Institute of Legacy Management (“ILM” / “we” / “our” / “us“) is committed to protecting and respecting your privacy. This policy sets out the basis on which any personal data will be processd, including personal data that we collect from you, or that you provide to us as an individual or corporate member of our organisation or through using our website (www.legacymanagement.org.uk), booking one of our training events courses or otherwise interacting with us.
- About us
- What information we collect and how we use it
- Change of purpose
- Sharing your information
- Storing your information
- Keeping your information secure
- Your rights
- Other websites
- How to contact us
Please read the following carefully to understand how we will treat your personal data.
The Institute of Legacy Management is a company registered in England and Wales under company number 4340249 whose registered office is at Cumberland Court, 80 Mount Street, Nottingham, NG1 6HH. The Institute of Legacy Management is the data controller in respect of your personal data. This means that we are responsible for deciding how we hold and use personal data about you.
What information we collect and how we will use it
We collect personal data so that we can operate effectively and provide you with the best possible service. The information we collect depends on the context of your interactions with our website and how you use our services. We will only use your personal data where we have a valid lawful basis to do so.
The table below summarises what information we collect about you, explains how we intend to use it and what our legal basis is for using it.
|What information may we collect about you?||How will we collect information about you?||Why are we processing information about you?||What is our legal basis for processing information about you?|
Name, address, email address and phone number
Marital status, age and gender
Place of work, previous places of work, length of time working in the legacy sector
Feedback, questions and other information you provide when you contact us (e.g. for membership support)
|Collected when you sign up to be a member with us or apply to attend one of our events.||
To perform essential business operations
To provide and improve our services
To provide customer support, including dealing with enquiries, correspondence and complaints
To complete any transactions or provide any training events you have chosen to attend
To protect security of our website and to prevent fraud
To communicate and personalise communications with your individual or corporate membership and any other services that you request from us
To collate and analyse information about the legacy sector which is useful to our members
To resolve disputes and to prevent fraud
To allow us to perform our contract with you as an individual or corporate member or to provide you with training events
To enable us to pursue our legitimate interests to:
|We will not routinely collect any special category data from you. The only circumstances in which we might collect and store special category data are where you have provided information to us which is necessary for us to facilitate your access to events or to our services. For example, we might retain information about your mobility, dietary requirements or any needs arising from your religious beliefs. This information will be retained securely and only used for the purpose set out above. You may ask us to remove this information from our records at any time.|
More about the information we collect and why
We have a duty to process personal data fairly, lawfully and in a manner that you would expect given the nature of our relationship with you. Where we have a legal basis to use your personal data without consent (as set out in the table above), this policy fulfils that duty by giving you appropriate notice and explanation of the way in which your personal data will be used.
If you have any questions or require any further information regarding our use of your personal data please contact us at firstname.lastname@example.org or PO Box 73328, London, W5 9QD.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
Sharing your information
You acknowledge that we may share your personal data with your consent or as necessary with selected third party service providers that support us in the performance of the activities set out in the table above. For example, when you make a purchase we will share payment information with banks and other entities that process payment transactions.
We may also share your personal data with other third parties, for example where we are required to provide the names of delegates on a training course to a venue or host or where we provide qualifications alongside an external course provider. We may also need to share your personal data with a regulator or otherwise to comply with the law.
We require all our third party service providers to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
Why might you share my personal data with third parties?
We may share your personal data with third parties where required by law or it is necessary in order to book your training event or to provide our membership services or where we have another legitimate interest in doing so that is not overridden by your interests and fundamental rights. For example, to protect our customers or to operate and maintain the security or our computer systems).
Which third party service providers process my personal data?
Sage – accounting software – processing of membership, course booking and other payments
ThankQ – CRM platform provider – storage and management of contact and member data
MailChimp – third party bulk mailer – provision of ILM communications (inc. Newsletter)
WordPress – website platform / widget – provision of member services via personal logon
Freeths – Company Secretary – register of members held at registered office
University of Law – provision of CiCLA qualification
Event venues – charity, partner or commercial – provision of access and course content
External business strategy consultants – data analysis / recommendations / reporting e.g. Professional Develoment, Partnerships or Membership strategy work
Storing your information
The personal data that we hold about you will only be processed and stored within the United Kingdom/European Economic Area. We may transfer your personal data outside the European Economic Area (EEA). If we do so we will take all steps reasonably necessary to ensure that your personal data receives an adequate level of protection and is treated in a way consistent with EU and UK laws on data protection.
We will only retain your personal data for as long as is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting obligations. For example, we may need to retain some of your personal data for 6 years after you have made a purchase from us for legal reasons.
Unless we inform you otherwise (or you request that we erase your personal data) we will retain your personal data for as long as you continue to be an individual or corporate member of The Institute of Legacy Management or to attend our training courses. If you cease to be a member for 6 years then we will delete your information. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such information without further notice to you.
Keeping your information secure
All information that you provide to us is stored on secure servers. We have put in place appropriate measures to protect the security of your information.
The transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of the information transmitted to our site and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access or inadvertent disclosure.
You are responsible for keeping confidential any passwords that you have to access our services. Please do not share your password(s) with anyone else
All online payment transactions are undertaken by third party provider Sage Pay. They are subject to their own security policy which you can read at https://www.sagepay.co.uk/policies/security-policy.
We do not collect or store credit and debit card information for online transactions. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
You have the right under data protection laws to access information held about you, subject to certain conditions, and to request its rectification or deletion.
You can see, review and change most of your personal data or ask us to stop using your personal data by contacting email@example.com may mean that we can no longer provide you with some or all of our services.
Your rights in connection with your personal data
By law you have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction or erasure of your personal data (unless we have the legal right to retain it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below).
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal data for direct marketing purposes.
- Request the restriction of processing of your personal data. This enables you to ask us to suspend the processing of personal data about you, for example if you want us to establish its accuracy or the reason for processing it.
- Request the transfer of your personal data to another party.
You should be aware that if you ask us to stop processing your personal data in a certain way or erase your personal data, and this type of processing or data is needed to facilitate your membership or your use of our services you may not be able to use them as you did before. This does not include your right to object to direct marketing, which can be exercised at any time without restriction.
If you want to exercise any of the above rights, please contact us at PO Box 73328, London, W5 9QD.or by emailing us at firstname.lastname@example.org.
No fee usually required
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request for access is manifestly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data are not disclosed to any person who has no right to receive it.
8. Other websites
11. How to contact us and complaints
The Institute of Legacy Management is a company registered in England and Wales under company number 4340249 whose registered office is at PO BOX 73328, London, W5 9QD is the data controller in respect of your personal data.
If for any reason you are not happy with the way that we have handled your personal data, please contact us at PO Box 73328, London, W5 9QD or email email@example.com..
If you are still not happy, you have the right to make a make a complaint to the Information Commissioner’s Office see: https://ico.org.uk/global/contact-us/.