Last updated: 18/05/2018
1.1. Investors in People Community Interest Company trading as Investors in People (We) collects, uses and is responsible for certain personal information about you. When we do so we are regulated under the General Data Protection Regulation which applies across the European Union (including in the United Kingdom).
1.2. We are committed to complying with the provisions of the Data Protection Legislation and ensuring that the personal data we hold is processed fairly and lawfully. This Privacy Notice has therefore been prepared to tell you about the way we collect information from you and what we do with that information. This Privacy Notice explains the legal basis for this and the rights you have over the way your information is used.
1.3. This Privacy Notice explains how we collect information from organisations or individuals who use our website and applications, who attend our events, who complete one of our assessment surveys or with whom we contract for the delivery of services. It also explains how this information is then used. Please read this Privacy Notice carefully and re-visit this page from time to time to review any changes that may have been made.
1.4. For the purposes of the Data Protection Legislation we are the data controller and we will process any personal information we collect about you in accordance with the Data Protection Legislation.
1.5. If you have any questions about this statement or your personal information that we may collect from you, please contact us at email@example.com.
2. WHAT PERSONAL INFORMATION IS COLLECTED, AND HOW IS THAT INFORMATION THEN USED?
2.1 Information collected by us:
We collect personal information in a number of ways:
- When you complete an online registration.
- When your organisation signs up to one of our services.
- When you register for one of our events.
- When your organisation provides your contact details for the purposes of completing a survey.
- When we ask you to provide us with feedback on our products and services.
- When you make a purchase from our shop.
2.2. Information collected from other sources:
We also obtain personal information from other sources as follows:
- When your organisation provides your contact details to one of our Practitioners or Delivery Partners for the purposes of engaging services or completing a survey. For further information on Delivery Partners please see section 3.
- When you use third party websites or allow us indirectly to access your information via third party website, if you gave prior permission to that third party.
2.3. How we, the Practitioners or Delivery Partners may use the personal information:
- To contact you to provide any further information you or your organisation has requested.
- To deliver products and services as per the contract with your organisation (e.g. carry out an IIP assessment or raising invoices).
- To contact you to complete a survey.
- To let you know about related products and services that may be of benefit to you or your organisation (provided you have not opted out from receiving this type of communication from us).
- To measure and analyse behaviour when you are using our platforms or website in order to monitor, maintain and improve our services or features of those platforms.
- To personalise or customise the user experience of people using our platforms and services.
- To prevent or fix service, security, support or technical issues.
- To create anonymised and aggregated data for benchmarking, public relations and marketing purposes.
2.4. Reasons why our collection and use of your personal information is consistent with the current data privacy directives:
The use of your information for the purposes set out above should be considered lawful because one or more of the following processes applies:
- Where you have provided information to us for the purposes of receiving information about us, we rely on legitimate interests as the lawful basis on which we collect and use your personal data. Our legitimate interest is to provide details of our services to you.
- It is necessary for us to hold and use your information so that we can carry out our obligations under a contract entered into with you or your organisation or to take steps you ask us to prior to entering into a contract. We also rely on this being in our interest in delivering on our obligations to you, at your request, or that of your organisation. Our services to you may be delivered via a third party.
- It is necessary to comply with our legal obligations. e.g. for the purposes of fraud prevention or through the court of law.
2.5. Undertaking an IIP Online Survey:
Your organisation will inform you of why they are undertaking the survey and how this will be used to inform business improvement.
In order for you to complete one of our surveys, we collect:
- your name and email addresses so that you can be invited to participate in the survey.
- other details which may include, role, department or site where you work.
As a participant, you may be asked to submit the following information when completing the survey:
- views about your organisation, your age, managerial level, gender, or length of service.
The information provided by your organisation is the minimum needed for the contractual services which your organisation has asked to be provided. They do this because it is in their legitimate interests as your employer. This does not affect your individual rights and freedoms as you may object to this processing at any time and:
- choose not to respond to the survey.
- object to the processing of personal data through your organisation or by contacting us directly at firstname.lastname@example.org.
2.5.1. How is the information collected in a Survey used?
We retain ownership on all survey submissions and we are the Data Controller. Responses provided remain anonymous and confidential. Submitted data is stored against the email record for the purposes of debugging and occasionally correcting or deleting user data which has been submitted incorrectly. All data is aggregated and anonymised removing any Personal Identifiable Information (PII) before being shared with your organisation, third parties such as Practitioners, delivery partners and other administrators.
Submissions via an “open account” are not linked to any PII and so can be considered anonymous. For the protection of small groups where data trends could be interpreted and linked back to individual submissions, aggregated group data is not shown until there are at least seven responses in the group in question.
2.5.2. Your rights regarding personal information collected for a Survey:
You have the right to:
- Ask what personal information we are holding about you.
- Have rectified any mistakes in your personal data.
- Request for personal data to be removed from our systems (we will do this by anonymisation removing personal details and replacing with a random unique identifier).
- Restrict the way in which your personal information is dealt with and used.
- Request that your personal information is provided in a format that is secure and suitable for re-use.
Should you want to act upon any of these rights you may communicate your request through your organisation or directly via email@example.com.
3. Do we share personal data with other organisations?
All data collected is for the sole purpose of providing services or further information. In certain geographical locations we may also allow third party delivery partners to deliver services to your organisation using our brand and methodologies. These partners are listed in Appendix 1, and we call them our Delivery Partners.
We (or our Delivery Partners) may also engage the services and may share your information with a third party in the following areas:
- Contracted Practitioners to deliver our services (for example advisory or assessment services).
- third parties to provide services in relation to CRM hosting, administering the IIP online survey platform, website or to prevent or address service, security, support or technical issues.
For the following services we transfer you to a third party and their privacy notice will apply to you:
- third-parties who manage registrations, booking and payments for events.
- the collection, processing and management of payments for purchases in our on-line shop.
We select our third-party service providers with care. We provide these third parties with the information that is necessary to enable them to provide the services for which they are engaged. We will take steps to ensure that they comply with their obligations under GDPR and Data Protection Legislation.
For clients/individuals within the EEA we do not share your personal data outside of the EEA. Where clients/individuals are outside the EEA we ensure that the information is protected by entering into a Data Sharing Agreement which contains model EU clauses.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
When you visit our website, we may collect, using electronic means such as cookies, technical information. This information may include information about visits to the website, including the IP address of your computer and which browser was used to view the website, your operating system, resolution of screen, location, language settings in browsers, the site you came from, keywords searched (if arriving from a search engine), the number of page views, information entered, and advertisements seen. This data is used to measure and improve the effectiveness of our website and platforms website or enhance the experience for other users. While most of the time this information is depersonalised, if this information relates to an identifiable individual, we will treat this information as personal information.
5. How long do we keep your information for?
We will only hold your personal information for as long as it is necessary for the relevant activity, including to fulfil our legal obligations.
5.1 Online Survey
All personal data submitted is destroyed after 6 months. All data collected in our survey is anonymised replacing any personal identifiable information with a random unique identifier, in line with the Information Commissioner’s Office (ICO) anonymisation code of practice.
5.2. Client and individual records on CRM
We maintain a CRM database record of your organisation, key employee contact details and details of projects and services your organisation has enquired about or requested – including a copy of the key documents related to services which have been performed (including documents provided to us by third parties in the provision of their services, namely the plans and reports). These records are kept indefinitely to help us manage the history and ongoing accreditation and support given to our clients, as well as to compile information for statistical analysis. The records may be made available to our Practitioners or Delivery Partners.
If you ask us to stop contacting you with marketing materials, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
5.3. Data collected by Practitioners and Delivery Partners
As stated above, we engage a number of contracted Practitioners and Delivery Partners to deliver certain services which enable us to implement our accreditation scheme. Any personal information they collect and share with us will be dealt with by us in accordance with this Privacy Notice.
6. How do we store and protect your personal information?
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach when we are legally required to do so.
7. We will never sell your information to anyone
We do not sell any of your information and we carry out all processing in strict compliance with European privacy laws.
8. How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.
9. Changes to this Privacy Notice
This privacy notice was published on 21/05/18 and last updated on 18/0/5/18.
If we make any changes to this privacy notice these changes will be detailed on our data Protection website page to ensure that you are fully aware of what information is collected, how it is used and under what circumstances it will be disclosed. If we make any significant changes we may advertise this on the website or, contact you directly with the information.
Our Delivery Partners
IIP North: Improvement, Development Growth (IDG) Limited, t/a The Growth Company
IIP Central: EMB Excellence Limited
IIP Scotland: This is Remarkable Limited
IIP Austria: Pendl Piswanger
IIP Belgium: Amelior
IIP Netherlands: Investors in People Nederland BV
IIP Philippines: Inspiring Partners Inc
IIP South Africa: Awakening Excellence Pty Ltd
Delivery of advice only:
Bermuda: Management Solutions
Bulgaria: International Human Resources
Greece: Hellenic Management Association
Turkey: Management Centre Turkey
UAE: International Performance Excellence