In relation to the website: www.isbl.org.uk (“the Site”).
Owner: Institute of School Business Leadership under company number 3425492 (“we/us”).
Postal address: 53 Butts, Coventry, West Midlands CV1 3BH
The Institute of School Business Leadership (ISBL) succeeded NASBM in November 2017. ISBL aims to provide the sector with confidence in the school business leadership community through a framework of qualifications underpinned by Professional Standards linked to membership categories and practitioners with the professional recognition and status they deserve.
Use of Your Data
We take data privacy very seriously. We have set out below the uses to which we will put the information that we have about you in the delivery of the Services, and the legal basis for this, as well as introducing the rights that you have over the way that we use your information. This policy should be read in conjunction with our Policy Manual.
For the purposes of the General Data Protection Regulation (“GDPR”) and any subsequent UK legislation covering data protection, we are the data controller (the entity which processes your data). All queries relating to this policy and/or data protection more generally should be referred to Bethan Cullen of the Institute of School Business Leadership at [email protected]
The information collected about you might include the following:-
- First name
- Last name
- Job title
- Preferred pronoun
- Date of birth
- Email (for login)
- Address (including billing address)
- Photographs which include your image and likeness
- Access information for events
- Geo-location data (your geographical location based on your IP address)
(hereinafter together, “Data”)
The Data is collected when you use our Site and when you sign up and register for membership on the Site.
If you attend our events, Data may also be collected here, as you may find yourself photographed by our official photographers.
We may add any additional Data that we collect subsequent to initial Data collection, to your record.
We may use the Data that you provide for the following purposes:
- to deal with your enquiry and, if you apply for membership (including where you are signing up for a free trial) to administer such membership and provide you with the relevant Services which may include:-
- offering you guidance on career pathways and specialist training programs tailored to school business professionals;
- inviting you to events;
- Inviting you to participate in questionnaires, surveys and opinion gathering exercises relevant to school business professionals
- sending you fortnightly e-bulletins, news updates, policy analysis and briefings; and
- allowing you to access interactive features, including access to your online portal and our online forums where you can discuss and explore the issues affecting you and other SBM professionals;
- in relation to events :
- we may distribute (hard copy) relevant marketing material to the geographical or email address stated in your account, as supplied by you; and
- we may also include your Data on distribution lists to other attendees and exhibitors at events (where you are also attending).
We therefore ask that you provide us with your business contact details (e.g. your email address, address and phone number at your educational establishment). Please do not supply your personal contact information.
- to assist you with important procurement decisions through our Approved Partner scheme;
- to notify you about important functionality changes and alterations to the Site, or offer of products, services or information that might be of particular interest to you (where you have consented to this);
- for the purposes of marketing our events, Site and Services whether via our website, on stands, billboards or other promotional materials; and/or
- for research purposes and to help us plan and improve our Services. We may contact you ourselves or ask outside research agencies to do so on our behalf.
The use of your information for the Purposes is lawful because one or more of the following applies:
- it is necessary for us to hold and use your Data so that we can perform our obligations under the contract we have entered into with you for the Purpose(s); and/or
- it is necessary for the purposes of legitimate interests pursued by us in order to market and provide the Site and Services and/or to keep the Site and Services up to date; and/or
- you have given your consent to these Purpose(s), where the purpose is ancillary to the main Purpose(s) for which your Data is used. You may withdraw consent to these uses at any time either by using the opt-out option (where available) or by emailing us at [email protected] noting that:
- this will not affect the lawfulness of processing of your Data prior to your withdrawal of consent being received and actioned; and
- if we have asked for your consent to a specific part of the service and you wish to withdraw this consent, you may not be able to partake in some of our services if you do so.
(“the Lawful Uses”).
Transfer to Third Parties
Your Data may be collected, passed and/or held by the following third parties if you have opted in to permit us to do this, you have registered directly with any of the entities below or we are otherwise legally entitled to do so:-
- our suppliers in order to facilitate transactions and delivery;
- our mailing house in order to deliver member mailings;
- our publishing house in order to deliver the member magazine;
- any of our Approved Partners;
- exhibitors or attendees of the same events as you; our customer relationship system, Microsoft Dynamics
- our email marketing service, MailChimp.
Your information may also be transferred to another company in the event of the transfer of our assets to a third party. In that event, we will endeavour to ensure that your rights and freedoms in respect of the processing of your personal data are adequately and appropriately protected.
Use of Aggregated Data
Where Data can be aggregated (and anonymised), we may use this without restriction for research purposes.
For example, we may monitor customer traffic patterns, Site and Services usage and related information in order to optimise users’ usage of the Site and Services and we may give aggregated statistics to a reputable third-party.
We are entitled to do this because the resulting data will not personal identify you and will therefore no longer constitute personal data for the purposes of data protection laws.
Storage of Data
Your Data will be stored only for so long as is reasonably necessary in order to carry out the Purpose(s). Where your Data is no longer required, we will ensure it is disposed of in a secure manner.
You have the right to request details of the processing of your Data by making a subject access request. Such requests have to be made in writing. More detail about how to make a request and the procedure to be followed can be found on the ICO’s website.
You also have the following rights:
- The right to request rectification of information that is inaccurate or out of date;
- The right to erasure of your Data (known as the right to be forgotten);
- The right to object to the way in which we are dealing with and using your Data;
- The right to restrict the processing of your Data; and
- The right to request that your Data be provided to you in a format that is secure and suitable for re-use (known as the right to portability).
All of these rights are subject to certain safeguards and exemptions, more details of which can be found on the ICO’s webpage. To exercise any of these rights, you should contact Bethan Cullen of the Institute of School Business Leadership at the above email address.
If you are not happy about the way in which we have processed or dealt with your Data, you may file a complaint with Information Commissioner’s Office.
More detail about how you may do so can be found here.
Transfers outside of the European Economic Area
We may send your Data outside of the European Economic Area (EEA). We do this because your Data may be stored on servers based outside the EEA. However, we meet our obligations under the relevant legislation by ensuring that your Data has the same protection as if it were being held within the EEA. We do this by ensuring that any third party processing your Data outside the EEA either benefits from the EU––U.S. Privacy Shield and/or, where appropriate, we have entered into a data processing agreement containing model EU clauses certified by the European Commission.
Security of Your Data
The Site is a UK-based website and takes reasonable care to comply with the requirements of the UK Data Protection Act 1998 (or any other legislation which may replace, supplement or amend it) (‘the Act’) relating to the personal information you supply on the Site. The Site uses a security system that protects your information from unauthorised use. However, as no data transmissions over the internet can be guaranteed to be one hundred percent secure, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
We do not handle payments and cannot store credit or debit card data. When you go to check out, you will be automatically redirected to a secure server managed provided by Worldpay to guarantee your safety. Those servers are PCI/DSS compliant and security-monitored.
Updating your Information
If any of the information you provide when subscribing to the services on the Site changes, please update your profile by logging in or alternatively, please notify [Membership at [email protected]
Accessing your Information
We are data controllers for the purposes of the Act and if you wish to request access to your Information held by us, you may contact Membership at [email protected]
If you subscribe to our mailing lists for new release and other information, we also ask you to answer various general questions about yourself. You will be asked to specify the areas in which you are interested so that we can tailor the information which we send to you to cover the new products and special offers which we believe you might be interested in.
If you subscribe to our newsletter and updates sent via email and at any time you wish to stop receiving this or any other information you may have requested from us or any other company, please email or write to [email protected] at the address given for us above or click the Unsubscribe link (if available) at the bottom of any document you receive from us. Please note that unsubscribing from any single communication will then mark you opted out for email communications and you will no longer receive any e-communications from us which will include membership newsletter which are a benefit of membership.
Surveys and user groups
We always aim to improve the services we offer. As a result, we occasionally canvass our customers using surveys. Participation in surveys is voluntary, and you are under no obligation to reply to any survey you might receive from us. Should you choose to do so, we will treat the information you provide with the same high standard of care as all other customer information.
Links to third parties’ sites
Traffic Patterns/Site Statistics
We may monitor customer traffic patterns, Site usage and related Site information in order to optimise your use of the Site and we may give aggregated statistics to a reputable third-party, but these statistics will include no information personally identifying you.
Cookies may be either “persistent” cookies or “session” cookies. A persistent cookie consists of a text file sent by a web server to a web browser, which will be stored by the browser and will remain valid until its set expiry date (unless deleted by the user before the expiry date). A session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.
The law states that we can store cookies on your machine if they are essential to the operation of the Site, but that for all others we need your permission to do so.
The list below explains the cookies that we use and why:
|_ga and _gID
||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.
||Used by Google Analytics to throttle request rate
||Used to send data to Google Analytics about the visitor’s device and behaviour. Tracks the visitor across devices and marketing channels
|| Allows the cookie bar to remember you decision
|| cookie bar
|| Allows the site to recognise you to provide a seamless experience for things like member login and form completion
||Essential system cookie
||This cookie is used by the website to store anonymous session and login tokens. It may identify you as a single user (member) when you move between pages but carry no personally identifiable information.
(destroyed when you close your
Essential system cookie to allow ISBL to identify members and display member only content.
||Used to prevent Cross-site Request Forgery (CSRF) attacks.
(destroyed when you close your browser)
||These cookies are used by the ISBL portal (Umbraco) to collect basic user information related to visits such as the pages viewed, number of visits, etc.
(destroyed when you close your browser)
||This is used to remember that the user has accepted the cookie consent popup.
||This cookie is essential for the breach notification form – the form that public electronic communications service providers use to notify the ICO of a security breach – to operate. It is set only for those people using the form. This cookie is deleted when you close your browser.
(destroyed when you close your browser)
Opting out of cookies
If you do not wish to receive cookies from us or any other website, you should be able to turn cookies off on your web browser: please follow your browser provider’s instruction in order to do so. Unfortunately, we cannot accept liability for any malfunctioning of your PC or its installed web browser as a result of any attempt to turn off cookies.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.aboutcookies.org or www.allaboutcookies.org.