The Institute of Directors (IoD), its
subsidiaries and all affiliated entities (“we”, “us”, or “our”) understands
that your privacy is important to you and that you care about how your personal
data is used and shared by the IoD. The IoD is committed to respecting and
protecting your privacy.
(the “Policy”) provides you with an overview of how we collect, store and use
any personal data that you provide to us.
Please take the time to read this Policy,
which contains important information about the way in which we process personal
We are a body operated under Royal Charter
RC000252, we are registered for VAT purposes with number 239 1193 61. Our
registered office is at 116 Pall Mall, London, SW1Y 5ED.
We are also registered with the Information
Commissioner’s Office as a data controller (Registration number:
As a data subject, you have the following rights in respect of
your data under the GDPR. Your rights are as follows:
The right to be informed about our collection and use of personal
data you provide;
The right of access to the personal data we hold about you (see
The right to rectification if any personal data we hold about you
is inaccurate or incomplete (please contact us using the details in section 10);
The right to be forgotten – i.e. the right to ask us to delete any
personal data we hold about you (we only hold your personal data for a limited
time, as explained in section 3 but if you would like us to delete it sooner,
please contact us using the details in section 10);
The right to restrict (i.e. prevent) the processing of your
The right to data portability (obtaining a copy of your personal
data to re-use with another service or organisation);
The right to object to us using your personal data for particular
Rights with respect to automated decision making and profiling.
If you have any cause for complaint about our use of your personal
data, please contact us using the details provided in section 10. If you are
unhappy or unsatisfied with how your data is processed by the IoD and following
a complaint to the IoD’s Data Protection Officer.
If you remain unhappy with the response to
your complaint, you have the right to lodge a complaint with the Information
The ICO’s address is: Information
Commissioner’s Office, Wycliffe House,
Cheshire, SK9 5AF. You can also visit their website for more information -
What Personal Data Do we Collect?
collect different kinds of information from you depending on our relationship
with you. We may collect some or all of the following personal, special
category and non-personal data.
date of birth;
contact information such as email addresses and telephone numbers;
demographic information such as post code, preferences, and
financial information such as bank account and credit / debit card
web browser type and version;
operating system; and
a list of URLs starting with a referring website, your activity on
How we Use Your Data?
All personal data is processed and stored securely, for no longer
than is necessary in light of the reason(s) for which it was first collected.
we will comply with our obligations and safeguard your
rights under the GDPR
at all times.
our use of your personal data will always have a
lawful basis, either because it is necessary for our performance of a contract
with you, because you have consented to our use of your personal data (e.g. by
subscribing to emails), or because it is in our legitimate interests.
Specifically, we may use your data for the following purposes:
Providing and managing your IoD membership and membership
our Provision of qualifications;
Provision of information and experiences to promote director
development opportunities, sponsorship and advertising
our Market research, including product usage and
With your permission and/or where permitted by law, we may also
use your data for marketing purposes which may include contacting you by email and/or
and text message with
information, news and offers on our products and services
. we will not, however, send you any
unsolicited marketing or spam and will take all reasonable steps to ensure that
we fully protect your rights and comply with our obligations under the GDPR and
the Privacy and Electronic Communications (EC Directive) Regulations 2003.
You have the right to withdraw your consent to us using your
personal data at any time, and to request that we delete it.
we will retain your data for as long as it is
needed for the relevant regulatory, assurance and conduct purposes. Your personal
data will be retained for the periods stated with our Retention Policy.
How and Where Do we Store Your Data?
We only keep your personal data for as long as we need to in order
to use it as described above in section 2, and/or for as long as we have your
permission to keep it.
Your data will only be stored within the European Economic Area
(“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland,
Data security is very important to us, and to protect your data we
have taken suitable measures to safeguard and secure data collected through our
Do we Share Your Data?
We may sometimes contract with specially selected third parties to
supply products and services to you on our behalf. These may include payment
processing, delivery of goods, search engine facilities, advertising, and
marketing. In some cases, the third parties may require access to some or all
of your data. Where any of your data is required for such a purpose, we will
take all reasonable steps to ensure that your data will be handled safely,
securely, and in accordance with your rights, our obligations, and the
obligations of the third party under the law.
If we share your information with third parties, they will process
your information as either a data controller or as a data processor and this
will depend on the purposes of our sharing your personal data.
we will share your personal data in compliance with GDPR.
Third parties (including Director.co.uk, Director of the year
Hiscox, Hertz, Chubb, Quantum, Westfield
Health, Digital Academy, Avondale, World First, Law Express Ltd and
Croner Taxwise Ltd) whose content
appears on our Site may use third party Cookies, as detailed in our Cookie
Policy. Please refer to the
controlling Cookies. Please note that we do not control the activities of such
third parties, nor the data they collect and use and advise you to refer to the
privacy policies for the third parties.
we will ensure
that all third party suppliers we work with are required to respect your
privacy and act in accordance with all data protection laws.
We may compile statistics about the use of our Site including data
on traffic, usage patterns, user numbers, sales, and other information. All
such data will be anonymised and will not include any personally identifying
data, or any anonymised data that can be combined with other data and used to
we may from time to time share such data
with third parties such as prospective investors, affiliates, partners, and
advertisers. Data will only be shared and used within the bounds of the law.
We may sometimes use third party data processors that are located outside of the European Economic Area
(“the EEA”) (The EEA consists of all EU member states, plus Norway, Iceland,
and Liechtenstein). Where we transfer any personal data outside the EEA, we
will take all reasonable steps to ensure that your data is treated as safely
and securely as it would be within the UK and under the GDPR.
In certain circumstances, we may be legally required to share
certain data held by us, which may include your personal data, for example,
where we are involved in legal proceedings, where we are complying with legal
requirements, a court order, or a governmental authority.
What Happens If our Business Changes Hands?
We may, from time to time, expand or reduce our business and this
may involve the sale and/or the transfer of control of all or part of our
business. Any personal data that you have provided will, where it is relevant
to any part of our business that is being transferred, be transferred along
with that part and the new owner or newly controlling party will, under the
purposes for which it was originally collected by Us.
In the event that any of your data is to be transferred in such a
manner, you will be contacted in advance and informed of the changes. When
contacted you will not, however, be given the choice to have your data deleted
or withheld from the new owner or controller.
How Can You Control Your Data?
In addition to your rights under the GDPR, set out in section 1,
when you provide personal data to us, you will also have the option to restrict
how we use your data. In particular, we aim to give you strong controls on our
use of your data for direct marketing purposes, including the ability to
opt-out of receiving emails from us or selecting exactly what types of
information you wish to receive from us via the IoD preference centre.
You may also wish to sign up to one or more of the preference
services operating in the UK: The Telephone Preference Service (“the TPS”), the
Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference
Service (“the MPS”). These may help to prevent you receiving unsolicited
marketing. Please note, however, that these services will not prevent you from
receiving marketing communications that you have consented to receiving.
How Can You Access Your Data?
If you have
a digital account with the IoD you may be able to access our online portal to
view and change some of your details. You will also be able to change your
preferences regarding marketing messages. You can access your account
here. You can also access all personal information
we hold on you by writing to us at: FAO: Data Protection Officer, 116 Pall
London, SW1Y 5ED. You can also contact us by
firstname.lastname@example.org or by calling us on 020 7766
The products and services provided by the IoD are intended for
individuals over the age of 16. If you are aged 16 or under, please obtain your
parent/guardian’s permission before you provide is with personal information.
If you have
any questions about this Policy and how it affects you, please contact us by
email at email@example.com, by telephone on 020 7766 1233, or by post at 116 Pall
Mall, London SW1Y 5ED. we
was last reviewed in August 2018. The content of the Policy may be reviewed and
changed without prior notice, if any significant changes are made to the
Policy, this will be communicated to you.