Hands of individual typing on laptop keyboard, keys being pressed, screen showing work being done.
Who we are

Privacy Policy: use of data

Website visitors

We use Google’s suite (analytics (GA), search console, tags and ads) to track site user interaction and to provide a better experience for our website users. We have Google codes installed on our site which creates one or more text files on your computer (called a “cookie”). The cookies contain an ID number which is used to uniquely identify your browser and track each element of our website you visit that has a google code enabled.

We use this data to determine the number of people using our site and to better understand how they find and use our web pages. With this information we can continually improve the information that we provide on our site and the processes for actions such as event and member registration. We can also use it to increase the number of new people finding our site, and help those who have already visited our site, find interesting material easily on the internet.

Google Analytics, Search Console, Tags and Ads stores the following data:

  • Time of visit, pages visited, and time spent on each page of the webpages
  • Interactions with site-specific widgets
  • Referring site details (such as the URL a user came through to arrive at this site)
  • Type of web browser
  • Type of operating system (OS)
  • Flash version, JavaScript support, screen resolution, and screen colour processing ability
  • Network location and IP address
  • Document downloads
  • Clicks on links leading to external websites
  • Errors when users fill out forms
  • Clicks on videos
  • Scroll depth

Google also collects information about you from its Doubleclick tracking and profiling service, from ad-supported apps on your Android or iOS device, from your YouTube and Gmail activity and from your Google account. This data is put together and used to make inferences about your age, gender, interests, hobbies, shopping habits and living circumstances.

Your rights

If you already have Google cookies, they will be updated with the latest information about your visit to the site.

As we cannot access any personal data about you ourselves, we are not the Data Controller for your Google’s suite or Doubleclick profile data. You would need to contact Google directly for this information.

You have the right to object to this tracking and to stop it happening.

How do I prevent being tracked by Google Analytics?

If you are uncomfortable with this tracking, you can take the following actions:

We use LinkedIn tracking to track site user interaction and provide relevant material to users who have already visited our website. We have a LinkedIn code installed on our site which creates one or more text files on your computer (called a “cookie”).

The cookies contain an ID number which is used to uniquely identify your browser and track each element of our website you visit that has a LinkedIn code enabled. We use this data to retarget previous site users with material that is relevant to them, given the webpages that they’ve visited that contain a LinkedIn code.

LinkedIn codes on our site store the following data:

  • Time of visit and pages visited,
  • Type of web browser
  • Type of operating system (OS)
  • Network location and IP address

As we cannot access any personal data about you ourselves, we are not the Data Controller for your LinkedIn profile data. You would need to contact LinkedIn directly for this information.

You have the right to object to this tracking and to stop it happening.

How do I prevent being tracked by LinkedIn?

If you are uncomfortable with this tracking, you can take the following actions:

The personal data we may process on you is:

Personal data type:

  • Network location and IP address (Source: Google and LinkedIn as outlined above)
  • Network location and IP address (Source: Google and LinkedIn as outlined above)

The personal data we collect will be used for the following purposes:

  • To improve the information that we provide on our site
  • To improve the processes for actions such as event and member registration
  • To increase the number of new people finding our site

Our legal basis for processing the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)

For further information, see our Cookie Policy and Website Terms of Use.

Event registrants

Depending on the type of event, we use the following to process event bookings:

  • www.amba-bga.com
  • www.associationofmbas.com
  • www.businessgraduatesassociation.com
  • A third party platform called ‘Cvent’
  • A third party platform called ‘EventsForce’
  • A third party platform called ‘GoToWebinar’
  • A third party platform called 'Dotdigital' and it's associated products
  • A third party platform called 'Zoom' and/or 'Zoom Webinars'

In all cases we use a third party email platform called ‘Dotdigital’ to communicate with our event registrants, and we may also communicate with Webinar registrants via the GoToWebinar or Zoom Webinars platforms.

If you are a speaker at an AMBA event, we will publicly promote your involvement via Twitter, LinkedIn, Facebook and Instagram and emails to our members and contacts. This data may continue to be processed by those platform providers after the event has ended.

Bookings on www.associationofmbas.com, www.businessgraduatesassociation.com, www.amba-bga.com

The personal data we may process on you is:

Business contact details eg email address/phone number/postal address


Personal data type:

  • Name
  • Job title & Company or Business school name
  • Business contact details e.g. email address/phone number/postal address
  • Dietary and/or special assistance requirements where applicable

Source (for all data types):

Event registration form

The personal data we collect will be used for the following purposes:

  • To administer your event attendance, ie raise invoices, provide event materials such as badges and delegate lists, inform caterers of dietary requirements etc.
  • To analyse event attendance and interest, eg to identify booking patterns based on attendee area of responsibility or geographic area.
  • Contacting you by phone or email to market our services and future events to you as a professionally relevant individual.
  • Your data will only be used where the product or service might be relevant to you in your professional capacity.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Performance of a contract (ie to run the event which you have booked to attend)

The special categories of personal data concerned are:

  • Health data – ie dietary requirements, where applicable

Disclosure

AMBA & BGA will pass on your personal data to further third parties as necessary to administer your event attendance, such as caterers or event hosts if you have particular dietary requirements, printers of event materials such as delegate lists and badges (where applicable), and fellow event attendees (in the form of the delegate list).

AMBA & BGA will also pass on your personal data to trusted Partners and Sponsors of the respective events in the form of a delegate list. Attendees have the option to opt in to their inclusion of the delegate list during the booking process.

Bookings via Cvent and/or Eventsforce:

Please note that Cvent and/or Eventsforce is a third-party service that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You can refer to Cvent's privacy policy or Eventsforce’s privacy policy as we do not accept any responsibility or liability for their policies.

Cvent and it's Europe based entities are recognized by a European Commissionfor providing an adequate leel of data protection.

Eventsforce is based in the UK, which is recognized by a European Commission adequacy decision as providing an adequate level of data protection. For further details, please see the European Commission website

The personal data we may process on you is:


Personal data type:

  • Name
  • Professional details and/or business school name
  • Business school programme details
  • Contact details e.g email/phone/full or partial address
  • Nationality and country of residence
  • Date of birth and gender
  • Dietary and/or special assistance requirements where applicable

Source (for all data types):

Cvent or EventsForce event registration form

The personal data we collect may be used for the following purposes:

  • To administer your event attendance, i.e. raise invoices, provide event materials such as badges and delegate lists, inform caterers of dietary requirements etc.
  • To analyse event attendance and interest, eg to identify booking patterns based on attendee area of responsibility or geographic area.
  • Where applicable, to activate your membership of AMBA or update your record on our member database (see “AMBA Members (students & graduates)” section of this Privacy Policy for further details)
  • Contacting you by phone or email to market our services and future events to you as a professionally relevant individual.
  • Your data will only be used where the product or service might be relevant to you in your professional capacity.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Performance of a contract (ie to run the event which you have booked to attend)

The special categories of personal data concerned are:

  • Health data – ie dietary requirements where applicable

Disclosure

AMBA will pass on your personal data to further third parties as necessary to administer your event attendance, such as caterers or event hosts if you have particular dietary requirements, printers of event materials such as delegate lists and badges (where applicable), and fellow event attendees (in the form of the delegate list).

Bookings via GoToWebinar:

Please note that GoToWebinar is a third-party service run by LogMeIn Inc. that is not owned or managed by AMBA. This privacy policy only refers to the way AMBA will use your information. You should refer to LogMeIn Inc.’s privacy policy as we do not accept any responsibility or liability for their policies.

LogMeIn Inc. operates in the USA and subscribes to the EU-US Privacy Shield, which commits subscribers to adhering to European standards of data protection. For further details, please see:

The personal data we may process on you is:

Personal data type:

  • Name (Source: GoToWebinar event registration form)
  • Email address (Source: GoToWebinar event registration form)

The personal data we collect may be used for the following purposes:

  • To administer your event attendance, ie provide link to attend live webinar, send reminder and follow-up emails
  • To identify event attendance and interest.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Performance of a contract (ie to run the event which you have booked to attend)

Bookings via Zoom – webinars & events:

Please note that Zoom is a third-party service run that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You should refer to Zoom’s privacy policy nas we do not accept any responsibility or liability for their policies.

Zoom operates in the USA and has incorporated the European Commission’s Standard Contractual Clauses (or “SCCs”) as the basis of Zoom’s international data transfer policy For more information, please see:

Zoom and the European Union’s General Data Protection Regulation (GDPR)

To process your event registration, AMBA & BGA will collect registration information on the associationofmbas.com or businessgraduatesassociation.com website(s) and upload a first name, last name and email address to Zoom webinars. This will enable AMBA & BGA to enrol you onto the specified event(s).

The personal data we may collect and process on you for Zoom webinar attendance on the amba-bga.com, associationofmbas.com and/or businessgraduatesassociation.com website(s) are:


Personal data type:

  • Name
  • Email address
  • Telephone number
  • Business school name
  • Job title/role
  • Country
  • Programme studied/studying
  • Graduation or expected graduation date

Source (for all data types):

AMBA and/or BGA website(s)/Zoom event registration

The personal data we collect may be used for the following purposes:

The personal data we may process on you for Zoom webinar attendance is:


Personal data type:

  • Name
  • Email address

Source (for all data types):

AMBA and/or BGA website(s)/Zoom event registration

The personal data we collect may be used for the following purposes:

  • To administer your event attendance, ie provide link to attend live webinar, send reminder and follow-up emails
  • To identify event attendance and interest.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Performance of a contract (ie to run the event which you have booked to attend)

Event nominations and/or research via SurveyMonkey

Please note that SurveyMonkey is a third-party service run by Momentive Inc. that is not owned or managed by AMBA & BGA. This privacy policy only refers to the way AMBA will use your information. You should refer to SurveyMonkey’s privacy policy as we do not accept any responsibility or liability for their policies.

SurveyMonkey operates in the USA and subscribes to the EU-US Privacy Shield, which commits subscribers to adhering to European standards of data protection.For further details, please see the European Commission website

For further details, please see:

SurveyMonkey and Privacy

Privacy Notice

Personal data type:

  • Name
  • Email address
  • Business school or organisation
  • Job title/role
  • Postal address
  • Contact telephone number
  • Name of educational course attended/attending
  • Course mode
  • Graduation or expected graduation date
  • Photograph
  • Business trading dates
  • PA name
  • PA email address
  • Passport details
  • Age/date of birth
  • Work experience level
  • Salary scales

Source (for all data types):

SurveyMonkey survey/event form

The personal data we collect may be used for the following purposes:

  • To collect data for a survey or report or to administer your event attendance, ie provide link to attend live webinar, send reminder and follow-up emails, supply information or supporting documents for a visa application
  • To identify event attendance and interest.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Performance of a contract (ie to run the event which you have booked to attend)

Prospective MBA students registered with AMBA & BGA

The personal data we may process on you is:


Personal data type:

  • Name
  • Email address
  • Employment status/professional information
  • Telephone number
  • Nationality
  • Location
  • Year of birth
  • Gender
  • MBA programme preferences

Source:

Registration form or event registration

The personal data we collect may be used for the following purposes:

  • Contacting you by email to share information on our pre-MBA services (eg relevant thought leadership content, and guidance and advice on choosing an MBA programme)

Our legal basis for processing for the personal data:

  • Consent

Consent

By consenting to this privacy statement you are giving us permission to process your personal data specifically for the purposes identified.

Consent is required for AMBA & BGA to process both types of personal data, but it must be explicitly given. Where we are asking you for sensitive personal data we will always tell you why and how the information will be used.

You may withdraw consent at any time by emailing membership@amba-bga.com.

AMBA & BGA Members (students and graduates)

Where you have registered as an individual member of AMBA, we will process your personal information as set out in this section.

Please also see terms and conditions of membership.

The personal data we may process on you is:


Personal data type:

  • Name
  • Email address
  • Telephone number(s)
  • Professional information
  • Nationality
  • Location/address
  • Year of birth
  • Gender
  • MBA programme details i.e programme studied and graduation date

Source:

Member registration form or event registration

The personal data we collect will be used for the following purposes:

  • To administer your membership, e.g. to provide access to online member resources and to send you information on content, products, events and services to which you are entitled as an AMBA member primarily through email communications.
  • To administer your membership and participation in our online community hosted by CampusGroups via their AWS EU West hosting region. This includes utilising your basic information for community participation and/or newsletters/content round-up or forum alerts sent via the CampusGroups platform
  • To understand the make-up of our membership in order to inform membership product development.
  • To contact you to conduct our research which informs you and other stakeholders of trends in the MBA landscape.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)
  • Contractual (ie to fulfill our contractual obligations to you as a member)

Disclosure

AMBA will pass on your personal data to the below third parties as is necessary to service your membership. We do not share your personal information with third parties for commercial purposes.

Our online Career Development Centre is provided by the Abintegro platform, and limited information including your name, email address and AMBA membership number is passed through to their systems when you access this resource. For further information, please see Abintegro’s privacy policy and terms of use.

Our Digital Credentials are provided by Accredible and limited information including your name and email address is passed to their systems if you purchase a digital credential. For further information, please see Accredible’s privacy policy. (Valid from 1 January 2021)

Business school staff and faculty

We may process personal information necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

Where you are a member of staff or faculty at an affiliated member business school within the AMBA & BGA network (ie having accredited programmes or being a member of the AMBA Development Network), we may hold professional contact data about you.

Where you are a professionally relevant contact for our business school services, ie you are a member of staff or faculty at a prospective, or candidate member business school, we may hold professional contact data about you.

The personal data we may process on you is:


Personal data type:

  • Name
  • Job title and business school name
  • Professional contact details e.g business school email address/phone number/postal address
  • Professional information including age, nationality, gender, highest academic qualification, years' experience

Source:

  • Name: If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.
  • Job title and business school name: If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.
  • Professional contact details: If not directly from you or from colleagues at your institution, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.
  • Professional information: Documentation submitted by the business school in the course of the accreditation/reaccreditation process.

The personal data we collect will be used for the following purposes:

  • Contacting you by phone, email or post to market our business school services to you as a professionally relevant individual at a non-member institution.
  • In order to maintain our relationships with member institutions and meet our obligations to them, contacting you by phone, email or post to market our specific services available to you as a professionally relevant individual at a member institution (such as conferences, relationship building, further accreditation services, third party suppliers to the HE sector, thought leadership and further online resources and services available to students and graduates of your institutions accredited programmes).
  • To contact you to conduct our research which informs you and other stakeholders of trends in the MBA and business education landscape.
  • Your data will only be used where the product or service might be relevant to you in your professional capacity.
  • Where professional information relating to business school faculty is provided to us by the institution in the course of the accreditation or reaccreditation process, we will use this to assess the institution’s suitability for accreditation against our accreditation criteria (available on our website here), but for no further purpose.
  • To administer your membership and participation in our online community hosted by CampusGroups via their AWS EU West hosting region. This includes utilising your basic information for community participation and/or newsletters/content round-up or forum alerts sent via the CampusGroups platform

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below) and
  • Contractual obligation (i.e. to provide the services for which the Institution pays)

Commercial contacts

We may process personal information necessary for the purposes of the legitimate interests pursued by us, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

We may hold business contact data about you if you are a professionally relevant contact for our services, and you are employed in an organisation which is a separate legal entity, or if we have an existing or ongoing business relationship with you or your company.

The personal data we may process on you is:


Personal data type:

  • Name
  • Job title and Company name
  • Business contact details e.g email address/phone number/postal address

Source:

  • Name: If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.
  • Job title & company name: If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.
  • Business contact details: If not directly from you, then publicly accessible sources such as LinkedIn, business school websites, business cards, events we have jointly attended, industry referrals etc, or from colleagues on your behalf.

The personal data we collect will be used for the following purposes:

  • Contacting you by phone or email to market our services to you as a professionally relevant individual.
  • Your data will only be used where the product or service might be relevant to you in your professional capacity.
  • Where we have an ongoing business relationship, the information will be used in order to carry out any contractual obligations and maintain our relationship with you.

Our legal basis for processing for the personal data:

  • Our legitimate interests (see ‘How we define our Legitimate Interests’ below)

Employees and Job Applicants

If you apply to work at AMBA & BGA, we will only use the information you give us to process your application.

If you are unsuccessful in your job application, we will hold your personal information for 6 months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.

If you are successful, as your employer the Association of MBAs & Business Graduates Association needs to keep and process information about you for normal employment purposes. As part of our pre-employment checks we require references covering the previous five-year period, in addition to proof of qualifications and proof of eligibility to work in the UK.

The information we hold and process will be used for our management and administrative use only. We will keep and use it to enable us to run the business and manage our relationship with you effectively, lawfully and appropriately, during the recruitment process, whilst you are working for us, at the time when your employment ends and after you have left. This includes using information to enable us to comply with your employment contract, to comply with any legal requirements, pursue the legitimate interests of the Charity and protect our legal position in the event of legal proceedings.

For further information and the full Privacy Notice for Employees, please contact the Data Protection Owner or the HR representatives.

Legitimate Interest

Professionally relevant individuals: We may rely on legitimate interest as the legal basis for processing where this is not overridden by your interests and rights or freedoms. We have therefore conducted a Legitimate Interest Test which includes the following considerations:

  • The relationship between ourselves and you as the data subject
  • The sensitivity of the personal data involved
  • The reasonable expectations we think you have
  • Whether you’d be likely to object to the processing or find it intrusive
  • Any vulnerability you may have
  • How big an impact could this processing have on you as an individual
  • The safeguards we have in place to minimise the risk and impact of a breach
  • Whether a mechanism exists via which you can challenge our assessment

The Purpose Test: We consider that we have a legitimate interest in carrying out a business in favour of the well-being of all our employees and shareholders. This is enshrined in the EU Charter of Human Rights – Article 16 – Freedom to conduct a business. For customers and prospective customers, identified as working for legal entities and whom we consider are professionally relevant post holders; we consider we have a legitimate interest to process your data for the purposes of marketing of products and services. This purpose is supported by Recital 47 of the GDPR which states that: “The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest” We believe that professionals rely on being kept up to date about products or services to help them achieve their business objectives. Direct marketing is generally seen as an important tool to facilitate this. However, we will always respect your wishes, if you’re the recipient of our marketing.

The Balancing Test: A balancing test has been undertaken to compare our legitimates interests and the interests or fundamental rights and freedoms of prospective customers who require protection of their personal data, We will only process personal data if we have determined that our services are ‘professionally relevant’ to you and your organisation. Material that we send to you may be relevant based on your profile, because of the type, size or location of the organisation that you work in, or because you are the right post-holder for a certain set of decisions based on factors like your role, seniority, and responsibilities. We believe that the recipients of our marketing have a reasonable expectation that we as a Controller will process their Personal Data. The data we may hold on recipients originates from primary research by our research team, publicly available material held on websites, events we have jointly attended, personal data we have captured via business cards or similar interaction, referrals from other organisations, or from your colleagues. The personal data we hold is limited and in addition is never sensitive data, and in most cases exists in the public domain. Our assessment has taken into consideration the security measures that AMBA has in place based on the ISO27001 framework combined with the safeguards we have put in place through the implementation of the British Standard BS10012:2017 – Personal Information Management Framework delivering readiness to GDPR. Outputs of this framework include, but are not limited to:

  • Data Protection Impact Assessments as standard
  • Data minimisation
  • De-identification
  • Technical and organisational measures
  • Privacy by design and default
  • Adding extra transparency
  • Additional layers of encryption
  • Multi-factor authentication
  • Data retention limits
  • Restricted access
  • Opt-out options
  • Anonymisation
  • Encryption, hashing, salting
  • Other technical security methods used to protect data

Our conclusion is that the likelihood of impact and the severity of negative impact or distress of the data processing we undertake is negligible. However, we want to respect your wishes about how and if you are contacted. On occasion we will contact you to verify your position, check how you would prefer to receive direct marketing, whether by post, by phone or by email and to remind you of your rights via our latest privacy statement. You may of course tell us you do not wish to be contacted at all, and we will respect your wishes, add you to a suppression list, and not contact you again. If you feel we are not being fair with you, please tell us. We would like to correct this. You may also complain to the UK regulator, Information Commissioners Office (www.ico.org.uk). Private Individuals We may rely on legitimate interest as the legal basis for processing where this is not overridden by your interests and rights or freedoms. We have therefore conducted a Legitimate Interest Test which includes the following considerations:

  • The relationship between ourselves and you as the data subject
  • The sensitivity of the personal data involved
  • The reasonable expectations we think you have
  • Whether you’d be likely to object to the processing or find it intrusive
  • Any vulnerability you may have
  • How big an impact could this processing have on you as an individual
  • The safeguards we have in place to minimise the risk and impact of a breach
  • Whether a mechanism exists via which you can challenge our assessment

The Purpose Test: We consider that we have a legitimate interest in carrying out a business in favour of the well-being of all our employees and shareholders. This is enshrined in the EU Charter of Human Rights – Article 16 – Freedom to conduct a business. Moreover, as a membership body, we consider that we have a legitimate interest in holding the personal information of individuals who have signed up to AMBA membership, and that this is essential for the provision of membership services.

The Balancing Test: A balancing test has been undertaken to compare our legitimates interests and the interests or fundamental rights and freedoms of individuals who require protection of their personal data, We believe that AMBA members, prospective MBA students registered with AMBA, and event registrants have a reasonable expectation that we as a Controller will process their Personal Data. The data we may hold on these individuals originates from registration forms filled out by the individual him or herself or from online analytics such as Google Analytics. The personal data we hold is limited and is not sensitive data. Our assessment has taken into consideration the security measures that AMBA has in place based on the ISO27001 framework combined with the safeguards we have put in place through the implementation of the British Standard BS10012:2017 – Personal Information Management Framework delivering readiness to GDPR. Outputs of this framework include, but are not limited to:

  • Data Protection Impact Assessments as standard
  • Data minimisation
  • De-identification
  • Technical and organisational measures
  • Privacy by design and default
  • Adding extra transparency
  • Additional layers of encryption
  • Multi-factor authentication
  • Data retention limits
  • Restricted access
  • Opt-out options
  • Anonymisation
  • Encryption, hashing, salting
  • Other technical security methods used to protect data

Our conclusion is that the likelihood of impact and the severity of negative impact or distress of the data processing we undertake is negligible. However, we want to respect your wishes. If you feel we are not being fair with you, please tell us. We would like to correct this. You may also complain to the UK regulator, Information Commissioners Office (www.ico.org.uk).