Privacy Policy

In relation to the website: www.isbl.org.uk (“the Site”).

 Owner: Institute of School Business Leadership under company number 3425492 (“we/us”) trading as “ISBL” (“we/us”) and ISBL Trading Ltd (“we/us”).

Customer services: info@isbl.org.uk

Postal address: Highdown House, 11, Highdown House, Leamington Spa, CV13 1XT.

 Services:

The Institute of School Business Leadership (ISBL) succeeded NASBM in November 2017. ISBL aims to provide the sector with confidence in the school business leadership community through a framework of qualifications underpinned by Professional Standards linked to membership categories and practitioners with the professional recognition and status they deserve. 

(“Services”).

Use of Your Data

 We take data privacy very seriously. We have set out below the uses to which we will put the information that we have about you in the delivery of the Services, and the legal basis for this, as well as introducing the rights that you have over the way that we use your information. This policy should be read in conjunction with our Policy Manual.

For the purposes of the General Data Protection Regulation (“GDPR”) and any subsequent UK legislation covering data protection, we are the data controller (the entity which processes your data). All queries relating to this policy and/or data protection more generally should be referred to Bethan Cullen of the Institute of School Business Leadership at bethan.cullen@isbl.org.uk.

The information collected about you might include the following:-

Personal Data

  • First name

  • Last name

  • Job title

  • Gender

  • Ethnicity

  • Preferred pronoun

  • Date of birth

  • Email (for login)

  • Address (including billing address)

  • Photographs which include your image and likeness

  • Access information for events

  • Geo-location data (your geographical location based on your IP address) (hereinafter together, “Data”)

The Data is collected when you use our Site and when you sign up and register for membership on the Site.

 If you attend our events, Data may also be collected here, as you may find yourself photographed by our official photographers.

 We may add any additional Data that we collect subsequent to initial Data collection, to your record.

All Data will be kept private and not shared automatically. Save as provided for in this Privacy Policy, we will not sell, rent, distribute or disclose your Data without your consent or where required or permitted to do so by law.

We may use the Data that you provide for the following purposes:

  • to deal with your enquiry and, if you apply for membership (including where you are signing up for a free trial) to administer such membership and provide you with the relevant Services which may include:-

    • offering you guidance on career pathways and specialist training programs tailored to school business professionals;

    • inviting you to events relevant to school business professionals;

    • inviting you to participate in questionnaires, surveys and opinion gathering exercises relevant to school business professionals

    • sending you fortnightly e-bulletins, breaking news updates, policy analysis and briefings; and

    • allowing you to access interactive features, including access to your online portal and our online forums where you can discuss and explore the issues affecting you and other SBM professionals;

  •   in relation to events :

    • we may distribute (hard copy) relevant marketing material to the geographical or email address stated in your account, as supplied by you; and

    • we may also include your Data on distribution lists to other attendees and exhibitors at events (where you are also attending).

 We therefore ask that you provide us with your corporate contact details (e.g. your email address, address and phone number at your educational establishment). Please do not supply your personal contact information.

  • to assist you with important procurement decisions through our Approved Partner scheme;

  • to notify you about important fu

    nctionality changes and alterations to the Site, or offer of products, services or information that might be of particular interest to you;

  • for the purposes of marketing our events, Site and Services whether via our website, on stands, billboards or other promotional materials; and/or

  • for research purposes and to help us plan and improve our Services. We may contact you ourselves or ask outside research agencies to do so on our behalf

  • for the purposes marketing and promoting our services and the services of our approved third parties to members via various communication channels including post, email and telephone. Where we communicate with you via email for these purposes we intend to communicate with corporate subscribers only for the legal purpose of our “legitimate interests” (see below). Please therefore ensure that you supply us with the email and telephone number of your educational establishment  rather than your personal contact information.

 (“the Purpose(s)”).

 The use of your information for the Purposes is lawful because one or more of the following applies:

  • it is necessary for us to hold and use your Data so that we can perform our obligations under the contract we have entered into with you for the Purpose(s); and/or

  • it is necessary for the purposes of legitimate interests pursued by us in order to market and provide the Site and Services and/or to keep the Site and Services up to date; and/or

  • you have given your consent to these Purpose(s), where the purpose is ancillary to the main Purpose(s) for which your Data is used. You may withdraw consent to these uses at any time either by using the opt-out option (where available) or by emailing us at membership@isbl.org.uk noting;

    • this will not affect the lawfulness of processing of your Data prior to your withdrawal of consent being received and actioned; and

    • if we have asked for your consent to a specific part of the service and you wish to withdraw this consent, you may not be able to partake in some of our services if you do so.

(“the Lawful Uses”).

Transfer to Third Parties

Your Data may be collected, passed and/or held by the following third parties if you have opted in to permit us to do this, you have registered directly with any of the entities below or we are otherwise legally entitled to do so:

  • our suppliers in order to facilitate transactions and delivery;

  • our mailing house in order to delivery hard copy mailings;

  • our publishing house in order to delivery the member magazine;

  • any of our Approved Partners;

  • exhibitors or attendees of the same events as you;

  • our customer relationship system, Sheep CRM;

  • our finance system, Xero;

  • our communication platform, HubSpot.

We ensure that any third parties processing your Data on our behalf protect it as carefully as we do and that they provide an adequate level of protection for your rights as a data subject. This may involve transferring your Data to other companies, inside or outside the EU. However, use of your Data will be subject to each of the above party’s Privacy Policy, so please ensure that you familiarise yourself with these policies, details of which should be available on each of their websites, should you wish to know how your data is being processed by them.

Your information may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected.

Use of Aggregated Data

Where Data can be aggregated (and anonymised), we may use this without restriction for research purposes.

For example, we may monitor customer traffic patterns, Site and Services usage and related information in order to optimise users’ usage of the Site and Services and we may give aggregated statistics to a reputable third-party.

We are entitled to do this because the resulting data will not personal identify you and will therefore no longer constitute personal data for the purposes of data protection laws.

Storage of Data

Your Data will be stored only for so long as is reasonably necessary in order to carry out the Purpose(s). Where your Data is no longer required, we will ensure it is disposed of in a secure manner.

Your rights

 You have the right to request details of the processing of your Data by making a subject access request. Such requests have to be made in writing. More detail about how to make a request and the procedure to be followed can be found on the ICO’s website.

You also have the following rights:

  • The right to request rectification of information that is inaccurate or out of date;

  • The right to erasure of your Data (known as the right to be forgotten);

  • The right to object to the way in which we are dealing with and using your Data;

  • The right to restrict the processing of your Data; and

  • The right to request that your Data be provided to you in a format that is secure and suitable for re-use (known as the right to portability).

 All of these rights are subject to certain safeguards and exemptions, more details of which can be found on the ICO’s webpage. To exercise any of these rights, you should contact Bethan Cullen of the Institute of School Business Leadership at the above email address.

If you are not happy about the way in which we have processed or dealt with your Data, you may file a complaint with Information Commissioner’s Office.

 More detail about how you may do so can be found here.

Transfers outside of the European Economic Area

We may send your Data outside of the European Economic Area (EEA). We do this because your Data may be stored on servers based outside the EEA. However, we meet our obligations under the relevant legislation by ensuring that your Data has the same protection as if it were being held within the EEA. We do this by ensuring that any third party processing your Data outside the EEA either benefits from the EU-–U.S. Privacy Shield and/or, where appropriate, we have entered into a data processing agreement containing model EU clauses certified by the European Commission.

Security of Your Data

 The Site is a UK-based website and takes reasonable care to comply with the requirements of the UK Data Protection Act 1998 (or any other legislation which may replace, supplement or amend it) (‘the Act’) relating to the personal information you supply on the Site. The Site uses a security system that protects your information from unauthorised use. However, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.

We do not handle payments and cannot store credit or debit card data. When you go to check out, you will be automatically redirected to a secure server managed provided by Worldpay to guarantee your safety. Those servers are PCI/DSS compliant and security-monitored.

Updating your Information

 If any of the information you provide when subscribing to the services on the Site changes, please update your profile by logging in or alternatively, please notify [Membership at membership@isbl.org.uk].

Accessing your Information

 We are data controllers for the purposes of the Act and if you wish to request access to your Information held by us, you may contact Membership at membership@isbl.org.uk

Mailing Lists

If you subscribe to our mailing lists for new release and other information, we also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.

E-communications

If you subscribe to our newsletter and updates sent via email and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to Membership@isbl.org.uk at the address given for us above or click the Unsubscribe link (if available) at the bottom of any document you receive from us.

Please note that unsubscribing from any single communication will then mark you opted out for email communications and you will no longer receive any e-communications from us which will include our membership newsletters which are a benefit of membership.

Surveys and user groups

We always aim to improve the services we offer. As a result, we occasionally canvass our customers using surveys. Participation in surveys is voluntary, and you are under no obligation to reply to any survey you might receive from us. Should you choose to do so, we will treat the information you provide with the same high standard of care as all other customer information.

Competitions

Your participation on our Site may mean that we occasionally contact you with the opportunity to enter competitions. Entry to competitions is voluntary, and you are under no obligation to take up an invitation from us to enter. Should you choose to enter a competition, we will treat the information you provide with the same high standard of care as all other customer information, and use the information provided strictly within the entry terms of the competition and this Privacy Policy.

Links to third parties’ sites

Please note that we do provide links to other sites, which may not be governed by this Privacy Policy and you should view the privacy policy of those sites for further information.

Traffic Patterns/Site Statistics

We may monitor customer traffic patterns, Site usage and related Site information in order to optimise your use of the Site and we may give aggregated statistics to a reputable third-party, but these statistics will include no information personally identifying you.

Cookies

In addition to the Information which you supply to us, information and data may be automatically collected through the use of cookies. Cookies are small text files the Site can use to recognise repeat users and allow us to observe behaviour and compile aggregate data in order to improve the Site for you. For example, cookies will tell us whether you viewed the Site with sound or with text on your last visit. Cookies also allow us to count the number of unique and return visitors to our Site. Some of our associated companies may themselves use cookies on their own websites. We have no access to, or control of these cookies, should this occur.

Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

The law states that we can store cookies on your machine if they are essential to the operation of the Site, but that for all others we need your permission to do so. 

The list of cookies that may be used when managing your data include, why they are used and how long they are used:

  • _ga and _gID - Registers a unique ID that is used to generate statistical data on how the visitor uses the website - Website stats

  • _gat - Used by Google Analytics to throttle request rate - Website stats

  • Collect - Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels - Website stats

  • cc_cookie_accept - Allows the cookie bar to remember your decision - Cookie bar (one year)

  • ASP.NET_SessionId -  Allows the site to recognise you to provide a seamless experience for things like member login and form completion - Essential system cookie (Destroyed when you close your browser)

  • ISBLAuthCookie - This cookie is used by the website to store anonymous session and login tokens. It may identify you as a single user (member) when you move between pages but carry no personally identifiable information - Essential system cookie to allow ISBL to identify members and display member only content.

  • __RequestVerificationToken - Used to prevent Cross-site Request Forgery (CSRF) attacks - Session (Destroyed when you close your browser)

 Opting out of cookies

If you do not wish to receive cookies from us or any other website, you should be able to turn cookies off on your web browser: please follow your browser provider’s instruction in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your PC or its installed web browser as a result of any attempt to turn off cookies.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.

Amendments to this Privacy Policy

We may occasionally modify this Privacy Policy. We will endeavour to notify members in advance of such variations. However, in any event, including where this is not possible, variations will become effective seven (7) days after posting to the Site, By continuing to use the Site and Services, you will be deemed to accept any such variations.

 

Privacy Policy, version [3.0] (updated June 2023)