top of page

Privacy Notice

 

1. The type of personal information we collect 

We currently collect and process the following information:

  • Personal identifiers, contacts and characteristics (for example, name and contact details, age, languages spoken)

  • Certain specific data related to activitiesyou wish to undertakewith the ICA (for example, passport details for overseas trips).

 

Sensitive Data

Occasionally we may need to collect information that the Data Protection Act considers to be sensitive. This could include information relating to your:

  • Ethnicity;

  • Nationality; or

  • Health.

On most occasions where we collect sensitive personal data for these purposes we will seek to obtain your consent and we will make it clear to you when collecting this information as to what we are collecting and why. You may withdraw such consent at any time, as easily as you gave such consent. 

Please see 4–Your data protection rights for further information.

2. How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you on our membership form. We also receive personal information indirectly, from the following sources in the following scenarios:

  • Specific requests for information in relation to specific activities.

  • For volunteers and managing committee members, when we run certain background checks.

We use the information that you have given us in order to: 

  • keep our membership and employment records up to date; 

  • contact you about your membership or employment; 

  • understand our membership and employee profile; 

  • plan events according to our membership profile; 

  • obtain funding from external bodies; 

  • organise specific events; and, 

  • understand your needs as members or employees.

We may share this information, in aggregated form, with certain funding, governmental and research bodies. We may also provide certain third party survey providers with limited information to enable them to contact you, which will be dealt with on a case-by-case basis.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are: 

(a) Your consent. You are able to remove your consent at any time. You can do this by contacting us in writing or by email at the address and email address above.

(b) We have a legal obligation.

(c) We have a legitimate interest.

 

We process some of your personal data in a manner that you would reasonably expect to pursue our legitimate interests. We have carefully balanced your interests against our interests when deciding whether this is appropriate. Our legitimate interests and the purposes for processing that fall under each of them are the administration and management of our membership records, and keeping you informed of our events and other membership benefits.

We aim to ensure that all information we hold about you is accurate and, where necessary, kept up to date. If any of the information we hold about you is inaccurate and either you advise us or we become otherwise aware, we will ensure it is amended and updated without delay. 

If you wish to advise us of a change, please contact us in writing or by email at the address and email address above.

3. How we store your personal information 

Your information is securely stored in a protected Google form and a protected Microsoft Excel spreadsheet. We keep your data for the duration of your membership of the ICA. We will also keep your information for as long as required to enable us to meet our legal obligations and to be able to contact you in case of lapsed membership.

This retention beyond your membership period will only be where reasonably necessary.

 

We will take into consideration our legal obligations and tax and accounting rules when determining how long we should retain your information. When we no longer need to retain your information we will ensure it is securely disposed of, at the appropriate time.

We will not use your information for marketing purposes if you have asked us not to, and will delete any information we hold on you upon request (where permitted by law).

4. Your data protection rights

Under data protection law, you have rights including:

  • Your right of access – You have the right to ask us for copies of your personal information. 

  • Your right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. 

  • Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances. 

  • Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances. 

  • Your right to object to processing – You have the the right to object to the processing of your personal information in certain circumstances.

  • Your right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances. 

You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please contact us in writing or by email at the address and email address aboveif you wish to make a request.

5.Information sharing and disclosure

We will not, without your consent, supply any of your personal data to any third party except for the following reasons, which are expanded on below:

  • We are required to do so by law enforcement or regulatory bodies where this is required or allowed under the relevant legislation

  • We may use a third-party companyfrom time-to-time to support our fundraising activities and carry out data processing operations on our behalf

Law enforcement

We may disclose your personal information to third parties if we are required to do so through a legal obligation(for example to the police or a government body); to enable us to enforce or apply our terms and conditions or rights under an agreement; or to protect us, for example, in the case of suspected fraud or defamation.

Use of third parties

We will use third party companies as trusted partner organisations that work with us in connection with our charitable purposes. We will work with organisations that support us to deliver fundraising appeals, campaigns, conduct research surveys or store your personal information on our behalf. We also use third party companies to manage events you have registered for and so will share your personal and sensitive data with them for this purpose. 

We will always make sure appropriate contracts and controls are in place and we regularly monitor all our partners to ensure their compliance. We actively screen these companies to maximise the protection of your privacy and security. They are only permitted to use the data in accordance with the GDPR.

The third parties we currently work with are: the National Lottery; City Bridge Trust and, Islington Council. This may be updated from time to time, and we will update this policy accordingly.

6.How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us in writing or by email at the address and email address above.

You can also complain to the ICO if you are unhappy with how we have used your data.

The ICO’s address: Information Commissioner’s Office, Wycliffe HouseWater Lane, Wilmslow, Cheshire SK9 5AF, Helpline number: 0303 123 1113ICO

website: https://www.ico.org.uk

bottom of page