AIRFA Privacy Policy


Association of Independent Risk & Fraud Advisors

At AIRFA we are committed to upholding your privacy as a valued member, client, prospective client, user of the services offered by AIRFA or simply visiting our website. As a trusted consulting and advisory service, its business operations include collecting, storing, processing data relating to its clients and prospective clients. Riskskill, though based in Europe operates globally and has in place, general rules and protocols which apply to data protection in multi-jurisdictional environments. The AIRFA privacy policy includes measures that we will take as soon as practicable as well as compliance and notification steps as soon as it is aware that there are reasonable grounds to believe there is an eligible data breach.

In dealing with external parties, Riskskill adopts the following key principles:


  1. AIRFA is governed by local privacy regulation e.g. the European General Data Protection Regulation (GDPR), British Data Privacy law, which mirrors and is stronger than the GDPR, i.e. the Data Protection Act 2018.

  2. AIRFA will collect only the minimum amount of personal data required to provide a service to your organisation, including access to and use of this website.

  3. AIRFA, through adherence to its own internal policy and procedures, will use best endeavours to collect, process and store personal data, where required, in an effective and responsible manner. This will include IT equipment and systems being secured, audits performed, appropriate logs kept, checks on the system security being conducted from time to time and data privacy impact assessments being conducted as and when significant privacy impacting new business is planned.

  4. AIRFA will not sell any personal details to third parties for promotional or other commercial purposes.

  5. Personal details will not be sent to, nor processed in, countries where a less stringent privacy jurisdiction is applied.

  6. In keeping with the key data privacy protection principles and Data Subject Access Rights, AIRFA will collect, store and maintain personal data only as required and retained for as long as necessary.

  7. Individuals in their own right or as individuals who have authority to represent their organisation give informed consent when they provide their personal data; that includes the right to know how their own data will be used by AIRFA.

  8. AIRFA has in place a Data Breach Notification process so that in the unlikely and urgent situation that follows a data breach, everyone knows what to do.

  9. We have a Data Protection Lead who is responsible for dealing with your queries and ensuring good privacy practice. Please contact enquiries@airfa.net