Who we are
The data controller is The Chartered Institute of Marketing (CIM).
CIM is the world’s leading professional marketing body, registered in England and Wales (registration number RC000886). Our registered address is Moor Hall, Cookham, Maidenhead, Berkshire SL6 9QH, UK.
- Chief Data Officer, The Chartered Institute of Marketing, Moor Hall, Cookham, Maidenhead, Berkshire SL6 9QH, UK
How we collect information about you
There are several ways we may collect information about you. These include:
- when you provide it to us by getting in contact (phone/email/web/webchat**)*
- when you subscribe to our services or place an order with us
- if you are studying a CIM qualification, your study centre may share information with us
- if you submit your details when sending an enquiry through a third-party vendor
- when you provide details at an exhibition or networking event
- when you report a problem with CIM's websites or any of its services
*Phone calls may be recorded for training purposes or for the resolution of any disputes. Recordings are retained for 3 months and access is restricted to the customer services management team.
**Content from chat, pre-chat and post-chat surveys is stored for 13 months. During this period you can request that this content be redacted (which will remove all Personal Identifiable Information) by emailing email@example.com
What information we collect about you
Security of your information
CIM respects your data and has taken appropriate technical and organisational measures to ensure we have mitigated against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data.
Do you collect any special category data?
CIM does not collect special category data as a matter of course. However, individuals may on occasion supply health-related information in relation to delivery of services by CIM. For example, studying members may share such information should they require reasonable adjustments on health grounds for the completion of CIM assessments, or where an emergency deferral to an alternative assessments session is necessary. Dependent on the type of application, this information may be received directly from the member, or they may disclose this to their study centre who will in turn liaise with CIM. Equally, guests and delegates attending Moor Hall Conference Centre may elect to provide details of dietary requirements. The information is retained only for as long as is necessary and is processed solely for this purpose.
How we use your information and the legal bases for this
Your information is used to process your purchases, deliver our services and contact you, as well as to improve the website experience for our users.
When you purchase from us, we may collect the following information: name, date of birth, phone number, email address, address, billing address, company name (if applicable), VAT number (if applicable). If you don’t provide this information, you won’t be able to purchase from us or enter into a contract with us. In these instances, we process your personal data because it is necessary for the performance of a contract with you, or in order to take steps at your request to enter into a contract.
When you send us an enquiry or purchase from us, you can opt in to receive marketing communications in relation to our products and services by ticking the relevant boxes. We will then send you the relevant marketing communications until such time that you remove your consent. In these instances, processing is performed on the basis of your consent.
When you become a CIM member, one of the key features of your membership is access to the latest marketing insights, topical debate and inspiring events. As such, from time to time, we’ll email you with member-only communications that invite you to make the most of your membership. These communications with you may originate from CIM or our Regions and Sector Interest Groups. As a member you can update your contact preferences to include additional types of communications via the preference centre within the ‘MyCIM’ section of the website. In these instances, processing is performed on the basis of your consent. In addition to this, we’ll also contact you with important operational information regarding your membership (for example, highlighting member benefits, notifying you of Governance activity or advising you when your renewal is due). In these instances, we process your personal data on the basis of our legitimate interests.
Who we share your data with
We will only share your data with third parties for the purposes of delivering our services, fulfilling any contracts we enter with you, where required by law or to enforce our legal rights.
Third party communications
CIM will not disclose your details to third parties for the purpose of receiving communications from those third parties, including relevant business information, unless you specifically opt-in to this type of communication.
Only when necessary to deliver our services and run our business, we share your information with various providers who will act as data processors. These include:
- Telephone and email providers
- Payment processing providers
- IT service providers
- Hosting providers
- Mailing houses and print/fulfilment companies
- Member benefit providers
Mailing, print and fulfilment companies
CIM will only disclose your information to print and fulfilment companies who are conducting business on CIM's behalf and only for an agreed purpose, such as magazine distribution, operational membership mailings or marketing mailings. Data is securely encrypted and, once the purpose for which it was transferred is complete, it is deleted.
CIM does not store credit/debit card details, except for the purposes of processing bookings for Moor Hall Conference Centre guests, when these details are stored securely and destroyed following payment. CIM does not share financial details with any third parties. However, it may (in appropriate circumstances) use certain other companies to provide services to you, such as a credit card processing company or a Direct Debit service. These companies do not retain, share, store or use personal information for any purposes other than to provide this service to CIM.
CIM may share your details with third parties for the purposes of conducting research on our behalf, including membership surveys, only when you have consented to your data being processed in this way. You may change your preferences at any time via our website.
Qualification assessment details
Studying members’ examination grades will be shared with their CIM Accredited Study Centre (the educational institution which delivered the CIM qualification) and with the Department for Education. This data may also be shared with our Regulators: OfQual, CEA, Qualification Wales in the event of any investigations.
CIM may sometimes receive verification requests of qualification or membership status from current or prospective employers, employment agencies, regulators or other third party contacts. CIM will only confirm your qualification or membership status if a consent form, signed by you, accompanies the request.
Chartered Marketers and CPD
CIM provides a service for members to record their CPD online through a third party processor, including data recording via an online app. CIM will use the information recorded for management of CPD and Chartered Marketer status and as part of its wider monitoring of members’ progress.
We have a policy of transparency regarding the names of our Chartered Marketers and as such, we publish each individual’s name and CIM Region on our website. Members may request that their name be removed by contacting our Customer Services team.
If a Member of any grade is subject to a disciplinary case in which the complaint is upheld, CIM will publish their name and the outcome of the disciplinary case. Any such processing will be completed on the basis of our own legitimate interests.
Sharing your information for legal reasons
CIM will share your information when required to do so in order to comply with a common law or statutory obligation. For example, this may include information surrounding criminal acts or threats to public security.
Transfer of your information outside the European Economic Area (EEA)
If you are a member of a non-EEA CIM Region or registered with a study centre outside of the EEA, information that CIM collects may be transferred to that Region or study centre, which may not have data protection laws in force equivalent to those within the EEA. CIM will nevertheless take steps to ensure that personal data transferred is adequately protected. Any data transferred in this way will be securely encrypted and, once it has been used for the purpose it was transferred, it will be deleted.
Outside of the circumstances described above, we will not transfer your personal data to any country outside the EEA.
How long we retain your data
We will keep hold of your data for no longer than necessary. The length of time we retain it will depend on any legal obligations we have (such as tax recording purposes), the nature of any contracts we have in place with you, the existence of your consent or our legitimate interests as a business.
When you purchase from us, for example training, events and so on, we retain that information for a period of six years following the end of the financial year during which you purchased from us. It is our legal obligation to keep these records for tax purposes.
Unless you provide consent for future contact during your enquiry, we will keep your information for as long is required to respond and complete your enquiry, and for a further 12 months, before deleting your information.
Membership information will be retained for a period of 10 years from your last renewal date in order to verify your member status and recent history to third parties on request or to allow you to re-join as a Member. A record that you have been a member and your grade of membership will be retained as part of our register of memberships and to enable your future potential access to the CIM Benevolent Fund.
Qualifications and assessments
Qualifications information, including assessment results, may be retained indefinitely for the purposes of verifying your CIM qualifications.
Profiling and automated decision making
Details on your interactions with CIM may be used to review the relevance and quality of the products and services we offer. However, we do not undertake any automated profiling or automated decision-making processes.
Subject to certain limitations, you have the right to:
- Request a copy of the information we hold about you and be told about its use.
- Request that CIM rectifies or deletes your information, or restricts processing if you have concerns over its accuracy, deletion or fair and lawful use.
- Object to the processing of your personal data, based on your particular situation, where this processing is based on the legitimate interests of CIM, where it involves direct marketing, or where it is completed for research or statistical purposes.
- Withdraw consent to the use of your information. All of our communications (excluding operational membership communications) contain an unsubscribe link. If you are a member of CIM, you can manage your preferences at any time online within the ‘MyCIM’ section of our website. Otherwise, you can contact firstname.lastname@example.org to manage the communications you receive.
- Receive your personal data in a portable, commonly used, machine-readable format to transfer to another data controller. However, in some circumstances we may be unable to provide you with some or all of your personal data, for example, if it compromises the confidentiality of a third party.
Concerns and complaints
If you have concerns or questions over the collection, storage or processing of your data, you are encouraged in the first instance to contact a member of staff to discuss and resolve any issues.
Alternatively, you can write directly to the Chief Data Officer at:
- Chief Data Officer, The Chartered Institute of Marketing, Moor Hall, Cookham, Maidenhead, Berkshire SL6 9QH, UK
You also have the right to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO). Contact details for the ICO are available here.