Privacy policy

We take your right to privacy very seriously and respect any personal information you share with us and endeavour to keep it safe, whatever your relationship is with us. This privacy policy is intended to give you an understanding of how and why we use the information that you give us. 

We will never sell or share your data with someone else for them to use for their own purposes. 

We keep this policy under review and any updated changes will be published here. This policy was last updated on 15 January 2025.  

Last updated on January 17, 2025

Who we are

Last updated January 17, 2025

UKCISA is a company registered in England and Wales with company number 4507287 and a charity registered in England and Wales with charity number 1095294, whose registered office is Woburn House, 20-24 Tavistock Square, London, WC1H 9HQ. 

When you join us, use our website and social media channels or provide us with your information you are consenting to this privacy policy and the ways in which we use your information as outlined in this policy. If you do not agree with this policy, then please do not provide us with your information or continue using our sites and social media channels. 


What is personal data?

Last updated January 17, 2025

Personal data is defined as “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”. 

UKCISA is a membership organisation and, therefore, the majority of the personal data we hold has been specifically provided to us by representatives of our member institutions or by students who subscribe to our newsletter or attend our events. 

The definition of personal data is quite broad so we’ve listed below the main types of data we specifically collect. 

We collect data about our primary contacts. This includes full name, job title, organisation postal address, organisation email address and organisation telephone number. We also collect this data from those who have access to member-only areas of our website. 

We keep records of correspondence with members relating to the membership services we provide or any specific queries. 

We hold data about those attending our training courses and conferences. This will also include the same details as above, but in addition we record which training courses were attended and by whom. We also collect information about disability access and dietary requirements if this has been specifically given to us to use as part of administering the training course. 

We hold details of the calls received to our member’s advice line including the caller’s name and organisation. We also record the content of the call including the advice that was given. For our non-members advice line we do not record the caller’s name and organisation unless specifically requested to do so. 

We hold the work email addresses of subscribers to our member’s e-newsletter. For the student’s e-newsletter, we hold personal email addresses. 

We keep details of your visit to the website (for example, cookies). 


How we collect this information about you

Last updated January 17, 2025

Information you give us 

We collect information that you provide to us regarding: 

  • The application and/or renewal of your annual membership subscriptions 

  • Training bookings 

  • Registration and attendance at our conference 

  • Advice line calls 

  • Subscription to our e-newsletter 

  • Grant funding applications 

  • Participation in studies or research initiated by us 

  • Any query that you send to us 

  • Our use of cookies and your acceptance of this 

We do not receive or hold any personal information relating to our members, or other users of our services, from other sources. 


How we use your information

Last updated January 17, 2025

We will process your personal information in accordance with our obligations under applicable data protection laws and regulations, for the following reasons: 

  • to provide you with services as part of your membership (such as being able to use the advice line and member-only content on our website) 

  • to provide you with the training services that you have requested (and provide appropriate catering) as well as inform you about any planned training events 

  • to provide you with the information that you have asked for (such as the e-newsletter) 

  • for internal administrative purposes (such as payment of fees) 

  • to comply with applicable laws and regulations in relation to requests from statutory agencies (such as the Information Commisioner’s Office, police, HMRC, etc) 

  • to notify you about changes to our services and/or member benefits 

  • to respond to any specific questions or administer any specific area of activity that you have consented to (such as grant funding applications, survey results) 

We do not: 

  • analyse your personal information as part of any profiling 

  • use any kind of automated decision-making 

  • make use of any other additional external information about our users, either obtained directly or via third parties 

  • pass this personal data onto any third party unless it is necessary to carry out the service you have requested (for example, our annual conference) 

  • use any personal data collected for a different purpose as to those indicated above 


How long we keep your data for

Last updated January 17, 2025

We will only keep your information for as long as we need it to provide you with the services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need this information we will dispose of it securely. 


Where we store your personal data

Last updated January 17, 2025

The data that we collect about you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by persons operating outside the EEA. If we do send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information. By submitting your details you agree to this transfer. 

All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. (SSL stands for ‘Secure Sockets Layer. SSL create encrypted connections) 

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. 


Who has access to your information

Last updated January 17, 2025

We allow our staff or those representing UKCISA to access and use your information for the purposes for which you have provided it to us (such as administering the services you have subscribed to). Any third party agencies engaged by us to carry out our services are carefully selected and required to demonstrate compliance to General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA). 

We will only share your sensitive information with third parties where it is directly relevant to the services you have requested. We would expect your data to be treated with the same level of care as if we were handling it directly. 

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property or safety of UKCISA or others. 


Your rights

Last updated January 17, 2025

We understand that privacy and data are sensitive and important. You have a number of rights in relation to your data and these are; 

  • The right to be informed 

    • this privacy policy details how and why we collect, store and use your personal data 

  • The right of access 

    • You have the right to access the data and information we hold about you. Please see below for details on how to request this information 

  • The right to rectification 

    • We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by contacting us using the contact details below 

  • The right to erasure 

    • You can request that we delete the information we hold on you. If this is because you no longer want to hear from us then we will keep some basic contact information to ensure we don’t contact you again in the future. If we completely erase your records then we wouldn’t be able to ensure we don’t contact you again in the future. 

  • The right to restrict processing 

    • You can let us know how you want us to use your data and this is one of the reasons we operate an opt-in communication model so you can choose how and what we contact you about 

  • The right to data portability 

    • You have the right to request your data be provided in an easy to use format to another supplier 

  • The right to object 

    • You can opt out of hearing from us at any point by contacting us using the details below 

  • Rights in relation to automated decision making and profiling. 

You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information (this is know as a subject access request). You can request this byour contact us form here  or by writing to us at: 

Data Request, UKCISA, Woburn House, 20-24 Tavistock Square, London, WC1H 9HQ 

If you are unhappy with the way in which your personal data has been handled you are entitled to make a complaint to the Information Commissioner’s Office. 


Sign up to our free email newsletter

Stay in touch with UKCISA and get all of our updates before anyone else.