Privacy Policy
THE INSTITUTE OF RESIDENTIAL PROPERTY MANAGEMENT LIMITED:
The Institute of Residential Property Management Limited recognises that data protection is the cornerstone of its operations and is committed to processing information about individuals in ways that comply with its obligations under the General Data Protection Regulation (as retained from the EU law version)(“GDPR”) and the Data Protection Act 2018 (“DPA”).
As a membership organisation, it is necessary for us to process information relating to individuals, including our individual members. Whenever we process the personal data of individuals, we will ensure that we are clear with those individuals about what we do (or may do) with their information.
This privacy policy explains what personal data (or “information”) we hold about individuals and contains important information on who we are, how and why we collect, store, use and share personal information, individuals’ rights in relation to their personal information and on how to contact us and supervisory authorities in the event you have a complaint.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy which we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your personal information. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Who we are
The Institute of Residential Property Management Limited collects, uses and is responsible for certain personal information about individuals. When we do so we are regulated under the General Data Protection Regulation (as retained from the EU law version) and the Data Protection Act 2018 and we are responsible as the ‘controller’ of that personal information for the purposes of those laws.
In this privacy policy, references to “we” or “us” mean The Institute of Residential Property Management Limited.
We are a company registered in England and Wales with company number 6207464 and the registered address 20 Eversley Road, Bexhill-on-Sea, East Sussex TN40 1HE.
We have a compliance officer who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this privacy policy, including any requests to exercise Your rights, please contact the compliance officer using the details set out below.
Contacting our compliance officer
If you have any questions about this privacy policy or our privacy practices, please contact our compliance officer in the following ways:
You have the right to make a complaint at any time (please see How to complain) to the Information Commissioner’s Office (“ICO”), the UK supervisory authority for data protection issues. We would however appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
DATA PROTECTION PRINCIPLES
We will comply with the data protection principles set down by the GDPR when gathering and using personal information.
The personal information we collect and use
In the performance of our role, we collect and process information relating to individuals.
The information we collect (and how we handle that information) differs depending on who the individual is, and why we are collecting their information.
Our services and website(s) are not intended for children and we do not knowingly collect any personal information relating to children.
THE PERSONAL INFORMATION WE COLLECT AND USE RELATING TO OUR MEMBERS
The IRPM will collect and use personal information relating to its members. Members in this context includes all levels of hierarchy of membership, and those undertaking professional qualification via our training programmes and apprenticeships. It also includes any applicants for membership and/or training and apprenticeships.
Our collection and use of this information is necessary for us to meet our key objectives, which include:
The information we collect
We may collect the following types of information:
In limited circumstances, we may collect limited special category data including details about your race or ethnicity, religion and health. We will only collect this information where you choose to provide it to us, and it will be used only to ensure we are able to make appropriate adjustments for you at events, courses or examinations that you may wish to attend and in an anonymised form as part of our use of aggregated data (please see below for further information).
In addition to receiving information directly from our members, from time to time we also receive information about our members from third parties, for example their employers.
How we collect it
We use different methods to collect information from and about you, including through:
Why we collect it
The collection of this information is required from our members so that we can:
Who we share it with
From time to time, we may share your personal information with the following categories of recipients:
Some of those third party recipients may be based outside the United Kingdom — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK’.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Where your personal information may be held
Information may be held at our offices, and third party agencies, service providers, representatives and agents as described above.
We have security measures in place to seek to ensure that there is appropriate security for information we hold.
How long your personal information will be kept
We will retain your personal information for no longer than is reasonably necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available on request from us by contacting us.
Our lawful basis
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
THE PERSONAL INFORMATION WE COLLECT AND USE RELATING TO ATTENDEES AT OUR EVENTS AND PARTICIPANTS IN EXAMINATIONS OR COURSES
The IRPM will collect personal information from individuals who attend IRPM hosted events, including our annual seminar and regional roadshows.
The information we collect
We may collect the following types of information:
In limited circumstances, we may collect limited special category data including details about your race or ethnicity, religion and health. We will only collect this information where you choose to provide it to us, and it will be used only to ensure we are able to make appropriate adjustments for you at events, courses or examinations that you may wish to attend and in an anonymised form as part of our use of aggregated data (please see below for further information).
How we collect it
We use different methods to collect information from and about you, including through:
Why we collect it
The collection of this information is required so that we can host the events, courses and examinations, and it helps us to:
We also collect personal information about individuals from their company directly.
Who we share it with
From time to time, the IRPM may share your personal information with the following categories of recipients:
Some of those third party recipients may be based outside the United Kingdom — for further information including on how we safeguard your personal data when this occurs, see ‘Transfer of your information out of the UK.
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Where your personal information may be held
Information may be held at our offices, and third party agencies, service providers, representatives and agents as described above.
We have security measures in place to seek to ensure that there is appropriate security for information we hold.
How long your personal information will be kept
We will retain your personal information for no longer than is reasonably necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available on request from us by contacting us.
Our lawful basis
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
It is necessary for us to process the personal information so that we can host those events. Our processing activities are a targeted and proportionate way of achieving this. Attendees reasonably expect that we will process their personal information in this manner.
THE PERSONAL INFORMATION WE COLLECT AND USE RELATING TO THIRD PARTIES
The IRPM will collect personal information from third parties, including members of the general public who contact us.
The information we collect
We may collect the following types of information:
How we collect it
We use different methods to collect information from and about you, including through:
Why we collect it
The collection of this information helps us to:
Who we share it with
From time to time, we may share your personal information with the following categories of recipients:
We will share personal information with law enforcement or other authorities if required by applicable law.
We will not share your personal information with any other third party.
Where your personal information may be held
Information may be held at our offices, and third party agencies, service providers, representatives and agents as described above.
We have security measures in place to seek to ensure that there is appropriate security for information we hold.
How long your personal information will be kept
We will retain your personal information for no longer than is reasonably necessary for the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.
Details of retention periods for different aspects of your personal data are available on request from us by contacting us.
Our lawful basis
We will only use your personal information when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
It is necessary for us to process the personal information we have described so that we can perform our role as a member organisation. Our processing activities are a targeted and proportionate way of achieving this.
FURTHER INFORMATION ABOUT HOW WE MAY USE YOUR PERSONAL INFORMATION
Direct marketing
We strive to provide you with choices regarding certain uses of your personal information, particularly around marketing and advertising.
We may use your information to form a view on what we think you may want or need, or what may be of interest to you. This is how we decide which products, services and offers may be relevant for you.
You will receive marketing communications from us if:
We will obtain your express opt-in consent before we share your personal data with any third party for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at data@irpm.org.uk at any time.
Where you opt out of receiving marketing messages, this will not apply to information provided to us as a result of a purchase of products or services, membership or other transactions.
If you fail to provide information
Where we need to collect information by law, or under the terms of a contract we have with you, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time.
Aggregated information
We also collect, use and share aggregated data such as statistical or demographic data for any purpose. Aggregated data could be derived from your personal information but is not considered personal information in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your personal information to calculate the percentage of users accessing a specific website feature. However, if we combine or connect personal information so that it can directly or indirectly identify you, we treat the combined information as personal data which will be used in accordance with this privacy policy.
Links to third party websites
Our website(s) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for any privacy statements on such. When you leave our website(s), we encourage you to read the privacy policy of every website you visit.
Transfer of your information out of the UK
We may transfer your personal information to the following locations outside the UK:
The IRPM is satisfied that any transfer of your personal data to platforms outside of the UK has adequate levels of data protection for your personal data, through one of the following safeguards:
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Your rights
Under the GDPR and DPA you have a number of important rights free of charge.
In summary, those include rights to:
For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation.
If you have any questions about this privacy policy, including a request to exercise any of your rights, please:
We try to respond to all legitimate requests within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/or telephone: 0303 123 1113.
Changes to this privacy notice
This privacy notice was first published on 25 May 2018 and last updated on 22nd March 2021.
We may change this privacy notice from time to time, and when we do we will inform you.