CIMSPA Privacy Notice

Introduction


Welcome to the Chartered Institute for the Management of Sport and Physical Activity (CIMSPA) Privacy Notice.

As the professional development body for the UK’s sport and physical activity sector, CIMSPA is shaping a recognised and respected sector through its work with individual members and partner organisations. In order to carry out its business, CIMSPA requires personal data and is fully committed to respecting all personal data it collects and stores.

Privacy Notice purpose


CIMSPA’s Privacy Notice will provide information on how CIMSPA protects, manages, stores and deletes personal data. It will also provide information on individual privacy rights and how the data protection law protects an individual’s personal data. Furthermore, it will outline what CIMSPA will do with individual data and who it will share this information with.

It is important that individuals read the privacy notice from time to time so that they can remain fully informed on how and why CIMSPA is using individual data.

CIMSPA’s services are not intended for children and it does not knowingly collect data relating to children.

About CIMSPA


Chartered Institute for the Management of Sport and Physical Activity SportPark Loughborough University, 3 Oakwood Drive Loughborough, Leicestershire LE11 3QF Tel: 01509 226474 Email: info@cimspa.co.uk
Incorporated by Royal Charter Charity registration number 1144545

CIMSPA has a single entry on the Data Protection register held by the ICO. The registrable particulars are as follows:

Registration number: Z299023X Date registered: 03 January 2012 Registration expires: 02 January 2019 Data controller: Chartered Institute for the Management of Sport and Physical Activity Other names: CIMSPA

General


CIMSPA collects personal data which is necessary for it to carry out its services that individuals request. This includes delivering memberships, partnership, education, training, events or simply managing a relationship between an individual and CIMSPA.

As a data controller CIMSPA will provide the privacy notice at the point at which it collects data from an individual. For instances where CIMSPA collects personal data indirectly, it will provide the privacy notice at: the first point of direct contact to the individual, when CIMSPA shares the information with a third party or within one month of receiving the data – whichever option is the earlier.

CIMSPA has not appointed a data protection officer as it is not required to do so, but has however, adopted the approach that each head of department will be the responsible lead for data protection within their area of work. The director of strategy will have overall responsibility for data protection compliance and oversee the heads of department and provide further support and guidance where required.

Any questions regarding the privacy notice or requests to exercise individual rights can be sent to CIMSPA at dataprotection@cimspa.co.uk

Personal information CIMSPA collects


Personal data or personal information, means any information about an individual from which that person can be identified. CIMSPA collects personal data in a number of ways:
  • Through membership application.
  • Through partnership application.
  • Through email, telephone or website enquiries.
  • When purchasing a product.
  • When completing a survey.
  • When sending feedback to CIMSPA.
  • Attendance at CPD training, education opportunities, events and conferences.
  • Participating in online learning.

CIMSPA collects the following types of information:

Personal contact – to allow direct communication between CIMSPA and an individual, for example for CIMSPA to service an individual’s membership.
  • Address.
  • Email address(es).
  • Name.
  • Job title.
  • Telephone number.
  • Title.

Organisation details – to apply membership discounts based on employer partnership contracts and additional contact members.
  • Employer.
  • Workplace.

Interactions with CIMSPA – to facilitate interactions and requests between individuals and CIMSPA.
  • Email communications.
  • Telephone conversations.
  • Written correspondence.

Financial details – to enable CIMSPA to receive, make payment and record transactions between individuals or organisations and CIMSPA.
  • Bank details.
  • Batch payment details - bank info included.
  • Cheque/payment details.
  • Credit/debit card details.
  • Delivery notes.
  • Direct Debit Mandates.
  • Member/partner fees.
  • Membership/partnership payment charge.
  • Order details.
  • Purchase invoice.
  • Sales invoices and credits.

Use of CIMSPA services – to enable and record the use of and movement through online systems.
  • Passwords.
  • IP addresses.
  • User names.
  • Record of attendance at events, conferences, CPD etc.

Identification and CIMSPA support – how CIMSPA identifies an individual, captures information to ensure eligibility into membership and services additional support as part of the membership benefits (for example, recording disabilities to ensure needs are met at events).
  • Career history (CV).
  • CPD.
  • Date of birth.
  • Disability.
  • Ethnic origin.
  • Gender.
  • Qualifications.

CIMSPA administration – data that CIMSPA records to fulfil its business functions.
  • Contracts.
  • Mailing preferences.
  • Member/partner category.
  • Membership/partnership number.
  • Membership/partnership renewal date.
  • Membership/partnership start date.
  • Membership/partnership status.
  • Type of membership.

Personal details about ethnic origin, disability etc. are considered ‘sensitive’ personal data and are applicable under data protection laws. CIMSPA processes this data only if the individual has given CIMSPA explicit consent, or it is necessary (for instance if you request special assistance), or you have deliberately made it public.

Why CIMSPA collects personal data


CIMSPA will only collate and use personal data where the law permits. CIMSPA processes personal information to enable it to provide a voluntary service for the benefit of the national public as specified in CIMSPA’s chartered statutes.

Lawful data collection


CIMSPA most commonly uses personal data in the following circumstances:
  • Consent – where CIMSPA obtains genuine consent from an individual in relation to their personal data.
  • Contract – where CIMSPA needs to perform the contract that the individual or organisation is about to enter into or has entered into.
  • Legal obligation – where CIMSPA has legal or regulatory purposes, such as the powers within its chartered statutes or HMRC requirements.
  • Legitimate interests - where it is necessary for CIMSPA’s legitimate interests, and an individual’s interests or fundamental rights do not override CIMSPA’s interests.
  • Marketing preferences
  • CIMSPA provides information based on membership and partnership contracts and benefits. Individuals can change their preferences on their marketing preferences at any point in time. Marketing preferences do not include communications specifically relating to or regarding the management of contracts, membership or partnerships with CIMSPA.

Cookies


CIMSPA uses data analytics on its website to improve the function, products, services, marketing, customer relationship and experiences to ensure that the website remains up to date and relevant to the needs of its users. Further information can be found in CIMSPA’s Cookies policy.

Data retention


CIMSPA keeps personal data only for as long as is necessary.

Contract/membership/partnership
Individuals with a live contract, membership or partnership with CIMSPA will have their data used and held by CIMSPA in accordance with its privacy statement, data protection and IT security policies and procedures.

Contract/membership/partnership
If an individual terminates their contract, membership or partnership with CIMSPA, their data will be retained as per the data retention schedule below. Wherever possible, CIMSPA will pseudonymise individual records by deleting personal data and retaining membership numbers, for example. This will allow CIMSPA to manage risk and maintain business continuity.

Opting in
Individuals who have opted-in to communication from CIMSPA will have their data used and held by CIMSPA in accordance with its privacy statement, data protection and IT security policies and procedures.

Opting out
An individual who has opted-out of communications from CIMSPA will have their data retained as per the data retention schedule below. Wherever possible, CIMSPA will pseudonymise individual records by deleting personal data and retaining membership numbers, for example. This will allow CIMSPA to manage risk and maintain business continuity.

Right to erasure
Individuals who request to delete their data will have this deleted in accordance with the data retention schedule below. Data which cannot be deleted immediately will be held for CIMSPA’s legal, regulatory or business purposes which are governed by other legal or regulatory bodies, for example the HMRC.

The CIMSPA Data Retention Schedule is detailed below:

Document CIMSPA Data Retention Schedule

Data security


CIMSPA is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout its operations. CIMSPA has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In accordance with its data protection and IT security policy and procedures, CIMSPA limits access to personal data to employees, volunteers, contractors and disclosed third parties who have a business function to complete. The personnel and organisations will only process personal data on CIMSPA instructions and are subject to a duty of confidentiality.

CIMSPA has procedures in place to monitor, identify and manage any suspected breaches of personal data. If a breach has occurred, CIMSPA will notify the individuals involved, of this breach where it is legally required to do so.

Sharing personal information


CIMSPA discloses personal information to third party organisations in order to operate its business. This is largely to service the benefits of memberships and partnerships with CIMSPA. Where CIMSPA shares personal data with third parties, it has made arrangements to protect and secure this data. Outside of these third parties, CIMSPA does not disclose personal information unless it is required to do so by law.

Routine data controllers include organisation in Banking, CRM, eLearning, marketing and publishers, CIMSPA ensures that they are GDPR compliant which is recorded and monitored through its contracts.

CIMSPA may share information with a third party, for example an employer or education provider only where the individual has approved the sharing of the information. In order to carry out its business, CIMSPA may (with the individuals permission) also share personal data with the following:
  • External quality assurers.
  • Couriers.
  • IT system providers e.g. telephone/video conference services.
  • Police, law enforcement and security services.
  • Individual legal rights
  • The right to be informed.
  • The right of access.
  • The right to rectification.
  • The right to erasure.
  • The right to restrict processing.
  • The right to data portability.
  • The right to object.
  • Rights in relation to automated decision making and profiling.

Individuals have the right to invoke any of the above at any point to CIMSPA and can do this by emailing dataprotection@cimspa.co.uk or calling 01509 226 474.

Privacy policy and notice


CIMSPA will provide the privacy notice at the start of the relationship with an individual, it will also be available on its website so that individuals can continuously access this information. Where CIMSPA makes substantial changes or a new use for individual data is identified, it will provide individuals with an update version of the privacy notice before changes or new uses take place.

It is therefore important that individuals inform CIMSPA of any changes to the personal data that it holds to ensure that CIMSPA can continue to communicate with the individual effectively.

Incorporated by Royal Charter Charity registration number 1144545

This site uses cookies to store information on your computer. See our Cookie Policy for further details on how to block cookies.
I am happy with this
 

Cookies

What is a Cookie

A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago.

NOTE : It does not know who you are or look at any of your personal files on your computer.

Why we use them

When we provide services, we want to make them easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.

These pieces of information are used to improve services for you through, for example:

  • recognising that you may already have given a username and password so you don’t need to do it for every web page requested
  • measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
  • analysing anonymised data to help us understand how people interact with our website so we can make them better

You can manage these small files and learn more about them from the article, Internet Browser cookies- what they are and how to manage them

Learn how to remove cookies set on your device

There are two types of cookie you may encounter when using our site :

First party cookies

These are our own cookies, controlled by us and used to provide information about usage of our site.

We use cookies in several places – we’ve listed each of them below with more details about why we use them and how long they will last.

Third party cookies

These are cookies found in other companies’ internet tools which we are using to enhance our site, for example Facebook or Twitter have their own cookies, which are controlled by them.

We do not control the dissemination of these cookies. You should check the third party websites for more information about these.

Log files

Log files allow us to record visitors’ use of the site. The CMS puts together log file information from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you. If you receive the HTML-formatted version of a newsletter, your opening of the newsletter email is notified to us and saved. Your clicks on links in the newsletter are also saved. These and the open statistics are used in aggregate form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting.