The personal information we collect about you
What we do with your information
1. WHO WE ARE
ICDP ('we' or 'us') is a 'Data Controller' registered with the Information Commissioner’s Office (Z352754X) for the purposes of the Data Protection Act 2008 (i.e. we are responsible for, and control the processing of, your personal information). The majority of processing is conducted at the following two offices:
ICDP, Central Boulevard, Blythe Valley Business Park, Solihull B90 8AG, UK
ICDP, The Squaire West 12, Am Flughafen, 60549 Frankfurt am Main, Germany
2. WHAT INFORMATION DO WE COLLECT?
2.1 Personal information provided by you
As a business and employer membership organisation, we may collect the following personal information about you when appropriate, including: when you register with us, become a Member or Subscriber, or express an interest in one of our additional trading activities:
Company name and address
Employee contact information i.e. email addresses, direct telephone numbers
Social media account details
Business information (including number of employees, types of business activities, turnover, site information etc)
Photographs of businesses or individuals, for use on social media accounts, taken during scheduled audits/inspections
From business cards provided to us for yourself or others within your business
Photographs/videos of individuals/groups attending ICDP events, workshops etc – in such scenarios, attendees will be made aware of a photographer’s presence. Any photographs or film taken will not be used out of context and will only be used for reporting that event and/or promoting similar future events. (Any individual has the right to request they not be included in any photographs or filming and/or that any such photographs/film taken of them not be used)
2.2 We also collect personal information when you:
Contact us by telephone, through email or other written communication, submit an enquiry via ICDP
Send us feedback
Complete surveys or market research
When you consent to provide comment to be included in ICDP press releases
2.3 Personal information about other individuals
If you give us information on behalf of someone else (see examples under 2.1), you must confirm that the other person has appointed you to act on their behalf and they have agreed that you can:
Give consent on their behalf to the processing of their personal data
Receive on their behalf any data protection notices
Give consent to the transfer of their personal data abroad; and
Give consent to the processing of their sensitive personal data
You will need to be able to provide us with proof of this consent and instruction and the ICDP holds the right to ask you for this proof before performing the specific task.
2.4 Visitors to our websites
When someone visits www.icdp.net we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will tell you. We will make it clear when we collect personal information and will explain what we intend to do with it.
3. HOW WILL WE USE THIS INFORMATION ABOUT YOU?
We collect information about you so that we can:
Identify you and manage any accounts you hold with us
Process your enquiries
Provide advice and assistance through our legal, technical and other helplines
Conduct research and statistical analysis
Contact you by telephone to ensure you are aware of the services and benefits available to you thereby ensuring you receive value for your membership
Carry out Member/business profiling and analyse your membership service usage
Let you know about other products or services that may be of interest to you—see 'Communication’ section below
Detect and prevent fraud
Verify your identity and carry out business health and anti-fraud checks
Monitor your use of our Website and any response to communication campaigns
Information provided during telephone enquiries may be recorded, where appropriate, on our secure Member Database, to assist our provision of services to you
We do not carry out any processing operations that constitute automated decision making.
ICDP is a membership organisation created to represent the best interests of its members and to disseminate information. As an integral part of your membership, we will provide you with information by post, email and telephone to:
Keep you up to date on our research and activities through bulletins/newsletters and other e-mail and postal communications
Invite you to participate in surveys or other research specific to your sector
Invite you to relevant meetings and workshops
Contact you by telephone periodically to ensure you are receiving the most benefit from your membership
Ensure that you are kept up to date with the latest member services and benefits available to you
We consider our lawful basis for communication between ICDP and its Members, to be that of “Legitimate Interest” for GDPR/Data Protection purposes.
However, you can choose not to receive any of these types of communications – see Section 6 of this policy - with the exception of those required in order for us to fulfil our contractual obligations to you. Please bear in mind that should you choose to opt out of any communications, you may miss information and important news, and of course details of membership services which could be of significant benefit to your business.
We may, where appropriate, contact you with details of relevant, and association specific, supplier and business partner products – we will never pass your details to any third party for commercial or marketing purposes unless you have specifically requested that we do so. Similarly, we will only pass your details to a business partner/service provider at your specific request.
5. KEEPING YOUR DATA SECURED
We will use technical and organisational measures to safeguard your personal data, for example:
Access to website “Members Only” or other online Membership accounts is controlled by a password and user name that are unique to you or your business
We store your personal data on secure servers; and
Enforce strict and stringent policies and practices in relation to taking and processing card payments for Membership or Purchases in line with the PCI DSS (Payment Card Industry Data Security Standard)
While we will use all reasonable efforts to safeguard your personal data, you acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that are transferred from you or to you via the internet. If you have any particular concerns about your information, please contact us email@example.com
5.1 What can you do to keep your information safe?
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
6. WHAT RIGHTS DO YOU HAVE?
6.1 Right to request a copy of your information
You can request a copy of your information which we hold (this is known as a subject access request). If you would like a copy of some or all of this information, please:
Email, call or write to us (see ‘How can you contact us?’ – see section 10 below)
Click here to download the request form
Let us have appropriate proof of your identity and address (e.g. a copy of your driving licence or passport and a recent utility or credit card bill; or written authorisation on company letterhead etc), and
Let us know the information you want a copy of, including any account or reference numbers, if you have them
There is no charge for such requests, unless the request is deemed “manifestly unfounded or excessive, in particular because they are repetitive”, in which case we may charge a reasonable fee taking into account the administrative costs of providing the information, or may refuse to respond.
Subject access requests will be fulfilled within one calendar month of receiving the request, or receiving any additional information required to be able to fulfil the request. Should there be any legitimate or permissible delay (under the General Data Protection Regulation), you will be notified and kept informed of expected timeframes for delivery.
The information will be provided in a format appropriate to the request and the data held, i.e. electronically or hard copy.
6.2 Right to correct any mistakes in your information
You can require us to correct any mistakes in your information which we hold, free of charge. This will be completed within one calendar month. If you would like to do this, please:
Email, call or write to us (see ‘How can you contact us?’ – see section 7 below)
Let us have enough information to identify you (e.g. account number, user name, registration details), and
Let us know the information that is incorrect and what it should be replaced with
6.3 Right to ask us to stop contacting you
You can ask us to stop including you in Member or other communications. However, this would not apply where the communication is required for contractual purposes e.g. annual membership renewals.
If you would like to opt out of any Member communications, please:
Email, call or write to us (see ‘How can you contact us?’ – see section 7 below). It may take up to 10 working days for this to take place
Let us have appropriate proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill or written authorisation on company letterhead; etc), and
Let us know what method of contact you are not happy with if you are unhappy with only certain ways of contacting you (for example, you may be happy for us to contact you by email but not by telephone)
6.4 Right to be forgotten (the Right to Erasure)
Individuals have a right to have personal data erased and to prevent processing in specific circumstances.
The right to erasure does not provide an absolute “right to be forgotten”.
7. HOW TO CONTACT US
If you wish to contact us, please send an email to firstname.lastname@example.org or write to the Data Protection Manager, ICDP, Central Boulevard, Blythe Valley Business Park, Solihull B90 8AG, or call on 01564711224
9. DO YOU NEED EXTRA HELP?
If you would like this policy in another format (for example: audio, large print, braille) please contact us (see ‘How can you contact us?’ above).