1. Data Controller
The Institute of Administrative Management (“IAM”, “we”, “us”, or “our”), established in 1915, is the data controller responsible for your personal data. We are committed to protecting your privacy and handling your personal data in an open and transparent manner.
2. Data We Collect
2.1 Information You Provide
We collect personal data that you provide directly to us, including:
- Identity data: name, title, date of birth, professional qualifications
- Contact data: email address, telephone number, postal address
- Professional data: job title, employer, professional experience, CPD records
- Financial data: payment card details (processed securely via our payment provider), billing address
- Account data: username, password, membership number, account preferences
- Education data: qualification enrolments, assessment results, certificates issued
2.2 Information Collected Automatically
When you visit our website, we automatically collect:
- Technical data: IP address, browser type and version, operating system, device type
- Usage data: pages visited, time spent on pages, navigation paths, referral source
- Cookie data: as described in our Cookie Policy
2.3 Special Category Data
We may process special category data (e.g., disability or health information) only where you have provided explicit consent, typically in connection with reasonable adjustments for assessments under the Equality Act 2010.
3. Legal Basis for Processing
Under UK GDPR, we process your personal data on the following lawful bases:
Administering your membership
Performance of a contract
Processing qualification enrolments and assessments
Performance of a contract
Processing payments
Performance of a contract
Sending service communications
Legitimate interest
Sending marketing communications
Consent
Publishing your details in the member directory
Consent
Website analytics and improvement
Legitimate interest
Compliance with legal and regulatory obligations
Legal obligation
Processing reasonable adjustment requests
Explicit consent (special category)
4. How We Use Your Data
We use your personal data to administer and manage your membership, process qualifications, certified programmes, and CPD enrolments, process payments and issue invoices, communicate with you about your membership, courses, and services, maintain the public directory of members, certified professionals, and accredited centres (with your consent), analyse website usage and improve our services, comply with regulatory and legal obligations (including Ofqual requirements), and send marketing communications (where you have opted in).
Marketing: We will only send you marketing communications where you have specifically opted in. You can withdraw your consent at any time by clicking the “unsubscribe” link in any marketing email, by updating your preferences in your account, or by contacting us directly.
5. Data Sharing & Transfers
5.1 Who We Share Your Data With
We may share your personal data with:
- Awarding organisations: Qualifi and TQUK, for the administration of regulated qualifications
- Accredited Training Centres: where necessary for your enrolment and assessment
- Payment processors: for secure payment processing
- IT service providers: who assist with website hosting, email delivery, and platform management
- Regulatory bodies: including Ofqual, where required by law
- Professional advisers: including lawyers and auditors, where necessary
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
5.2 International Transfers
Where we transfer personal data outside the United Kingdom, we ensure appropriate safeguards are in place in accordance with UK GDPR, including Standard Contractual Clauses approved by the Secretary of State, transfers to countries with adequacy decisions, or other approved transfer mechanisms.
6. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which we collected it:
- Membership records: for the duration of your membership plus 6 years
- Qualification and assessment records: permanently, as required for verification purposes
- Financial records: 7 years, as required by HMRC
- Marketing consent records: until consent is withdrawn
- Website analytics data: 26 months
- Enquiry correspondence: 3 years from the date of last contact
7. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (SSL/TLS), secure access controls and authentication, regular security assessments, staff training on data protection, and incident response procedures.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the Information Commissioner’s Office within 72 hours and, where appropriate, notify affected individuals without undue delay.
8. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
- Right of access (Article 15): to obtain a copy of your personal data
- Right to rectification (Article 16): to correct inaccurate or incomplete data
- Right to erasure (Article 17): to request deletion of your data in certain circumstances
- Right to restrict processing (Article 18): to limit how we use your data
- Right to data portability (Article 20): to receive your data in a structured, machine-readable format
- Right to object (Article 21): to object to processing based on legitimate interests or direct marketing
- Rights related to automated decision-making (Article 22): not to be subject to decisions based solely on automated processing
To exercise any of these rights, please contact us at [email protected]. We will respond to your request within one month, as required by UK GDPR. In complex cases, this may be extended by a further two months, and we will inform you of any such extension.
Right to complain: You have the right to lodge a complaint with the Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. The ICO can be contacted at
ico.org.uk or by telephone on 0303 123 1113.
9. Cookies
Our website uses cookies and similar technologies. For detailed information about the cookies we use, their purposes, and how to manage your cookie preferences, please see our Cookie Policy.
10. Children’s Privacy
Our Services are not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If you become aware that a child has provided us with personal data, please contact us, and we will take steps to delete such information.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. Where changes are material, we will notify you by posting a prominent notice on our website and, where appropriate, by email. We encourage you to review this page periodically.
