Privacy Notice

To provide the services and support that members and others receive, the IBMS has to collect and keep data about individuals.

This Privacy Notice explains how this information is managed by IBMS, how members can access the information collected so that the IBMS complies with the appropriate legislative and regulatory requirements to protect the personal data of service users. This includes both the Data Protection Act 1998 (DPA) and the General Data Protection Regulation 2018 (2018).

The IBMS is registered as a Data Controller with the Information Commissioner in the UK and takes the privacy of personal data collected as being of primary importance in the delivery of its business. The Notice explains the categories of personal data collected and how it is protected.

Data Protection

On receipt of your information, the IBMS has strict procedures and security measures to protect against its loss, unauthorised disclosure or access.

The type of enquiry or service an individual may request from the IBMS will determine the data that is collected.

This may include contact details (such as email, telephone number, home and work address), bank account details for Direct Debit, information about the work or professional specialisms undertaken, information about education, training and continuing professional development activity, details about eligibility to meet standards of practice and professional competence and; information to provide efficient access to IBMS publications, digital platforms or events relating to the profession.

The information held by IBMS is used to ensure services that are provided are relevant to the individual concerned in their professional practice. To fulfil the IBMS role as an advocate for the profession, data may be aggregated (providing individual anonymity) to improve understanding of the work of the profession and to influence and inform the development of policy to enhance professional practice.

The IBMS is actively engaged to keep individuals informed about services, campaigns, events, publications and new initiatives. It is also important for IBMS to find out the views of individuals on a range of issues. This may be by post, telephone or electronic means.

The IBMS does not sell, share or transfer personal data except as indicated in this Notice.

Some information is collected through cookies, such as the IP address of your computer, that allow interactive features of the service to be provided and which enable the presentation of information and services to be provided in the most efficient manner to individuals.

The IBMS uses Google Analytics to record information about visitors to its website to gauge the effectiveness of content, layout and navigation. More information about cookies can be found in the IBMS Cookies Policy.

An individual can access and update some data collected, including preferences for promotional communications, by creating an online account through the IBMS website. Other information can be accessed or updated by contacting the IBMS at mail@ibms.org .

Security

Personal information that IBMS holds is stored on secure servers in the EU. The servers, networks and website that we utilise use SSL encryption technology and other security measures which are periodically audited by a third party.

Credit and debit card details submitted online are processed and held by third party payment processors and not by the IBMS.

Where a user of IBMS services online has a password, it is their responsibility for keeping this confidential and users are requested not to share such information.

In compliance with the seventh data protection principle of the DPA, the IBMS deploy ‘Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data’.

Website access

Some areas of the IBMS website are restricted to IBMS members and information provided, including the contact details of IBMS representatives and other members, is available for personal use only.  Such information is confidential and must not be disclosed to a third party.

IBMS reserves the right to withdraw access to such areas of its website if a member fails to comply with this Notice or any other terms and conditions of website use.

Third Parties

IBMS shares data with contractors, suppliers or agents that help provide services that are part of the benefits requested by the data subject such as for publishing media, events and e-commerce.

These include the Science Council, Redactive, Taylor and Francis, Step Exhibitions, MailChimp and Eventbrite. Where this occurs, the IBMS have data sharing agreements and strict transfer protocols in place to protect individuals’ data.

The IBMS website may contain links to other third party websites. Please note that these websites have their own privacy policies and the IBMS do not accept any responsibility for these policies or how your data may be used by such third party. Users should check with the privacy policies of these websites for further information.

Consent

By using the services provided by the IBMS, including the website, you are consenting to the use of information provided in the manner indicated in this Notice.

If you do not accept any of the terms in this Privacy Notice, you must inform the Data Manager immediately via the contact details shown on the IBMS website or emailing mail@ibms.org

Retention

Principle 5 of the DPA states that ‘Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes’. GDPR stipulates further that individuals may withdraw consent for their personal data to be kept and request that such data is deleted or removed by the Data Controller.

The right to erasure does not provide an absolute ‘right to be forgotten’ and the GDPR provides a number of circumstances where data may be exempt from the right to erasure or kept because there is a particular basis for processing.

These include:

  • processing is necessary for the performance of a task carried out in the public interest or exercise of official authority
  • for reasons of public interest in the area of public health such as ensuring high standards of healthcare
  • processing is carried out by a not for profit body with a political or philosophical aim provided the processing relates to members or former members and provided there is no disclosure to a third party without consent
  • archiving purposes in the public interest or statistical purposes
  • exercise or defence of legal claims

The IBMS has given careful consideration to the right of an individual to request data erasure and its position as a standards setting organisation which provides services to professionals working in an area where there is a public health and safety aspect.

The IBMS believes that the exemptions above apply to the data maintained by the organisation. Data no longer required will be securely deleted. Examples of data that IBMS retains on a permanent basis are: name, address, type of IBMS membership held, IBMS training and qualifications undertaken.

Changes to Privacy Notice

Internet and data privacy best practice are developing. The IBMS therefore reserves the right to revise this Notice in future. The most up to date version of the Notice will be shown on the IBMS website and users of IBMS services should regularly check to make sure that they are aware of the latest version.

Further information

Enquiries about IBMS data protection policies or this privacy policy should be sent to the Data Manager at the IBMS registered postal address or mail@ibms.org 

Individuals that have provided IBMS with personal data have a number of rights in respect to accessing and amendment of this information. If you have any queries on this or would like to make a Subject Access Request, please contact the Data Manager at the IBMS postal address or mail@ibms.org

 

The information on this page was last updated on Monday, 20 July 2020.