Privacy notice and cookie policy

Updated May 2018

Please read the CIPP/IPP Education Ltd (the Group) privacy notice carefully to understand how we use your personal data. The Group Privacy Notice defines the basis for processing any personal data you provide to us, or we collect from you when you use our website or make an enquiry with us.

CIPP, Goldfinger House, 245 Cranmore Boulevard, Shirley, Solihull, B90 4ZL

  • ICO CIPP reg. ZA355159
  • ICO IPP Education Ltd reg. Z6769713

This is how your personal information is used by the CIPP and IPP Education Ltd as a subsidiary of the Group.

If you have any questions, or want more details about how we use your personal information, you can call us on 0121 712 1000 or email us at info@cipp.org.uk.   

“The Chartered Institute of Payroll Professionals” is the registered controller for the purpose of the Data Protection Act and the GDPR. This privacy notice describes how we as the controller protect and use the information you give to us when you use this website and our services.

When you provide personal information to us it will only be used in the ways described in the privacy notice below.

A PDF version of this notice is also to download.

CIPP Privacy Notice - May 2018

 

Privacy notice

Protection of your data by law

Your privacy is protected by law. This section provides further details about this.

According to data protection laws, we are allowed to use personal information only if we have an acceptable reason to do so.

The law says we must have at least one or more of the following reasons:

  • To fulfil a contract we have with you, or
  • When it is our legal duty, or
  • When it is in our legitimate interest, or
  • When we have your consent to

When we have a business or commercial reason to use your information, this is classed as a legitimate interest, even then, it must be right and best for you and must not be used unfairly.

If the Group has a business or commercial reason to use your information, this is known as ‘legitimate interest’ and if we need to rely on legitimate interest as the reason for using your data, we will tell you what that is. In the event that we use your data under legitimate interest, we cannot unfairly go against your interests as a member.

Sensitive personal information

Sensitive information is a class of data that is treated by the law and the regulations to include racial / ethnic origin, sexual orientation, religious beliefs, trade union membership, health data and criminal records. We will only collect or use these types of data with your consent unless the law doesn’t allow us to do so. If we do need to collect your sensitive personal data, it will only be when it is necessary in the interest of:

  1. Substantial public interest
  2. A legal claim that will need to be established, exercised and defended.

Information we use

To ensure we are able to respond to our members and visitors, we will collect the following personal information, please note that this is not an exhaustive list:

  • Name
  • Contact information including email address
  • Information about your company and position
  • Website usage data
  • Other information relevant to enquiries
  • Transactional details
  • Employment and educational details
  • Information identifying computers/devices used to connect to the internet, including your Internet Protocol (IP) address
  • Details of access to online resources
  • Apprenticeship providers

Our commitment to your data

Our commitment to all our members and website visitors is:

  • To keep your data confidential andsecure
  • Not to sell your data

Below is a list of all the ways that we may use your personal information, and specific reasons we rely on to use this information.

Use of your peronal information Reason
  • To manage your membership with us
  • To develop new ways to understand our members’ requirements
  • To provide advice or guidance about our services
  • Your consent
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • To manage how we work with other companies that provide services to us and our members
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • To deliver our services
  • To make and manage members payments
  • To manage fees, charges and interest due on members accounts
  • To collect and recover money that is owed to us
  • Fulfilling contracts
  • Our legitimate interests
  • Our legal duty
  • To run our business in an efficient and proper way. This includes managing our financial position, business capability, planning, communications, corporate governance, and audit
  • Our legitimate interests.
  • Our legal duty
  • To exercise our rights set out in agreements or contracts
  • Fulfilling contracts
  • To communicate changes to legislation relating to payroll and pensions compliance
  • Our legitimate interests
  • Our legal duty
Your sensitive information Reason
  • Responding to institutional requirements
  • Showing whether we have assessed your course in the right way
  • Passing information to external examiners as needed to allow verification into whether we have acted in the right way
  • Legal claim
  • Special categories of information required to establish, exercise or defend legal claims
  • Consent
  • Letting you know when we need your consent to process special categories of personal data where necessary

Where personal information is collected from

We may collect personal information about you from these sources:

Data you give to us:

  • When you apply for our services
  • When you talk to us on the phone or at meetings
  • When you use our website
  • In emails and letters
  • In customer surveys

Data we collect for use of our services including:

  • Personal details
  • Financial details
  • Employment and education details
  • Goods or services provided

We may also process sensitive classes of information that may include:

  • Physical or mental health details
  • Racial or ethnic origin

Data from third parties we work with:

  • Other educational institutions
  • Apprenticeship providers

We have taken the time to identify the types of information we collect and have grouped it accordingly.

Personal data type Description
Contact Information about you and where you live
Transactional Payment and transactional history from your account
Contractual Agreements of services we provide to you
Technical Information from technical devices when connecting or using online services
Communication General communication and correspondence
Documents Passports, driving licenses, proof of address you have supplied to us
Consent Contact preferences you have expressed

Who we share your personal information with

We may be legally obligated to share your information with other organisations or government agencies in instances where we need to collect what you owe and explore new ways of doing business:

  • Current, past or prospective employers
  • Educators and examining bodies
  • Employers
  • Suppliers and services providers
  • Central government
  • Law enforcement and prosecuting authorities
  • Ombudsman and regulatory authorities
  • Courts and tribunals
  • Companies you ask us to share your data with

Data transfers out of the European Economic Area (EEA)

The Group does not transfer your personal information outside of the EEA. If we are ever required to send your personal information outside of the EEA it would be for the following reasons:

  • Comply with a legal duty
  • To help run your accounts and services

If you choose not to give personal information

Data collection that is optional will be clearly stated when collected. However, if you decide not to share required personal data with us, it may delay or stop us from meeting our obligations and this can also mean that we cannot perform services needed to run your accounts. We are required to collect certain personal information by law, and/or under the terms of a contract we have with you.  By not sharing the required data with us, it may lead to cancelling a service you have with us.

How long we keep your personal information

We will keep your personal information for as long as you are a member of the Group.

After you stop being a member, we may keep your data for up to eight years for one of these reasons:

  • To respond to any questions or complaints
  • To show that we treated you fairly
  • To maintain records according to rules that apply to us

We may keep your data for longer than eight years if we cannot delete it for legal, regulatory or technical reasons.

Marketing material you receive

The Group markets to our members to let you know about products, services and offers that we think you might be interested in. This is what we term as ‘marketing’.

We sometimes use your personal information to decide which of these products, services and offers may be of particular interest to you, also known as ‘profiling’ for marketing purposes. You have the right to contact us and ask us to stop using your data in this way at any time.

The Group will only market to you if we have your prior consent to do so, or if we believe there is a ‘legitimate interest’. Legitimate interest is when there is a business or commercial reason to use your information to market to you, however this must be fair to yourself.

If you are happy to be marketed to, we may send you marketing material through email or post. If you have a preference, please let us know.

You also have the right to stop collecting data while you are using our websites or mobile apps. Whatever you choose, you'll still receive important information such as changes to your existing products and services. From time to time we may ask you to confirm or update your choices, or if there are changes in the law, regulation, or the structure of our business. You can contact us at any time to update your choices.

Can I get a copy of the personal information you hold for me?

You can access the personal information we hold about you by writing to us at this address:

CIPP, Goldfinger House, 245 Cranmore Boulevard, Shirley, Solihull, B90 4ZL

If you have any enquires about your information, what we do with it or believe any of the details held are inaccurate please contact us. If you wish to complain about the way the Group has handled your information, please contact us using the above methods.

If you think your personal data is incorrect?

If you think we may have information about you that is incorrect or wrong, you have the right to question and raise this with us.

Please contact us if you want to do this and we will take reasonable steps to check its accuracy and correct it.

Your rights to stop us using your personal information?

We may need to keep your data for legal or official reasons but you can inform us if you think that we shouldn’t be using it. You can object to us using your data or to have it deleted and removed if you think there is no reason for us to have it. This is now recognised as the ‘right to object’, the ‘right to erasure’ or the ‘right to be forgotten’.

We can sometimes limit the use of your data and this will mean that your data will only be used for specific things like legal rights and legal reasons. In this case, we will not use or share your information in additional ways while it is restricted.

You have the right to ask for your personal data to be restricted if you think:

  • It is not correct
  • It you think it has been used unlawfully, but you do not want it deleted
  • It is no longer relevant, but you want us to keep it for a legal claim
  • You are waiting for us to confirm if we are allowed to keep on using it but you have already asked us to stop using your data

If you want us to stop using your personal data for any of the above cases, please contact us.

How you can withdraw your consent

You have the right to withdraw your consent at any time so please let us know if you wish to withdraw consent. It may not always be possible to provide certain services to you if you do this, however we can confirm this with you.

How to make a complaint

If you are unhappy or unsatisfied with why and how we have used your personal data, you can contact us by sending an email to complaints@cipp.org.uk or by writing to us at this address: The CIPP, Goldfinger House, 245 Cranmore Boulevard, Shirley, Solihull, B90 4ZL

If you are unhappy with our response, you can contact the office or the information commissioner at:

Formats for sharing data

From the 25 of May 2018, you have the right to obtain a copy of the personal information we hold on you. The information will be provided in a format that can be easily read and re-used, and can be provided to other organisations if requested by you.

Cookie policy

What are cookies and how do we use them?

A cookie is a small file placed on your computer's hard drive. It enables our website to identify your computer as you view different pages on our website.

Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you. They also enable us to see information like how many people use the website and what pages they tend to visit.

You can set your browser to not accept cookies and the website www.allaboutcookies.org can tell you how to remove cookies from your browser.  However, some of our website features may not function as a result

Controlling cookies

You can use your web browser’s cookie settings to determine how our website uses cookies. If you do not want our website to store cookies on your computer or device, you should set your web browser to refuse cookies.

However, please note that doing this may affect how our website functions. Some pages and services may become unavailable to you.

Unless you have changed your browser to refuse cookies, our website will issue cookies when you visit it.

Our use of cookies

The list below shows all the cookies that are set by the CIPP website and the third-party services we use. If you have any queries about these cookies or would like more information about them, please get in touch.

Cookies for improving service

The cookies in the table below are set by the Google Analytics tool for improving service which allows the Group website to accurately estimate the number of visitors to the website, volumes of usage and ensure that the Group website is available, and that the Group understands what you want to use.

Name Typical content Expires
_utma Randomly generated number (non personal data) Two years
_utmb Randomly generated number (non personal data) 30 minutes
_utmc Randomly generated number (non personal data) When you close your browser
_utmz Randomly generated number and information on how the site was reached (e.g. direct or via a link, organic search or paid search) Six months

For further details on the cookies set by Google Analytics, please refer to the Google Code website.

Cookies for managing your current visit

We use a number of cookies to remember your selections or preferences that you’ve made when looking at the information on the CIPP website.

Name Typical content Expires
CFID Randomly generated number When user deletes it
CFTOKEN Randomly generated alphanumeric piece of text When user deletes it
pixl8-font-size Alphanumeric piece of text which stores users preferred font size One year

The cookies described above (CFID and CFTOKEN) provide session functionality that is used by:

  • Member log in
  • Page redirect after member logged in
  • Store member details after logged in
  • Store forum user details
  • Store blog author details
  • Store shopping cart details
  • Store seminar cart details

The cookies in the table below are set by AddThis which allows the Group visitors to add favourites and share content in the social web, as well as tracking the analytics:

Name Typical content Expires
Uit Numeric value Two years
loc Randomly generated alphanumeric piece of text Three months
dt Text value One month
di Randomly generated number Two years
Uid Randomly generated alphanumeric piece of text Two years