Our Registered address is
Unit 14 Abbeville Mews
88 Clapham Park Road
Telephone: 020 7498 0101
The Chartered IIA is a ‘data controller’ under the UK General Data Protection Regulation. We are notified as data controllers with the Information Commissioner’s Office and our registration number is Z238811.
The Chartered IIA takes the privacy of its students, members, customers, regional committee members, stakeholders, business leaders, civil servants, auditors, suppliers and subcontractors and other contacts extremely seriously and is committed to protecting your personal information and complying with all current data protection legislation.
We use any personal information that you provide to us online or via:
Membership applications are only accepted from you as an individual regardless of who is paying. The Chartered IIA will act as the data controller for all membership related data collection and processing. We may also receive your data from third party professional bodies with whom we undertake joint projects.
We do sometimes receive personal data from third parties, such as through publicly available sources and employers.
The Chartered IIA will comply with the data protection principles, which are that personal data will be handled with:
When you participate in or sign up to any of the Chartered IIA’s services such as events, training, membership or online newsletters, we will collect and store personal information about you. We will also collect information about you if you supply the Chartered IIA with goods and services.
This information can consist of, but is not limited to:
What personal data we collect will depend on how you are engaging with us.
By submitting your details, you enable us to provide you with the products or services that you have selected and agreed we will
We will use your personal information for a number of processing purposes including:
The Chartered IIA’s legal basis for collecting and using your personal data is usually due to the processing being necessary for a contract between yourself and the Chartered IIA.
On occasions we will process your data to comply with our legal obligations.
We may also process your personal data based on the Chartered IIA’s legitimate interests as long as your fundamental rights and freedoms do not override that legitimate interest. When we process your data based on our legitimate interest, we always identify such interest, make sure the processing is necessary to achieve it, and carefully consider your interests, rights, and freedoms against our legitimate interest in a balancing test. Our legitimate interests include member services (renewals), policy and external affairs senior networking, data sharing with Regional Committees, soft opt-in for marketing, data sharing with third party professional membership organisations for the purpose of joint projects and stakeholder surveys.
We may also process your personal data based on consent, vital interests and in connection with the performance of a public task and / or with official authority.
Special categories of data require higher levels of protection. This is data which reveals race or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health information, sexual life and sexual orientation.
We may process special categories of information in limited circumstances, and this will normally be with your consent.
We only keep your information for as long as it is necessary to fulfil the purposes for which the personal information was collected. This includes for the purpose of meeting any legal, accounting, or other reporting requirements or obligations. The Chartered IIA retention policy sets out the minimum retention timescales.
As a general rule, we keep your personal data for the duration of your membership and 6 years thereafter.
If you do not wish to provide your personal data, we may not be able to enter into enter into an agreement with you, such as membership, or provide the services which you have required.
If you are joining the Chartered IIA, we will share your name, membership number and email address data with our Global Body which is based in the United States of America. The only reason for this is to make sure you can access the content of our Global Website by means of a password issued by us.
We do not sell or rent your information to other organisations.
We may pass your information to third parties, such as data processors who enable us to perform our tasks. Where the sharing of personal data takes place, this is done in accordance with the legal requirements of the UK GDPR.
When we do this, we disclose only the personal information that is necessary to deliver the service and we have an agreement in place that requires them to keep your information safe and secure and not to use it for any other purpose.
We will not release your information to other organisations unless in exceptional cases when we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. In all other instances, we would only share your information with another party if you have given your explicit permission to do so.
Any personal data we share with third party controllers or processors outside the UK only occur where we have ensured that these are subject to appropriate safeguards, as set out in Chapter V of the UK General Data Protection Regulation.
If you engage with the Chartered IIA on any of our social media channels (Facebook, YouTube, X and LinkedIn) you should know that we do not collect your personal information from these sources. It remains within the platform that we are using and so you should familiarise yourself with their privacy notices and policies.
The Chartered IIA may use information you provide to share updates, news and events, in the form of customised online advertising. If you send us a direct message, your information still remains within the platform unless we ask you to provide us with your contact details to continue the conversation offline or privately, and you consent to do that.
Many websites use 'cookies' which are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit.
We use some unobtrusive cookies to store information on your computer. We also use some non-essential cookies to (anonymously) track visitors and help to enhance user experience of the Website. These all expire when the browsing session ends.
You have a choice about whether you wish to receive marketing information from us. If you give permission to receive communications about the work of the Chartered IIA and our products, services and events, you can select your choices when we collect your information. If you wish to make any changes to your preferences, please let us know and we will update our records.
You have the right at any time to:
Requests can be made in a number of ways, including in writing or verbally. You will need to provide:
You should direct your request to the Head of Governance and HR or the Data Protection Officer – (details of whom can be found below).
We aim to comply with requests for access to personal data as quickly as possible. We will ensure that we deal with requests within 30 days of receipt unless there is a reason for a delay that is justifiable.
We take our duty to protect your personal information and confidentiality very seriously and we are committed to taking all reasonable measures to ensure the confidentiality and security of personal data for which we are responsible, whether computerised or on paper.
We will only transfer your personal data outside of the UK where this is authorised by law.
In order to make sure that your rights and freedoms are not put at risk and relevant laws and regulations are observed, we have implemented appropriate technical and organisational measures are in place to ensure a sufficient level of security to the personal data processing. These measures include:
We have a Data Protection Officer who is responsible for the Chartered IIA data protection compliance and who liaises with the executive committee and Board.
Where you use your credit or debit card to purchase from us, we will ensure that this is carried out securely. We do not store your card details for use in future transactions.
Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
Please contact us if you have any questions about our privacy notice or the information, we hold about you. You can contact our Company Secretary at email@example.com.
Alternatively, you can contact our Data Protection Officer by email: info@RGDP.co.uk or by telephone 0131 222 3239.
Under Article 27 of the GDPR, we have appointed EU Representative Ltd, who can be contacted by email: firstname.lastname@example.org or by telephone +353 15 549 700.
If you are concerned or unhappy with how we have dealt with your query/complaint you can contact the Information Commissioner’s Office:
Information Commissioner’s Office
Alternatively, you can contact the equivalent national privacy authority in your country, if outside the UK.
Page last updated: 21 September 2023