Privacy policy

Introduction

The Institute of Directors (IoD), its subsidiaries and all affiliated entities (“we”, “us”, or “our”) understands that your privacy is important to you and that you care about how your personal data is used and shared by the IoD. The IoD is committed to respecting and protecting your privacy. This Privacy Policy (the “Policy”) provides you with an overview of how we collect, store and use any personal data that you provide to us.

Please take the time to read this Policy, which contains important information about the way in which we process personal data.

We are a body operated under Royal Charter RC000252, we are registered for VAT purposes with number 239 1193 61. Our registered office is at 116 Pall Mall, London, SW1Y 5ED.

We are also registered with the Information Commissioner’s Office as a data controller (Registration number: Z6940750).

1.               Your Rights

1.1            As a data subject, you have the following rights in respect of your data under the GDPR. Your rights are as follows:

1.1.1        The right to be informed about our collection and use of personal data you provide;

1.1.2        The right of access to the personal data we hold about you (see section 7);

1.1.3        The right to rectification if any personal data we hold about you is inaccurate or incomplete (please contact us using the details in section 10);

1.1.4        The right to be forgotten – i.e. the right to ask us to delete any personal data we hold about you (we only hold your personal data for a limited time, as explained in section 3 but if you would like us to delete it sooner, please contact us using the details in section 10);

1.1.5        The right to restrict (i.e. prevent) the processing of your personal data;

1.1.6        The right to data portability (obtaining a copy of your personal data to re-use with another service or organisation);

1.1.7        The right to object to us using your personal data for particular purposes; and

1.1.8        Rights with respect to automated decision making and profiling.

1.2            If you have any cause for complaint about our use of your personal data, please contact us using the details provided in section 10. If you are unhappy or unsatisfied with how your data is processed by the IoD and following a complaint to the IoD’s Data Protection Officer. If you remain unhappy with the response to your complaint, you have the right to lodge a complaint with the Information Commissioner’s Office.

The ICO’s address is: Information Commissioner’s Office, Wycliffe House, Water Lane, Cheshire, SK9 5AF. You can also visit their website for more information - http://www.ico.org.uk/ 

1.3            What Personal Data Do we Collect?

We will collect different kinds of information from you depending on our relationship with you. We may collect some or all of the following personal, special category and non-personal data.

1.4            salutation;

1.5            name;

1.6            date of birth;

1.7            gender;

1.8            business/company name

1.9            job title;

1.10         profession;

1.11         contact information such as email addresses and telephone numbers;

1.12         demographic information such as post code, preferences, and interests;

1.13         financial information such as bank account and credit / debit card numbers;

1.14         criminal convictions;

1.15         IP addresses;

1.16         web browser type and version;

1.17         operating system; and

1.18         a list of URLs starting with a referring website, your activity on our websites

2.               How we Use Your Data?

2.1            All personal data is processed and stored securely, for no longer than is necessary in light of the reason(s) for which it was first collected. we will comply with our obligations and safeguard your rights under the GDPR at all times.

2.2            our use of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data (e.g. by subscribing to emails), or because it is in our legitimate interests. Specifically, we may use your data for the following purposes:

2.2.1        Providing and managing your IoD membership and membership experience;

2.2.2        our Provision of qualifications;

2.2.3        Provision of information and experiences to promote director development opportunities, sponsorship and advertising

2.2.4        our Market research, including product usage and transactional data.

2.3            With your permission and/or where permitted by law, we may also use your data for marketing purposes which may include contacting you by email and/or telephone and text message with information, news and offers on our products and services . we will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that we fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003.

2.4            You have the right to withdraw your consent to us using your personal data at any time, and to request that we delete it.

2.5            we will retain your data for as long as it is needed for the relevant regulatory, assurance and conduct purposes. Your personal data will be retained for the periods stated with our Retention Policy.

 3.               How and Where Do we Store Your Data?

3.1            We only keep your personal data for as long as we need to in order to use it as described above in section 2, and/or for as long as we have your permission to keep it.

3.2            Your data will only be stored within the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein).

3.3            Data security is very important to us, and to protect your data we have taken suitable measures to safeguard and secure data collected through our Site.

 4.               Do we Share Your Data?

4.1            We may sometimes contract with specially selected third parties to supply products and services to you on our behalf. These may include payment processing, delivery of goods, search engine facilities, advertising, and marketing. In some cases, the third parties may require access to some or all of your data. Where any of your data is required for such a purpose, we will take all reasonable steps to ensure that your data will be handled safely, securely, and in accordance with your rights, our obligations, and the obligations of the third party under the law.

4.2            If we share your information with third parties, they will process your information as either a data controller or as a data processor and this will depend on the purposes of our sharing your personal data. we will share your personal data in compliance with GDPR.

4.3            Third parties (including Director.co.uk, Director of the year awards, Hiscox, Hertz, Chubb, Quantum, Westfield Health, Digital Academy, Avondale, World First, Law Express Ltd and Croner Taxwise Ltd) whose content appears on our Site may use third party Cookies, as detailed in our Cookie Policy. Please refer to the Cookie Policy for more information on controlling Cookies. Please note that we do not control the activities of such third parties, nor the data they collect and use and advise you to refer to the privacy policies for the third parties. we will ensure that all third party suppliers we work with are required to respect your privacy and act in accordance with all data protection laws.

4.4            We may compile statistics about the use of our Site including data on traffic, usage patterns, user numbers, sales, and other information. All such data will be anonymised and will not include any personally identifying data, or any anonymised data that can be combined with other data and used to identify you. we may from time to time share such data with third parties such as prospective investors, affiliates, partners, and advertisers. Data will only be shared and used within the bounds of the law.

We may sometimes use third party data processors that are located outside of the European Economic Area (“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein). Where we transfer any personal data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the UK and under the GDPR.

4.5            In certain circumstances, we may be legally required to share certain data held by us, which may include your personal data, for example, where we are involved in legal proceedings, where we are complying with legal requirements, a court order, or a governmental authority.

5.               What Happens If our Business Changes Hands?

5.1            We may, from time to time, expand or reduce our business and this may involve the sale and/or the transfer of control of all or part of our business. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner or newly controlling party will, under the terms of this Privacy Policy, be permitted to use that data only for the same purposes for which it was originally collected by Us.

5.2            In the event that any of your data is to be transferred in such a manner, you will be contacted in advance and informed of the changes. When contacted you will not, however, be given the choice to have your data deleted or withheld from the new owner or controller.

6.               How Can You Control Your Data?

6.1            In addition to your rights under the GDPR, set out in section 1, when you provide personal data to us, you will also have the option to restrict how we use your data. In particular, we aim to give you strong controls on our use of your data for direct marketing purposes, including the ability to opt-out of receiving emails from us or selecting exactly what types of information you wish to receive from us via the IoD preference centre.

6.2            You may also wish to sign up to one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receiving.

7.               How Can You Access Your Data?

7.1            If you have a digital account with the IoD you may be able to access our online portal to view and change some of your details. You will also be able to change your preferences regarding marketing messages. You can access your account here. You can also access all personal information we hold on you by writing to us at: FAO: Data Protection Officer, 116 Pall Mall, London, SW1Y 5ED. You can also contact us by email at gdpr@iod.com or by calling us on 020 7766 1233.

8.               Under 16

The products and services provided by the IoD are intended for individuals over the age of 16. If you are aged 16 or under, please obtain your parent/guardian’s permission before you provide is with personal information.

9.               our Use of Cookies

Please refer to the IoD Cookie Policy for more information.

10.            Contacting Us

If you have any questions about this Policy and how it affects you, please contact us by email at gdpr@iod.com, by telephone on 020 7766 1233, or by post at 116 Pall Mall, London SW1Y 5ED. we

11.            Policy review

This Policy was last reviewed in August 2018. The content of the Policy may be reviewed and changed without prior notice, if any significant changes are made to the Policy, this will be communicated to you.