Privacy Notice

The nature of the Personal Data the IAIS collects depends on your relationship with the IAIS. Typically, the IAIS may process the following Personal Data: contact information (eg name, email, address, postcode, phone number); online information (eg cookies and IP address, if you visit the IAIS websites); or contractual information (eg personal details in relation to services provided to the IAIS).

The IAIS collects and processes personal data only for the legitimate purposes set out herein below and only processes the Personal Data which are relevant to achieve these purposes.

The IAIS processes Personal Data in accordance with the following principles:

• Lawfulness, Fairness and Transparency: The IAIS shall process Personal Data for legitimate purposes, in a fair and transparent manner. Legitimate purposes for the processing of Personal Data are:
  • Processing is required in order for the IAIS to be able to carry out its mandate and mission, purpose and functions;
  • Processing is necessary in order to protect the vital interests of a natural person;
  • Processing is necessary to protect the interests of the IAIS or its Members;
  • Processing is required for the performance of a contract to which the IAIS is a party;
  • Processing is necessary for compliance with the IAIS policies, procedures and rules;
  • Processing is required for any other activity of the IAIS and the individual has given their express consent for such processing.
• Purpose Limitation: Personal Data shall be collected for one or more specified and legitimate purposes, and not further processed in a manner incompatible with those purposes.
• Data Minimisation: Processing of Personal Data shall be adequate, relevant and reasonably limited to what is necessary in relation to the legitimate purposes for which Personal Data is processed.
• Storage Limitation: The IAIS shall retain Personal Data for the duration specified in its applicable retention schedule(s) adopted by the IAIS.
• Accuracy: Personal Data shall be recorded as accurately as possible and, where necessary, updated to fulfil the legitimate purpose(s) for which it is processed.
• Integrity and Confidentiality: Personal Data shall be recorded as accurately as possible and, where necessary, updated to fulfil the legitimate purpose(s) for which it is processed.
• Accountability: The IAIS has established appropriate accountability and oversight mechanisms.

Your Personal Data will be kept for as long as necessary to fulfil the purposes for which they were collected or to comply with legal or internal policy requirements. The IAIS applies criteria to determine the appropriate periods for retaining your Personal Data depending on their purpose and in accordance with the IAIS retention policies.

Your Personal Data are protected by appropriate technical and organisational safeguards against unauthorised processing and against accidental loss, destruction, damage, alteration, disclosure, access or use.

The IAIS may share your Personal Data with third parties (eg suppliers or service providers). The IAIS will only transfer Personal Data to third parties where they comply with a standard of protection of Personal Data equivalent at least to the level of protection established by the IAIS Personal Data Protection Policy.

• Right to access Personal Data: You may ask to obtain confirmation by the IAIS as to whether or not your Personal Data is being processed, and, where they are processed. Your rights will be subject to the restrictions on the right to access under the IAIS Personal Data Protection Policy.
• Right to rectification: You may request correction of your Personal Data that you believe is inaccurate or incomplete. The Bank for International Settlements (“BIS” the host organisation of the IAIS) oversees the IAIS personal data rectification. You can exercise your rights to information or rectification by supplying a completed data subject request form in English to the Personal Data Protection Manager at privacy@bis.org or via mail to:
  
  Bank for International Settlements
  c/o Personal Data Protection Manager
  Centralbahnplatz 2
  CH-4002 Basel
  
  
• Right to lodge a complaint: In the event that you believe that the IAIS is not processing your Personal Data in a manner described in this Privacy Notice, you have the right to lodge a complaint to the BIS’ Personal Data Complaints Panel within 60 calendar days of becoming aware of the IAIS failure to process Personal Data in accordance with its Personal Data Protection Policy. In submitting your complaint, you must provide relevant information, including, but not limited to (i) the reasons why you believe that the IAIS has failed to process your personal data in the manner described in this Privacy Notice, (ii) the date on which you were informed or became aware of the IAIS failure, and (iii) the remedy being sought. We ask that you supplement the complaint with (i) a copy of any relevant response to a request for information regarding the processing of your personal data and/or correction provided by the IAIS and (ii) all relevant evidence.The BIS oversees the IAIS personal data complaints. You can exercise your right by submitting a data subject complaint by supplying a completed complaint form in English to the BIS Personal Data Complaints Panel at PDCPanel@bis.org or by mail to:
  
  Bank for International Settlements
  c/o Personal Data Complaints Panel
  Centralbahnplatz 2
  CH-4002 Basel
  
  The BIS shall not accept or respond to anonymous complaints. Failure to submit the complaint in accordance with requirements set out above may result in the complaint being rejected by the Personal Data Complaints Panel.