Describes how the Business Law Institute (also referred to as 'we', 'us' or 'BLI') gather and protect individually identifiable information ("Personal Information").
How we use, process, transfer, and share Personal Information.
Describes your personal data privacy rights.
Applies to Personal Information that we collect through our website (Site).
Summary of Key Points
By using the Site or providing Personal Information to us you consent to our processing and transfer of your Personal Information according to our terms.
We collect Personal Information when you provide information through the Site, when you register for a course, or through other communications with us. We use Personal Information to provide products and services to you. We transfer Personal Data to jurisdictions outside of your home country as necessary for the purposes described in this Policy, including to jurisdictions that may not provide the same level of data protection as your home country.
We share Personal Information with member societies, exam preparatory providers and other partners which provide products and services that may be of interest to you. We also share Personal Information that you post on our Social Media and Networking Sites.
When we process your Personal Information based on your consent, you have a right to withdraw your consent. We also provide you additional rights to access, rectify, and erase your Personal Information, to obtain a portable copy of your Personal Information, and to restrict or object to our of processing of your Personal Information. These rights are limited under the applicable local data protection law.
We maintain reasonable and appropriate technical, physical, and administrative measures to protect the security of your Personal Information. Access to Personal Information is limited.
Our Site and Mobile Apps may have links to other sites that we do not control. Their privacy policies may differ from ours. We encourage you to read the privacy statement of any website you may visit.
If we make any material changes to our privacy practices, we will post a prominent notice on our Site notifying users of the change.
Cross-Border Data Transfers
We transfer Personal Data to jurisdictions outside of your home country as necessary for the purposes described in this Policy, including to jurisdictions that may not provide the same level of data protection as your home country. We provide appropriate protections for cross-border transfers as required by law for international data transfers. With respect to transfers originating from the European Economic Area ("EEA"), we implement standard contractual clauses approved by the European Commission, and other appropriate solutions to address cross-border transfers as required by applicable law. Where required by such laws, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below.
If you are located in a country other than the United States, you consent to the transfer of your Personal Information to us in the United States, to third party data processors located in the United States that we select, and to local Member Societies and third parties in other countries as we select. Other countries may not provide a level of data protection to your Personal Information equivalent to that provided by your home country.
The Information We Collect
Our bases for processing your Personal Information are:
Compliance with Legal Obligations
Where necessary, Consent
Information You Provide to BLI
You may provide Personal Information to us in a number of ways, including: (1) through your use of the Site, such as registering for an account and signing up to receive newsletters; (2) through your online account with us; (3) upon registering for our courses; (5) upon communicating directly with us; and (6) upon registering for our conferences or events.
The Personal Information We Collect
Listed below are the classes of Personal Information that we collect. Please note, however, we do not collect all this Personal Information from everyone. For example, information on religious affiliation is only collected from candidates in our credentialing programs who request a religious alternate testing date. Similarly, we only collect employee number from our employees. Likewise, Clear GIFs are only collected from visitors to the Site.
Contact Data (name; personal contact information (phone, email address, physical address))
Behavioral data (how members use our content and offerings)
Work contact data (telephone and fax numbers and email address)
Professional skills and talents
Geographic mobility interests
Type of Browser
Type of Operating System
Purposes for Which We Use Personal Information
The purposes for which we process your Personal Information are listed below:
General membership and account management
Processing your orders
Processing applications and registrations that you submit to us
Scholarship Program Award and Administration
Measuring effectiveness of our products and services
General business administration
Measuring effectiveness of prep courses and exam
Cookies and Other Tracking Technology
Cookies are small pieces of information that a website transfers to your computer. Our Site uses session ID cookies (expire when you close the browser) and persistent cookies (persist even after you close the browser), which help our Site run more smoothly and tailor content for you. Our Site includes a mechanism to manage the cookies that we use on our Site through your Profile. Additionally, most web browsers have options that allow you to control whether to accept cookies and give you the option to delete all cookies. However, disabling may prevent access to some parts of our Site. Do Not Track Signals: If you wish to not be tracked during your visit to our Site, please follow your browser's “Do Not Track” instructions or contact your browser provider for more information. By sending a Do Not Track Signal, you may be unable to use or access some features of our Site.
Clear Gifs (Web Beacons/Web Bugs)
Our Site may employ a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), which helps us to better manage content on our Site by informing us what content is viewed or clicked on. Clear gifs are tiny graphics with a unique identifier similar in function to cookies. In contrast to cookies, which are stored on a visitor's computer, clear gifs are embedded invisibly on web pages and e-mails and are about the size of a period.
We also gather Personal Information automatically and store it in log files. For instance, when you visit our Site or use our mobile app, the server may automatically recognize information about you, including: the date and time you visited our Site, the pages you visited, the referrer (the website you came from), the type of browser you are using (e.g., Firefox, Internet Explorer), the type of operating system you are using (e.g., Windows or Mac OS), and the domain name and address of your internet service provider.
Online Behavioral Advertising
Our Site places and recognizes cookies and similar technologies on your browser or device when you visit it for purposes of serving you targeted advertising (a.k.a. "online behavioral advertising"). We also work with third party analytics and advertising companies who place their own cookies or similar technology on your browser or device when you visit our Site and other third-party websites, in order to provide analytics to us or serve customized advertisements to you. As noted above, you can set your device or browser to accept or reject most cookies, or at least notify you in most situations that the technology is offered. You can also manage the cookies you receive through your Profile. As an additional step, some of these advertising companies participate in one of the following self-regulatory programs for online behavioral advertising, with corresponding user opt-outs:
Networking Advertising Initiative
Digital Advertising Alliance
Digital Advertising Alliance Canada
DAA AppChoices Mobile App - For mobile devices (e.g., smartphones, tablets)
European Interactive Digital Advertising Alliance in Europe
Please note that even if you reject these devices, you may continue to receive advertisements, but the advertisements will not be tailored to your browsing activities and interests.
How We Share Information
Third Party Processors and Transaction Processing
We engage third parties to perform services in connection with the operation of this Site and our organization. Examples of these third parties include website hosting service providers, technology service providers, payment processors, legal advisers and consultants, examination supervisors and/or related services. We share Personal Information with these third parties, but we authorize them to use this Personal Information only in connection with the services they perform on our behalf. Such parties are bound by contract to establish appropriate measures to protect your Personal Information from unauthorized access, use, or disclosure. In addition, we share certain Personal Information with third parties as necessary to facilitate our offering of products and services to you.
Third Party Products and Services
If you authorize us to do so by opting in, then we will share your Personal Information with select third parties that offer services or products that we believe may be of interest to you. These third parties may contact you with communications regarding their own services or products. Please note that, if you receive any communications from these third parties, you may contact them directly to opt-out of receiving further communications from them.
Accessing and Updating Your Personal Information
You may view your Personal Information on file with us at any time by visiting Your Account (account login required) on the CFA Institute website, where you may change some of your Personal Information. Please note that we may require additional information to authenticate your identity.
We provide you with the rights to:
Withdraw your consent to processing your Personal Information.
Request access to your Personal Information.
Request rectification of your Personal Information.
Request erasure of your Personal Information.
Request restriction of processing of your Personal Information.
Request data portability.
Object to the processing of your Personal Information (including objection to profiling).
Please note that all of these rights are limited under your applicable local data protection law. If you exercise or seek to exercise any of those rights, our obligations to respond are limited by and subject to applicable law.
Right to withdraw your consent: If a specific element of our processing of your Personal Information relies upon your consent (in particular regarding the receipt of direct marketing communication via email, SMS/MMS, fax, and telephone), you may withdraw your consent at any time with future effect. Such a withdrawal will not affect the lawfulness of the processing prior to the consent withdrawal.
To exercise your rights, please contact us as stated under “Contact Us”. In some cases you also have the right to lodge a complaint with the competent data protection supervisory authority.
We maintain reasonable and appropriate technical, physical, and administrative measures to protect the security of your Personal Information. While we strive to protect your Personal Information, we cannot ensure the security of the information you transmit. We recommend you take every precaution in protecting your Personal Information when you are on the internet. For example, change your passwords often, use a combination of letters and numbers when creating passwords, and make sure you use a secure browser.
Changes to This Policy
Except where limited by applicable law, we reserve the right to update this Policy to reflect changes to our information practices by prominently posting notice of the update on this Site, and, if required, obtaining your consent. Any updates will become effective immediately after posting the updates to this Policy and apply to all information collected about you, or where required, upon your consent. You agree that you will review this Policy periodically. If we make any changes to this Policy, we will change the "Last Updated" date above.
You are free to decide whether or not to accept a modified version of this Policy, but accepting this Policy, as modified, is required for you to continue using the Site. If we make any changes, to this Policy that materially and adversely impacts previously collected information about you, we will obtain your prior express consent for processing information previously collected about you in such a manner.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.