CIMSPA Shield

Privacy Notice

 

Introduction – purpose of our Privacy Notice

Welcome to the Chartered Institute for the Management of Sport and Physical Activity (CIMSPA) Privacy Notice. As the professional development body for the UK’s sport and physical activity sector, CIMSPA is shaping a recognised and respected sector through its work with individual members and partner organisations. In order to carry out its business, CIMSPA collects personal data.

About CIMSPA

CIMSPA is the professional development body for the UK’s sport and physical activity sector and is the data controller of the personal data it collects.

Name: The Chartered Institute for the Management of Sport and Physical Activity (CIMSPA)

Address: SportPark Loughborough University, 3 Oakwood Drive Loughborough, Leicestershire LE11 3QF

Phone Number: 03438 360200

E-mail: info@cimspa.co.uk

Incorporated by Royal Charter Charity registration number: 1144545

CIMSPA has a single entry on the Data Protection register held by the Information Commissioners Office (ICO). The registrable particulars are as follows:

  • Registration number: Z299023X
  • Date registered: 03 January 2012
  • Registration expires: 02 January 2025
  • Data controller: Chartered Institute for the Management of Sport and Physical Activity
  • Other names: CIMSPA


CIMSPA has not appointed a data protection officer as it is not required to do so by either the Data Protection Act or the UK General Data Protection Regulation (the “Data Protections Laws”) but has however, adopted the approach that each head of department will be the responsible lead for data protection within their area of work. The director of strategy will have overall responsibility for data protection compliance and oversee the heads of department and provide further support and guidance where required.

Any questions regarding the privacy notice or requests to exercise individual rights can be sent to CIMSPA at info@cimspa.co.uk.

Privacy Notice purpose

CIMSPA is fully committed to respecting all personal data it collects and stores in accordance with the Data Protection Laws. We are required to explain to why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.

CIMSPA’s privacy notice will also provide information on how CIMSPA protects, manages, stores and deletes personal data.

It will also provide information on individual privacy rights and how the Data Protection Law protects an individual’s personal data.

It is important that individuals read the privacy notice from time to time so that they can remain fully informed on how and why CIMSPA is using individual data.

It is also important that individuals inform CIMSPA of any changes to the personal data that it holds to ensure that CIMSPA can continue to communicate with the individual effectively.

Who is this Privacy Notice aimed at?

This Privacy Notice is targeted at all individuals we interact with:

  • Individual members of CIMSPA;
  • Prospective members;
  • Members of the public
  • Other stakeholders we interact with to fulfil our function


As a data controller when CIMSPA is obtaining the information from the individual directly CIMSPA will provide the privacy notice at the start of the relationship.

For instances where CIMSPA collects personal data indirectly, it will provide the privacy notice at: the first point of direct contact to the individual, when CIMSPA shares the information with a third party or within one month of receiving the data – whichever option is the earlier.

How we obtain the personal information

Most of the personal data CIMSPA processes is provided to us directly by you. CIMSPA collects personal data in a number of ways:

  • Membership application
  • Membership application by way of transfer from another membership body e.g. REPs
  • Partnership application
  • Email, telephone, social media or website enquiries
  • When purchasing a product
  • When completing a survey
  • When sending feedback to CIMSPA
  • Attendance at CPD, training, education opportunities, events and conferences
  • Participating in online learning
  • Job application
  • A recruitment application to CIMSPA
  • Employment, voluntary or consultancy services with CIMSPA
  • During complaints investigations


We also receive personal information indirectly, from the following sources in the following scenarios:

  • A complainant refers to you in their complaint correspondence
  • From a CIMSPA partner organisation for the purposes of membership provision or continuous professional development maintenance
  • From other public authorities, regulators or law enforcement bodies


The type of personal information we collect

The type of information CIMSPA collects is summarised in the table below.

All the information we collect about you will be stored and used by CIMSPA in accordance with this privacy notice and in accordance with your rights as described in [Section 13 of this notice] and in accordance with the Data Protection Laws.

What is the lawful basis for using your information

Personal data

In accordance with the Data Protection Laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different lawful bases for processing personal data which are set out in the Data Protection Laws.

The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this notice will be:

  • Consent - you have provided consent to our use of your information – you are able to withdraw your consent at any time by contacting us at info@cimspa.co.uk; or
  • Contract - using your information is necessary to fulfil a contract you have with us, or because you have asked us to take specific steps; or
  • Legal obligation - where CIMSPA has legal or regulatory purposes, such as the powers within its chartered statutes or HMRC requirements.
  • Legitimate interest - using your information is necessary for the pursuing of legitimate interests of CIMSPA and an individual’s interests or fundamental rights do not override CIMSPA’s interests.

Special categories of personal data

During its operations, CIMSPA collects ‘sensitive’ personal data. CIMSPA processes this data only if the individual has given CIMSPA explicit consent

The lawful basis on which we rely in order to use your sensitive personal data/special categories of personal data which we collect about you will be:

  • that you have provided your explicit consent to our doing so.
  • that it is necessary for the performance of a task carried out in the public interest (to fulfil our statutory and regulatory obligations); and
  • for reasons of substantial public interest.


Information about criminal convictions and offences - the lawful basis on which we rely in order to use information that may relate to any criminal convictions and offences will be:

  • that it is necessary for the performance of a task carried out in the public interest (to fulfil our statutory and regulatory obligations); and
  • for reasons of substantial public interest, specifically, that it is necessary for the exercise of our regulatory functions.


What do we do with the information we collect?

We use the information that you have given us in order to carry out the services that individuals request. This includes delivering memberships, partnership, education, training, events, benefits or simply managing a relationship between an individual and CIMSPA.

CIMSPA processes personal information to enable it to provide a voluntary service for the benefit of the national public as specified in CIMSPA’s Charter and Statutes.

As a membership body CIMSPA processes personal data to protect members of the public and act in the public interest. This includes the maintenance of the Member directory and Partner directory and Member and Partner Investigations and disciplinary actions.

Specific details on CIMSPA’s processing of information can be found in the table below.

 

Table Explaining The Personal Data we collect; the reason for processing it and the lawful basis on which we collect and use it

Purpose of processing Type or category of data collected Lawful basis
Account creation on the CIMSPA CRM system
  • Title
  • Name
  • Address
  • Job title
  • Phone number(s)
  • Email address
  • Date of birth
  • Ethnic origin
  • Employer details including employer name and workplace name to allow individuals to be associated to organisation on the system and discounts applied
  • Parental consent for minors (aged 14-17)
Consent
Identification and CIMSPA support
  • Career history (i.e. CV)
  • CPD
  • Date of birth
  • Disability
  • Ethnic origin
  • Gender
  • Qualifications
Consent
Digital Marketing Hub (DMH)
  • Name
  • Email address
  • Email communications
  • Year of birth
  • Employment type
  • Role
  • Post code
  • Disability
  • Ethnic origin
  • Gender
  • Passwords
  • IP addresses
  • User names
  • Record of attendance at events, modules, resource downloads, etc.
  • Contracts
  • Mailing preferences
  • Access to and usage of the DMH platform
Consent
Purpose of processing Type or category of data collected Lawful basis
CIMSPA administration
  • Partner category
  • Partnership number
  • Partnership renewal date
  • Partnership start date
  • Partnership status
  • Type of partnership
Legitimate interest
  • Mailing preferences
  • Membership number/renewal date/start date/status/type from previous affiliation with other membership bodies e.g. REPs
  • Member category
  • Membership number
  • Membership renewal date
  • Membership start date
  • Membership status
  • Type of membership
Consent
  • Partnership contracts
Contract
Interactions with CIMSPA
  • Email communications
  • Telephone conversations
  • SMS / text communications
  • Social media interactions
  • Written correspondence
  • Subject access requests
Consent
Processing of financial transactions
  • Bank details
  • Batch payment details - bank info included
  • Cheque/payment details
  • Credit/debit card details
  • Delivery notes
  • Direct Debit Mandates
  • Member/partner fees
  • Membership/partnership payment charge
  • Order details
  • Purchase invoice
  • Sales invoices and credits
Consent
Use of CIMSPA services
  • Passwords
  • IP addresses
  • Usernames
  • Record of attendance at events, conferences, CPD etc.
Consent

 

Purpose of processing Type or category of data collected Lawful basis
Recruitment
  • Title
  • Name
  • Address
  • Phone number(s)
  • Email address
  • Date of birth
  • Copies of driving licence, passport, birth certificates
  • Proof of current address, such as bank statements and council tax bills
  • Evidence of how individuals meet the requirements of the job, including CVs and references
  • Evidence of individuals right to work in the UK and immigration status
  • Bank details
  • Contact details for an emergency contact – telephone, email etc.
  • National Insurance Number
  • Nationality
  • Pension
  • Expenses claims
  • Gross salary
  • Tax code
  • Accident records
  • Income tax
  • Maternity and paternity
  • Salary and pay
  • Parental leave
  • Pension benefits
  • Redundancy records
  • Sickness absence records
  • Grievances
  • Start date
Legal obligation/Contract
  • Diversity and equal opportunities monitoring information including information on
    • Gender
    • Race
    • Ethnicity
    • Religious beliefs
    • Sexual orientation
    • Marital status
    • Disability and;
    • Other ‘special category data’
  • Information about an individuals health, including any medical needs or conditions
  • Other information required for some applications
  • Correspondence from individuals regarding applications
  • The status of an individuals application and updates on how it moves forward
  • Parental consent for minors
Consent
  • Criminal proceedings or convictions data
  • DBS checks if applicable

Article 6(1)(e) for the performance of our public task. In addition, we rely on the processing condition at Schedule 1 part 2 paragraph

Article 6(1)(b) for the performance of a contract. In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1

Information relating to young people

CIMSPA’s services are able to be accessed by individuals from the age of 14. Where data is knowingly collected in relation to children, safeguards are in place.

Sharing of your information

CIMSPA discloses personal information to third party organisations in order to operate its business. This is largely to service the benefits of memberships and partnerships with CIMSPA. Where CIMSPA shares personal data with third parties, it has made arrangements aimed at protecting and securing this data. Routine data processors include organisations in Banking, CRM, HR, eLearning, marketing and publishers.

CIMSPA may share information with a third party, for example an employer or education provider only where the individual has approved the sharing of the information.

Outside of these third parties, CIMSPA does not disclose personal information unless it is required to do so by law.

CIMSPA ensures that organisation that it shares information with operate in a way that is compliant with the Data Protection Laws which is recorded and monitored through its contracts and controller processor agreements.

In order to carry out its business, CIMSPA may (with consent from the individual) share personal data with the following:

  • External quality assurers
  • Publishing companies
  • Couriers
  • Providers of membership/partnership benefits
  • IT system providers e.g. telephone/video conference services
  • Marketing, Automation and Email Platform
  • Payment processing services
  • HR service providers
  • Police, law enforcement and security services.


Recruitment - When applying for vacancies with CIMSPA, as part of the internal recruitment process we will share information relevant to your application, including your name, current role, CV and other data you may have given us, with the internal hiring managers. We will use this data for the purpose of recruitment only. In support of applications. All data collected will be managed in accordance with this privacy notice and CIMSPA’s data retention schedule. By submitting an application for a vacancy with CIMSPA you are agreeing for your data to be shared in this way.

Marketing preferences

In order to service its members and partners there are two types of marketing activity; direct marketing (by either CIMSPA or third parties) and ancillary marketing services (which are inextricably linked to services that CIMSPA provides to it members or partner).

CIMSPA will not provide direct marketing to individual members without their consent (and will not allow third parties to do so without consent being provided directly by the individual to such third party). Individuals can change their preferences on their marketing preferences at any point in time by logging into their profile area of the CIMSPA CRM system.

However, switching off marketing preferences will not result in ancillary marketing services being switched off such that communications specifically relating to or regarding the management of the contract with the individual’s, membership with CIMSPA. Even if individuals disable all emails in marketing preferences, individuals will still receive emails that CIMSPA send in order to complete or verify transactions or actions on their account, such as course booking confirmations, registration details and emails sent in the course of individual’s work as an administrator or training provider, as well as important alerts and information relating to individual’s account or personal record.

How we store your personal information

CIMSPA is committed to preserving the confidentiality and integrity and availability of all the physical and electronic information assets throughout its operations and as such have in place appropriate technical, physical, and administrative security measures to protect the security of your personal information.

In accordance with its data protection and IT security policy and procedures, CIMSPA limits access to personal data to employees, volunteers, contractors and disclosed third parties who have a business function to complete. The personnel and organisations will only process personal data on CIMSPA instructions and are subject to a duty of confidentiality.

CIMSPA has procedures in place to monitor, identify and manage any suspected breaches of personal data. If a breach has occurred, CIMSPA will notify the individuals involved where it is legally required to do so.

Data retention schedule

All data CIMSPA collects is stored only for as long as is necessary, is managed in accordance with the privacy notice and IT security policies and is deleted in accordance with CIMSPA’s data retention schedule. Further information on retention periods and how CIMSPA deletes your data can be found in the data retention schedule linked below.

CIMSPA Data Retention Schedule

21/09/2022

Your data protection rights

Under the Data Protection Laws, you have rights including:

  • Your right of access - You have the right to ask us for copies of your personal information.
  • Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Your right to erasure - You have the right to ask us to erase your personal information in certain circumstances.
  • Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
  • Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.


You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.

Please contact us at info@cimspa.co.uk if you wish to make a request.

Cookies

CIMSPA uses data analytics on its website to improve the function, products, services, marketing, customer relationship and experiences to ensure that the website remains up to date and relevant to the needs of its users. When you visit the CIMSPA website we may collect information from you through cookies or similar technology. Further information on the types of cookies CIMSPA uses and how to manage cookies can be found in the CIMSPA Cookies Policy below.

COOKIES PAGE

Privacy policies of other websites

In support of its services to the public, CIMSPA provides links to other websites within our website content. CIMSPA’s privacy notice applies only to the CIMSPA website. Our website may contain links to other websites which are outside our control and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their own privacy policies, which may differ from ours. Therefore, if you use these links to leave our website and visit websites operated by third parties, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting those websites. Please check these policies before you submit any personal data to these websites.

Review of the Privacy Notice

This privacy notice will be kept under review and if amended notification will be made on the CIMSPA website.

Where CIMSPA makes substantial changes or a new use for individual’s personal data is identified, it will provide individuals with an updated version of the privacy notice before such changes or new uses take place.

How to contact us

Should you have any questions about CIMSPA’s privacy notice, the information we hold on your or how we handle your data you can contact us using the methods below:

Email: info@cimspa.co.uk

Phone: 03438 360200

Writing: SportPark Loughborough University, 3 Oakwood Drive Loughborough, Leicestershire LE11 3QF

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us by completing a complaints form.

You can also complain to the ICO if you are unhappy with how we have used your data or addressed your complaint.

Writing: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Phone: 0303 123 1113

Visit the ICO website

Find out more

Cookies policy