LIBF India Privacy Notice

How we use and protect your personal information

1. Introduction

We attach great importance to the personal information our customers and students share with us and use a range of measures to protect this information and ensure it is used in line with your expectations. We aim to make our use of your personal information as transparent as possible and this notice sets out how we may collect, process, share, transfer and dispose of your information and the individual rights that are available to you.

We will process your personal information in accordance with all applicable laws (including the Information Technology Act 2000 as amended by the Information Technology (Amendment) Act 2008 and its accompanying regulation, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information or Information) Rules 2011*).
We will only process your personal information as described in this notice unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and processed for limited purposes.

We hope you will find that this notice answers any questions you may have, but if you require any further assistance our contact details are at the bottom of this notice.
We may update this notice from time to time but will communicate any changes in advance where they may have a material effect on your privacy rights. The last review date can be found at the end of this notice.

2. What is The London Institute of Banking & Finance India

The London Institute of Banking & Finance provides outstanding education and thought leadership in banking and finance for businesses, individuals and society. It is a trading name of LIBF Limited, a company registered in England and Wales. Registered No. 13621269.

The London Institute of Banking & Finance India is the brand name for the services provided by the London Institute of Banking & Finance in India, which is owned by LIBF Limited.
Our approved distributor, Indiaedge Private Education Limited CIN: U80902HR2022FTC108055 is licensed to use this brand in connection with the distribution of our programmes.

*As a UK based business, we are also subject to UK legislation including the Data Protection Act 2018 and UK GDPR as well as other laws depending on the country in which the customer or student whose personal data it is, are based. Whilst this privacy notice is drafted from an Indian law perspective, LIBF will comply with all applicable laws. Where there is any conflict between different laws, LIBF will comply with the law requiring the higher standard.

We are a data controller registered in the UK with the Information Commissioner’s Office. Our entry details can be found on the Data Protection Public Register.

Indiaedge’s privacy notice is available here.

3. What is personal information

Personal information is any information relating to a natural person, which either directly or indirectly identifies the person, including when the information is combined with other information available to or likely to be available to the party processing the information.

4. When do you collect my personal information?

When you register onto one of our programmes, we create a record in your name and allocate you a unique ID number. Any information that you give us, or we generate, from then on is added to your record.

We endeavour to ensure the accuracy of all records, but we rely on you to keep your personal information up to date, either online via myLIBF or by informing the Customer Services team of any changes. You can contact them by emailing customerservices@libf.ac.uk.

Information collected automatically
When you visit our website we automatically collect anonymized information about your visit and securely store it using Google Analytics. We use this to improve user experience, navigation of our website and the services we offer you. The type of information we collect includes:

session duration
page views
traffic source
browser
device
IP address, and
actions taken (e.g. PDF downloads, clicks, form submissions)

Remarketing
Remarketing is a form of online advertising that enables us to show you targeted adverts after you’ve visited our website. It works by placing a tracking code – a cookie – on people’s browsers when they visit our website. It will then display advertisements to those with that cookie, specifically, on the display and search networks on different web browsers. This code will last for six months and is then removed automatically.

To opt out of remarketing, you should decline our cookies when you first visit our website. You can also opt out by clearing the history on your web browser and changing your web browser settings so that they don’t allow third-party tracking.

Advertising Reporting Features
To help us get a better understanding of our users, we have enabled ‘advertising reporting’ features like:

audience demographics and interests reporting
DoubleClick campaign manager reporting
DoubleClick bid manager reporting, and
Google display network impression reporting.

You can opt out of Google’s use of cookies through your browser settings or by visiting Google’s Ads Settings or Google Analytics’ currently available opt-outs.

Alternatively, you can opt out of third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt-out page.

5. What type of personal information do you collect?

We only collect the personal information we require to deliver our services or meet a statutory reporting obligation. We have provided some typical examples below:

Study and membership application/registration:

When you complete an application to study one of our programmes or become a member of The London Institute of Banking & Finance you will be asked to provide sufficient personal information to:

Register you for a programme of study
Allow distribution of correspondence
Allow communication when required
Confirm your job title and employer (if applicable)
Confirm that you meet any entry criteria (if applicable)
Confirm that coursework assignments will be your own work (if applicable)

Sensitive personal information:

Sensitive personal information is any information relating to:

Passwords.
Financial information such as bank account details, credit or debit card details, or other payment card information.
Physical, physiological, and mental health condition.
Medical records and history.
Sexual orientation.
Biometric information

We only collect and process sensitive personal information where necessary and will always seek your consent to process it. We may process health information for the purposes of making reasonable adjustments account of a disability, or to give special consideration for extenuating circumstances.

You can withdraw your consent at any time by emailing the Customer Services team by emailing customerservices@libf.ac.uk.

If you have any concerns or questions about the personal information we collect please do contact us and we will be happy to discuss this with you.

6. How do you use my personal information?

We only use your personal information for the purpose for which it was collected namely to provide the services to you. Depending on the services you have requested from us, we will use your personal information:

To process your application/registration for the study of modules and qualifications. This may also require your personal information to be passed to a third party for the delivery of study materials, or the provision of teaching or examination facilities. We may also contact other institutions to confirm your qualifications.
To process any application you make for membership and to maintain that membership.
To process and issue certificates and/or digital badges to eligible students and customers (please refer to section 10 for details of who we share information with for digital badges).
To undertake research in order to help us plan and improve our services.
To provide information to government bodies, such as Ofqual in accordance with statutory and government requirements.

7. How do you protect my personal information?

We use a range of managerial, technical, operational and physical security control measures to protect your personal information. These include:

Training all staff on the principles of information protection and including terms within contracts and annual compliance checks.
Secure processing of all transactions via our website.
Applying secure storage and encryption methods to personal information held on our computer systems.
Ensuring appropriate contracts are in place where we deliver our services with third parties and undertaking compliance audits where relevant.
Industry standard security and encryption employed for the transfer of personal information between sites and third parties.
CCTV used to monitor and record building entry and exit points, key card entry to office buildings and coded security access to server rooms.
Monitoring our systems and undertaking annual penetration testing and monthly vulnerability scanning to identify and strengthen any vulnerabilities identified.

8. How long will you keep my personal information?

We will only keep your personal information for as long as is necessary for the purpose it was collected. You can find some examples of this below:

Study records – we will keep personal information relating to your studies (academic record) permanently. This forms part of our core records and enables us to provide verification of any awards you achieve, issue replacement certificates and meet any legal obligations including the prevention of fraud.

Reasonable Adjustments and Special Consideration – information you provide to request reasonable adjustments for a disability, or special consideration of extenuating circumstances will be kept for as long as required to support your studies and meet the requirements of our assessment boards.

9. Who do you share my personal information with?

We will share your personal information with third parties where necessary to deliver our services. This includes:

Other organisations we work with to deliver training and qualifications.
Printing and scanning services for production and marking of assessment materials.
Digital badging and credential services
Government and other regulatory departments in compliance with applicable law

Where we share personal information with third parties we will;

have an appropriate agreement specifying how the information may be used;
only share as much information as is required to deliver the specified service;
require they have suitable managerial, technical, operational and physical security control measures in place to protect your personal information, and;
ensure your personal information is securely disposed of when it is no longer required to deliver the service or on termination of our agreement with the third party.

We will only share your personal information where it is necessary to perform a lawful contract with you or you have provided your consent. For the avoidance of doubt, we will not share or sell your information to third parties to use for their own purpose.

We will only disclose your personal information to a third party if a government agency seeks the information, it is necessary to comply with a legal obligation or you have provided your consent to the disclosure in a contract.

10. Where might my personal information be processed?

The majority of personal information we collect is processed within the UK and may be stored on servers within the EU.

11. What are my rights over my personal information?

Under Indian law, you can exercise the following individual rights over your sensitive personal information:

The right to be informed about any recipients of the information
The right to access and review the information provided
The right to amend or update the information if it is inaccurate or incomplete
The right to withdraw consent at any time

Under UK data protection laws, you have the following additional rights over all personal information (not just sensitive information):

To be informed how we will use your personal data

We will inform you of how we will use your data by short processing statements, typically provided at the point you request a product or service from us, and in more detail via this notice. We will also endeavour to answer any further questions you may have on how we use your personal data.

To have access to your personal data
You can gain access to most personal data we hold for you by logging into your MyLIBF account. You can also gain access to any further information we may hold by submitting a Subject Access Request (SAR), which is free of charge in most cases.

To correct your personal data
You can request we correct any personal data for you which may be inaccurate, incomplete or out of date. You can amend most of your personal data by logging into your MyLIBF account.

To have your data deleted
You can request that we delete personal data that we hold for you. We will consider all requests for deletion and endeavour to fulfil the request where possible.

We will not normally delete records of qualifications as this forms part of our core academic record and may be necessary to prevent fraudulent activity.

We may also be legally obliged to retain some personal data for a specified period of time such as financial transactions and to meet statutory reporting requirements. We will highlight as far as possible the implications of deleting any personal data but may not be able to foresee all circumstances and the final decision to accept the deletion will need to be yours. We will hold a record to be able to confirm we have processed a deletion request.

To have your personal data provided in a portable format
You can request that we provide a copy of your personal data in a format that can be easily shared with another organisation. We will normally provide this in a .csv (comma-separated values) format, compressed within a .zip file, but will endeavour to meet any other requests.

To restrict the processing of your data
You can request that we restrict how we process your data. This may be used as an alternative to having data deleted, allowing us to store your personal data but not process it. This may affect the products or services we can provide to you and there may be some limitations where we have a legal obligation to still process.

To object to the processing of your personal data
You have the right to object to direct marketing at any time. You can do this by logging into your MyLIBF account and changing your preferences to opt-out or by clicking the link included at the bottom of all marketing emails we send. This will not affect transactional emails we send that are necessary for delivering any product or service.

To have your personal data amended or to object to direct marketing please login to your MyLIBF account or contact Student and Customer Services by calling +44 (0)12 2781 8609.

For any all other requests please complete the Individual Rights Request Form and email it to dataprotection@libf.ac.uk.

If we are unable to fulfil a request we will confirm this with you and provide an explanation.

12. How can I manage my marketing preferences?

We will only send out transactional communications which are necessary to deliver the services you have requested.

You can opt out of Google’s use of cookies through your browser settings or by visiting Google’s Ads Settings or Google Analytics’ currently available opt-outs. Alternatively, you can opt out of third-party vendor’s use of cookies by visiting the Network Advertising Initiative opt out page.

13.Who is the regulator for data protection?

Should you be unhappy with the way we have used your personal data or how we have responded to a request, Indian customers and students have the right to lodge a complaint with the Ministry of Electronics and Information Technology (MeitY) in India. Contact details can be found at Contact Us | Ministry of Electronics and Information Technology, Government of India (meity.gov.in).

You also have the right to complain to the UK regulator, the Information Commissioner’s Office (ICO).

If you are based outside of the UK or India, you may have the right to lodge a complaint with the data protection supervisory authority in your country of residence.

14. Who should I contact to exercise my rights or seek further information?

If you have any questions, require further guidance or would like to submit a rights request, you can contact our Information Protection Coordinator (grievance officer) by;

emailing dataprotection@libf.ac.uk, or
writing to: Data Protection Co-ordinator, 4-9 Burgate Lane, Canterbury, Kent, CT1 2JX, UK

Last reviewed: 18 June 2023

Privacy Policy