Privacy


The Security Institute Privacy Policy

Dated 26 May 2023

The Security Institute promises to respect and look after all personal data you share with us, or that we get from other organisations. We will always keep it safe. We aim to be clear when we collect your data about what we’ll use it for, and not to do anything you wouldn’t reasonably expect. We will never sell your personal data to other organisations and will only ever share it in appropriate, legal or exceptional circumstances. See section 4 to find out more.

Developing a better understanding of our supporters/ members through their personal data means we can make better decisions, organise CPD events more efficiently and ultimately, helps us to reach our goal of promoting professionalism amongst our membership and the wider security industry.

We are moving to an ‘opt-in only’ communication policy. This means that we will only send communications to you if you have explicitly stated that you want us to. We will also ask you what you are interested in and how you want us to contact you.

Our marketing communications include information about our services, campaigns, volunteering opportunities and events. If you would like to receive this information but have not yet opted in, please contact us on  02476 346464 or email at info@security-institute.org.

1. Where we collect information about you from

We collect information in the following ways:

  • When you give it to us DIRECTLY

You may give us your information in order to sign up for one of our events, right editorial for our newsletter, buy our merchandise or volunteer with us. Sometimes when you engage with us, your information is collected by an organisation working for us (eg a sponsorship consultant or charity), but we remain responsible for your data at all times.

  • When you give it to us INDIRECTLY

Your information may be shared with us by independent event organisers or learning providers, for example University or training student memberships, or trade shows such as SCTX, IFSEC or UK Security Expo. These independent third parties will only do this if you have indicated that you are happy for them to do so. You should check their Privacy Policy when you provide your information, to understand in full how they will process your data.

  • When you give permission to OTHER ORGANISATIONS to share it

You may have provided permission for a company or other organisation to share your data with third parties. This could be when you purchased a ticket for an event or course with one of our partner organisations.

Dependant on your settings or the privacy policies for social media and messaging services that we use, such as Facebook, Twitter, Instagram or Linked In, you might give us permission to access information from those accounts or services.

The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them.

  • When it is PUBLICLY AVAILABLE

This may include information found in places such as Companies house and information that has been published in articles either printed or online.

We may combine information you provide to us with information available from external sources in order to gain a better understanding of our members or to improve our membership benefits.

  • When we collect it as you use our WEBSITE OR APPS

Like most websites, we use “cookies” to help us make our website and the way you use it better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier- eg by automatically filling your name and address into text fields.

As well as this, cookies can tell us the type of device you are using to access our website or apps and the settings on that device may provide us with information including what type of device it is, what operating system you are using, what your device settings are and why a crash has happened. This information helps us understand how people are using our website and shows us how to make it better.

Your device manufacturer or operating system provider will have more details about what information your device makes available to us.

2. What personal data we collect

The type and quantity of information we collect depends on why you are providing it. If you are a member, for example, when you log into web services, purchase event tickets or request mentoring partnerships, we will usually collect:

  • Your name
  • Your contact details

Where it is appropriate, we may collect:

  • Information about the service you are requesting
  • Your payment details
  • Your employment details
  • Your qualifications details
  • Your vetting status

We will only ever ask for information that is needed to host an event, provide pertinent information bulletins or administer the membership service you have requested.

When applying for membership, a detailed list of your personal data will be collected. This is necessary to ensure that all candidates for membership can be screened (BS7858), reference checks conducted and evidence gathered prior to submission to the Validation Board. The Security Institute must protect the members and information from persons who may wish to gain admittance for criminal purposes. Information that we require to validate a candidate are requested in the online application form and include:

  • Gender
  • Full name
  • Date of Birth
  • Payment method ( DD or annual payment)
  • Qualifications
  • Employer and address
  • Job title
  • Home address
  • Preferred contact details ( email and telephone)
  • Validation Board score and Membership grade offered, will be added.

3. How we use the personal data we collect

What we use your information for, depends on the reason you are providing it. We will mainly use your data to:

  • Provide you with the membership services you have requested

We provide membership services in order to support your desire to professionally develop and grow in capability. The services vary from mentoring, personal development and qualifications to networking, camaraderie and simply awareness of the security industry as an affiliate.

The information we collect in order to provide these services may be sensitive relating to employment or skill sets that you do not wish to be known, even amongst the membership. Access to this data will always be limited to appropriate individuals with a legitimate interest in supporting your membership aims and where appropriate, only with your consent.

If you enter your details into one of our online forms, but you do not send or submit the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our website.

  • Make sure we know how you prefer to be contacted

We record communication preferences so that we only contact you in the ways you wish to hear from us. We don’t want to waste your time, or send global communications that you do not value. Threat and awareness Cross Sector Security Communications are sent to all members unless specified otherwise. We consider membership of the Security Institute as constituting legitimate interest in such important information. If, however, you already receive these communications from other sources, tell us and we will remove you from the distribution list.

  • Direct Marketing

We will only ever contact you with direct marketing about our work, events and campaigns with your explicit consent. We make it easy for you to tell us how you wish us to communicate, in your personal profile within the membership area of the website.

We do not sell or share personal details to third parties for the purposes of marketing. Occasionally, we may include information in our communications from partner organisations or organisations who support our aims.

If you change your mind at any time, and no longer wish to hear from us, just let us know when you provide your data, contact us on 02476 346464 or email info@security-institute.org.

  • Keep a record of your relationship with us

It is important for us to keep clear records on your interaction with the Institute and the ways you have supported us during your membership. This helps us see the bigger picture and ensures your membership experience is the best it can be.

We may also collect and retain your information is you provide feedback about our services, give a compliment or make a complaint.

  • Understand how we can improve our membership service, Information and events

We believe it is important to make sure our membership benefits, professional development opportunities and networking initiatives are the best they can be. That is why we evaluate them. Once you have used your membership benefits, we may get in touch to get your views on your experience. There is no obligation to take part, but it really helps to highlight ways we can make things better in the future.

  • Understand our members and work more effectively

We use profiling and screening techniques to make sure communications are relevant and timely, to provide an improved experience for our members. Profiling allows us to target different security sectors of interest, geographical regions for events and membership groups who would value collaborating. We wish to provide events and information that is tailored, where possible, to the member.

When building a profile we may analyse geographic, demographic and other membership information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications including events, employment opportunities and engagement opportunities (such as presenting) with us, based on your skills and expertise.

We do this because it allows us to understand the background and specialist skills of the membership and helps us to find volunteers and future event hosts within the membership.

  • To share you story or experience

Some members choose to tell us about their experiences or employment field for the benefit of the wider membership. This might include information about past operations, advisory notes or failures, together with photos and/or video. We will always ensure we have explicit and informed consent from the individuals. We will always keep this information safe and secure. This information may be shared at events, in promotional materials (newsletter/e-News) or professional development workshops.

4. Sharing your data

We do not share or sell personal details with third parties for the purposes of marketing.

We will only share your details with third party organisations when its necessary to;

  • Provide you with the services you have asked for – we will make sure you are happy for us to do this before anything happens and wil explain who we are sharing the data with e.g. mentors, government agencies, recruiters, etc.
  • Administer your participation in an event or CPD activity.
  • Comply with health and safety regulation.

If we ever need to share data for these purposes, we will always take the utmost care, ensuring only essential data is transferred and that it is done so safely and securely.

Exceptional circumstances

The Security Institute may be required to share your details in exceptional circumstances. For example, to comply with a professional code of conduct, where required by the Police, regulatory bodies, or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

5. How we keep your data safe and who has access

We ensure there are appropriate measures and controls in place to protect your personal details, e.g. our online forms are always encrypted and our network is protected and routinely monitored. We undertake regular reviews of who has access to information that we hold, to make sure that your information is only accessible to appropriately trained staff and partners.

Before we use any external companies to collect or process personal data on our behalf, we will complete comprehensive checks. We will always put a contract in place that sets out our expectations and requirements, especially how they manage the personal data they have collected or have access to.

Suppliers who run their operations outside the European Economic Area (EEA) are not subject to the same data protection laws as companies based in the UK. However, if we ever choose to use a supplier based outside the EEA, we will make sure that they provide an adequate level of protection in accordance with UK data protection law.

When required, we may need to disclose your details to the Police, regulatory bodies or legal advisors.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

6. Keeping your information up to date

We try and keep our records up to date so that we can send you the most relevant information, using the correct contact details. You have the capability to update your own information on your profile page within the members area of our website. You may input as much or as little information as you deem appropriate, outside the essentials we require in order to communicate with you. If you change employment, please update your contact details as soon as its practical.

Where possible we use other members or publicly available online resources (LinkedIn, Twitter or past employers) to trace your new contact details if we lose contact with you. This is to ensure that your intention was to leave the membership and not an administrative oversight. If you do wish to leave the membership, please inform us and your personal details will be deleted from our database.

7. Your “right to know” what we know about you, make changes or ask us to stop using your data.

You have the right to ask us to stop processing your personal data and if its not necessary for the purposes of membership you provided it for, we will do so. Contact us on 02476 346464 or email info@security-institute.org if you have any concerns.

You have the right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.

If you want to access your information, send a description of the information you want to see and proof of your identity by post to the Data Controller, The Security Institute, Mira Technology Park, Technology Centre, NW05, Watling Street, Nuneaton, Warwickshire, CV10 0TU.

. We do not accept these requests by email. This is a security measure to ensure we do not provide your information to an unentitled person.

If you have any questions relating to this policy booklet, please email info@security-institute.org. For further information, see the Information Commissioner’s guidance at ( www.ico.org.uk).

8. Changes to the Policy

We review this policy annually and may update it from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on our website or by contacting you directly.

The Security Institute promises to respect and look after all personal data you share with us, or that we get from other organisations. We will always keep it safe. We aim to be clear when we collect your data about what we will use it for, and not to do anything you would not reasonably expect. We do not sell personal data to other organisations and will only ever share it in appropriate, legal. or exceptional circumstances (See section 4 for more detail).

By developing a better understanding of our supporters/ members through their personal data means we can make better decisions, organise CPD events more efficiently and ultimately, it assists The Security Institute to reach our goal of promoting a recognised, respected, and professional environment for our members, stakeholders, and the wider security industry.

We have moved to an ‘opt-in only’ communication policy; this means that we will only send communications to you if you have explicitly stated that you wish to receive information from The Security Institute. We will also ask you what you are interested in and how you want to be contacted.

Our marketing communications include information about our services, campaigns, volunteering opportunities and events. If you would like to receive this information but have not yet opted in (or out), please contact us on  02476 346464 or email info@security-institute.org.

  1. Where we collect information about you from

We collect information in the following ways:

  1. When you give it to us DIRECTLY
  • A member may provide their information in order to sign up for one of The Security Institute events, write editorial for our newsletter, buy merchandise or volunteer. Occasionally, when members engage with us, your information is collected by an organisation working for us (for example a sponsorship, consultant, or charity), but we remain responsible for your data at all times.
  1. When you give it to us INDIRECTLY
  • Members information may be shared with us by independent event organisers or learning providers, for example, a student membership via a University or training provider, a trade shows such as SCTX, IFSEC or UK Security Expo. These independent third parties will only do this if you have indicated that you are happy for them to do so. Members should check their Privacy Policy when you provide your information to fully understand how they will process your data.
  1. When you give permission to OTHER ORGANISATIONS to share it
  • You may have provided permission for a company or other organisation to share your data with third parties; this may be when you have purchased a ticket for an event or a training course with one of our partner organisations.
  • You may provide permission to access information from various accounts or services we use, for example; Facebook, Twitter, Instagram, or LinkedIn, dependant on your settings or the individual privacy policies for each service.
  • Information gained from other organisations may also depend on your privacy settings or the responses you give. It is your responsibility to check them regularly.
  1. When it is PUBLICLY AVAILABLE
  • Personal information can also be found in places such as Companies house or from information that has been published in articles available in print or online. Always check what will be shared.
  • We may combine information you provide to us with information available from external sources in order to gain a better understanding of our members or to improve our membership benefits.
  1. When we collect it as you use our WEBSITE OR APPS
  • Like most websites, we use “cookies”; this is to assist with your personal use and website performance. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier-for example, automatically filling your details. Again, check the options available.
  • As well as this, cookies can tell us the type of device you are using to access our website or apps. The settings on each device may provide information that includes the type of device being used, the operating system and what device settings are in place and why a crash has happened; this information helps us understand how people are using our website and assists to make improvements.
  • Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
  1. What personal data we collect

The type and quantity of information collected by The Security Institute depends on why you are providing it. If you are a member, for example, when you log into web services, purchase event tickets, or request a mentoring partnership, we will usually collect your –

  • Name
  • Contact details.

Where it is appropriate, we may collect details of the following –

  • Information about the service you are requesting.
  • Payment method.
  • Employment.
  • Qualifications.
  • Vetting status.

We will only ever ask for information that is needed to host an event, provide pertinent information bulletins, or administer the membership service you have requested.

When applying for membership, a detailed list of your personal data will be collected. This is necessary to ensure that all candidates for membership can be screened (BS7858), reference checks conducted, and evidence gathered prior to submission to the Validation Board. The Security Institute must protect the members and information from persons who may wish to gain admittance for criminal purposes. Information that we require to validate a candidate are requested in the online application form and include:

  • Gender.
  • Full name.
  • Date of Birth.
  • Payment method (DD or annual payment).
  • Qualifications.
  • Employer and address.
  • Job title.
  • Home address.
  • Preferred contact details (email and telephone).
  • Validation Board score and Membership grade offered, will be added.

 

  1. How we use the personal data we collect

What we use your information for, depends on the reason you are providing it. We will mainly use your data to –

  1. Provide you with the membership services you have requested.

We provide membership services in order to support your desire to professionally develop and grow in capability. The services vary from mentoring, personal development and qualifications to networking, camaraderie and simply awareness of the security industry as an affiliate.

The information we collect in order to provide these services may be sensitive relating to employment or skill sets that you do not wish to be known, even amongst the membership. Access to this data will always be limited to appropriate individuals with a legitimate interest in supporting your membership aims and where appropriate, only with your consent.

If you enter your details into one of our online forms, but you do not send or submit the form, we may contact you to see if we can help with any problems, you may be experiencing with the form or our website.

  1. Make sure we know how you prefer to be contacted.

The Security Institute will record communication preferences so that you will be only contact by the methods a member has chosen. We do not want to waste time or send global communications that a member will not benefit from. For example, members can opt out of receiving the threat and awareness Cross Sector Security Communications which are sent out to the membership on a regular basis. If, however, you already receive these communications from other sources, tell us and we will remove you from the distribution list.

  1. Direct Marketing

We will only ever contact you with direct marketing about our work, events and campaigns with your explicit consent. We make it easy for you to tell us how you wish us to communicate, in your personal profile within the membership area of the website.

We do not sell or share personal details to third parties for the purposes of marketing. Occasionally, we may include information in our communications from partner organisations or organisations who support our aims.

If you change your mind at any time, and no longer wish to hear from us, just let us know when you provide your data, contact us on 02476 346464 or email info@security-institute.org

  1. Keep a record of your relationship with us.

It is important for The Security Institute to maintain clear records on a members’ interaction with the Institute and the ways in which a member has supported  the Institute their membership; this helps us see the bigger picture and ensures the membership experience is the best it can be.

Information may also be collected and retained should a member provide feedback about our services, give a compliment, or make a complaint.

  1. Understand how we can improve our membership service, Information, and events.

The Security Institute also believes it is important to ensure membership benefits, professional development opportunities and networking initiatives are the best they can be. That is why we evaluate them. Once a member benefit has been used,  we may get in touch about your experience. There is no obligation to take part, but it really helps to highlight ways we can make things better in the future.

  1. Understand our members and work more effectively.

We use profiling and screening techniques to make sure communications are relevant and timely, to provide an improved experience for our members. Profiling allows The Security Institute to target different security sectors of interest, geographical regions for events and membership groups who would value collaborating. We wish to provide events and information that is tailored, where possible, to the member.

When building a profile, The Security Institute is likely to analyse geographic, demographic, and other membership information relating to a particular member in order to better understand your interests and preferences in order to contact you with the most relevant communications including events, employment opportunities and engagement opportunities (such as presenting) with us, based on your skills and expertise.

We do this because it allows us to understand the background and specialist skills of the membership and helps us to find volunteers and future event hosts within the membership.

  1. To share a story or experience.

Some members choose to tell us about their experiences or employment field for the benefit of the wider membership; this may include information about past operations, advisory notes, or failures, together with photos and/or videos. We will always ensure we have explicit and informed consent from the individuals before sharing at an event, in promotional materials (newsletter/e-News) or a professional development workshop. The Security Institute will maintain the safety and security of such information.

  1. Sharing your data

The Security Institute does not share or sell personal details with third parties for the purposes of marketing, members details are only shared with a third-party organisation when its necessary to –

  • Provide each member with the services they have requested, and we will check you agree for us to do this before using such information will explain who the data will be shared, for example, mentors, government agencies, recruiters.
  • Administer and record participation in an event or CPD activity.
  • Comply with health and safety regulation.
  • If we ever need to share data for these purposes, we will always take the utmost care to ensure only essential data is transferred and that it is done so safely and securely.
    1. Exceptional circumstances.

The Security Institute may be required to share a members’ details in exceptional circumstances. For example, to comply with a professional code of conduct, where required by the Police, a regulatory body, or legal advisor.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

  1. How we keep your data safe and who has access
  • The Security Institute will ensure appropriate measures and controls in place to protect personal details, for example, online forms are always encrypted, and the network is protected and routinely monitored. Regular reviews of who has access to information being held to ensure information is only accessible to appropriately trained staff and partners.
  • Before an external company is used to collect or process personal data on our behalf, comprehensive checks take place and a contract put in place that sets out expectations and requirements, especially how they manage the personal data they have collected or have access to.
  • Suppliers who run their operations outside the European Economic Area (EEA) are not subject to the same data protection laws as companies based in the UK. However, if we ever choose to use a supplier based outside the EEA, we will make sure that they provide an adequate level of protection in accordance with GDPR and UK data protection law.
  • From time-to-time The Security Institute may be required disclose details to the Police, regulatory bodies, or legal advisors, but we will only ever share data in such circumstances if we have your explicit and informed consent.
  1. Keeping your information up to date
  • We try and keep our records up to date so that we can send you the most relevant information, using the correct contact details. You have the capability to update your own information on your profile page within the members area of our website. You may input as much or as little information as you deem appropriate, outside the essentials we require in order to communicate with you. If you change employment, please update your contact details as soon as its practical.
  • Where possible we use other members or publicly available online resources (LinkedIn, Twitter or past employers) to trace your new contact details if we lose contact with you. This is to ensure that your intention was to leave the membership and not an administrative oversight. If you do wish to leave the membership, please inform us and your personal details will be deleted from our database.
  1. Your “right to know” what we know about you, make changes, or ask us to stop using your data.
  • Any member has the right to ask The Security Institute to stop processing their personal data and if it is not necessary for the purposes of membership, we will do so.
  • Please contact 02476 346464 or email info@security-Institute.orgif you have any concerns.
  • Members also have the right to ask for a copy of the information we hold about them, and if there are any discrepancies in the information provided, please let do contact the Institute with the correct details/information.

Should you want to access personal information, please send via post a description of the information requested and proof of your identity; membership number and proof of address.

 

FTAO:

 

Compliance Officer

The Security Institute

Mira Technology Park, Technology Centre NW05

Watling Street

Nuneaton

Warwickshire

CV10 0TU

 

 

Please Note: The Security Institute does not accept these requests by email; this is a security measure to ensure we do not share information with an unauthorised person.

  1. Changes to the Policy

The Privacy Policy is reviewed regularly in accordance with ISO9001:2015 and updated when appropriate. Should the Security Institute  make any significant changes in the personal information/data is treated or used, this will be made clear on the website or by contacting members directly.

Additional Questions?

If a member has any questions relating to this policy, please email; infor@security-institute.org

Alternatively, for additional information, please the Information Commissioner Office website; www.ico.org.uk.

Our email newsletter

Subscribe


Site maintenance in progress, please contact us to subscribe to our newsletter.

Enquire now

The first step in our joining process is to submit your CV. This will be read to determine the appropriate joining route and you will then be sent an email with a link to the relevant application form.

  • Please upload your CV here