Welcome to our new website! Find out what's new and access your member benefits here.
Privacy policy
We take your right to privacy very seriously and respect any personal information you share with us and endeavour to keep it safe, whatever your relationship is with us. This privacy policy is intended to give you an understanding of how and why we use the information that you give us.
We will never sell or share your data with someone else for them to use for their own purposes.
We keep this policy under review and any updated changes will be published here. This policy was last updated on 15 January 2025.
Last updated on January 17, 2025
Who we are
Last updated January 17, 2025
UKCISA is a company registered in England and Wales with company number 4507287 and a charity registered in England and Wales with charity number 1095294, whose registered office is Woburn House, 20-24 Tavistock Square, London, WC1H 9HQ.
When you join us, use our website and social media channels or provide us with your information you are consenting to this privacy policy and the ways in which we use your information as outlined in this policy. If you do not agree with this policy, then please do not provide us with your information or continue using our sites and social media channels.
What is personal data?
Last updated January 17, 2025
Personal data is defined as “any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
UKCISA is a membership organisation and, therefore, the majority of the personal data we hold has been specifically provided to us by representatives of our member institutions or by students who subscribe to our newsletter or attend our events.
The definition of personal data is quite broad so we’ve listed below the main types of data we specifically collect.
How we collect this information about you
Last updated January 17, 2025
Information you give us
We collect information that you provide to us regarding:
-
The application and/or renewal of your annual membership subscriptions
-
Training bookings
-
Registration and attendance at our conference
-
Advice line calls
-
Subscription to our e-newsletter
-
Grant funding applications
-
Participation in studies or research initiated by us
-
Any query that you send to us
-
Our use of cookies and your acceptance of this
We do not receive or hold any personal information relating to our members, or other users of our services, from other sources.
How we use your information
Last updated January 17, 2025
We will process your personal information in accordance with our obligations under applicable data protection laws and regulations, for the following reasons:
-
to provide you with services as part of your membership (such as being able to use the advice line and member-only content on our website)
-
to provide you with the training services that you have requested (and provide appropriate catering) as well as inform you about any planned training events
-
to provide you with the information that you have asked for (such as the e-newsletter)
-
for internal administrative purposes (such as payment of fees)
-
to comply with applicable laws and regulations in relation to requests from statutory agencies (such as the Information Commisioner’s Office, police, HMRC, etc)
-
to notify you about changes to our services and/or member benefits
-
to respond to any specific questions or administer any specific area of activity that you have consented to (such as grant funding applications, survey results)
We do not:
-
analyse your personal information as part of any profiling
-
use any kind of automated decision-making
-
make use of any other additional external information about our users, either obtained directly or via third parties
-
pass this personal data onto any third party unless it is necessary to carry out the service you have requested (for example, our annual conference)
-
use any personal data collected for a different purpose as to those indicated above
Your consent
Last updated January 17, 2025
Whilst we will seek consent at the point of collecting your data, in some cases we may process data without consent when we are legally allowed to do so and where it is in our legitimate interests. This is provided we respect your rights.
You can withdraw your consent at any time. If at any time you do not wish to receive further information about us and our services, or you wish to change your contact details or preferences, contact us via our contact us form.
If you request to receive no further contact from us, we will keep some basic contact information in order to avoid sending you unwanted materials in the future, and to ensure that we do not accidentally store details for the same person multiple times.
How long we keep your data for
Last updated January 17, 2025
We will only keep your information for as long as we need it to provide you with the services or information you have required, to administer your relationship with us, to comply with the law, or to ensure we do not communicate with people that have asked us not to. When we no longer need this information we will dispose of it securely.
Where we store your personal data
Last updated January 17, 2025
The data that we collect about you may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"). It may also be processed by persons operating outside the EEA. If we do send your personal data outside the EEA we will take reasonable steps to ensure that the recipient implements appropriate measures to protect your information. By submitting your details you agree to this transfer.
All information you provide to us is stored on our secure servers. Any payment transactions will be encrypted using SSL technology. (SSL stands for ‘Secure Sockets Layer. SSL create encrypted connections)
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
Who has access to your information
Last updated January 17, 2025
We allow our staff or those representing UKCISA to access and use your information for the purposes for which you have provided it to us (such as administering the services you have subscribed to). Any third party agencies engaged by us to carry out our services are carefully selected and required to demonstrate compliance to General Data Protection Regulation (GDPR) and the UK Data Protection Act (DPA).
We will only share your sensitive information with third parties where it is directly relevant to the services you have requested. We would expect your data to be treated with the same level of care as if we were handling it directly.
We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply any agreements, or to protect the rights, property or safety of UKCISA or others.
Your rights
Last updated January 17, 2025
We understand that privacy and data are sensitive and important. You have a number of rights in relation to your data and these are;
-
The right to be informed
-
-
this privacy policy details how and why we collect, store and use your personal data
-
-
The right of access
-
-
You have the right to access the data and information we hold about you. Please see below for details on how to request this information
-
-
The right to rectification
-
-
We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate by contacting us using the contact details below
-
-
The right to erasure
-
-
You can request that we delete the information we hold on you. If this is because you no longer want to hear from us then we will keep some basic contact information to ensure we don’t contact you again in the future. If we completely erase your records then we wouldn’t be able to ensure we don’t contact you again in the future.
-
-
The right to restrict processing
-
-
You can let us know how you want us to use your data and this is one of the reasons we operate an opt-in communication model so you can choose how and what we contact you about
-
-
The right to data portability
-
-
You have the right to request your data be provided in an easy to use format to another supplier
-
-
The right to object
-
-
You can opt out of hearing from us at any point by contacting us using the details below
-
-
Rights in relation to automated decision making and profiling.
You have a right to access the personal information we hold about you and in certain circumstances to be provided with a copy of that information (this is know as a subject access request). You can request this byour contact us form here or by writing to us at:
Data Request, UKCISA, Woburn House, 20-24 Tavistock Square, London, WC1H 9HQ
If you are unhappy with the way in which your personal data has been handled you are entitled to make a complaint to the Information Commissioner’s Office.
Sign up to our free email newsletter
Stay in touch with UKCISA and get all of our updates before anyone else.