Investors in People Community Interest Company
Privacy Notice for Website Users
Last Updated: 9 December 2022

Contents
1. Introduction
2. What is personal data?
3. Personal data we collect
4. How we collect your personal data
5. Purposes for which we use your personal data and the lawful bases
6. Sharing your personal data
7. International transfers
8. How long we keep your personal data
9. Security of your personal data
10. Your rights
11. How to complain
12. How to contact us

 

 

1. Introduction
Investors in People Community Interest Company (“Investors in People”, “we, “our”) is committed to
protecting the privacy and security of the personal data we collect about end customers and users of our services (“you/your”).

The purpose of this privacy notice is to explain what personal data we collect about you when you visit our website. When we do this, we are the data controller.

Please read this privacy notice carefully as it provides important information about how we handle your personal information and your rights. If you have any questions about any aspect of this privacy notice you can contact us using the information provided below or by emailing us at gdpr@investorsinpeople.com.

Back to top

 

 

2. What is personal data?
‘Personal data’ is any information from which you can be identified, either directly or indirectly. For
example, your name or an online identifier.

‘Special category personal data’ is more sensitive personal data and includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purposes of uniquely identifying someone, data concerning physical or mental health or data concerning someone’s sex life or sexual orientation.

Back to top

 

 

3. Personal data we collect
We collect, use and are responsible for certain personal data about you. When we do so we are subject to the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are also subject to the EU General Data Protection Regulation (EU GDPR) in relation to goods and
services we offer to individuals, and our wider operations, in the European Economic Area (EEA). The
personal data we collect includes:

When making an inquiry: full name, email address, phone number, job title, company name and any
other information provided when making an inquiry.

When signing up to our newsletter: full name, email address and organisation.

When registering for an event: name, phone number, email address, job title, company name, company address and payment details.

When making a purchase from the Investors in People shop: phone number, email address, job title,
company name, company address and payment details.

For more information on the technical information we collect, please see our cookies policy.

Back to top

 

 

4. How we collect your personal data
We collect most of this personal data directly from you—in by telephone and/or via our website. However, we may also collect information from third parties who you have given your consent to.

Back to top

 

 

5. Purposes for which we use your personal data and the lawful basis
When providing services to you, we may use your personal data for the following purposes and on the following lawful bases:

Monitoring, administering and improving

We also use your personal information to help us to monitor our performance, administer and improve our service by:

This processing is necessary for our legitimate interests (for running our business, the provision of
administration and IT services, network security, to respond to your inquiry, to prevent fraud and in the context of a business reorganization or group restructuring exercise). This processing may also be
necessary for us to comply with a legal obligation.

Where personal data is processed because it is necessary for the performance of a contract to which you are a party, we will be unable to provide our services without the required information.

Back to top

 

 

6. Sharing your personal data
IIPCIC will not sell, rent or trade personal information to any third party. However, IIPCIC may share
personal information when authorised and/or required by law or as follows:

Service providers (Delivery Partners): Investors in People may grant access to personal information to third party service providers (Delivery Partners) in connection with the delivery of our website data, Investors in People will ensure that the third party maintains reasonable data management practices for maintaining the confidentiality and security of personal information and preventing unauthorised access.

As permitted or required by law: Investors in People may disclose personal information as required by applicable law or by proper legal or governmental authority. Investors in People may also disclose
information to its accountants, auditors, agents and lawyers in connection with the enforcement or
protection of its legal rights. Investors in People may also release certain personal information if we are under any legal obligation to do so.

Back to top

 

 

7. International Transfers
When we collect your personal data, it may be processed outside the UK. This is because the organisations we use to provide our services to you are located in other countries.

We have taken appropriate steps to ensure that where personal data processed outside the UK, it has an essentially equivalent level of protection as it has within the UK. We do this by ensuring that:

Back to top

 

 

8. How long we keep your personal data
We will retain your personal data for as long as is necessary to provide you with our services and for a reasonable period thereafter to enable us to meet our contractual and legal obligations and to deal with complaints and claims.

At the end of the retention period, your personal data will be securely deleted.

Back to top

 

 

9. Security of your personal data
We have implemented appropriate technical and organisational measures to safeguard your personal data and protect it from accidental or unlawful destruction, loss or alteration and from unauthorised disclosure or access.

In addition to the technical and organisational measures we have put in place, there are a number of
simple things you can do to in order to further protect your personal information, such as;

  1. Never share a One Time Passcode (OTP).
  2. Never enter your details after clicking on a link in an email or text message.
  3. Always send confidential information by encrypted email where possible this reduces the risk of interception.
  4. If you’re logged into any online service do not leave your computer unattended.
  5. Close down your internet browser once you’ve logged off.
  6. Never download software or let anyone log on to your computer or devices remotely, during or after a cold call.

 

Secure Online Services

You can easily identify secure websites by looking at the address in the top of your browser which will begin https:// rather than http://.

Back to top

 

 

10. Your rights

You have certain rights in relation to the processing of your personal data, including to:

Right to withdraw consent
In the circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we are permitted by law to do so.

How to exercise your rights
You will not usually need to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances. If you wish to exercise your rights, please contact us at gdpr@investorsinpeople.com.

Back to top

 

 

11. How to complain
You have the right to lodge a complaint with the supervisory authority, if you believe we are infringing the UK data protection laws or you are concerned about the way in which we are handling your personal data. The supervisory authority in the UK is the Information Commissioner’s Office who can be contacted online at:

Back to top

 

 

12. How to contact us
If you wish to contact us in relation to this privacy notice or if you wish to exercise any of your rights
outlined above, then please address your correspondence to:

168 2nd Floor, 168 Shoreditch High Street, London, United Kingdom, E1 6RA

Alternatively, you can email us at gdpr@investorsinpeople.com

Back to top

START YOUR ACCREDITATION JOURNEY

Ready to make work better? Complete the form below and one of our team will be in touch to discuss your accreditation enquiry.

SIGN UP TO OUR MAILING LIST

Enter your details below and we will keep you up to date on all the latest articles from Investors in People, new events to attend, and other important announcements.