Dated 7 Jan 2018
The Security Institute promises to respect and look after all personal data you share with us, or that we get from other organisations. We will always keep it safe. We aim to be clear when we collect your data about what we’ll use it for, and not to do anything you wouldn’t reasonably expect. We will never sell your personal data to other organisations and will only ever share it in appropriate, legal or exceptional circumstances. See section 4 to find out more.
Developing a better understanding of our supporters/ members through their personal data means we can make better decisions, organise CPD events more efficiently and ultimately, helps us to reach our goal of promoting professionalism amongst our membership and the wider security industry.
We are moving to an ‘opt-in only’ communication policy. This means that we will only send communications to you if you have explicitly stated that you want us to. We will also ask you what you are interested in and how you want us to contact you.
Our marketing communications include information about our services, campaigns, volunteering opportunities and events. If you would like to receive this information but have not yet opted in, please contact us on 02476 346464 or email at firstname.lastname@example.org.
1. Where we collect information about you from
We collect information in the following ways:
You may give us your information in order to sign up for one of our events, right editorial for our newsletter, buy our merchandise or volunteer with us. Sometimes when you engage with us, your information is collected by an organisation working for us (eg a sponsorship consultant or charity), but we remain responsible for your data at all times.
You may have provided permission for a company or other organisation to share your data with third parties. This could be when you purchased a ticket for an event or course with one of our partner organisations.
Dependant on your settings or the privacy policies for social media and messaging services that we use, such as Facebook, Twitter, Instagram or Linked In, you might give us permission to access information from those accounts or services.
The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them.
This may include information found in places such as Companies house and information that has been published in articles either printed or online.
We may combine information you provide to us with information available from external sources in order to gain a better understanding of our members or to improve our membership benefits.
Like most websites, we use “cookies” to help us make our website and the way you use it better. Cookies mean that a website will remember you. They are small text files that sites transfer to your computer (or phone or tablet). They make interacting with a website faster and easier- eg by automatically filling your name and address into text fields.
As well as this, cookies can tell us the type of device you are using to access our website or apps and the settings on that device may provide us with information including what type of device it is, what operating system you are using, what your device settings are and why a crash has happened. This information helps us understand how people are using our website and shows us how to make it better.
Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
2. What personal data we collect
The type and quantity of information we collect depends on why you are providing it. If you are a member, for example, when you log into web services, purchase event tickets or request mentoring partnerships, we will usually collect:
Where it is appropriate, we may collect:
We will only ever ask for information that is needed to host an event, provide pertinent information bulletins or administer the membership service you have requested.
When applying for membership, a detailed list of your personal data will be collected. This is necessary to ensure that all candidates for membership can be screened (BS7858), reference checks conducted and evidence gathered prior to submission to the Validation Board. The Security Institute must protect the members and information from persons who may wish to gain admittance for criminal purposes. Information that we require to validate a candidate are requested in the online application form and include:
3. How we use the personal data we collect
What we use your information for, depends on the reason you are providing it. We will mainly use your data to:
We provide membership services in order to support your desire to professionally develop and grow in capability. The services vary from mentoring, personal development and qualifications to networking, camaraderie and simply awareness of the security industry as an affiliate.
The information we collect in order to provide these services may be sensitive relating to employment or skill sets that you do not wish to be known, even amongst the membership. Access to this data will always be limited to appropriate individuals with a legitimate interest in supporting your membership aims and where appropriate, only with your consent.
If you enter your details into one of our online forms, but you do not send or submit the form, we may contact you to see if we can help with any problems you may be experiencing with the form or our website.
We record communication preferences so that we only contact you in the ways you wish to hear from us. We don’t want to waste your time, or send global communications that you do not value. Threat and awareness Cross Sector Security Communications are sent to all members unless specified otherwise. We consider membership of the Security Institute as constituting legitimate interest in such important information. If, however, you already receive these communications from other sources, tell us and we will remove you from the distribution list.
We will only ever contact you with direct marketing about our work, events and campaigns with your explicit consent. We make it easy for you to tell us how you wish us to communicate, in your personal profile within the membership area of the website.
We do not sell or share personal details to third parties for the purposes of marketing. Occasionally, we may include information in our communications from partner organisations or organisations who support our aims.
If you change your mind at any time, and no longer wish to hear from us, just let us know when you provide your data, contact us on 02476 346464 or email email@example.com.
It is important for us to keep clear records on your interaction with the Institute and the ways you have supported us during your membership. This helps us see the bigger picture and ensures your membership experience is the best it can be.
We may also collect and retain your information is you provide feedback about our services, give a compliment or make a complaint.
We believe it is important to make sure our membership benefits, professional development opportunities and networking initiatives are the best they can be. That is why we evaluate them. Once you have used your membership benefits, we may get in touch to get your views on your experience. There is no obligation to take part, but it really helps to highlight ways we can make things better in the future.
We use profiling and screening techniques to make sure communications are relevant and timely, to provide an improved experience for our members. Profiling allows us to target different security sectors of interest, geographical regions for events and membership groups who would value collaborating. We wish to provide events and information that is tailored, where possible, to the member.
When building a profile we may analyse geographic, demographic and other membership information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications including events, employment opportunities and engagement opportunities (such as presenting) with us, based on your skills and expertise.
We do this because it allows us to understand the background and specialist skills of the membership and helps us to find volunteers and future event hosts within the membership.
Some members choose to tell us about their experiences or employment field for the benefit of the wider membership. This might include information about past operations, advisory notes or failures, together with photos and/or video. We will always ensure we have explicit and informed consent from the individuals. We will always keep this information safe and secure. This information may be shared at events, in promotional materials (newsletter/e-News) or professional development workshops.
4. Sharing your data
We do not share or sell personal details with third parties for the purposes of marketing.
We will only share your details with third party organisations when its necessary to;
If we ever need to share data for these purposes, we will always take the utmost care, ensuring only essential data is transferred and that it is done so safely and securely.
The Security Institute may be required to share your details in exceptional circumstances. For example, to comply with a professional code of conduct, where required by the Police, regulatory bodies, or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
5. How we keep your data safe and who has access
We ensure there are appropriate measures and controls in place to protect your personal details, e.g. our online forms are always encrypted and our network is protected and routinely monitored. We undertake regular reviews of who has access to information that we hold, to make sure that your information is only accessible to appropriately trained staff and partners.
Before we use any external companies to collect or process personal data on our behalf, we will complete comprehensive checks. We will always put a contract in place that sets out our expectations and requirements, especially how they manage the personal data they have collected or have access to.
Suppliers who run their operations outside the European Economic Area (EEA) are not subject to the same data protection laws as companies based in the UK. However, if we ever choose to use a supplier based outside the EEA, we will make sure that they provide an adequate level of protection in accordance with UK data protection law.
When required, we may need to disclose your details to the Police, regulatory bodies or legal advisors.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
6. Keeping your information up to date
We try and keep our records up to date so that we can send you the most relevant information, using the correct contact details. You have the capability to update your own information on your profile page within the members area of our website. You may input as much or as little information as you deem appropriate, outside the essentials we require in order to communicate with you. If you change employment, please update your contact details as soon as its practical.
Where possible we use other members or publicly available online resources (LinkedIn, Twitter or past employers) to trace your new contact details if we lose contact with you. This is to ensure that your intention was to leave the membership and not an administrative oversight. If you do wish to leave the membership, please inform us and your personal details will be deleted from our database.
7. Your “right to know” what we know about you, make changes or ask us to stop using your data.
You have the right to ask us to stop processing your personal data and if its not necessary for the purposes of membership you provided it for, we will do so. Contact us on 02476 346464 or email firstname.lastname@example.org if you have any concerns.
You have the right to ask for a copy of the information we hold about you. If there are any discrepancies in the information we provide, please let us know and we will correct them.
If you want to access your information, send a description of the information you want to see and proof of your identity by post to the Data Controller, The Security Institute, 1 The Courtyard, Caldecote, Warwickshire, CV10 0AS. We do not accept these requests by email. This is a security measure to ensure we do not provide your information to an unentitled person.
8. Changes to the Policy
We review this policy annually and may update it from time to time. If we make any significant changes in the way we treat your personal information, we will make this clear on our website or by contacting you directly.