Privacy Policy

IOR Website Privacy Statement

1.0 Disclaimer

The Institute of Operational Risk (IOR) and its governing body (The Council) accept no responsibility, collectively or individually, for the actions or services of organisations or persons advertised or announced on the IOR website, nor does the IOR endorse, warrant, or guarantee products or services described or offered on other sites linked from the IOR website, notwithstanding that such information is published in good faith.

The IOR reserves the right to modify or amend this Privacy Statement at any time and for any reason without prior notice. Nothing contained herein is intended to create a contract or agreement between the IOR and any other party. All users of the IOR website should reference this Privacy Statement periodically to ensure that they have knowledge of the current provisions of the IOR’s policy statements.

Furthermore, although we aim to ensure all information available on this website is accurate, it is only intended to offer informative guidance and does not constitute a legal interpretation.  In all cases, the designated official version of any published document is the definitive, authoritative version and supersedes any copies of documents obtained from this website.

If you have any questions regarding the IOR’s Privacy Statement please contact us

2.0 Copyright

The IOR website pages contain a selection of material for information only.  Visitors to this site acknowledge and agree all intellectual and other proprietary rights in the information received shall remain the property of the IOR.  Material featured on this website may be downloaded and stored free of charge in any format or medium for non-commercial purposes only without specific permission from the IOR.

3.0 Privacy Statement

This Privacy Statement sets out the IOR’s practices in respect of gathering and processing information and personal data and aims to inform you why information is collected through our website and how that data is processed and used. This statement covers the IOR website but does not extend to cover affiliated or linked sites.

The IOR is committed to upholding your privacy as a valued member, prospective member, or user of this website. The personal data about you that we collect, process or use is held securely and treated in accordance with this statement.

Whenever you visit the IOR website, you are consenting to us collecting and using information that you provide through this website.  If, as a visitor to our website, you choose to log on as a member, register for events, apply for membership, or otherwise submit personally identifiable information, you are consenting to the IOR’s collection and use of such information, as explained at the time of collection and in this statement, including our use of ‘cookies’, as set out in Section 6.  It is the intention of the IOR to use any data you provide in accordance with the Data Protection Act 1998, and applicable European legislation regarding privacy of data.

The IOR aims to keep the data it holds about you accurate and up to date. In order to reduce errors in our database, authenticate our users and prevent abuse of our system, we may on occasion supplement the personal information you submit to us with information from third-party sources.

If you are an IOR member your data may be used to send you, by post or by e-mail, any IOR or associated publications, services, goods and facilities made available to IOR members including regular updates on events and activities. It will also be used for IOR administrative purposes such as membership renewal reminders. If you are not an IOR member your data may be used to send you regular updates about the latest information, events and services available from the IOR, by post or e-mail.

If at any time you want to verify, update, amend or have removed any data we hold about you or if you become aware of possible errors or inaccuracies in that data, please contact

The IOR takes its users’ privacy concerns seriously. If you believe the IOR has not complied with this Privacy Statement with respect to your personal information or you have other related enquiries or concerns regarding its use and/or collection, you may e-mail the IOR at, describing in as much detail as possible the nature of your enquiry or the ways in which you believe that the IOR Privacy Statement has not been complied with.

4.0 Data Protection Act Right of Access

In accordance with the Data Protection Act 1998, you are entitled to request a copy of information we hold about you.  Any such formal request should be made in writing to:

The Institute of Operational Risk, 19-21 Billiter Street, London EC3M 2RY

Once we receive your request, all efforts will be made to fully respond within 40 days. As the IOR does not usually release information held about individuals without their consent, if information held about you also contains information related to a third party, we will make every effort to anonymise the information.  If this is not possible, and we have been unable to secure the relevant consent, the IOR may decide not to release the information.  In any event, you will receive all the information that has been located and can be released within 40 days, with an explanation for any information that cannot be provided at that time.

5.0 Publication of Personal Information

If you are a member of an IOR speciality group, forum or work stream your personal data may be provided to nominated individuals and other speciality group members for networking purposes. If you do not want your contact details to be provided to such groups, you may choose to opt out by selecting the relevant tick boxes at the time of provision of the data, or you can contact us at any time at

6.0 Website Policy

The IOR may from time to time make use of questionnaires or invite you to participate in surveys to collect information, always on a voluntary basis.  This may occur online or using other communication channels, such as event leaflets.

We may request from you your e-mail address and/or your postal address to communicate with you through several different channels, including post and electronic newsletters. Our aim is to keep you up-to-date with all the latest news from the IOR.  However if you no longer wish to receive direct mail or e-mail communications from us, you are able to unsubscribe from them individually at any time at your discretion, or you can edit or completely remove your e-mail details.

Information gathered through surveys may be compiled on an aggregated basis and form part of anonymous statistic that may be published on the website or elsewhere.  Anonymity of individual respondents and protection of personal details will be maintained.

Data about you provided to the IOR will be used for the purposes described at the time of collection. It may also be used for the other purposes described in this Privacy Statement. For instance, data may be used by the IOR to record your use of IOR services, events and other facilities.  This helps us to administer these effectively, provide the highest possible level of service and also helps us better understand your needs and interests.

The IOR compiles statistics from visitors’ (both IOR members and non-members) usage of this website.  Membership of the IOR is required to access certain specific secured pages (Members’ Area).  However, other than this specific area of the website, visitors are not required to be IOR members to gain access to the website.

Any information collected as a result of your visit to the website will remain anonymous.  The statistics collated will not include domain or IP addresses.  Further, temporary cookies and sessions will only be used for the duration of your visit to the IOR website to enhance usability as you move from one page to another and will expire when you leave the site, or if your session is idle for approximately 20 minutes.  No personal data is retained relating to such website visits.

7.0 Reciprocal Links

The IOR website contains links to other sites that reflect the interests and/or share the values and objectives of the IOR.  Linking from the IOR website must be approved by the IOR Executive Committee Technology representative.

The IOR does not control, and is not responsible for, the accuracy, timeliness, security, or the continued availability or existence of such outside information. Opinions expressed on other sites linked from the IOR website are not necessarily those of the IOR. Neither is the IOR responsible for the contents of any websites that choose to link to the IOR website, with or without the IOR’s consent.

8.0 How We Protect Your Information

Although we do not monitor the website, the IOR has reasonable standards in place to protect from misuse the personally identifiable information provided by its users.  However, no transmission over the internet can be guaranteed to be 100% secure. As a result, while we strive to protect your personal data, we cannot warrant the absolute security of any data you transmit to us online.

The IOR’s use of your data for any of the purposes disclosed in this statement, or any other purposes disclosed in any separate communication, may involve us sharing it on a selective basis with third party suppliers such as contractors, agents or professional advisers appointed by the IOR to assist us in providing services which are of perceived benefit.  In addition, the IOR has international affiliates that may solicit you for local participation or membership.

9.0 Consent to the Use of Your Data

By providing the IOR with your data, you are consenting to the use of your data and the provision of your data as set out in Section 8 above.

If you do not want the IOR to provide your personally identifiable information to third parties as noted above, please select the relevant opt-out tick boxes at the time of provision of the data, or you can contact us at any time at

Please note that there will be no transmission of your data to any person from a non-EEA territory without your express consent, as to which we may contact you from time to time.

In no other case, unless obliged to do so by law or regulations of a governmental, police or regulatory body or in response to a valid disclosure request, will the IOR sell, rent, lease or otherwise share your data with third parties, unless you have provided your specific, positive and unambiguous consent.

©2018 The Institute of Operational Risk. All Rights reserved Site designed and powered by Eko UK Limited

Log in with your credentials

Forgot your details?