Your rights relating to use of your personal data changed in May 2018, with the 'General Data Protection Regulation' or GDPR, and the Data Protection Act 2018, coming into force.

This Privacy Statement explains in plain English how and why the Involvement & Participation Association (IPA) processes your personal data under these new laws.

If you have a query about this Privacy Statement please contact the Data Protection Officer at the contact details below.

How we use your personal data

What we collect about you and how we do this depends of what IPA services you might use, and how much personal data about you we need to provide these services. These are explained below.

  1. Training and consultancy services

If you choose to arrange a training course or project offered by IPA or book onto an IPA event, we collect and use personal data to provide this service to you.

When you make a booking we collect your name, address, telephone number, e-mail address and workplace details in order to process your request. You may also volunteer any special needs you may have (such as dietary or access requirements for an event). As IPA charges for its services, we may retain personal data collected for this purpose for up to seven years.

IPA may use the personal data collected for the provision of services, to also provide you with IPA mailings for marketing purposes, to check that our services meet our customer's needs, or to inform you of changes to our services.

  1. Use of personal data for IPA research

We may use personal data collected as part of the services we offer, to also conduct research into employment trends and on the performance of IPA in meeting user's needs.

Where we do use personal data for research purposes, as far as possible we will try to make this unidentifiable before we use it. This is to help ensure that your privacy is respected when personal data is used by IPA staff for research purposes, or by those providing research services to us.

We may share personal data to be used for research purposes, such as email addresses, with external research companies that have been employed by IPA to carry out research and analysis on our behalf. Where this happens, we will ensure that use of your personal data complies with the law and is kept secure at all times.

  1. Making a Freedom of Information (FOI) or Subject Access Request

If you wish to make an FOI or Subject Access Request, your contact details will be collected to process your request and will be kept for two years.

If you wish to make a complaint to the Information Commissioner's Office (ICO) regarding a decision on a FOI or Subject Access Request, IPA is legally obliged to share your case records, which includes personal data, with the ICO in order to progress your complaint. You may withdraw your complaint at any time.

Sensitive Personal Information

It is possible that some of the information you provide to us to enable us to deliver the services you have requested from us, may be sensitive personal data, such as medical history, trade union membership or racial/ethnic origin.

We will only ever use sensitive personal data where this is essential to providing the services we have been asked to supply. We may use medical information you provide to make reasonable adjustments to help you access our services, or to ensure dietary requirements can be met where needed.

Confidentiality, storage and security of personal data

IPA views the confidentiality and privacy of those using its services as paramount. Any personal information you provide will be held securely, and your personal information will not be sold or traded to another organisation or company.

Where IPA might share personal data with an external company or service that we employ as part of our work, we ensure that personal data that we may pass on to them will be held securely, and used by them only to provide the services or information that you have requested.

IPA safeguards the information you provide to us using physical, electronic and management procedures on use of personal data. Encryption is used on web pages where we collect personal information electronically over an internet connection.

We manage risks around use of personal data. Security of our Information Technology (IT) systems are is managed by IT Lab Limited who have been assessed and approved to ISO27001:2013.

Lawful basis for processing

Under data protection law, IPA must have a 'lawful basis' to justify our collection, storage and use of your personal data.

We will process your personal data in order for us to fulfil a contract we may have with you or your organisation or because you have asked us to do something prior to a contract being in place, for example provide a quote.

We will process your personal data where we believe we have a legitimate interest in doing so. This may include sending you information about our services, inviting you to events which we believe you will be interested in, and providing you with information that we believe to be of interest and relevance to you through our monthly eBulletin.

You may unsubscribe from receiving information from us at any time.

Your rights under data protection law

You have a right to request a copy of the information that IPA holds about you. You have the right to have any inaccuracies corrected.

You may also have the right to have your personal information erased; to restrict our use of your personal data; to object to our processing of your personal data; and to obtain and reuse your personal data for your own purposes across different services ('data portability').

You have the right to complain to the national authority on the use of information, which in the UK is the Information Commissioner's Office

Please address requests (with a return e-mail address where possible) to:

The Data Protection Officer

IPA, Citygate 185 Dyke Road, Brighton BN3 1TL

Email: [email protected]

Use of our website and Social Networking

When you visit our website, we collect your Internet Protocol (IP) address as a unique identifier. We also collect the following:

  • data about how you use the IPA Website
  • information about your computer (including your IP address and browser type)
  • demographic data
  • if you visited the Website by clicking on a link from a different website, we collect the URL of that website
  • information about your online activity, such as the pages you have viewed and the purchases you have made.Sharing your personal data with a social media network may result in that information being collected by the social network provider or result in that information being made publically available.Cookies are small pieces of data sent to your computer when you visit the Website and which enable us to collect information about you. They are stored in the cookie directory of your hard-drive, and do not necessarily expire at the end of your session. Session cookies are automatically deleted when you close your browser.The IPA website contains links to other websites. These websites are not covered by this Privacy Statement and IPA is not responsible for the privacy practices within any of these other websites. You should be aware of this when you leave the website and we encourage you to read the privacy statements of other websites.
  • Our use of cookies also allows registered users of the Website to be presented with a personalised version of the Website, to carry out transactions and to have access to information about their account. Further information on our use of cookies is available on request.
  • IPA cannot control or endorse any policies or practices of external social media networks whose functionality you may access through our website. You should always read the privacy policy, and check your privacy settings, on any social media network through which you might share information over.
  • Our website offers you the opportunity to 'like' or 'share' information about IPA on your social media networks. We also maintain pages on some of the largest social media networks. 

Data transfers

Territories outside the European Economic Area (EEA) may not have laws which provide the same level of protection for personal information as those inside the EEA. However, if we process your personal information on servers or use third party service providers based in such territories, we will endeavour to ensure that your personal information is afforded the same level of protection as in the EEA.

Changes to this Privacy statement

If this privacy statement changes in any way, we will place an updated version on this webpage. If you do not agree with the changes we make please do not continue to use the website. Regularly reviewing this webpage ensure you are always aware of what information we collect, how we use it and under what circumstances, if any, we will share it with other parties.