1. ABOUT US
The Institute of Risk Management (ISRM) is legally established and is a non-profit organisation.
The ISRM has been established in order to create a global centre where practitioners, academics and policy makers can come together to share information, help progress and promote the underlying understanding and capabilities associated with strategic risk and crisis management, and develop their own personal and professional networks.
You can contact the ISRM via email: firstname.lastname@example.org
This policy tells what we do with your personal data, and who we may share it with. This policy also tells you about your rights in respect of the personal information we hold about you, and how to contact us to exercise your rights, or to find out more about how we handle personal data.
In order for us to fulfil our functions as a professional association, we process personal data relating to existing and prospective members, members of the public, our partners and other individuals we do business with (also referred to in this notice as ‘you’), including:
The ISRM is committed to preserving the appropriate confidentiality, integrity and security of the personal data we process by complying with the Data Protection Act 2018 (which incorporates the provisions of the 2016 General Data Protection Regulation (GDPR)) and all applicable Privacy and Electronic Communications Regulations.
4. WHAT PERSONAL DATA DO WE COLLECT?
Personal data is any information relating to an identifiable living individual. We may collect the following information about individuals:
We may also process in certain circumstances sensitive classes of information that may include:
5. HOW DO WE COLLECT IT?
We collect data directly from you (for example from registration forms, change of details forms, surveys, at fairs and events and via our website) and will create some data internally (e.g. when we assign you an ISRM membership number).
We will also collect data directly from you when you voluntarily subscribe to any of our mailing lists.
Where we collect information, whether that be via websites, telephone, or manual forms, we will provide at the point of collection amore tailored and specific privacy statement pointing out the relevant information for that product or service and justifying why the collection is necessary.
We may also receive information from third parties, including referees in support of your membership application.
Information we collect through our website:
When you visit our websites, we automatically collect some technical information from your computer or mobile device such as IP address, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms, and information about your visit to the website and your use of it.
6. WHAT DO WE DO WITH YOUR PERSONAL DATA?
We may process the information we collect about you for the following purposes:
Administration of membership: We will hold personal data relating to members in order to administer membership. This includes to process your membership (and application for membership), payments and to notify you of any matters affecting your membership.
The legal basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;
Membership benefits: we will use your information to administer membership benefits including to send you publications, etc.
The legal basis for this processing is to perform the contract with you related to these activities and services.
Communications and information: we will use your information in order to send you ISRM publications such as our Newsletter and any other publication intended primarily for members. You can unsubscribe from our newsletters at any time.
We will also use your information:
The legal basis for this processing is to perform the contract related to these activities and services.
Governance: we will use your information where you are an elected or appointed Advisory Council Member for governance purposes.
The legal basis for this processing is legal obligation.
Seminars, conferences, webinars and other events: the ISRM offers seminars, conferences, webinars and other training events, online or offline, for both members and non-members. If you choose to register for any of these, we will need your information in order to administer your registration and attendance.
The legal basis for this processing will be contractual in some cases or it will be to fulfil a legitimate interest.
Other individuals who engage with us:
Campaigns, newsletters and other resources: if you opt in to receive newsletters about our activities or if you want to access some of our resources available to the public, we will email you with information relevant to the mailing list to which you have given your consent. You may withdraw your consent at any time.
The legal basis for this processing is consent.
To assist you: we will use your information to respond to enquiries and assist you with any requests. Your communications with the ISRM, including online, by email, text message (SMS), via ISRM’s website (or otherwise) may be recorded and retained for quality, trainingand record-keeping purposes. If you post or interact with us via social media, we may use your information, in order to contact you in relation to the query. We will not use this forthe purpose of further marketing or communications, unless you give us your consent to do so.
The legal basis for this processing is legitimate interest because it is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business.
Professional conduct: we will use your information for the purpose of enquiries, investigations and complaints relating to ISRM members. Such matters may be sensitive in nature and the ISRM restricts internal access to information to those teams responsible for investigating and resolvingthe relevant matters.
The legal basis for this processing is the effective administration of such enquiries which is a legitimate interest of our business.
Partner relationship management: we will use personal information of nominated individual representatives of firms and other organisations as part of our partner relationship management activities, including of our corporate members.
Communications (including marketing): We use your information for:
Where you have given us consent for us to contact you for these activities, you will have the right to withdraw your consent for these at all times, and we will make this process as easy as possible.
We will not pass your information on to other marketing providers and we will not sell your information to any third party.
7. WHAT IS THE LEGAL BASIS FOR OUR DATA PROCESSING?
We must have a legal basis to use your personal information when the law allows us to. In accordance with the law, we process the personal data described above because:
We may also use your personal information in the following situations:
8. HOW WILL WE SHARE YOUR DATA?
The ISRM uses a number of third-party service providers in order to carry out some of the activities described above. For example, to send you mailings, to provide professional insurances, to obtain DBS certificates, to collect direct debit payments and to manage surveys, campaigns and events. The ISRM requires such service providers to use your personal data only forthe purpose of the relevant service.
We also engage external IT consultants and suppliers to provide support and development services in relation to our systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.
Our auditors are given access to our systems for the purpose of annual audit of our accounts.
In some circumstance, we may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.
We require third parties to maintain appropriate security to protect information from unauthorised access or processing.
We may be under an obligation to report certain matters to internal senior management, committees within the ISRM and/or to external bodies including local authorities, Companies House, etc.
The ISRM may wish to publish your details online or via other media. This is only done with your consent and you can withdraw this consent by emailing us at email@example.com.
Transfers of your information out of the EEA
9. HOW LONG WILL WE HOLD YOUR DATA?
We will retain your details for as long as they are needed for the relevant purposes listed in the section above Why does the ISRM hold information on me?
We may also retain certain records for other legitimate reasons (including after your relationship with the ISRM has ended), for example to resolve any potential disputes, cross-check against future membership applications and to comply with other retention obligations e.g. safeguarding issues.
10. YOUR RIGHTS
The law gives you certain rights in relation to your data. The ISM is committed to respecting individuals’ rights. You may action your rights by contacting us via email to firstname.lastname@example.org. We will comply with your requests unless we have a lawful reason not to do so. We will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.
Your rights include:
Right to information and access
You have the right to be informed about what personal data we collect about you, why, on what lawful basis and what your rights are. This Privacy Statement is the key document we use to inform you about this.
You also have a right to request access to the information that we hold about you, and to receive a copy of this information, along with other information which is generally contained in this Privacy Statement.
ISRM members also have the right to receive a copy of any information we hold about them in connection with the performance of our contract with them.
We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is unfounded, repetitive orexcessive.
Right to rectification
You have the right to request that inaccurate personal data be rectified, or completed if it is incomplete. We will respond to you within the time frame specified within the applicable data protection law, generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible. Members can update their details via the Members’ area of our website at theisrm.org.
Right to erasure and restriction
You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. When responding to such requests, we will tell you how such restrictions or deletions may affect our ability to fulfil our contracts with you or otherwise affect your interests.
Right to object
You can ask us to stop using your information, where we are processing it on the basis of our legitimate interest. We will do so unless we believe we have a legitimate overriding justification to continue processing your personal data.
Right to ask us to stop contacting you with direct marketing
You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email us at email@example.com.
Right to withdraw consent
If you have given us any specific consent to use your personal data, you have the right to withdraw it any time. If you wish to tell us that you are withdrawing your consent, please email us at firstname.lastname@example.org
11. DATA SECURITY
We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and username that is unique to you.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmissionis at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.
Prior to introducing new systems or technologies relevant to the processing of personal data, we will undertake any necessary impact assessments with aparticular focus on any associated risks.
In the event of any breach of our systems impacting on the security of a member’s or any other individual’s personal data, we will inform the affected member(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law. Where necessary, we will notify the Information Commissioner’s Office in accordance with the law.
If you are unhappy with the way in which we process your personal data, please contact us via email email@example.com
You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), the UK’s data protection authority.
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; or see their website.
14. CONTACT US
Via email: firstname.lastname@example.org