The IFRS Foundation (we) promise to respect any personal data you share with us through this site (Website) or any other means. We aim to be transparent when we collect your data and not to use your information in any way that you would not reasonably expect.
Developing a better understanding of your preferences through your personal data enables us to ensure that you are receiving the information that interests you most, and even more importantly allows us to ensure that you are able to play an active role in the standard-setting process.
This Privacy and Cookies Policy (Policy) explains how the IFRS Foundation uses your personal data if and when it is collected and provides information about the cookies that we use on the Website. This Policy is designed to ensure that you are fully aware of how your personal data is processed and stored so that we can fulfil our legal and moral obligations toward you as a data subject.
If you do not agree with this Policy or the Terms of Use please do not use any part of this Website. If you signify acceptance of this Policy, this constitutes a positive action confirming your consent for us to use the personal data you provide to us in accordance with this Policy.
Information for members of the Value Reporting Foundation (VRF)
On 31 July 2022, VRF merged into and became a part of the IFRS Foundation. If you had provided your personal data to VRF prior to this merger (e.g. by subscribing to VRF updates), the IFRS Foundation is now the controller of your personal data and you are referred to throughout this policy as a "Legacy VRF Subscriber".
There is no immediate change to how your personal data is processed following the merger, save as expressly set out in this policy. We will notify you of any changes to how your personal data is processed by way of updates to this policy, including where these changes are to align how we process your personal data with how we process the personal data of other IFRS Foundation subscribers.
We would draw your attention in particular to the following sections of this policy, which contain information specific to you as a Legacy VRF Subscriber:
1. Personal information we collect
3. Sharing your information
7. Lawful basis and consent
8. European Economic Area (EEA)
11. Changes to this Privacy and Cookie Policy
Contents
1. Personal information we collect
The IFRS Foundation collects the following information when you register an account on the web site:
- your name;
- information about your role, country of residence, the organisation type/industry that you work for and optionally your organisation name;
- your preferences in relation to the communications that you would like to receive relating to our work and separately to our products and services
We do this in order for us to communicate with you regarding:
- the general objectives of the IFRS Foundation;
- marketing the goods and services of the IFRS Foundation;
- keeping you informed of IFRS Foundation activities;
- administration and archiving;
- processing any enquiries or complaints raised by you and responding to any communications from you;
- statutory and regulatory compliance;
- investigating any misuse by any person of our products and any accusation of wrongdoing;
- administration of an online application for employment with the IFRS Foundation;
- maintaining a record of your relationship with us.
In addition we collect the following details if you make a purchase from our web shop:
- your billing and (where necessary) delivery address used solely for the purpose of delivering goods, invoicing and tax purposes.
Our web shop uses a PCI DSS compliant payment gateway to process credit card transactions; the Foundation does not collect or store credit details.
If you are a Legacy VRF Subscriber, we may also hold the following categories of information if you provided this to VRF:
- Public comment letters. If you wish to not have your name associated with your comment, you can request from us that we not display your name as the source and instead we may replace your name with a description instead such as “an issuer in the extractive industries sector,” “a private investment manager holding public equities and debt,” “a sell-side industrials analyst,” and similar. To make such a request, please indicate your preference in the public comment letter.
- Information we obtain from social media platforms. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use, and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Policy.
2. Registration
In order to make use of a number of services in our website and web shop we require you to register as a user of our website. During the registration process we will collect the information set out above. The services accessible through registration allow users to:
- View or download our Issued Standards Part A;
- Submit a comment letter (please note that it is possible to submit comments by other means);
- Purchase an IFRS Digital subscription to view all our Standards content;
- View our live broadcasts and webinars published on our website
- Receive email alerts about our work (where you have chosen notification options)
- Receive product marketing emails (where you have given consent or have previously purchased a product from us)
We may contact you by email, post or telephone for research purposes relating to our websites or to research opinion on proposed developments if you have consented to such communications.
3. Sharing your information
When you register for any of our services including subscription services, the information you provide is for our purposes only. We do not share personal data of our subscribers with any third parties for marketing purposes. However, we may occasionally use third party providers to conduct research, process data or develop and maintain the Website and its content on our behalf.
If you are a Legacy VRF Subscriber, your personal data may historically have been shared with:
- VRF's business partners and legal advisors;
- Stripe, as VRF's provider of payment services;
- third parties providing marketing services on behalf of VRF;
- the public, if you made a public comment as a Legacy VRF Subscriber; and
- public and governmental authorities in limited circumstances. It may have been necessary—by law, legal process, litigation, and/or legally binding requests from public and governmental authorities within or outside your country of residence—for VRF to disclose your personal information. VRF only disclosed records to US law enforcement, and overseas equivalents, with a subpoena or court order. In the US, VRF only disclosed information, like the substance of your communications with VRF, in response to a probable cause search warrant. Nothing in this Policy is intended to limit any legal defenses or objections that you may have to a third party or government request to disclose your information.
4. Direct marketing
If you have consented to receive direct-marketing emails you have the right to revoke your consent at any time. You may do this by adjusting your preferences in your Dashboard or using the unsubscribe link at the bottom of emails you receive. Please note that if you are Premium subscriber, you will continue to receive emails in relation to your Premium Subscription and account only.
5. Cookies
Our Website uses cookies to distinguish you as an individual user. This helps us to provide you with a tailored experience when you browse our Website and also allows us to improve the Website through data analysis. By continuing to browse the Website, you are agreeing to our use of cookies.
A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you click the ‘agree’ button in the cookie notification pop-up at the footer of your browser. Cookies contain information that is transferred to your computer hard drive. The cookies function by saving your Website preferences and as a result it is possible to speed up your future activities at the Website and allows us to provide you with information specifically tailored to your interests.
Most browsers allow you to stop receiving cookies; however, you should be aware that if you do disable cookies you may have trouble logging into subscriber areas or using our Web Shop, and you will have to agree to the Terms of Use and this Policy every time you visit the Website.
We use the following cookies:
- Essential cookies: these are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into eIFRS Basic or eIFRS Professional, buy products at shop.ifrs.org using e-billing services or use the shopping cart feature.
- Analytics cookies: they allow us to recognise and count the number of visitors and to see how visitors move around our Website when they are using it. This helps us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily.
- Preference/functionality cookies: these are used to recognise you when you return to our Website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region and whether you have agreed to the Terms of Use and this Policy).
We do not allow access to Third Party Cookies to users of the Website. This means that no third-party advertising preference cookies will be stored and no other entity other than the IFRS Foundation will be able to access your information if you visit our Website.
We also use Google Analytics and Adobe Analytics to monitor the use of our Website. This means that information contained in the cookie about your use of the Website is transmitted to Google and Adobe and reports are prepared for us setting out how the Website is used. Google's analysis does not involve storing your personal data as detailed in Google’s Privacy Policy. Read Adobe's Privacy Policy here.
Below we list the cookies that are used on each of the Websites and a brief explanation of what they do:
| Domain | Cookie name | Description | Default expiration time | Status |
|---|---|---|---|---|
| ifrs.org | 0{ID} (a global unique id) | This is an authentication cookie that holds encrypted information about your sign-in to IFRS. Allows you to navigate between IFRS pages as a logged in user. | One month | Essential |
| ifrs.org | .ASPXAUTH | Used to manage access to personalised content on ifrs.org. | Duration of browsing (when logged in) | Preference |
| ifrs.org | TempCookie | Used as part of the sign-in infrastructure. | Duration of browsing | Essential |
| ifrs.org | ASP.NET_SessionId | Used to manage some temporary data for all users. | Duration of browsing | Essential |
| ifrs.org | SC_Analytics_global_cookie | Used to track user interaction and flow through the site to allow for targeted content. | Duration of browsing | Analytics |
| ifrs.org | __distillery | Used by the video streaming service. | Duration of browsing | Essential |
| ifrs.org | missionstatement | Saving the user’s choice to turn off the mission statement banner | Author-defined date | Preference |
| ifrs.org | Incap_ses_nnnn visid_incap_nnnnn |
Cookies used by Incapsula—a virtual firewall designed to protect web traffic against attack. All IFRS Foundation web systems route through Incapsula. | Six months | Essential |
| *ifrs.org | _ga _ga_UAT-{ID} _gid _gat __utmvc _ceg.s _ceg.u |
The IFRS Foundation uses Google Analytics to report at an aggregate level of use of our web site—these are the Google Analytics cookies which uniquely identify you as a user and relate to the IFRS account for Google Analytics. | 10 minutes to two years | Analytics |
| ifrs.org | s_cc | Adobe Analytics: This cookie is set and read by the JavaScript code to determine if cookies are enabled (simply set to “True”) | Duration of browsing | Analytics |
| ifrs.org | s_sq | Adobe Analytics: This cookie is set and read by the JavaScript code when the ClickMap functionality or the Activity Map functionality are enabled; it contains information about the previous link that was clicked on by the user | Duration of browsing | Analytics |
| ifrs.org | s_fid | Adobe Analytics: Fallback unique visitor ID time/date stamp | 2 years | Analytics |
| ifrs.org | s_vi | Adobe Analytics: This cookie is used to identify a unique visitor | 2 years | Analytics |
| ifrs.org | ARRAffinity | Affinity Cookies are used to aid people who need to stay with a certain instance of web app or web site in Azure. | Duration of browsing | Essential |
| ifrs.org | ARRAffinityCORS | Affinity Cookies are used to aid people who need to stay with a certain instance of web app or web site in Azure. | Duration of browsing | Essential |
| ifrs.org | login-token | User authentication | One month | Essential |
| ifrs.org | keep-me-logged-in | Determines if you are kept logged in when you revisit the IFRS web site. It requires your consent by clicking the "Keep me logged in box" in the login page. | Permanent | Preference |
| ifrs.org | homepagepopup-hidden | Determines if the home page popout message appearing from the left of the home page has been collapsed. If this cookie is enabled and set, it will ensure that in future browsing sessions the message is collapsed to the right of the page until the IFRS Foundaiton changes the message. | Permanent | Preference |
| *ifrs.org | nlbi_{ID} | Security cookie | When the browsing session ends | Essential |
| shop.ifrs.org | APTIFY_ECOMMERCE_PWD (Encrypted) | Used to keep the visitors logged in the shop and keep the shopping cart active for the duration of the logged browsing session. We use the industry standard encryption so the password cannot be plainly read. | When the browsing session ends | Essential |
| shop.ifrs.org | APTIFY_ECOMMERCE_UID (Encrypted) | Used to keep the visitors logged in the shop and keep the shopping cart active for the duration of the logged browsing session. | When the browsing session ends | Essential |
| shop.ifrs.org | ASP.NET_SessionId (Encrypted) | Session IDs are a 120-bit random number that are represented, generally, by a 20-character string. The string is formatted so that it can be included in a URL and it does not have to undergo URL encoding. For example, the string may be used in cookie-less sessions. The most commonly used method of delivering session IDs is by using cookies to store the session IDs. | When the browsing session ends | Essential |
| shop.ifrs.org | co-enabled | Used to record the acceptance of our terms and conditions. | One year | Essential |
| eifrs.ifrs.org | JSESSIONID | This cookie represents session state in the eIFRS application and is used to cache information used to deliver the eIFRS application to your desktop. | Session | Essential |
Google may use other analytics cookies in addition to the ones we've listed above, so please visit Google for a full list.
In addition we have the core cookie-policy component on www.ifrs.org. This is not saved as a cookie—your preference is saved in local storage in your browser. This can be updated by revisiting the component and adjusting your settings. If you do this, have previously accepted all cookies and then choose to only accept certain cookies then the full list of cookies will remain in your browser but they will be dormant.
6. Follows
The website uses a ‘follow’ mechanism to allow users to curate IFRS Foundation content to their requirements. In order to use this function, a website user must be a registered user.
If a user chooses to ‘follow’ a topic, then news items tagged under this topic will show under the ‘My News’ function in the main News section of the website.
Choosing a follow automatically enables email notifications to the user about this a chosen topic. For example, this could be through the publishing of a news story on the website, or a manually curated email from the Foundation. These email notifications can be disabled at any time in the user’s account settings.
The email notifications can be ‘off’, ‘immediate’ or ‘daily’. The default will be off, but the user can amend this in the account settings.
Turning on follows in the follows page will always turn email notifications to the immediate’ setting. Turning on follows elsewhere in the site will not change the current email notification setting.
7. Lawful basis and consent
Prior to processing your personal data the IFRS Foundation ensures that it is entitled to do so under relevant data protection laws. If you have consented to receiving direct-marketing emails you have the right to revoke your consent at any time. If you receive any other type of communication from the IFRS Foundation, these will include an option for you to unsubscribe from such communications.
You may manage your preferences in accordance with your interests in relation to marketing and other emails sent to you through your Dashboard at any time.
Please be aware that there may be other grounds under which the IFRS Foundation may be entitled to process your personal data, for example in order to provide services to you. If you are a Legacy VRF Subscriber, your personal data may historically have been processed based on the following legal bases:
- based on your consent, which you have the right to withdraw at any time;
- to perform the contract governing VRF's provision of services to you;
- based on VRF's legitimate interest in providing the services you access and request; or
- to comply with VRF's legal obligations.
8. European Economic Area (EEA)
Please note that your personal data may be transferred outside of the EEA so that we can provide you with your requested services. Where such transfers are made it will be in accordance with applicable data protection laws to ensure sufficient protection of your personal data.
We have appointed Rickert Rechtsanwaltsgesellschaft m.b.H to be our data protection representative within the EEA. Their contact details are art-27-rep-ifrs@rickert.law. Individuals within the EEA can contact us directly (at compliance@ifrs.org) or contact our European representative.
If you are a Legacy VRF Subscriber, as VRF was headquartered in the United States and had service providers in other countries, your personal information may have historically been transferred or stored outside of your state, province or country to the United States and other locations where privacy laws may not be as protective as those in your state, province or country.
9. Continued Processing
The IFRS Foundation may continue to process your personal data after you have ceased to be a user of our Website, or if we have sent you any information requested by you for as long as is necessary and whilst there is a condition under applicable data protection laws and regulations which permits us to do so. When this is no longer the case, we will cease processing your personal data and ensure that it is returned to you or securely destroyed.
10. Surveys
From time to time we may ask you to complete research surveys so we can improve our products and services. Your responses to such surveys will be used only for internal planning and development purposes to achieve these aims.
11. Changes to the Privacy and Cookies Policy
From time to time, we may amend the way in which we process personal data to enhance the level of service that we offer to you. This may lead to changes in how we collect and/or use your personal information. Any such changes will be notified to you either at the point any new personal information is collected, or by us updating this Policy. You will then be asked to accept the new terms of this Privacy and Cookies Policy before you are able to continue using the Website. This includes any changes to the processing of your data as a result of VRF's merger with the IFRS Foundation if you are a VRF Legacy Subscriber.
12. Security and confidentiality
Any personal information you send to us will be treated with utmost confidence unless you are informed otherwise.
Where you are required to submit sensitive information to us, e.g. banking or credit card details, we use encryption technology to minimise the risk of unauthorised access to and improper use of your personal information. However, please be aware that despite the security measures we have in place, no computer system is completely secure and there is always some degree of risk whenever personal information is transferred.
13. Monitoring of telephone calls and e-mails
Your telephone calls and e-mails to us may be recorded and monitored for quality control purposes. We may also intercept communications made to individual members of staff at the IFRS Foundation when this is required for business purposes.
14. Your right to know what we know about you, make changes or ask us to stop processing your personal data
You have a right to ask us to stop processing your personal data, and if we do not need to process your data to carry out a service for you or communicate with you; or as permitted or required by law; we will cease all processing activities immediately.
You also have a right to ask for a copy of the information we hold about you. We will require valid identification (original driving licence or passport). If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you have any concerns, or if you would like us to stop processing your personal data or you would like a copy of the information we hold about you, please email compliance@ifrs.org with your queries or request. In order to confirm your identity , we require proof of identification to be sent by post to us for the attention of Head of Legal and Compliance at IFRS Foundation, Columbus Building, 7 Westferry Circus, Canary Wharf, London, E14 4HD, UK.
For further information see the Information Commissioner’s guidance here.
15. Contact us
If you have any queries relating to this Privacy Statement and Cookies Policy or you wish to notify us about any of the matters set out above, including if you are a Legacy VRF Subscriber, please feel free to contact us by email, using the link below, or by writing to:
Legal Department, IFRS Foundation, Columbus Building, 7 Westferry Circus, Canary Wharf, London, E14 4HD, UK.
This Privacy Statement was last updated: July 2022.
