Privacy Policy

Who we are

Our website address is: http://ioh.org.uk

iOH – The Association for Occupational Health & Wellbeing Professionals is a not-for-profit membership organisation which works to create the best environment for business and economic growth. Our members include businesses of all sizes operating in the UK. Although our members are businesses, not individuals, we do collect and use personal information relating to individuals as part of our activities. This is generally in order to manage our membership and to carry out our wider work representing the interests of businesses in the UK. We also collect personal information about individuals who sign up to our events or surveys or to receive our briefings and who work for or with us.

This privacy policy sets out how the iOH collects and uses personal information about individuals. Please read this privacy policy carefully to understand how the iOH will use your personal information. If you have any questions or queries in relation to this privacy policy, you can contact our Data Protection Officer at: admin@iOH.org.uk iOH, 61 Waverley Road, Kenilworth, CV8 1JL

This privacy policy explains:

1. Information we may collect about you (including cookies)

2. Use of your information

3. Contacting you

4. Sharing your information

5. Our legal basis for collecting, holding and using your information

6. Security and storage of your information

7. Your rights Information we may collect about you We may collect the following information about you: Information you give to us

You may give us information about you by filling in a form, contacting us by phone or e-mail or in person. This includes information you provide if you complete a membership form on behalf of a business and if you complete an application form or otherwise apply for a job here, either directly, or via a third party. The information you give us depends on the reason for you contacting us, but may include your name, job title, address, date of birth, e-mail address and phone number, financial and debit card information, personal identification documents, data relating to access or dietary requirements and your political opinions.

Information we receive from other sources

We work closely with other organisations, such as business partners, sub-contractors, analytics providers, search information providers, and we may receive information about you from them. For example, we could gain access to your business contact details via recognised business data providers who collate information from sources including publicly available information such as Companies House. We may also be given your contact details by our primary contact at your organisation, if they think that you would benefit from getting involved with the iOH or benefit from engaging in our activities. For example, they could nominate you to sit on our board, or on our committee. The categories of information we receive from these sources may include your name, address, date of birth, e-mail address and phone number, financial and debit card information, personal identification documents, data relating to access or dietary requirements and political opinion.

We may also collect information about you from publicly available sources, such as media reports, in order to better understand the people who we interact with. This may include information relating to your political opinions. Use of your information We need to obtain, store and use information about you for legitimate business purposes – namely so that you can enjoy and benefit from our services. We may use information we hold about you in the following ways:

• To confirm your identity

• To administer the membership of your company/organisation

• To let you know about other relevant services, both ours and those of other parties whose products and services we have agreed should be made available to you (see the section below on ‘Contacting you’ for more information about this)

• To update and correct our membership records

• To carry out statistical and market analyses, including benchmarking exercises, to enable us to understand you better and improve our services

• To develop, test and improve our systems

• To notify you about changes to our services

• To ensure the content of our website is presented in the most effective manner for you and for your computer

• To administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes

• To improve our website to ensure that content is presented in the most effective manner for you and for your computer.

We may combine information we receive from other sources with information you give to us for the purposes set out above (depending on the types of information we receive). Contacting you An important part of our work is communicating with our membership and the wider business community, telling them about our activities and how we are supporting their interests, and seeking their views on current issues. To do so, we use personal information to keep in touch with individuals within member and non-member organisations, as well as partners and other individuals.

We will use the contact information you have given us to send you important information. This may be by post, email, text message or telephone. We may also use the information we hold about you in order to provide you with information about other products or services we feel may interest you. Because we operate primarily as a professional membership organisation, we do not generally seek your consent to send you marketing communications. We believe that such communications are both in our legitimate interests, to raise awareness of our work and promote our services, and in your interests. However, you do have the right to ask us to stop sending you marketing communications. If you would like to stop receiving these, please visit the preferences centre or contact ADMIN@iOH.org.uk to update your preferences.

Sharing your information

We may share your information with selected third parties including:

• Event venues, attendees, speakers, sponsors and organisers contracted by iOH

• Online service providers such as event booking systems, communications and marketing systems and survey tools

• iOH’s sponsors We may also share your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our rights, property, or safety of our customers, or others.

Our legal basis for collecting, holding and using your information Data protection law sets the lawful legal bases (or ‘conditions’) which allow us to collect, hold and use your personal information. For the iOH, these are:

• For the purposes of our own legitimate interests. We believe that we have a legitimate interest in being able to provide our services to our member organisations and to represent our members and the interests of businesses in the UK. As set out in this notice, this sometimes requires us to collect and use personal information about individuals. We only use this legal basis where these interests are not overridden by your interests and fundamental rights or and freedoms

• Where we have entered into a contract with you. In these circumstances, we may need to process your personal information in order to fulfil the contract. For example, this may apply if you book to attend one of our events

• Where we are under a legal obligation to process personal information. For instance, we are required to collect certain information in accordance with our obligations under equalities legislation

• Sometimes, we will ask you for your agreement to process your personal information. This is particularly the case when we wish to collect or use any special categories of personal information (see below).

Data protection law recognises certain “special categories” of personal information, which include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person’s sex life or sexual orientation. These special categories are considered particularly sensitive and so we will only collect and use this information where you have given us your explicit consent or where we consider it necessary to do so. For example, you may choose to tell us about your health condition before attending one of our events, or your political opinions as part of a campaign. We will only use this information for the particular event or campaign and not for any other purposes.

Security and storage of your personal information The information about you that we collect may be processed by iOH staff operating outside the EEA. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy. We will generally keep personal information about you no longer than is needed for us to carry out the functions described in section 2 of this notice. For example:

• We will usually delete personal information that we collect related to our events after 13 months. However, we may retain some information (such as attendance records) for longer where it is in our legitimate interests to do so

• We will keep personal information held as part of our membership records for the duration of that organisation’s membership. At the end of the membership, we will delete the majority of records and only retain the minimum information necessary to deal with any future issues and basic contact details in order to be able to carry out the functions listed in section 2 of this notice.

Your rights

You have the right to request from us access to your own personal information. This is sometimes known as a ‘subject access request’. You also have the right to ask us not to process your personal data for direct marketing purposes. You can exercise this right by contacting admin@iOH.org.uk, by following the links at the bottom of this privacy policy, or by following the link included in each communication you receive from the iOH. From 25 May 2018, you will have additional rights to request from us:

• That any inaccurate information we hold about you is corrected

• That your information is deleted • That we stop using your personal information for certain purposes

• That your information is provided to you in a portable format

• That decisions about you are not made by wholly automated means Many of the rights listed above are limited to certain defined circumstances and we may not be able to comply with your request. We will tell you if this is the case. If you choose to make a request to us, we will aim to respond to you within one month. We will not charge a fee for dealing with your request. If you are dissatisfied with how we are using your personal information or if you wish to complain about how we have handled a request, then please contact our Data Protection Officer and we will try to resolve any issues you may have. You also have the right to complain to the Information Commissioner’s Office, which is the statutory regulator for data protection law. Find details of how to complain to the ICO.

What personal data we collect and why we collect it

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

Who we share your data with

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

What rights you have over your data

If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Where we send your data

Visitor comments may be checked through an automated spam detection service.

Your contact information

Additional information

How we protect your data

What data breach procedures we have in place

What third parties we receive data from

What automated decision making and/or profiling we do with user data

Industry regulatory disclosure requirements