(1) Welcome to the CIHT privacy notice

CIHT respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from), or when you engage with CIHT via other means, and tell you about your privacy rights and how the law protects you.

This privacy notice tells you what to expect us to do with your personal information when you make contact with us or use one of our services.

(2) What Personal Information is held

We may collect and process the following Personal Data from you:

• Information you consent to provide CIHT that is required to carry out our obligations arising from any contracts entered between you and us, or potential contracts that may be in liaison between you and us.
• Information that you consent to provide by filling in forms on our website or submit to us in as part of any direct marketing or sales activities. This includes and is not limited to personal information about you such as your name, telephone contact number, geographical address/location, email address, date of birth, place of work, marital status, title, professional qualifications, referees, gender, ethnicity, and interests.
• If you contact us by telephone or in writing, we may keep a copy of your correspondence or communication.
• Details of your visits to our website and the resources that you access. 

Special Categories of Personal Data can include details about your race or ethnicity and information about your health. We may collect, use, store, and transfer different kinds of special personal data about you which we have grouped together as follows:

• Medical Information includes health information which could impact an individual’s ability to perform their job or role such as: accidents, physical or learning disabilities.
• Diversity & Inclusion Monitoring includes sensitive information, should you choose to provide it, such as age, gender identity, sexual orientation, religion or belief, socio-economic, disability, caring and race and ethnic identity for diversity monitoring purposes.

If you have provided us with the personal data of another person, there is a clear requirement imposed by CIHT for you to confirm that he/she consents to the processing of his/her personal data and that you have informed him/her of our identity as a Data Controller and the nature of the processing taking place.  Records will be retained as evidence of this consent. CIHT will also contact the individual to notify them that we have obtained their information, how, and the purposes that we need it for within one month of receiving the information.

(3) How will we use the information we hold about you?

We collect and process personal data to fulfil our legal and official functions, including:

• Managing membership records.
• Processing membership applications and assessments.
• Administering events.
• Communicating with members and non-members regarding CIHT services and activities.
• Complying with legal and regulatory requirements.

To comply with the data protection principles and article 6 (1) of the GDPR, we identify a lawful basis for each purpose that we process your data. The lawful basis we use are:  

• Performance of a contract — We use information held about you to carry out our obligations arising from any contracts entered into between you and us, and to notify you about changes to our services.
• Legitimate Interests — Where processing is necessary for the purposes of what we deem to be legitimate interests of CIHT (see next section) or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms that require protection of personal data.
• Consent — Where you have given us your consent to process your personal data for one or more specific purposes Where consent has been provided to CIHT, it is a recognised right of the Data Subject that this consent can also be withdrawn. You can withdraw your consent at any time by clicking the unsubscribe link in an email, managing your preferences on MyCIHT, or by emailing us at membership@ciht.org.uk.
• Legal obligation — where the processing of your data is necessary for compliance with our legal obligations We carry out automated profiling through our email platform and CRM system to segment member and non-member information according to specific demographics with the purpose of tailoring our communication activities as per their consent and indicated preferences. 

Currently, CIHT members are able to amend their contact details and opt-in or out of communications via the MyCIHT section of ciht.org.uk. If you require any assistance, please contact membership@ciht.org.uk

(4) Legitimate Interests

We consider the following activities (conducted either by the CIHT or a third party) to be legitimate interests according to Article 6(1) (f) of the General Data Protection Regulation.

We collect and process your data so that we can:

• Process membership forms and payments
• Provide an initial assessment for professional registration
• Share data with regional committees to provide information about activities, membership, awards, applications or events
• Website management
• Administer your membership
• Manage invoicing requests
• Record potential conflicts of interests for our volunteers
• Forecast future workforce numbers and working patterns, by analysing data and trends
• Provide online event booking
• Administer the end of year continuing professional development audit
• Give members access to update their mailing preferences of registered users
• Managing single sign on processes for CIHT member benefits or services such as CIHT options, CIHT Connect and CIHT Learn
• Capture speaker information
• Record details of attendance at events
• Collect details of members who wish to apply to be involved on committees.
• Collect information from people wishing to use our resources and guidance implementation tools
• Manage requests from people who wish for us to provide certificates and verification of qualifications.
• Process Award application forms.

It also helps us:

• To ensure that content from our site is presented in the most effective manner for you and for your computer.
• To provide you with membership services and member benefits (for example to provide you with copies of and electronic access to our magazine and other relevant publications).
• To provide you with information, details of events, services that you request from us or which we feel may interest you, where you have consented / signaled a preference to be contacted for such purposes
• To carry out our obligations arising from any contracts entered into between you and us.
• To allow you to participate in interactive features of our service when you choose to do so.
• Where you have applied to a third party for a member benefit to confirm to them that you are a member of the CIHT and therefore entitled to the benefit
• To notify you about changes to our service.

(5) Communications policy for CIHT

We use several methods to communicate with you – i.e. email, telephone, post, messaging platforms, the website, and other online platforms including CIHT Connect, and social media. We may also send you promotional messages if you have enquired about one of our products/services, or where we have your consent to do so.

You can manage your communication preferences in MyCIHT at any time or by emailing us at membership@ciht.org.uk.

Where appropriate we use your data to investigate, respond to and resolve complaints and improve customer services (e.g., resolve issues or respond to customer enquiries).

(6) Your rights relating to Personal Data

Under the GDPR you have the following rights in relation to your data. All requests can be made free of charge and we have one month to respond:

The right to be informed
You have the right to be informed when we collect your personal data from you directly or indirectly from another source.

The right of access
You have the right to request copies of the data we hold about you.

The right rectification
You have the right to request that we complete any information about you that you think is incomplete. You also have the right to request that we rectify any inaccurate information that we hold about you.

The right erasure
Also referred to as the “right to be forgotten”, you have the right to ask us, in certain circumstances, to erase your data.

The right to be informed
You have the right to be informed when we collect your personal data either directly from you or indirectly from another source.

The right to object to us processing your personal data
You have the right to object to us processing your personal data in certain circumstances. For example – for the purposes of direct marketing.

The right to restrict us processing your personal data
You have the right to restrict us processing your data in certain circumstances. This means that we may still be able to hold the data, but not process it.

We want to make sure that your personal information is accurate and up to date. In order to assist us with ensuring your personal information is up to date either contact the Membership@ciht.org.uk or update your details online at www.ciht.org.uk and log on to MyCIHT.

If you don't want to receive emails or hard copy mail from us, please amend your preferences in the MyCIHT section of the website. You may ask us to correct or remove information if you think it is inaccurate.  

(7) Retention of your information

We take appropriate measures to ensure that any information collected from you is kept secure.  

CIHT operate a clear Retention policy and associated Retention Schedule to ensure personal data is kept only for so long as is necessary for the purpose for which such information is used. 

If any of your personal data changes, or if you have any questions about how we use data which relates to you, please contact us by email at info@ciht.org.uk.  

We normally update your personal data within seven (7) working days of any new or updated personal data being provided to us, to ensure that the personal data we hold about you is as accurate and up to date as possible.

(8) Sharing and disclosure of your information

We sometimes share your personal data with trusted third parties. Examples include companies who support the delivery of our website or supporting platforms (including CIHT Learn and CIHT Connect), our IT & CRM system, volunteers in our regional committees, companies that partner with us to run events, the Engineering Council, the company used to send out our magazine or to provide any services that you have asked us to carry out through the website or otherwise. We may also share your personal data in an emergency (i.e. life or death) to protect the vital interest of an individual, with the police or other legal authority, or to comply with our company obligations (i.e. HMRC, Companies House etc).

As part of our GDPR compliance obligations, we are duty-bound to check when personal data may be shared with third parties to ensure that they apply the same or greater controls in terms of data protection.

• We provide only the information they need to perform their specific activities.
• They may only use your data for the purposes we specify in our contract with them
• We check to ensure your privacy is respected and protected at all times
• If we stop using their services, any of your data held by them will either be deleted or rendered anonymous.

We may also disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce or apply other agreements; or to protect the rights, property or safety of CIHT, our customers or others.

CIHT will not share your information for marketing purposes with any third parties without your explicit consent

(9) Protecting your data outside the EEA

CIHT has risk assessed where personal information may be transferred outside the EEA.  As part of our own due diligence, we have identified that personal data held for and by CIHT resides in the EU.  CIHT will continue to monitor this for CIHT considering any 3rd party provider changes in the future. Should a requirement for data to be transferred outside of the EU in future, CIHT will implement controls and safeguards to ensure that equal to or greater data protection measures are enforced and records retained to evidence this.

(10) Protecting your data

We store your personal data on our internal, paper and digital systems as well as on our Data Processor systems – e.g. Microsoft365, our customer relationship management database with ProTech, our Connect platform, and Dotdigital. 

We have appropriate physical and technical security measures in place to protect your personal data. Measures include but not limited to MFA, encrypting data at rest and during transit, access controls to our systems etc. We ensure that we have provisions in place to ensure that only authorised persons have access to personal data, that your data is kept secure, and that we have processes and procedures in place to prevent accidental loss, destruction, alteration, unauthorised access or disclosure of your personal data. We have incident and breach processes and procedures in place to deal with a respond to any suspected breaches of your personal data and will notify you and any relevant regulators in the event of a breach where we are required to do so.

(11) Protecting your data outside the EEA Questions or Complaints related to our use of your personal information

Any questions or complaints related to our use of your personal information should be sent by email to governance@ciht.org.uk or by writing to the Data Protection Officer, Peter Connolly, at CIHT, 119 Britannia Walk, London, N1 7JE.

You can also complain to the Information Commissioners Office if you are unhappy with how we have used your data. Their contact details are available on the following website www.ico.org.uk

• The supervisory authority for processing data of UK citizens is the Information Commissioner’s Office: www.ico.org.uk
• The list of supervisory authorities for processing data of citizens in the EU can be found here: https://www.edpb.europa.eu/about-edpb/about-edpb/members_en