ISEP Privacy Policy

1. Introduction

The Institute of Sustainability and Environmental Professionals (ISEP) is committed to protecting your personal identifiable information (PII) when you are using ISEP’s services. This Privacy Policy relates to our use of any personal information you provide to us online, via phone or text, by email, in letters or correspondence.

ISEP is fully committed to safeguarding your personal and sensitive information, as outlined in ISEP’s Data Protection Policy. Whenever you provide details of a personal or sensitive nature we are legally obliged to use your information in line with all laws concerning the protection of personal information, including the General Data Protection Regulation 2018 (GDPR).

To demonstrate that ISEP takes its responsibilities of safeguarding your data seriously, we have attained Cyber Essentials Plus certification, a government-backed industry support scheme to help organisations protect themselves against common online threats. Our internal systems have been verified by independent experts. In addition, ISEP are members of the Direct Marketing Association which demonstrates we have met their high standards of compliance with their Code of Conduct.

The Controller is: ISEP, Fenland House, 15b Hostmoor Avenue, March Cambridgeshire, PE15 0AX, UK. Email: dpo@iema.net

2. What personal information will be collected and how will ISEP collect it?

When you join, participate in, access or sign up to any of ISEP's services, activities or online content, such as Transform, ISEP Jobs, newsletters, competitions, live chats and webinars, message and discussion boards, telephone or text ISEP, vote, book onto ISEP events or register to use ISEP’s website, we receive personal information about you. This can consist of information such as your name, email address(es), postal address(es), telephone and mobile number, date of birth, employment and employer history and details, professional interests and areas of work. By submitting your details, you enable ISEP (and where applicable its contractors) to provide you with the services, activities or online content you select.

Please note that sometimes we will require you to provide additional personal information, and sometimes sensitive personal information (e.g. if you are sending in an application to be a member of a committee, steering group, Council or Board, assessor or examiner), or you will have the ability to disclose sensitive personal information when applying for jobs on the jobs board. When we do this, we will provide further information as to why we are collecting your information and how we will use it, to the extent not covered in this Privacy Policy.

This information will be collected via the telephone, face to face, online forms and via your employer if they are joining as a Corporate member and offering their employees membership as part of this.

ISEP also uses cookies and collects IP addresses (an IP address is a number that can uniquely identify a specific computer or other network device on the internet) from visitors of ISEP websites.

The ISEP website(s) may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies, including cookies, and we urge you to review them. They will govern the use of personal information you submit or is collected by cookies whilst visiting these websites. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.

You will have the option to share details with your employer, mainly your name and membership grade. This ‘opt in’ preference will be available in your application and in your MyISEP account area on the website. You can opt-in or out of sharing this data at any time.

3. Purpose of processing your personal data

ISEP will use your personal information for several purposes including the following:

• to provide our services, activities or online content and to deal with your requests and enquiries including sharing your details with other members in Steering Groups, Networks and regional activities, as well as external event hosts
• for 'service administration purposes', which means that ISEP may contact you for reasons related to the service, activity or online content you have signed up for, as set out in paragraph 4 below (e.g. to provide you with password reminders or to notify you that a service, activity or online content has been suspended for maintenance)
• to contact you about your membership, events and conference bookings, online payments and other online transactions
• to provide you with information about our services, activities or online content
• to personalise the way ISEP content is presented to you (we may present this information or a link to it on your member details page or homepage)
• to use IP addresses to identify the location of users, to block disruptive use, to establish the number of visits from different countries and to determine whether you are accessing the services from the UK or not
• to monitor and analyse ISEP website usage and
• to analyse and improve the services offered on ISEP websites.

4. When will ISEP contact me?

ISEP may contact you:

1. in relation to your membership where we believe we have a contractual and legitimate reason to provide you with your member benefits including but not limited to information relating to your renewal, upgrades, CPD, Transform magazine and other membership news
2. regarding any service, activity, event, conference or online activity you have signed up for to ensure that ISEP can deliver the services to you
3. where you have opted in to receive further correspondence
4. in relation to any contribution you have submitted to ISEP, e.g. on ISEP message boards or via text or voicemail message
5. to invite you to participate in surveys about ISEP services (participation is always voluntary) and
6. for ISEP marketing purposes (see paragraph 5 below).

You will be able to opt-out of receiving any of the above (with the exception of point 1) by changing your preferences at any time by visiting iema.net or by following the details on the communication sent to you.

5. Will I be contacted for marketing purposes?

ISEP focuses on providing you with the knowledge, skills and tools for your professional development and we will contact you for purposes that fulfil this objective if we believe they are a legitimate part of your membership contract with us.

We would like to use your personal data to send you details of products or services that we offer that we have identified as likely to be of interest to you. We will only send you information in line with the preferences you indicated when you provided the personal data. These include the promotion of new services, activities or online content, and invitations to events and conferences where you have opted in to receiving information regarding them.

You will be able to opt-out of receiving any of the above by changing your preferences at any time by visiting iema.net or by following the details on the communication sent to you.

6. Will ISEP share my personal information with anyone else?

We will keep your information secure and confidential except where disclosure is required or permitted by law (for example to government bodies and law enforcement agencies) or as described in paragraph 9 below. Generally, we will only use your information within ISEP.

ISEP reserves the right to confirm (upon request from the employer/potential employer) the membership status, i.e. name and membership level, of a member whose membership is paid for by that same employer.

ISEP employs some third parties to deliver online and offline services (e.g. publishing Transform, managing the ISEP website(s) and jobs board, monitoring and analysing website statistics) and requires third parties to comply strictly with its instructions that they do not use your personal information for their own business purposes. Please see section 9 for further information.

ISEP has an optional preference available on the MyISEP portal under preferences where you can opt in to share your name and membership grade with your employer. ISEP Corporate Partners also have access to a range of discount codes to support professional and organisational skills development.

When using these corporate discount codes, your name and membership grade may be shared with your employer. You can opt in or out of sharing this data at any time.

If you wish to object, please update your preferences on our website iema.net

7. Offensive or inappropriate content on the ISEP website

If you post or send offensive, inappropriate or objectionable content anywhere on or to the ISEP websites or otherwise engage in any disruptive behaviour on any ISEP service, ISEP may use your personal information to stop such behaviour.

Where ISEP reasonably believes that you are or may be in breach of any of the laws of England and Wales (or the law of Scotland if you live there) (e.g. because content you have posted may be defamatory), ISEP may use your personal information to inform relevant third parties such as your employer, school/college/university, email/internet provider or law enforcement agencies about the content and your behaviour.

8. Legitimate interests

ISEP is a membership organisation and we process your personal information to meet our contractual obligations to you including providing you with benefits that we believe add value to your membership. By increasing our membership and therefore generating more income we can further the aims of the organisation and subsequently the profession.

9. Recipients and processors of your information

ISEP shares your data with other Controllers and Data Processors to provide you with the benefits of your membership. ISEP works with the following to process your information such as mailing houses, advertising agencies, email broadcasters, event hosts, publishers, government and other professional bodies.

Our jobs board is operated and maintained by Think Publishing Limited, an agency who provide similar services to other member organisations in the UK. Think is a data controller of certain personal data that is uploaded to the jobs board. Their privacy notice is available here https://thinkpublishing.co.uk/privacy-policy/ and their representative for queries about the use of jobs board data can be reached at privacy@thinkpublishing.co.uk.

10. How long will ISEP keep my personal information?

As a membership organisation and to comply with the Companies Act under the removal of entries relating to former members, an entry relating to a former member of the company may be removed from the register after the expiration of 10 years from the date on which they ceased to be a member legislation.gov.uk/ukpga/2006/46/section/121

In addition, we will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with ISEP or ISEP's retention schedule below:

• We will retain your personal information if you are a non-member that we met via an event for a period of 6 months.
• ISEP will keep your information if you are a contractor for a maximum period of 5 years dependent on the contract in place and the associated legal requirements.

Where you contribute material to ISEP, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted. Some content submitted to, or shared with, ISEP may be retained if necessary in an archive, to document the development and history of the profession. There may also be rare instances where we will share your contribution with third parties in the interests of ISEP and the environmental profession.

11. Data subject’s right to access

The right to be informed – you have the right to be told about the collection and use of the personal data you provide. This Privacy Policy sets out the purpose for which we process your personal data, how long we will keep your data, who we will share your data with. If you have any questions on how and why we process your data, please contact the Controller. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-be-informed/

Right of access – you have the right to know whether we are processing your personal data, and to request a copy of that data. We would need as much information as possible to enable us to locate your data. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-of-access/

Right to rectification – you have the right to have any incorrect personal data corrected or completed if it is incomplete. You can make this request verbally or in writing. We will need as much information as possible to enable us to locate your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-rectification/

Right to erasure – this right, often referred to as the right to be forgotten, allows you to ask us to erase personal data where there is no valid reason for us to keep it. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

Right to restrict processing – you have the right to ask us to restrict processing of your data. We will look at any request and inform you of our decision within 28 days of receiving the request. If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-restrict-processing/

Right to data portability – you have the right to move, copy or transfer your personal data from one IT environment to another. This right applies to data that you have provided to us and that we are processing on the legal basis of consent or in the performance of a contract and that processing is by automated means. We will respond to your request within 28 days of receipt of your request. If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-data-portability/

Right to object – you have the right to object to our processing of your personal data based on (i) legitimate interests, or for the performance of a task in the public interests/exercise of official authority (including profiling); (ii) direct marketing (including profiling); and (iii) for purposes of scientific/historical research and statistics.

(i) Legitimate interests/legal task – your objection should be based on your particular situation. We can continue to process the data if we can demonstrate compelling legitimate grounds which override your interests.

(ii) Direct marketing – you have an absolute right to ask us to stop processing for the purposes of direct marketing. We will action your request as soon as possible.

(iii) Scientific/historical research and statistics – your objection should be based on your particular situation. If we are conducting research where the processing is necessary for the performance of a public task, we can refuse to comply with your objection.

If you want to exercise this right, please contact the Controller at the contact details above. If you want to know more about this right, the ICO has more guidance on their website: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-object/

Processing based on consent

Where we process your personal data based on your consent, you have the right to withdraw that consent at any time without reason. You can opt-out by using the unsubscribe/opt-out in any marketing we send you and you can contact the Controller at the contact details above.

The right to lodge a complaint to the supervisory authority

If you are unhappy with the way in which we have handled your personal data please contact us at dpo@iema.net. You are also entitled to make a complaint to the Information Commissioner’s Office: https://ico.org.uk/concerns/

12. Consent for processing

You may withdraw your consent to any of our processing activities at any time by changing your preferences at iema.net. ISEP will also enable you to do this on every communication that we send to you.

13. Cookies

A cookie is a small piece of information sent by a web server to a web browser, which enables the server to collect information from the browser. Find out more about cookies on allaboutcookies.org.

Most browsers will allow you to turn off cookies. If you want to know how to do this, please look at the menu on your browser or look at the instruction on allaboutcookies.org. Please note, however, that turning off cookies will restrict your use of our website.

On ISEP's websites, cookies record information about your online preferences and allow us to tailor the websites to your interests. Users can set their devices to accept all cookies, to notify them when a cookie is issued, or not to receive cookies at any time. The last of these means that certain personalised features cannot then be provided to that user and accordingly they may not be able to take full advantage of all the website's features. Each browser is different, so check the 'Help' menu of your browser to learn how to change your cookie preferences.

During any visit to an ISEP website, the pages you see, along with a cookie, are downloaded to your device. Many websites do this, because cookies enable website publishers to do useful things like find out whether the device (and probably its user) has visited the website before. This is done on a repeat visit by checking to see, and finding, the cookie left there on the last visit.

How does ISEP use cookies?
Information supplied by cookies can help us to analyse the profile of our visitors and help us to provide you with a better user experience. Certain other areas of the ISEP website use cookies for a specific reason – for example, to help an online webinar work effectively on your device.

Third-party cookies on ISEP pages
Please note that during your visits to ISEP websites you may notice some cookies that are not related to ISEP or ISEP’s contractors. When you visit a page with content embedded from, for example, YouTube or Flickr, you may be presented with cookies from these websites. ISEP does not control the dissemination of these cookies. You should check the privacy policies of these websites for more information.

14. Changes to ISEP's Privacy Policy

This Privacy Policy is regularly reviewed and will be updated when necessary. If we make any significant changes to the policy, we will communicate these to you.

This Policy was last updated: June 2024