The IIC Privacy Notice: GDPR
Regulation and governance of privacy is a key area of discussion at the IIC. Belief in personal choice, data privacy and control over the information you receive is at the core of our organisation. The law is changing on how we communicate with you and in line with the forthcoming General Data Protection Regulation1 (GDPR), we want to make sure that you know how we deal with your personal information.
The IIC Privacy Notice below sets out:
- Important information and who we are (see 1)
- The data we collect about you (see 2)
- How your personal data is collected (see 3)
- How and why we use your personal data (see 4)
- Disclosures of your personal data (see 5)
- International transfers (see 6)
- Data security (see 7)
- Data retention (see 8)
- Your legal rights (see 9)
The International Institute of Communications (IIC) is committed to protecting your personal information and maintaining the trust and confidence of our members and supporters. The IIC is a registered charity limited by guarantee incorporated in England and Wales (Company number 996255) Charity Registered (Number 261990) and is the “Data Controller” of your personal information.
It is not compulsory to provide us with any information, member or otherwise. However, doing so allows us to provide you with the membership and other benefits available to you and your organisation.
This Privacy Notice gives you detailed information on when, how and why we collect your personal information, how we use it and how we keep it secure. It also provides information about your rights and how to exercise them.
Registering with the IIC has many benefits, not least the opportunity to manage your personal data and receive information about our work. You can register with us at any time on our registration page.
2. The Types of Information We Collect
We only collect the information that’s necessary to carry out our business and to keep you informed about what we are doing and what is happening in the industry. There are occasions when you can choose not to give us certain information, but this may limit the level of personalisation we offer, and you may not get to hear about an event or discussions you would have found relevant and useful.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
- Identity Data which includes name and salutation, job title and organisation
- Contact Data which includes your billing address, delivery address, email address and telephone numbers
- Transaction Data which includes details about payments you have made for products and services you have purchased from us. Please note the IIC does not store any credit card or other payment information once the transaction has been completed
- Technical Data which includes things like your internet protocol (IP) address, browser type and version, time zone setting and location on the devices you use to access this website
- Profile Data includes your username and password, purchases or orders made by you, your interests, preferences, feedback and survey responses
- Usage Data which includes information about how you use our website, products and services
- Communications Data which includes your preferences in receiving communications from us and our third parties
3. How We Collect Your Personal Information
The information we collect depends on where and when it is gathered and falls in to the following categories:
(a) Information we obtain directly from you:
When you create an account with us, become a member, register on our website or attend an event as a speaker, sponsor or delegate, subscribe or request articles or other material via the IIC website, we need to collect information from you to provide the service you are requesting. In this instance we may collect:
- Identity data
- Contact data
- Transaction data
- Profile data
- Communications data
(b) Information Obtained from Third Party Organisations
We may combine information you have given to us with additional information available from external sources. This will only be done when you give permission to the relevant third-party organisations to share the data they hold on you, or if the data is already publicly available.
(c) Information Obtained through Data Hygiene Practices
From time to time we may screen our database and use publicly available data, for example, to correct or update inaccurate data (such as a change of job title).
(d) Information Available Publicly
We may include information found in places such as the programmes from other relevant events or other information that has been published in articles/ newspapers.
(e) Information Obtained from Cookies
- Technical data
- Usage data
4. Why We Collect Your Personal Information and How We Use It
We only use your data when the law allows us to. Most commonly we will use your personal data to carry out a contract with you, to provide information on things that might interest you and where we have justifiable reason, to learn more about your preferences.
(a) Where we collect your information to carry out our business and to provide a service or carry out a contract with you, the information we hold on you may be used in the following ways:
- To provide a service you have requested
- To fulfil registration and membership requests
- Process payments. Please note the IIC does not store any credit card or other payment information once the transaction has been completed
- Understand your needs better and offer a personalised experience
- Inform you of events or updates you’ve asked for
- Contact you if we need to obtain or provide additional information relating, for example, to an event you may be attending.
(b) Where we have your consent, we may send you information we think will interest you
We strive to provide you with choices regarding certain personal data uses.
We may use your Identity, Contact, Technical, Usage and Profile Data to form a view on what we think you may want or need, or what may be of interest to you.
If you have requested information from us or provided us with your details when you registered for an event or updates, or have joined as a member and, in each case, you have not opted out of receiving that information, you may receive communications from us.
In this case we will use your information to:
- Send you updates via email about what’s on and news.
- Email you about a specific topic you’ve requested to hear more on such as speakers, topics or other projects.
(c) Where we have justifiable reason, we may use your information to:
- Learn about your interests and preferences so that we can contact you with information that is relevant to you
- For classifying our audience into groups or segments, to help us to understand our membership better and ensure we’re sending relevant messages to each group
- Very occasionally, undertake research about the IIC’s activities
- To keep our database and website accurate and relevant
How the IIC may use your personal information
|Purpose / activity||Type of data||Lawful basis for processing, including basis of legitimate interest|
|To register you as a new customer||• Identity
|• Performance of a contract|
|To process your order
• Manage payments, fees and charges
• Collect money
|• Performance of a contract
• Necessary for our legitimate interests (e.g. to recover debts)
|To manage our relationship with you
• Inviting you to review, give feedback or take part in in survey
|• Performance of a contract
• Necessary to comply with a legal obligation
|To administer and protect our business and this website
• System maintenance
|• Necessary for our legitimate interests (provision of adequate resources, network security, prevent fraud)
• Necessary to comply with a legal obligation
|To deliver relevant content
• Measure and understand the engagement with content delivered
|• Necessary for our legitimate interests (to understand how members and customers engage with our content and events and to inform our communications strategy.)|
|To use analytics to improve our website and user experience||• Technical
|• Necessary for our legitimate interests (to define types of users for our content)|
|To make recommendations to you about events, meetings, articles and reports that may be of interest||• Identity
|• Necessary for our legitimate interests (to develop our content and member benefits)|
5. How We Handle Your Information and our Policy Regarding Other Organisations
The IIC will never share, sell, rent or trade your personal information to any third parties for marketing purposes without your prior consent.
Some of our service providers may have access to your data to perform services on our behalf. We make sure anyone who provides a service for the IIC enters into an agreement with us and meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing. Examples of this may include:
- payment processing providers
- printers and mailing houses
- website hosting or
- email delivery service providers.
The IIC is not responsible for the privacy notices and practices of other websites even if accessed using links from www.iicom.org.uk and recommends that you check the policy of each website you visit and contact its owner or Data Protection Manager if you have any concerns or questions.
Despite all our precautions, no data transmission over the internet is 100% secure. So, we cannot guarantee the security of any information which you disclose to us and so wish to draw your attention to the fact that you do so at your own risk.
6. How We Protect Your Data
The IIC is committed to protecting the personal information you entrust to us. We adopt robust and appropriate technologies and policies, so the information we have about you is protected from unauthorised access and improper use e.g. the database we have is password-protected.
As part of the services offered to you through the IIC website, the personal information you provide may be transferred to countries outside the European Economic Area (EEA). By way of example, this may happen if any of the computer servers used to host the website or database are located in a country outside of the EEA. If the IIC transfers your personal information outside of the EEA in this way, we will take steps to ensure that your privacy rights continue to be protected as outlined in this privacy notice.
7. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
8. Data Retention
We will keep your information only for as long as is reasonably necessary for the purposes set out in this privacy notice and to fulfil our legal obligations. (See chapter 4) We will not keep more information than we need, or more than specified above.
If you ask us to stop sending communications to you, we will keep the minimum amount of information (e.g. name, address or email address) to ensure we adhere to such requests.
9. Your Choices, Your Rights
You should find it easy to access and amend the personal information that we hold on you, or request that we stop contacting you. It’s your data and we want to make sure you feel in control of it. You can contact us by telephoning, emailing, or writing using our contact details below.
Every email we send to you will include details on how to change your communications preferences or unsubscribe from future communications.
At any time, you have the right to:
If you would like to see what information we hold about you, you can request full details of personal information we hold under the Data Protection Act 1998, or after 25 May 2018, The General Data Protection Regulation, by contacting the Data Protection Officer using the details below. Please send a description of the information you would like to see, together with proof of your identity.
You have the right to get information held about you by us corrected. If you have any concern about the accuracy of your personal data, please let us know using the below contact details. We may need to verify the accuracy.
At any time you have the right to ask the IIC to stop using your personal information.
- If you would like us to remove the personal information we hold about you, please contact us using the contact details below. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
- You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law.
Object to processing of your personal information
- You may request a restriction on the processing of your personal information where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.
- You also have the right to object where we are processing your personal data for direct communications.
Request restriction of processing of your personal information
This enables you to ask us to suspend the processing of your personal data in the following scenarios:
- if you want us to establish the data’s accuracy;
- where our use of the data is unlawful, but you do not want us to erase it;
- where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or
- you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party
- We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format.
- Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Raise a concern or lodge a complaint with the Information Commissioner’s Office (ICO)
To find out how to lodge a complaint or raise a concern with The Information Commissioner’s Office (ICO) visit https://ico.org.uk/concerns/, call the helpline on 0303 123 1113, or write to:
Information Commissioner's Office
Cheshire SK9 5AF
Contact details for the IIC
The Data Protection Officer
The International Institute of Communication
165 The Broadway
This notice was updated on 03 April 2018. It may be updated to take into account changes at the IIC or to reflect changes to regulation, legislation or guidelines issued by the ICO
Updates to this policy will be posted on this page - please check back from time to time. We may also inform you of any changes where we hold an appropriate email address for you.