GDPR Data Protection – Our approach

We take our responsibilities for the personal data that you entrust to us seriously, and will continuously improve our processes to ensure that we use the strongest level of security available to us.  The Institute holds personal data on our members and some sensitive categories of data for our students

Personal data that we collect about you:

We will collect and process the following personal data about you:

• Information that you provide to us around your contact information. This includes information about you that you give us by filling in forms or by communicating with us, whether face-to-face, by phone, e-mail or otherwise. This information may include: name and address, email, payment details and your employment details.

• Information we collect or generate about you. This includes: attendance at forums, webinars, your opinions on our work streams, and if you are a student, a record of your study and results.

• Information we obtain from other sources: for our professional members and fellows, we may ask third parties that you nominate to send us a reference. We would not source any other information from third parties.

Uses of your personal data 

Your personal data may be stored and processed by the Institute’s secretariat in the following ways and for the following purposes:  To keep a current record of your contact details, your length of time of being a member and your membership status, any queries or suggestions on topics for us to explore, results of your exams and courses that you sit.

We are entitled to use your personal data in these ways because: we need your contact information and student data as part of the contract we have with you, to maintain your membership of our Institute or as part of our education programme.

• we have legal and regulatory obligations that we have to discharge; 

• we may need to in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings; or

• the use of your personal data as described is necessary for our legitimate business interests (or the legitimate interests of one or more of our affiliates), such as: furthering and advancing the discipline of operational risk, fostering discussions and promoting our educational programme, or maintaining our accreditation from Ofsted.

We may disclose your personal data to our affiliates and third parties in the circumstances of: guest lists for events, examination oversight and proof of your attainment and for auditing purposes to ensure the quality of our accredited programmes or fixing any bugs in our technical systems. 

We will take steps to ensure that the personal data is accessed only by employees of such affiliates and third parties that have a need to do so for specific and limited purposes, and make sure that when it is no longer needed for business purposes that it is destroyed safely.

If we ever need to transfer your information outside of the EEA, we will let you know in advance and get your permission to do so.  

You have various rights in relation to the data that is held about you, including the right to access it, to object to its processing or to ask the Institute to correct any inaccurate data. Please contact the Institute (info@ior-institute.org) if you want to see the data held about you or exercise your rights in relation to your personal data.

You have a further right to complain to the Information Commissioners office whose helpline number is: 0303 123 1113, if you feel we have used your data in any way that impinges on your rights.

©2018 The Institute of Operational Risk. All Rights reserved Site designed and powered by Eko UK Limited

Log in with your credentials

Forgot your details?