1. Introduction

The International Institute of Risk and Safety Management (IIRSM) is s a UK-based professional membership organisation with a global footprint helping individuals and organisations around the world to identify and manage risks, protecting their environments and lives.  

IIRSM will collect and process personal data to provide this support and in doing so is committed to protecting your personal information. We want to maintain the trust and confidence of every one of our members and website users. 

This Privacy Policy gives you detailed information on when and why we collect your personal information, how we use it and how we keep it secure in delivering our services and events. The information you share with us means you’ll receive a more personalised and rewarding experience, e.g. information about IIRSM activities, offers, resources and content that may interest you. 

IIRSM is a charitable company limited by guarantee incorporated in England and Wales (Company number 5310696) and a registered Charity (Number 1107666). IIRSM is the data controller of your personal information. 

We are a registered processor with the ICO: ZA158623 

Contact details for IIRSM:  
IIRSM 
Suite 107-108, 150 Minories  
London, EC3N 1LS 
United Kingdom 

Registered in England and Wales 
Charity Number: 1107666 

Enquiries: +44 (0)20 8741 9100 

Email: info@iirsm.org 

If you have questions regarding your information or its use, please contact us at info@iirsm.org 

2. How We Collect Your Personal Information

The data we collect and process is needed to provide you with our services, and this means that we are responsible for deciding how we hold and use personal information about you. We are required under data protection legislation to notify you of the information contained in this privacy notice. 

We collect your personal information when you: 

  • Take out or enquire about membership 

  • Register for a training course or event 

  • Buy merchandise or publications 

  • Volunteer for one of our branches, our mentoring or emerging leaders schemes  

  • Book and attend a networks meeting 

  • Contact us by phone, website or in person 

  • Sign up to receive emails and newsletters from us 

  • Use our website 

3. The Information We Collect

The data we collect will come from many possible different sources and will include information we need to fulfil our services or commitment to you.  

We collect personal information: 

  • directly from you when you create an account with us, to either apply for membership, register to attend an event, course or meeting either online of offline, become a volunteer, Trustee or subscribe to our newsletter 

  • directly from our corporate clients; e.g. Supporters, Partners, Sponsors 

  • from publicly available sources; e.g. networking, social media, internet services, exhibitions, direct referrals, other corporate bodies 

  • from guests, contractors or visitors  

The data we collect and process will depend on the services or engagement you have with us. For example: 

  • When you register as a member, partner, book a course or event: 

    Name, Email address, Membership number, Contact phone number(s), Payment card details, Country of residence, Delivery address(s), Billing address, Job title, Company name, Sector in which you work. 

  • If you are a student, we additionally will collect: 

    Name of college/university, Area of college/university, Course name, Course faculty, Course level, Course end date 

  • When you apply for course approval or licensing: 

    Name, Email address, Membership number, contact phone number(s), Payment card details, Country of residence, Delivery address(s), Billing address, Job title, Company name, Sector in which you work, trainer names, qualifications, CV & experience and course materials. 

  • When you use our website 

    IP address: log file records the time and date of your visit, the pages that were requested, the referring website (if provided) and your internet browser version.  

    Cookies: for further information about Cookies and how IIRSM uses them, please read our Cookie Policy.

  • When you subscribe to our newsletter 

    Name, Email address 

  • When you become a volunteer or Trustee 

    Name, Email address, Membership number, contact phone number(s) address(s), Job title, Company name, Sector in which you work, trainer names, qualifications, CV & experience and course materials, profile photo and biography 

    Full details of processing are completed when you apply or are accepted. 

We may also combine your personal information with other information we collect from third parties (e.g. for example training venues that IIRSM has worked with, Companies House and information that has been published in articles/newspapers). We will notify you when we receive information about you from them and the purposes for which we intend to use that information. 

We also collect personal contacts from our business and corporate stakeholders and collaborative partners.  Almost entirely, these contacts are corporate or business individuals and while this is still categorised under UK and EU legislation as personal data, we are aware that it can be used for business-to-business purposes, as stipulated by UK and European data protection regulations and the Privacy of Electronic Communications Regulation (PECR) with which we also comply. 

3.1 Special Category data 

Special categories of particularly sensitive personal information require higher levels of protection. Where this is processed, we need to have further justification for collecting, storing and using this type of personal information and we do this with either your consent or as permitted by UK and EU data protection legislation. 

At the current time IIRSM does not look to collect any sensitive or special category data in the services we provide. 

4. Why We Collect Your Personal Information and How We Use It (Our legal basis to process)

The personal data that is used is limited to the information that is necessary to carry out our business services, provide a personalised experience and understand our customer needs better and to keep you informed. As a member or partner this information is processed mainly using the legal basis to perform the tasks or services we have agreed with you or as needed for legal requirements.  

Additionally, there will be instances where we will process information using our legitimate interests, for example, in promoting what we do, but only where this is if interest to you; our legitimate interests will include using data in the relationship or support between us. 

There will also be examples of data processing where we will have sought your explicit consent; for example, when subscribing to our newsletter or when you agree for us to use your personal data in case studies or other IIRSM media content. 

You can choose not to give us certain information, but this may limit the level of personalisation we offer, e.g. you may not receive information about an event or training course that would be of interest. 

Specifically, we use the information we collect in the following ways: 

  • To carry out our business and to provide a service or carry out a contract with you such as membership benefits. 

  • To process payments. Please note that IIRSM does not store any Credit Card or other payment information once the transaction has been completed. 

  • Provide the best possible customer service and to help us with internal administration. 

  • Contact you with important information relating to your booking or purchase, such as confirming your order, reminding you of an upcoming event you’ve booked for or letting you know about changes that may affect your experience. 

  • Send you updates via email about what’s on, offers and news or about supporting us. 

  • Email you about a specific topic you’ve requested to hear more on such as general membership, our events and training or other news. 

  • Learn about your interests and preferences so that we can contact you with information that is relevant to you. 

  • For classifying our memberships into groups or segments, using membership and course booking and publicly available information. These segments help us to understand our membership better and ensure we’re sending relevant messages to each group. 

  • Measure and understand how our membership respond to a variety of marketing activity so we can ensure our activity is well targeted, relevant and effective. 

  • Undertake consumer research: we may contact you to ask you to participate in consumer research either via an online or telephone survey or in person. You are under no obligation to participate in research and, should you provide any further information, IIRSM will inform you how any further information will be used. 

  • Analyse and continually improve the services we offer including our training output, our website and our other products. 

  • To help us run the test version of our website that we use internally to pilot new features and ensure the smooth running of our web services. 

5. Disclosing your Personal Data (Sharing with third parties)

Access to your personal information is only allowed when required by law or is required as part of fulfilling our service obligations.   

We do make use of third-party service providers to help us fulfil our services and where we do, the third party is required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes and we only permit them to process your personal data for specified purposes and in accordance with our instructions.  

For our general operational and day to day activities we use third party providers to: 

  • administer our membership and volunteer records 

  • to help us manage and host our marketing promotions and events 

  • to process our registrations, newsletters and course approvals 

  • to process payments for our membership services, courses and events 

  • host and administer our website 

  • for our IT security and systems 

  • provide your information to official registers such as OSHCR 

  • for legal advice and guidance in matters related to care, data protection and employees 

For further details of any suppliers or sub processors we main use to process our data please contact us at info@iirsm.org. 

IIRSM is not responsible for the privacy notices and practices of other websites that maybe used even if accessed using links from www.iirsm.org and recommends that you check the policy of each website you visit and contact its owner or info@iirsm.org if you have any concerns or questions. 

Despite all our precautions, no data transmission over the internet is 100% secure. So, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk. 

6. International Data Transfers

We are a UK-based charity and following Brexit we will continue to store and process personal information mainly in the UK or EEA. 

Please note though that your data may be exported to as well as stored and processed in countries outside of the country in which you reside, including, without limitation the United States.  

For data subjects residing in the UK or EEA, this means that your personal information may be exported, stored, and processed outside of the UK or EEA. Whenever we transfer your personal data out of the UK or EEA, we ensure a similar degree of data privacy and protection is afforded to it by ensuring at least one of the following safeguards is implemented: 

  • we will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK and European Commission 

  • where we use service providers who are not in territories approved by the UK or EU commission, we will look to implement additional safeguards such as a detailed review of security measures and the use Standard Contractual Clauses (SCCs) approved by the UK and or European Commission  

To receive information on the recipients of your data or if you want further information on the specific mechanism used by us when transferring your personal data out of the UK or EEA, please contact us at info@iirsm.org. 

7. Keeping Your Information Safe and Secure

IIRSM is committed to keeping personal information secure to protect it from being inappropriately or accidentally accessed, used, shared or destroyed, and against it being lost.   

In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. 

To prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. 

8. How Long Do We Keep Personal Information?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.  

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. 

For further information about how long we will keep your data, please contact info@iirsm.org

9. Marketing

As a member we will look to keep you updated with news, events and any promotions as part of your membership subscription. 

For non-members or visitors; details will be posted on our website or as provided to you where you have subscribed to receive content. We may also contact you as a non-member or visitor by means of a follow up email where you have expressed an interest in an event or product but have not completed the registration process.  

We are always looking at ways to expand our membership so we may make unsolicited approaches to new potential contacts or business clients, using prospect information held within our records or using information drawn from publicly-available sources.  

These approaches like any marketing we undertake will be made in a fully complaint manner as governed by UK and European data protection regulations and PECR, with the contacts being given the option to opt out from such contact. 

10. How We Use Cookies

IIRSM like most organisations make use of Cookie technology and therefore we capture data using Cookies; a cookie consists of a piece of text sent by a web server to a web browser and stored by the browser. The information is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.  

For specific detail about the types of cookies we use please refer to our Cookie Policy.

11. Controlling Your Personal Information (Your Rights)

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your working relationship with us. 

Under certain circumstances, you have rights under UK Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation 2016/679 (GDPR) in relation to your personal information.  

You may have the right to:  

  • be informed of how we will use your data as provided by this Policy 

  • access the information held about you. Your right of access can be exercised in accordance with data protection law; 

  • object to us processing or ask us to restrict the processing of your personal information for any of the purposes listed in this Policy, at any time 

  • ask us to update and correct any out-of-date or incorrect personal information that we hold about you free of charge 

  • ask us to erase or delete your personal information (in certain circumstances). We will do our best to respond to such requests, but these are subject to certain limitations such as legal requirements 

  • Request a transfer of your personal information (again in certain circumstances) 

You should find it easy to access and amend the personal information that we hold on you by going into MyIIRSM or requesting that we stop contacting you via info@iirsm.org. It’s your data and we want to make sure you feel in control of it. 

If you have an online account with us, you can amend your personal details and email contact preferences at any time. Simply sign in to MyIIRSM on the website and access your account with your password. 

Or, if you prefer, you can contact us by phone, email, or in writing using our contact details: 

IIRSM 
Suite 107-108, 150 Minories  
London, EC3N 1LSN 
United Kingdom 

Registered in England and Wales 
Charity Number: 1107666 

Enquiries: +44 (0)20 8741 9100 

Fax: +44 (0)20 8741 1349 

Email: info@iirsm.org 

We will respond to your request promptly and look to resolve any query within 30 days and free of charge. However, we reserve the right to refuse or charge an administrative fee for the furthering of any of the above requests if they are done so in a frivolous, vexatious or excessive manner. We will always notify you if such a charge is being applied. 

You also have the right to make a complaint at any time and we appreciate the chance to deal with your concerns in the first instance. To register a complaint please email us at info@iirsm.org 

If you are dissatisfied by our reply then you have the right to lodge a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues. You can contact the Information Commissioner’s Office by telephone on 0303 123 1113, or by using the live chat service which is available through the Information Commissioner’s website www.ico.org.uk

12. Changes to Our Privacy Policy

We reserve the right to update this privacy notice at any time and will make available a new privacy notice on this website. We may also notify you in other ways from time to time about the processing of your personal information. 

This privacy policy was last updated in January 2024.