top of page

Privacy Policy

INVEST IN ASEAN

Privacy & Data Protection

Invest in ASEAN is committed to protecting the privacy and personal data of all individuals who interact with its Website, programmes, and communications. IIA processes personal data in accordance with:

  • The UK General Data Protection Regulation (UK GDPR), as retained in UK law pursuant to Section 3 of the European Union (Withdrawal) Act 2018;

  • The Data Protection Act 2018 (DPA 2018);

  • The EU General Data Protection Regulation (EU GDPR) (Regulation (EU) 2016/679), to the extent that IIA processes personal data of individuals in the European Economic Area (EEA);

  • The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), as amended;

  • All other applicable UK and international data protection legislation.

  • IIA as Data Controller: Invest in ASEAN acts as the Data Controller for personal data collected through its Website, programme applications, and marketing communications. IIA's registered address is 25 Fair Street, London SE1, United Kingdom. Data protection enquiries should be directed to data@investinasean.com.

Personal Data IIA Collects

IIA may collect and process the following categories of personal data:

  • Identity data: full name, job title, professional biography;

  • Contact data: email address, telephone number, postal address, organisation;

  • Professional data: employment history, qualifications, sector, career stage (as provided in programme applications);

  • Demographic data: nationality, country of origin, country of residence (for programme eligibility assessment — collected with explicit consent);

  • Communications data: records of correspondence with IIA, responses to IIA's communications, event attendance history;

  • Technical data: IP address, browser type and version, time zone, operating system, device type, cookie identifiers (see Section 10);

  • Usage data: pages visited, links clicked, time spent on pages, referral URLs.

IIA does not intentionally collect special category data (as defined under UK/EU GDPR Article 9 — including racial or ethnic origin, health data, sexual orientation, or religious belief) through the Website. 

International Data Transfers

International Data Transfers

IIA operates across the UK and the ASEAN region. Where personal data is transferred outside the UK to countries not deemed adequate by the UK ICO (including ASEAN member states that do not have equivalent data protection frameworks), IIA implements appropriate safeguards, including Standard Contractual Clauses (UK Addendum to the EU SCCs, as issued by the ICO) or equivalent mechanisms, to ensure that transferred data receives a standard of protection substantially equivalent to that provided under UK GDPR.

Where personal data of EEA residents is transferred outside the EEA, IIA implements the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) or other appropriate transfer mechanisms under EU GDPR Chapter V.

Data Retention

IIA retains personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law. IIA's retention schedule includes the following general principles:

  • Programme participant records: retained for the duration of programme participation plus seven years (for contractual and legal compliance purposes);

  • Marketing and newsletter subscriber records: retained for the duration of the subscription, plus three years from the date of last interaction, unless consent is withdrawn earlier;

  • Event attendance records: retained for three years from the event date;

  • Sponsorship and partnership records: retained for the duration of the commercial relationship plus seven years (for financial and compliance purposes);

  • Website enquiry records: retained for two years from the date of enquiry unless a programme or commercial relationship results.

Data Processors

IIA may engage third-party data processors to support its operations, including website hosting and content management (Wix.com), email communications platforms, event management tools, and CRM systems. All processors are engaged under written data processing agreements compliant with UK GDPR Article 28. IIA remains the Data Controller and is responsible for the lawful processing of personal data by its processors on its behalf.

Cookie Policy

IIA's Website uses cookies and similar tracking technologies in accordance with the Privacy and Electronic Communications Regulations 2003 (PECR) and, where applicable, EU GDPR and the ePrivacy Directive (2002/58/EC as amended by 2009/136/EC). Cookies are small text files placed on your device when you visit the Website.

Categories of Cookies

  • Strictly Necessary Cookies: Essential for the Website to function. These cookies do not require consent under PECR and cannot be disabled. They include session management, security tokens, and load-balancing cookies.

  • Functional Cookies: Remember your preferences and settings (e.g., language preferences, form completion state). Deployed with your consent.

  • Analytics Cookies: Collect aggregated, anonymised data about Website usage (pages visited, time on site, referral source) to help IIA improve its Website. IIA may use tools such as Google Analytics, Wix Analytics, or equivalent. Deployed with your consent.

  • Marketing and Targeting Cookies: Used to deliver relevant communications and measure the effectiveness of IIA's marketing. Deployed only with your explicit consent. IIA does not serve third-party advertising on its Website.

Managing Cookies

You can manage your cookie preferences at any time through IIA's cookie consent banner, which is displayed on your first visit to the Website, or through your browser settings. Please note that disabling certain cookies may affect the functionality of the Website. Instructions for managing cookies in major browsers are available at www.aboutcookies.org.

For more information about cookies, visit the ICO's guidance at ico.org.uk/for-the-public/online/cookies.

bottom of page