Privacy Policy

Introduction

The Institute of Leadership is committed to data security and the fair and transparent processing of personal data. This privacy policy (Policy) sets out how we treat your personal data. Please read this policy carefully as it contains important information on who we are, how and why we collect, store, use and share your personal data, your rights in relation to your personal data and how to contact us.


Who is The Institute of Leadership?

For the purposes of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR), The Institute of Leadership is the ‘controller’ of your personal data. The Institute of Leadership is a charity registered both in England & Wales (248226) and in Scotland (SC039693), and a UK company limited by guarantee (601049). Our registered address is 19 Highfield Road, Edgbaston, Birmingham, B15 3BH. 

The Institute of Leadership is a professional membership body that connects like-minded people with the shared purpose of inspiring great leadership everywhere. If you have any queries about this policy, the way in which we process personal data, or about exercising any of your rights, you may contact us by sending an email to [email protected] or writing to us at The Institute of Leadership, 19 Highfield Road, Edgbaston, Birmingham, B15 3BH.


What personal data do we collect?

We may collect and process the following personal data:

Information you provide to us if you:

  • create an account with us;
  • enter into a contract with us to receive products and/or services,
  • complete a form on our website;
  • complete a survey;
  • correspond with us by phone, e-mail, or in writing;
  • report a problem;
  • sign up to receive our communications;

We may collect your name, gender, date of birth, e-mail address, postal address, telephone number, job role and, where applicable your learner registration number and dietary or access requirements. As part of any payments you make to us when contracting with us we may collect credit/debit card information or bank account information where you are paying by Direct Debit.

Where do we obtain personal data from?

We will collect personal data directly from you in various ways. This could include when you complete an online form, or if you provide the data directly to a representative of the company.

We also gather personal data by the following methods:

  • From third-party organisations provided for a specific purpose; to deliver a product or service that has been requested. 
  • From platforms that make use of device settings that allow geographical location tracking, such as IP Address mapping, WiFi, GPS signals and cell tower positioning.
  • If you are a learner, we may also receive information about you from your centre, training provider or employer when they register to receive products and/or services from us.

Information we collect about you:

If you visit our website, we may automatically collect the following information:

  • Technical information, including the internet protocol (IP) address used to connect your computer to the internet, login information, browser type and version, timezone setting, browser plug-in type and version, operating system and platform;
  • Information about your visit to our website such as the products and/or services you searched for and viewed, page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
  • Information about your interactions with our online learning tools, including certification bookings and assessments.

Information we receive from other sources

We may also receive information about you if you use any of the other websites we operate or the other services we provide.

If you are a learner, we may also receive information about you from your centre, training provider or employer when they register to receive products and/or services from us.


How do we use your personal data?

When we ask you to supply us with personal data, we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.

Contract performance - we may use your personal data to fulfil a contract, or take steps linked to a contract:

  • to provide the products and/or services to you;
  • to communicate with you in relation to the provision of the contracted products and services;
  • to provide you with administrative support such as account creation, security, and responding to issues;
  • provide you with industry information, surveys, information about our awards and events, news and promotions related to new and existing products and services;

  • provide you with a certificate, credential or other record of learning;

 

Legitimate interests - where this is necessary for purposes which are in our, or third parties' legitimate interests. These interests are:

  • to provide goods and services where it has been requested
  • to inform customers of other goods and services we provide or offers that may interest them
  • to send notifications on subjects to individuals who have asked to be kept informed (i.e. subscribers)
  • to invite people to participate in research and surveys in fields and disciplines they are interested in
  • to recognise when people re-engage with the organisation
  • to enhance the security measures in place that protect data the organisation is responsible for
  • providing you with newsletters, surveys, information about our awards and events, offers, and promotions, related to products and services offered by a member which may be of interest to you
  • communicating with you in relation to any issues, complaints, or disputes
  • improving the quality of experience when you interact with our products and/or services, including testing the performance and customer experience of our Website
  • performing analytics on sales/marketing data, determining the effectiveness of promotional campaigns
  • provide you with a certificate, credential or other record of learning

You have the right to object to the processing of your personal data on the basis of legitimate interests as set out below, under the heading - 'Your rights'.
 

Consent: By agreeing to our Terms & Conditions you give consent to us using your personal data to:

  • Send you newsletters, surveys, information about our awards and events, news and promotions related to new and existing products and services offered by The Institute of Leadership and related partners which may be of interest to you

  • Develop, improve, and deliver marketing and advertising for products and services offered by The Institute of Leadership
  • You may withdraw your consent for us to process your personal data for these purposes at any time; after a withdrawal of consent request is received, we may have to contact you to verify the request

  • Withdrawing your consent for us to process your personal data will not affect the lawfulness of the processing beforehand

Where required by law: We may also process your personal data if required by law, including responding to requests by government or law enforcement authorities, or for the prevention of crime or fraud.


Who do we share your personal data with?

We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to know it.

We may also share your personal data with trusted third parties including:

  • legal and other professional advisers, consultants, and professional experts
  • service providers contracted to us in connection with provision of the products and services such as providers of IT services, distributors of journals and customer relationship management services; and analytics and search engine providers that assist us in the improvement and optimisation of our website

We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.

Where a third-party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission where the data protection authority does not believe that the third country has adequate data protection laws.

We will share personal data with law enforcement or other authorities if required by applicable law.


How long will we keep your personal data?

Where there is a contract between us, we will retain your personal data for the duration of the contract, and for a period of six years following its termination or expiry, to ensure we are able to comply with any contractual, legal, audit and other regulatory requirements, or any orders from competent courts or authorities. You may unsubscribe from receiving emails by clicking the unsubscribe link in our emails, and review the contact information we hold for you in your account profile. 


Where do we store your personal data and how is it protected?

We take reasonable steps to protect your personal data from loss or destruction. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so. Where you have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to our Website; any transmission is at your own risk. Once we have received your personal data, we will use strict procedures and security features to try to prevent unauthorised access.


Your rights

Under the GDPR, you have various rights with respect to our use of your personal data:

Right to Access

You have the right to request a copy of the personal data that we hold about you by contacting us at the email or postal address given below. Please include with your request information that will enable us to verify your identity. We will respond within 30 days of the request. Please note that there are exceptions to this right. We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person, if we are legally prevented from disclosing such information. Or if your request is manifestly unfounded or excessive.

Right to rectification

We aim to keep your personal data accurate and complete. We encourage you to contact us using the contact details provided below to let us know if any of your personal data is not accurate or changes, so that we can keep your personal data up-to-date.

Right to erasure

You have the right to request the deletion of your personal data where, for example, the personal data are no longer necessary for the purposes for which they were collected, where you withdraw your consent to processing, where there is no overriding legitimate interest for us to continue to process your personal data, or your personal data has been unlawfully processed. If you would like to request that your personal data is erased, please contact us using the contact details provided below.

Right to object

In certain circumstances, you have the right to object to the processing of your personal data where, for example, your personal data is being processed on the basis of legitimate interests and there is no overriding legitimate interest for us to continue to process your personal data, or if your data is being processed for direct marketing purposes. If you would like to object to the pressing of your personal data, please contact us using the contact details provided below.

Right to restrict processing

In certain circumstances, you have the right to request that we restrict the further processing of your personal data. This right arises where, for example, you have contested the accuracy of the personal data we hold about you and we are verifying the information, you have objected to processing based on legitimate interests and we are considering whether there are any overriding legitimate interests, or the processing is unlawful and you elect that processing is restricted rather than deleted. Please contact us using the contact details provided below.

Right to data portability

In certain circumstances, you have the right to request that some of your personal data is provided to you, or to another data controller, in a commonly used, machine-readable format. This right arises where you have provided your personal data to us, the processing is based on consent or the performance of a contract, and processing is carried out by automated means. If you would like to request that your personal data is ported to you, please contact us using the contact details provided below.

Please note that the GDPR sets out exceptions to these rights. If we are unable to comply with your request due to an exception we will explain this to you in our response.


Unsubscribing

You may unsubscribe from marketing communications at any time by using the ‘unsubscribe’ functionality on the footer of any marketing communications sent to you, or by updating your details in your account profile. This does not include communication that we may send to you as part of your contract with us. For example, where we send you information about products & services that are delivered as part of your membership contract with us.

Contact

If you have any queries about this Policy, the way in which we process personal data, or about exercising any of your rights, you may contact us by sending an email to [email protected].

Complaints

If you believe that your data protection rights may have been breached, and we have been unable to resolve your concern, you may lodge a complaint the applicable supervisory authority or to seek a remedy through the courts. Please visit https://ico.org.uk/concerns/ for more information on how to report a concern to the UK Information Commissioner’s Office.

Changes to our Policy

Any changes we may make to our Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our Policy.

Who is the Company Data Protection Officer?

Ametros Group Ltd
Lakeside Offices, Thorn Business Park
Rotherwas Industrial Estate
Hereford
Herefordshire
England
HR2 6JT
T: 0330 223 2246
@: [email protected]
W: www.ametrosgroup.com