At IRM UK we take data seriously and we are dedicated to protecting the privacy and confidentiality of information entrusted to us and have appropriate security measures in place to protect your data.
IRM UK complies with the UK General Data Protection Regulation (“GDPR”) and the UK Data Protection Act 2018 (together the “Data Protection Legislation”). This privacy notice describes how IRM UK commits to the protection of personal data received while providing its services.
1 Our Commitment
IRM UK processes personal data in accordance with the applicable data protection principles, obligations and in compliance with the Data Protection Legislation whether acting as the data controller or data processor. IRM UK: –
-
- only processes personal data for the purpose it has been collected;
- takes appropriate technical and organisational measures to protect data against loss or unauthorised access;
- will only transfer personal data in accordance with Data Protection Legislation.
IRM UK is registered with the UK Information Commissioner’s Office (“ICO”) and the registration number is Z4819328. This can be verified here.
2 How long do we hold on to your data?
IRM UK retains personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations that we are subject to. Unless a different time frame applies because of business need or specific legal, regulatory, or contractual requirements, where we retain personal data in accordance with these purposes, we retain such personal data for seven years.
3 How we collect personal data
IRM UK obtains personal data directly from individuals in a variety of ways, including obtaining personal data from individuals who provide us with their business card(s), complete our online forms or completing a course registration form, subscribe to our newsletters and preference centre, when you register for a webinar, attend events we host, when you contact us for information or for recruitment purposes. We also access details from accredited direct marketing brokers*. We may also obtain personal data directly when, for example, we are establishing a business relationship, performing professional services through a contract, or through our hosted software applications.
4 What categories of personal data do we collect?
IRM UK may obtain the following categories of personal data about individuals through direct interactions with us, or from information provided through client engagements, from applicants, our suppliers and through other situations including those described in this Privacy Notice.
Personal data. Here is a list of personal data IRM UK collects to conduct our business activities.
-
- Contact details (e.g., name, company name, job title, work and mobile telephone numbers, work and personal email and postal address);
- Personal details (e.g., gender, date of birth);
- Professional details (e.g., job and career history, educational background, and professional memberships, published articles);
4.1 Registering as a delegate:
We may ask questions during registration (for example, general demographic questions about your business) so we can gain a clearer understanding of who you are. We may offer you the option to provide additional data on your attendance needs, such as accessibility or dietary requirements. As these may indicate sensitive (i.e. medical, ethnic, religious) information about you we will only use such data for the specific purpose of managing this event.
5 Processing Payments
IRM UK uses the third party to process payments. Stripe is PCI DSS Certified. Please view Stripes privacy policy here if you wish to find out more about how your personal information and payment data will be handled.
6 Why we collect personal data
We aspire to be transparent when we collect and use personal data and tell you why we need it, which typically includes:
-
- Providing professional advice and delivering other professional services;
- Promoting our professional services, products, and capabilities to existing and prospective business clients;
- Sending invitations and providing access to guests attending our events and webinars or our sponsored events;
- Administering, maintaining, and ensuring the security of our information systems, applications, and websites;
- Seeking qualified candidates, and forwarding candidate career enquiries to our HR Department, which may be governed by different privacy terms and policies;
- Processing online requests, including responding to communications from individuals or requests for proposals and quotations;
- Complying with legal and regulatory obligations relating to anti-money laundering, terrorist financing, fraud, and other forms of financial crime;
7 What lawful reasons do we have for processing personal data?
IRM UK may rely on the following lawful reasons when we collect and use personal data to operate our business and provide our products and services:
Contract – We may process personal data to perform our contractual obligations owed to (or to enter a contract with) the relevant individuals;
Consent – We may rely on your freely given consent at the time you provided your personal data to us;
Legitimate interests – We may rely on legitimate interests based on our evaluation that the processing is fair, reasonable and balanced. These may include:
-
- Delivering products and services to our clients To deliver the professional services our clients have engaged us to provide including information on new products and services. When you sign up for an event or newsletter or to tell you about another product or service closely related to a product or service you have previously bought.
- Direct marketing– To conduct and analyse our marketing activities. To deliver timely market insights and knowledge.
Legal obligations – We may process personal data to meet our legal obligations;
Public Interest – We may process personal data to perform a specific task in the public interest or in the exercise of official authority vested in us;
Vital Interests – We may process personal data to protect the vital interests of the individual or another natural person.
-
- Compiling health and safety data (directly or indirectly) following an incident or accident. Indirect data can take many forms including an incident report, first aider report, witness statements and CCTV footage;
8 Who we share data with
We will not share your personal information with others for marketing purposes unless you have given us your permission (e.g. a sponsored webinar).
For our Face-to-Face conference when you allow your badge to be scanned by an exhibitor or sponsor at events, you are consenting to your personal data that you registered with (e.g. Name, Address, Telephone, Email) being provided to that exhibitor or sponsor. When you attend a sponsored session or exhibit stand at a virtual conference, you are consenting to your personal data that you registered with (e.g. Name, Address, Telephone, Email) being provided to that exhibitor or sponsor.
Where you register to attend an IRM UK webinar you consent to the collection and sharing of your registration details with the webinar sponsor. This information includes your name, email address, and any other data provided during the registration process. The sponsor may use this information to contact you with relevant updates, offers, and information related to the webinar and their services.
When you register for one of our virtual conferences, you may be asked to select a primary track of interest. By selecting a track, you consent to your registration details (such as name, email address, and company) being shared with the sponsor of that track. The sponsor may use this information to contact you with relevant offers and information related to their services. We ensure that all sponsors are bound by appropriate data protection standards and will handle your data in compliance with the Data Protection Legislation. If you do not wish to share your information with the track sponsor, please contact us to discuss alternative registration options.
IRM UK may also use other third parties to provide some of our services to you or to us. To enable them to do this, we may need to let them process your personal information. Our staff and those working for our partners or contractors have a responsibility to keep your information confidential and are only allowed to use it to provide products and services on our behalf.
We may send you information from time to time about further courses that we think could be of interest to you, and we will only do this with your explicit permission.
IRM UK will not transfer the personal information you provide to any third parties for their own direct marketing use or ever sell your data.
9 Processing of Data in the UK and EEA.
IRM UK and our service providers, are all in the UK or European Economic Area (EEA). Personal data that you provide to us will only be processed in the UK or EEA.
10 Cookies
IRM UK use cookies and similar technology to collect information about your use of our website. We use cookies for statistical purposes to track how many users we have and how often they visit our websites. We collect information listing which of our pages are most frequently visited, and by which types of users and from which countries. We use Google Analytics on our sites for anonymous reporting of site usage on our website.
11 Other Websites
Our websites may contain links to other sites, including sites maintained by other IRM UK that are not governed by this Privacy Notice. Please review the destination websites’ privacy notices before submitting personal data on those sites. Some of our offerings (e.g. webinars) may have their own privacy policy so please check when you sign up or register so you are clear that you know what is happening to your information.
Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.
12 Subject Access Requests (SARs)
If you would like to submit a subject access request, you can email CustomerService@irmuk.co.uk – there is no fee for this service.
13 Your rights
Access – You can ask us to verify whether we are processing personal data about you, and if so, to provide more specific information.
Correction – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you.
Erasure–You can ask us to delete your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
Processing restrictions – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply whilst we verify whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
Data portability– In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company if is technically feasible.
Automated Individual Decision-making – You can ask us to review any decisions made about you which we made solely based on automated processing, including profiling, that produced legal effects concerning you or similarly significantly affected you.
Right to Object to Direct Marketing including Profiling – You can object to our use of your personal data for direct marketing purposes, including profiling. We may need to keep some minimal information to comply with your request to cease marketing to you. You always have a choice and can opt out of processing on this basis at any time by contacting our Customer Services Manager, by email at CustomerService@irmuk.co.uk .
Right to Withdraw Consent– You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
14 Our Details
IRM UK Strategic Training, 2nd Floor, Monument House, 215 Marsh Road, Pinner, Middlesex, HA5 5NE, United Kingdom
If you have any questions or to make a complaint, please contact our Customer Services Manager, by email at CustomerService@irmuk.co.uk . We will respond within 30 days.
If you are not satisfied with the way your request was handled, you have the right to lodge a complaint with the supervisory authority – details of which are given below:
ICO’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline number: 0303 123 1113
URL: https://ico.org.uk/concerns/
15 Changes to the Privacy Notice
If we make changes to our privacy policy, we will show you what they are here. If these changes are significant, we may also choose to email relevant individuals with new details. If we are required by law, we will obtain your consent to make these changes.
