortunately, no data transmission or storage system is completely secure. If you feel that the security of your account or interaction with us has been compromised, please contact us immediately. If such a disclosure does occur, we will contact you as soon as possible to explain what has happened and take all steps required of us to meet our obligations under the legislation.

Your rights in controlling your personal information

You can ask us to make changes in how your data is handled and we will respond promptly should a request be made. You have the following rights over the personal data about you that we are holding and processing:

Right to be informed. This Statement provides you with information in relation to how your data is processed. This ensures that we are transparent about what we will do with the information you supply to us.

Right of access. You may request details of personal information that we hold about you under the DataProtection Act 2018 and the General Data Protection Regulation. This is called a Subject Access Request.Further information this process and how to apply can be found at:

Right to request information held is accurate and how to update it. If you believe that any information, we are holding on you is incorrect or incomplete, please email us at info@advanceipsc.com and we will respond as quickly as possible.

Right to erasure. In certain circumstances, you may ask us to delete information about you and stop processing or publishing it (often called the Right to be Forgotten).

Right to object to the processing that is likely to cause you damage or distress. Where you challenge the accuracy or lawful processing of your information, we will consider this.

The right to receive an electronic copy of any information you have consented to us holding is known as data portability. You can ask us to provide the personal data about you we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services or for you to give to another organization.

Right to object. We will ensure that we have the right consent in place for sending you information. You can unsubscribe from our mailings and remove your details at any time. If you wish to stop receiving communications from us, you will be able to do so by contacting us at info@advanceipsc.com

Rights related to automated decision-making. If there is additional profiling based on the information we hold, then you can object to us making decisions about you based on such processing.

What we use cookies for
A cookie is a tiny file that is stored on a user’s computer or electronic device and issued to your computer when you enter a website. It stores a small amount of information relating specifically to the client and the website. The cookie can be accessed by both the web server and the user’s computer.

When visiting any webpage ending with the suffix Advance IPSC.org, we cookies that allow you to:

  • carry information across pages of the site
  • avoid having to re-enter information
  • maintain a shopping basket or booking form
  • after the member login, to access member-only information or receive member-only

Types of cookies Session cookies

Session cookies are stored only temporarily during a browsing session. No information about you is stored in the session cookie and it is deleted automatically as soon as you close the browser window to leave the site.

Persistent cookies

This type of cookie is saved on your computer for a fixed period (usually a year or longer) and is not deleted when the browser is closed. Pe5rsistent cookies are used where we need to know who you are for more than one browsing session. For example, this type of cookie is used to store your preferences, so that they are remembered for the next visit.

 

Third-party cookies

We also use third-party cookies such as Facebook Pixel, LinkedIn Insights, and Twitter Universal Website Tag to monitor how our website is used and to better tailor the website to you and the promotions that you may see.
If you want to find out more about how to control your cookies, please visit the links below depending on the web browser that you use. However, please remember that if you choose not to receive cookies at any time, the ADVANCE IPSC website may not function properly, and certain services will not be provided which may affect your experience of the website.

You may also find the information on www.aboutcookies.org useful. This website is run by an external company to ADVANCE IPSC and we cannot verify the content of this website.

ADVANCE IPSC Data Protection Policy

1     Overview

The Advance institute of Procurement & Supply Chain (ADVANCE IPSC) is the leading voice of the procurement and supply profession course from CIPS course. ADVANCE IPSC is the Data Controller and Data Processor of the information that you provide to us as a member and to access our services and training. ADVANCE IPSC are proprietorship company in Bangladesh.

ADVANCE IPSC Data Protection Policy sets out how we respect the personal information that we collect and hold in the course of carrying out our role representing the procurement and supply profession, our clients and members. We are committed to ensuring that the privacy of our members, business partners and employees is protected and upholding the principles of data protection.

2     Purpose

ADVANCE IPSC as Data Controller and in cases, Data Processor, must be able to demonstrate compliance with data protection law. This policy outlines ADVANCE IPSC framework in upholding Article 5 of the GDPR and Data Protection Principles in that data shall be:

  • processed lawfully, fairly and in a transparent manner
  • collected for specified, explicit and legitimate purposes
  • adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • accurate and, where necessary, kept up to date
  • kept for no longer than is necessary for the purposes for which the personal data are processed
  • processed in a manner that ensures appropriate security

3     Objectives

Adhering to data protection principles, ADVANCE IPSC will manage data throughout the information life cycle and will seek to audit and review its processes and procedures in data handling. With constant regard to continuous improvement, the data protection management system will adopt best practice principles and GDPR requirements. This management process will be achieved by adopting the following policy objectives.

3.1    Process data lawfully and fairly

ADVANCE IPSC must have a ‘lawful Basis’ or ‘grounds for processing’ before legally processing personal data. There are 6 different grounds for processing:

  • Consent – the individual/data subject has freely given their consent to the processing and data must be collected through a clear affirmative
  • Contractual – processing is necessary for the performance of a contract or agreement to which the individual is party or is required prior to entering a
  • Legal requirement – processing is necessary for compliance with a legal obligation to which the individual is subject.
  • Public interest – processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the data controller.
  • Legitimate interests – processing is necessary for the purposes of the legitimate interests of the organization or a third party where the interest and rights and freedoms of the individual are not overridden, and the data is used in ways which people would reasonably
  • Vital interests – processing is necessary to protect the vital interests of the individual or of another

Where processing is intended to require Special Categories of personal data (see definitions), a specific condition permitting such processing must also be identified as laid out in the GDPR & Data Protection Act 2018.

Once legal grounds for processing have been established, its activities will be included within the Data Asset Inventory – Article 30.

3.2    Collect data that is necessary and for a legitimate purpose

ADVANCE IPSC will ensure that personal data collected is necessary for processing and not further processed in a manner that is incompatible with those purposes; under GDPR further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be incompatible with the initial purposes.

ADVANCE IPSC will communicate in a clear and transparent manner ensuring that all data subjects are informed of the purpose for their data being processed and only use their personal data in a way that the data subject expects and with accordance to their rights.

3.3    Select data that is adequate and relevant

ADVANCE IPSC will ensure that the data processed will be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, and those purposes will be transparent and clear. If intentions are to use the data for any other purpose data subjects are informed and have the right to object.

3.4    Maintain accurate records

ADVANCE IPSC will ensure that data is accurate and, where necessary, kept up to date. All data subjects will be provided with the means to update their personal data and every reasonable step will be taken to erase or rectify without delay inaccurate records.

Records will be restricted if there is any dispute over their accuracy until a time where the data has been rectified and authorized as an accurate account of the subject’s data.

3.5    Appropriate retention period for information

ADVANCE IPSC will not store data for any time longer than necessary or if the data subject withdraws consent or objects to its processing (unless there is another legal ground to justify its retention). To manage the process of establishing and keeping records for a suitable period, ADVANCE IPSC has a Retention Policy and process that outlines the assessment and categorization of data for storage and deletion.

3.6    Securing personal data

ADVANCE IPSC depends on information and communications technology systems to operate global membership and administrative functions. Security of these systems, the hardware, and networks on which they reside and the data which they host is necessary both to honor ADVANCE IPSC obligations to providers of data (students, members, suppliers, partners, and employees).

ADVANCE IPSC Information Security Policy in conjunction with ADVANCE IPSC Acceptable Usage Policy outlines the activities taken to protect data within the organization.

4     Upholding the rights and freedoms

 

4.1    Information and rights for data subjects

Individuals can request that we make changes in how their data is handled and we must respond promptly should a request be made.

  • Right to be informed – we must communicate clearly and use plain language in all our external messaging when initially collecting the data or at first opportunity
  • Right of access – we must have in place processes to respond to requests for what information we are holding (Subject Access Requests)
  • Right to rectification – we must ensure we correct inaccurate information in the data we are processing without delay
  • Right to erasure – we may be required to delete the data and stop processing it or publishing it (often called the Right to be Forgotten)
  • Right to restrict processing – where the accuracy or lawful processing is challenged then temporary limits on the processing are required
  • Right to data portability – we may be asked to provide the personal data we hold, securely and in a machine-readable format, so it can be moved, copied, or transferred to be used across different services
  • Right to object – individuals have the right to object to processing where our lawful basis is legitimate interests or where we directly market to them
  • Rights related to automated decision making – if there is additional profiling or automated decision making based on the data, we hold that then an individual can object

ADVANCE IPSC Subject Access Request (SAR) guideline outlines how an individual can contact ADVANCE IPSC to initiate the SAR process.

4.2    Subject Access Request

ADVANCE IPSC collection of personal data is handled in accordance with the ADVANCE IPSC Privacy Statement. All ADVANCE IPSC employees, providers and partners are expected to comply with this policy and demonstrate a commitment to protecting others’ privacy.

Requests from data subjects (see definitions) are called Subject Access Requests. The process for making a request is set out in the ADVANCE IPSC published guidance ‘Making a Subject Access Request’. This is a simple checklist to guide you on the steps to make sure you recognize and handle a request (SAR) effectively, and in compliance with the data subject’s rights and ADVANCE IPSC internal processes. The information is provided free of charge.

4.3    Breach management

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, or unauthorized disclosure of, or access to, personal data. This includes breaches that are the result of both accidental and deliberate causes. It also means that a breach is more than just about losing personal data.

Personal data breaches can include:

  • access by an unauthorized third party through their direct action or lax internal security procedures or practices
  • deliberate or accidental action or inaction by an employee, volunteer or supplier
  • sending personal data to an incorrect recipient, g. wrong copy recipient to an email
  • USB stick, laptop or phone containing personal data being lost or stolen
  • alteration of personal data without permission
  • loss of availability of personal data

ADVANCE IPSC breach management procedure is outlined in the ADVANCE IPSC Breach Management Policy and Identifying and Reporting Data Breach guideline documents.

4.4    Data Protection Impact Assessment

A Data Protection Impact Assessment (DPIA) is a methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that involve the processing of personal data. Privacy by design means that ADVANCE IPSC identifies and minimizes the data protection risks of a project or new initiative. ADVANCE IPSC manages all new data assessments through its DPIA management process.

5     Governance

ADVANCE IPSC has the following governance framework in place to manage Data Protection Compliance:

Data Controller:

Any person, or organization, who makes decisions about how and why data is processed. A data controller must be a person recognized in law and they are responsible for compliance. ADVANCE IPSC is a Data Controller.

Senior Leadership Team (SLT):

  • Responsible officers of all organization-wide data protection
  • Oversight of Data Compliance Management Group

Data Compliance Management Group

  • Ensuring that there are adequate and competent resources available to support Data Protection Processes
  • Updating Article 30: processing activities documentation
  • Establish roles and responsibilities including appointment of one person with responsibility for the GDPR Breach Management Process
  • Conduct management reviews of the GDPR Breach Management Process ensuring it is fit for purpose and seeking continual improvement
  • Commitment to GDPR Breach Management Process and supporting implementation throughout the organization
  • Signing off audit processes and alignment with ADVANCE IPSC Data Protection Policy
  • Review training and testing outcomes
  • Reporting to SLT and GBT where applicable: including incident reports

Data Protection Officer:

  • Inform and advise senior leadership of their obligations under data protection
  • Promote a culture of data protection throughout the organization
  • Review policies and procedures to ensure they are fit for compliance
  • Advise on data protection procedures and best practice
  • Monitor and report on compliance to senior leadership
  • Maintain accurate records and documentation
  • Point of contact for data protection for all internal and external contacts
  • Investigate breaches and recommend remedial and mitigating actions
  • ICO point of contact
  • Advise and assist in the DPIA process

 

Data Processor:

Any person, or organization, who acquires records and processes personal data or who processes data on behalf of the Data Controller. An organization can be both a Data Controller and Data Processor even where they may appoint third parties to carry out elements of data processing on their behalf, such as Cloud Computing services. ADVANCE IPSC is both Controller and Processor. Our third parties who handle data for us are also Data Processors.

6     Audit and review

The Data Protection Officer as chair of the Data Compliance Management Group performs and audit and review function. This policy outlines the GDPR requirements and objectives for the audit and the policies and processes will be reviewed at least on an annual basis to ensure future proofing and suitability and compliance.

All breaches will be reviewed on a case-by-case basis and will document the mitigating actions and steps to remedy the breach and return to security and protection of data. All process will be reviewed to ensure that ADVANCE IPSC operates within regulation timeframes for responding and reporting on all SARs and breach investigations.

7     Training and exercise

ADVANCE IPSC will ensure that training and information will be made available to all data processors. Training will be given to all new personnel and third-party data processors. The Data Protection Officer will ensure that all training will remain current and fit for purpose.

8     Definitions

Data Subject

A living person who is the subject of personal data. The individual has enhanced rights under data protection law.

Personal Data

Any information relating to an identifiable person who can be directly or indirectly identified by reference to an identifier.

Processing

Processing of data means any operation or set of operations that is performed on personal data, which includes but is not limited to, collection, storage, use, recording, disclosure, or manipulation of data whether by automated means.

Data Breach

A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. Organizations are required to report a data breach that creates a risk to the rights and freedom of the individuals concerned, to the Information Commissioner’s Office (ICO) within 72 hours of the breach occurring or when made aware of the breach. If the individuals are at high risk of potential harm, then they must also be notified. Example: A computer account is hacked, and data listing contact details is accessed, or an employee takes unencrypted data out of the office against acceptable use policy and loses it.

Data Protection Officer (DPO)

This is the role in an organization that has responsibility for ensuring that personal data is protected and that the organization is compliant with the legislation. There should be a degree of independence, so the DPO reports directly to the highest management level of the organization as a part of the organization’s governance.

Binding Corporate Rules

A set of binding rules designed to allow organizations to transfer personal data from the BD to the organization’s related operations outside the BD but within the organization. BCRs must demonstrate adequate safeguards and be authorized by the appropriate lead authority in the BD to vouch for data compliance.

Cross border processing

The processing of data by a Controller or Processor who operates in more than one BD member state, or the processing of data in one member state of the subject’s resident in one or more member state.

 

Privacy Shield

Prior to GDPR, the BD- other countries and EU Privacy Shield Frameworks impose stronger obligations on US organizations to protect the personal data of data subjects in BD. The Privacy Shield, and now GDPR, requires the

BD to monitor and enforce protection, and to cooperate with the Supervisory Authorities. This is administered by the Department of Commerce and the Federal Trade Commission.

Data Protection Authority

Also known as a Supervisory Authority. The national authority in every BD member state enforces data protection in that member state. In the BD it is the Information Commissioner.

Data Privacy Impact Assessment

A methodology or tool used to identify and reduce the privacy risks of individuals when planning projects or policies that use or protect personal data.

Privacy by Design

The principle of the inclusion of data protection from the onset of the designing and planning of systems, rather than as a later addition.

Subject Access Request

The request by an individual to have access to, and information about, the personal data that a controller holds. Application is by a subject access request that is free of charge.

Special Categories of Personal Data

This is sensitive data that requires more protection. It includes information revealing race, ethnic origin, politics, religion, trade union membership, genetics, biometrics (where used for ID purposes), health, sex life or sexual orientation.

 

Third-party

Any person or organization is other than the Data Subject and the Data Controller. A third party can also be a Data Controller and a Data Processor.

9     Related policies and procedures

Supporting policies

Policy Location
ADVANCE IPSC Information Security Policy Internal
ADVANCE IPSC Acceptable Usage Policy Internal
ADVANCE IPSC Retention Policy & Schedule Internal
ADVANCE IPSC SAR Guidelines Internal/External
ADVANCE IPSC DP Impact Assessment Procedures Internal
ADVANCE IPSC Breach Management Policy Internal/External
ADVANCE IPSC Breach Identification and reporting procedures Internal/External
Select your currency
USD United States (US) dollar
BDT Bangladeshi taka