The Institute of Directors (IoD), its branches and all affiliated entities (“we”, “us”, or “our”) understands that
your privacy is important to you and that you care about how your personal data is used and shared by the IoD. The
IoD is committed to respecting and protecting your privacy. This Privacy Policy (the “
Policy”)
provides you with an overview of how we collect, store and use any personal data that you provide to us or that we
collect from third parties.
Please take the time to read this Policy, which contains important information about the way in which we process
personal data.
We are a body operated under Royal Charter RC000252; we are registered for VAT purposes with number 239 1193 61; our
registered office is at 116 Pall Mall, London, SW1Y 5ED.
Our data protection officer can be contacted at Data Protection Officer, 116 Pall Mall, London, SW1Y 5ED or by email
at
gdpr@IoD.com or by calling us on 020 7766 1233.
Depending on our relationship, we will collect and use your information in different ways. Please click on the links
below to find out the information that we collect about you and how we use this information.
Please go to the section(s) below that best describes our relationship with you to find out the information that
we collect about you and how we use this information. We refer to this as "personal information" throughout this
policy.
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following
information about you for the reasons set out below:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) information provided when you correspond with us;
(vi) any updates to information provided to us;
(vii) personal information we collect about you or that we obtain from our third-
party sources;
(viii) the following information created and recorded automatically when you
visit our websites:
(A) Technical information. This includes: Internet Protocol (IP) address used to
connect your computer to the internet address; the website address and country from which you access
information; the files requested; browser type and version; browser plug-in types and versions; operating
system; and platform. We use this personal information to administer our websites, to measure the
efficiency of our systems and to undertake an analysis on the locations from which people access our
webpages; and
(B) Information about your visit and your behaviour on our website (for example,
the pages that you click on).This may include the website you visit before and after visiting our websites
(including date and time), time and length of visits to certain pages, page interaction information (such
as scrolling, clicks, and mouse-overs), methods used to browse away from the page, traffic data, location
data, weblogs and other communication data and information provided when requesting further service or
downloads.
(b)How we use your personal information
We will collect, use and store the personal information listed above for the
following reasons:
(i) to allow you to access, use and place orders via our websites;
(ii) to receive enquiries from you through our websites about our Membership
Services and other services;
(iii) for improvement and maintenance of our website and to provide technical
support for our websites;
(iv) to ensure the security of our websites;
(v) to recognise you when you return to our websites, to store information about
your preferences, and to allow us to customise the website according to your individual interests; and
(vi) to evaluate your visit to the website and prepare reports or compile
statistics to understand the type of people who use our websites, how they use our websites and to make our
websites more intuitive. Such details will be anonymised as far as reasonably possible and you will not be
identifiable from the information collected.
Please see sections 2.8 and 2.9 for more details about how we use
your personal information.
(a)What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following
information about you:
(i) your name;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) your age (date of birth);
(vi) your ID documents (such as a utility bill or copy of your driving licence);
(vii) your bank account details for processing your Membership payment, events or
training course bookings, including bank sort code, bank account number and/or credit or debit card
details);
(viii) your photograph if you are an advance member and choose to upload your
photograph to the site;
(ix) your dietary and accessibility requirements (if any) if you attend an event
or training course with us;
(x) Information provided when you correspond with us;
(xi) any updates to information provided to us;
(xii) information about the services we provide to you:
(A) information needed to provide the Membership Services to you (including
information on joining forms, order details, order history and payment details);
(B) Membership Services information; and
(C) Membership relationship management and marketing information;
(xiii) health and safety information, including any accidents you have at one of
our properties if you attend one of our events or courses;
(xiv) CCTV recordings, if you visit one of our sites; and
(xv) information you provide to help us provide you with improved service, for
example if we ask you to fill in a survey or questionnaire.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the
following reasons:
(i) to provide you with your Membership and associated Membership services;
(ii) to deal with any enquiries or issues you have about your Membership;
(iii) to send you certain communications (including by email, SMS or post) about
our products and services such as administrative messages (for example, setting out changes to our terms
and conditions and keeping you informed about our fees and charges);
(iv) to ensure your safety and security and that of others, using CCTV;
(v) to carry out statistical analysis and market research on people who may be
interested in our Membership Services; and
(vi) if it is in our legitimate interests for business development and marketing
purposes to contact you (including by telephone, SMS or post) with information about our products and
services or the products and services of our suppliers which either you request, or which we feel will be
of interest to you.
Please see sections 2.7 and 2.8 for more details about how we use your personal
information.
(c) Information we need to provide services to you.We
need certain types of personal information so that we can provide services to you and perform contractual
and other legal obligations that we have to you. If you do not provide us with such personal information,
or if you ask us to delete it, you may no longer be able to access your Membership services.
(a) What personal information do we collect about you?
We, or third parties on our behalf, may collect and use any of the following
information about you for the reasons set out below:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) video image for online conference and meetings (only if you choose to share your webcam);
(v) your telephone number;
(vi) CCTV recordings, if you visit one of our sites;
(vii) your dietary and accessibility requirements;
(viii) health and safety information, including any accidents that you have at one
of our sites;
(ix) CCTV recordings, if you visit one of our sites;
(x) if you take our CDir assessment we will also collect:
(A) voice recordings;
(B) bankruptcy/insolvency declaration;
(C) board cycle with job titles;
(D) delegated authority information;
(E) details of any professional memberships;
(F) employment and directorship history;
(G) criminal history declaration; and
(H) statement of regulatory investigation
(xi) if you take an exam with us, we will also collect;
(A) medical reports, if you make an application for reasonable adjustment/special
consideration and any accessibility information;
(B) evidence of your previous qualifications if you apply for an exemption;
(C) photographic identification and video footage of you if you take a remotely
invigilated exam;
(D) your examination scripts, scores and results
(xii) information provided when you correspond with us; and
(xiii) any updates to information provided to us; and
(xiv) if you enter our Director of the Year Awards we will also collect;
(A) Your Instagram and/or your twitter contact details
(B) Your company financial turnover and profit details
(C) Your photograph and/or video (should you choose to upload one to the site)
(b) How we use your personal information
We will collect, use and store the personal information listed above to administer your attendance at our premises, event, course or exam, to judge your entry for the Director of the Year Awards, and to deal with any enquiries or issues you have about our products and services, including any questions you may have about how we collect, store and use your personal information, or any requests made by you for a copy of the information we hold about you.
When attending an event, we will share your name and company name with other delegates to enable you to network with other attendees.
If we do not have a contract with you, we may process your personal information for these purposes where it is in our legitimate interests to allow you to attend our premises or event or to deal with your enquiries.
Please see sections 2.8 and 2.9 for more details about how we use your personal
information.
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following
information about you for the reasons set out below:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) your (or your employer's) payment details (including bank account number and
sort code and/debit or credit card); and
(vi) information about your preferences.
(b) How we use your personal information
We will collect, use and store the personal information listed above to deal with
any enquiries or issues you have about our products and services (including around Membership Services),
including any questions you may have about how we collect, store and use your personal information, or any
requests made by you for a copy of the information we hold about you.
If we do not have a contract with you to provide the relevant products or
services, we may process your personal information for these purposes where it is in our legitimate
interests for the provision of these products or services.
Please see sections 2.8 and 2.9 for more details about how we use your personal
information.
(a) What personal information we collect about you
We, or third parties on our behalf, may collect and use any of the following
information about you:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number; and
(v) information about your preferences.
(b) How we use your personal information
We will collect, use and store the personal information listed above, if you have consented or, otherwise, if it is in our legitimate interests, for business development and marketing purposes, to contact you (including by telephone, email, post or social media channels) with information about our products and services which either you request, or which we feel will be of interest to you (including newsletters).
Please see sections 2.8 and 2.9 for more details about how we use your personal
information.
(c) Source of personal information. We may receive
some of your personal information from third parties, such as marketing agencies.
(a) What personal information do we collect about you?
We, or third parties on our behalf, may collect and use any of the following
information about you:
(i) your name including your title;
(ii) your postal address;
(iii) your email address;
(iv) your telephone number;
(v) information provided when you correspond with us; and
(vi) any updates to information provided to us.
(b) How we use your personal information
We will collect, use and store the personal information listed above to deal with
any enquiries or issues you have about our products and services (including around Membership Services),
including any questions you may have about how we collect, store and use your personal information, or any
requests made by you for a copy of the information we hold about you.If we do not have a contract with you,
we may process your personal information for these purposes where it is in our legitimate interests for
customer services purposes.
Please see sections 2.8 and 2.9 for more details about how we use your personal
information.
(a) What personal information do we collect about you?
We, or third parties on our behalf, may collect and use any of the following
information about you for the reasons set out below:
(i) your name including your title;
(ii) work contact information (phone number, postal address, mailing address,
email address);
(iii) your job title;
(iv) your date of birth;
(v) information provided when you correspond with us;
(vi) any updates to information provided to us;
(vii) CVs, pitch and tender information;
(xii) work hours (overtime and hours worked);
(xiii) a recording of your voice, your biography and contact details where
required for course content development; and
(xiv) if you attend our sites, CCTV recordings.
(b) How we use your personal information
We will collect, use and store the personal information listed above for the
following reasons:
(i) to enable us to purchase and receive products and services from you or your
employer (including supplier due diligence, payment and expense reporting and financial audits);
(ii) to assess your working capacity;
(iii) to deal with enquiries from you or your employer;
(iv) to confirm information on CVs and performance reference checks, to assess
you or your employer's suitability to work for us;
(v) for health and safety records and management; and
(vi) for CCTV monitoring and other security of IoD facilities.
Please see sections 2.8 and 2.9 for more details about how we use your personal
information.
(c) Source of personal information.We may receive
some of your personal information from third party sources, such as your employer or your employer's
company website. We may also collect this personal information from publicly-available sources, such as
LinkedIn.
(d) Information we need to receive the services from you.Please
note that we need certain types of personal information so that you or your employer can provide services
to us. If you do not provide us with such personal information, or if you or your employer asks us to
delete it, you may no longer be able to provide services to us.
(a) to deal with any enquiries or issues you have about how we collect, store and
use your personal information, or any requests made by you for a copy of the information we hold about
you.If we do not have a contract with you, we may process your personal information for these purposes
where it is in our legitimate interests to deal with your enquiries or requests;
(b) for internal IoD reporting, IoD administration, ensuring adequate insurance
coverage for our operations, ensuring the security of IoD facilities, research and development, and to
identify and implement operational efficiencies.We may process your personal information for these purposes
where it is in our legitimate interests to do so;
(c) to comply with any procedures, laws and regulations which apply to us – this
may include where we reasonably consider it is in our legitimate interests or the legitimate interests of
others to comply, as well as where we are legally required to do so; and
(d) to establish, exercise or defend our legal rights – this may include where we
reasonably consider it is in our legitimate interests or the legitimate interests of others, as well as
where we are legally required to do so.
Before using your personal information for any purposes which fall outside those
set out in this section 2, we will undertake an analysis to establish if our new use of your personal
information is compatible with the purposes set out in this section 2. Please contact us using the details
in Section
13 if you want further information on the analysis we will undertake.
3.1 We consider that the legal bases for using your personal information as set out in this privacy policy
are as follows:
(a) our use of your personal information is necessary to perform our obligations
under any contract with you (for example, to provide you with Membership Services, a course or exam, to
comply with the terms of use of our website which you accept by browsing our website and/or to comply with
our contract to provide services to or receive services from you or your employer); or
(b) our use of your personal information is necessary for complying with our
legal obligations (for example, for health and safety purposes, anti-money laundering or compliance with
HMRC requirements); or
(c) where neither (a) nor (b) apply, use of your personal information is
necessary for our legitimate interests or the legitimate interests of others (for example, to ensure the
security of our website). Our legitimate interests are to:
(i) run, grow and develop the IoD and IoD community;
(ii) collect and use the information needed to run our events, courses and exams;
(iii) operate the IoD Membership;
(iv) select appropriately skilled and qualified suppliers;
(v) ensure a safe environment for our Members, attendees at our premises and
suppliers;
(vi) carry out marketing, market research and business development;
(vii) place, track and ensure fulfilment of orders with our suppliers; and
(viii) for internal administrative purposes.
If we rely on our (or another person's) legitimate interests for using your
personal information, we will undertake a balancing test to ensure that our (or the other person's)
legitimate interests are not outweighed by your interests or fundamental rights and freedoms which require
protection of the personal information.You can ask us for information on this balancing test by using the
contact details at section
13.
3.2 We may use your special categories of data (such as your dietary requirements when you attend an event
at our premises, your medical records and criminal records data where you are taking the CDir assessment)
where you have provided your consent (which you may withdraw at any time after giving it, as described
below).
3.3 We may process your personal information in some cases for marketing purposes on the basis of your
consent (which you may withdraw at any time after giving it, as described below).
3.4 If we rely on your consent for us to use your personal information in a particular way, but you later
change your mind, you may withdraw your consent by contacting us at
gdpr@iod.com
and we will stop doing so. However, if you withdraw your consent, this may impact the ability for us to be
able to provide those services which require use of your special categories of data such as health
information (such as the CDir assessment).
4.1 We may share your personal information with our volunteers and other third parties engaged with the IoD
(such as the IoD chairs, Committee Members and Ambassadors) where it is in our legitimate interests to do
so for internal administrative purposes (for example, for operational strategy, compliance, auditing and
monitoring, research and development and quality assurance).
4.2 We may sometimes contract with specially selected third parties to supply products and services to you
on our behalf.
4.3 We will share your personal information with the following third parties or categories of third parties
who act as a data controller in respect of your information which means that they will use your data for
their own purpose:
(a) Law Express Ltd who provide legal advice services to Members via exclusive
phone helpline. Law Express will only deal with Members personally and will handle your personal
information in accordance with the terms of their
privacy
policy.
(b) Croner Taxwise Ltd who provide our Members with tax advice services via an
exclusive phone helpline. Croner Taxwise will only deal with Members personally and will handle your
personal information in accordance with the terms of their
privacy
policy
.
(c) Hiscox who provide discounts on specialist business insurance including Cyber
& Data Risks, Professional Indemnity and Office, as well as award-winning policies for Home &
Contents. Hiscox will handle your personal information in accordance with the terms of their
privacy
policy
.
(d) Hertz who provide discounted car and van hire and free membership of rental
loyalty programme and will handle your personal information in accordance with the terms of their
privacy
policy
.
4.4 We will share your personal information with the following third parties or categories of third parties:
(a) our suppliers who deliver our training courses, examinations, events, executive coaching
and provide our Directors and Advisory Services;
(b) we may share anonymised and aggregated statistical information with our
suppliers to demonstrate what interest there has been in any marketing campaigns we have assisted our
suppliers in carrying out;
(c) our other service providers and sub-contractors, including accounting and finance services, payment processors, utility providers, suppliers of technical and support services, online conference and meeting providers, insurers, logistic providers, and cloud service providers;
(d) public agencies and the emergency services;
(e) companies that assist in our marketing, advertising and promotional
activities;
(f) analytics and search engine providers that assist us in the improvement and
optimisation of our website.
4.5 Any third parties set out in 4.4 above with whom we share your personal information are limited (by law
and by contract) in their ability to use your personal information for any purpose other than to provide
services for us. We will always ensure that any third parties with whom we share your personal information
are subject to privacy and security obligations consistent with this privacy policy and applicable laws.
4.6 We will also disclose your personal information to third parties:
(a) if we are under a duty to disclose or share your personal information in
order to comply with any legal obligation, any lawful request from government or law enforcement officials
and as may be required to meet national security or law enforcement requirements or prevent illegal
activity;
(b) in order to enforce or apply our terms of use, our terms and conditions for
Members, suppliers or customers or any other agreement or to respond to any claims, to protect our rights
or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
(c) to protect the rights, property, or safety of the IoD, our staff, our
Members, suppliers or customers or other persons. This may include exchanging personal information with
other organisations for the purposes of fraud protection and credit risk reduction.
4.7 We may also disclose and use anonymised, aggregated reporting and statistics about users of our websites
or our goods and services for the purpose of internal reporting or reporting to third parties, and for our
marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable
our users to be personally identified.
4.8 Save as expressly detailed above, we will never share, sell or rent any of your personal information to
any third party without notifying you and, where necessary, obtaining your consent. If you have given your
consent for us to use your personal information in a particular way, but later change your mind, you should
contact us, and we will stop doing so.
8.1 You have the following rights in respect of our collection and use of your data under the GDPR. Your
rights are as follows:
(a) The right of access to the personal data we hold about you. You
have a right of access to any personal information we hold about you. You can ask us for a copy of your
personal information; confirmation as to whether your personal information is being used by us; details
about how and why it is being used; and details of the safeguards which are in place if we transfer your
information outside of the UK.
(b) The right to rectification if any personal data we hold about
you is inaccurate or incomplete
. You have a right to request an update to any of your personal
information which is out of date or incorrect.
(c) Right to delete your information. You have a right to
ask us to delete any personal information which we are holding about you in certain specific
circumstances. You can ask us for further information on these specific circumstances by contacting us using
the details in section 13.
(d) The right to restrict (i.e. prevent) the processing of your
personal data
.You have a right to ask us to restrict the way that we process your personal
information in certain specific circumstances. You can ask us for further information on these specific
circumstances by contacting us using the details in section 13.
(e) Right to stop marketing: You have a right to ask us to
stop using your personal information for direct marketing purposes. If you exercise this right, we will stop
using your personal information for this purpose.
(f) Right to data portability: You have a right to ask us
to
provide your personal information to a third-party provider of services.
This right only applies where we use your personal information on the basis of
your consent or performance of a contract; and where our use of your information is carried out by
automated means.
(g) Right to object. You have a right to ask us to consider
any valid objections which you have to our use of your personal information where we process your personal
information on the basis of our or another person's legitimate interest.
8.2 We will consider all such requests and provide our response within a reasonable period (and in any event
within one month of your request unless we tell you we are entitled to a longer period under applicable
law). Please note, however, that certain personal information may be exempt from such requests in certain
circumstances, for example if we need to keep using the information to comply with our own legal
obligations or to establish, exercise or defend legal claims.
8.3 If an exception applies, we will tell you this when responding to your request. We may request you
provide us with information necessary to confirm your identity before responding to any request you make.
8.4 We aim to give you strong controls on our use of your data for direct marketing purposes, including the
ability to opt-out of receiving emails from us or selecting exactly what types of information you wish to
receive from us via the IoD preference centre.
8.5 If you have a digital account with the IoD you may be able to access our online portal to view and
change some of your details. You will also be able to change your preferences regarding marketing
messages. You can access your account
here.
You can also access all personal information we hold on you by writing to us at: FAO: Data Protection
Officer, 116 Pall Mall, London, SW1Y 5ED. You can also contact us by email at
gdpr@IoD.com
or by calling us on 020 7766 1233.