Welcome to the Chartered Institute for the Management of Sport and Physical Activity (CIMSPA) Privacy Notice. As the professional development body for the UK’s sport and physical activity sector, CIMSPA is shaping a recognised and respected sector through its work with individual members and partner organisations. In order to carry out its business, CIMSPA collects personal data.
CIMSPA is the professional development body for the UK’s sport and physical activity sector and is the data controller of the personal data it collects.
Name: The Chartered Institute for the Management of Sport and Physical Activity (CIMSPA)
Address: SportPark Loughborough University, 3 Oakwood Drive Loughborough, Leicestershire LE11 3QF
Phone Number: 03438 360200
Incorporated by Royal Charter Charity registration number: 1144545
CIMSPA has a single entry on the Data Protection register held by the Information Commissioners Office (ICO). The registrable particulars are as follows:
CIMSPA has not appointed a data protection officer as it is not required to do so by either the Data Protection Act or the UK General Data Protection Regulation (the “Data Protections Laws”) but has however, adopted the approach that each head of department will be the responsible lead for data protection within their area of work. The director of strategy will have overall responsibility for data protection compliance and oversee the heads of department and provide further support and guidance where required.
Any questions regarding the privacy notice or requests to exercise individual rights can be sent to CIMSPA at email@example.com.
CIMSPA is fully committed to respecting all personal data it collects and stores in accordance with the Data Protection Laws. We are required to explain to why we are asking for information about you, how we intend to use the information you provide to us and whether we will share this information with anyone else.
CIMSPA’s privacy notice will also provide information on how CIMSPA protects, manages, stores and deletes personal data.
It will also provide information on individual privacy rights and how the Data Protection Law protects an individual’s personal data.
It is important that individuals read the privacy notice from time to time so that they can remain fully informed on how and why CIMSPA is using individual data.
It is also important that individuals inform CIMSPA of any changes to the personal data that it holds to ensure that CIMSPA can continue to communicate with the individual effectively.
This Privacy Notice is targeted at all individuals we interact with:
As a data controller when CIMSPA is obtaining the information from the individual directly CIMSPA will provide the privacy notice at the start of the relationship.
For instances where CIMSPA collects personal data indirectly, it will provide the privacy notice at: the first point of direct contact to the individual, when CIMSPA shares the information with a third party or within one month of receiving the data – whichever option is the earlier.
Most of the personal data CIMSPA processes is provided to us directly by you. CIMSPA collects personal data in a number of ways:
We also receive personal information indirectly, from the following sources in the following scenarios:
The type of information CIMSPA collects is summarised in the table below.
All the information we collect about you will be stored and used by CIMSPA in accordance with this privacy notice and in accordance with your rights as described in [Section 13 of this notice] and in accordance with the Data Protection Laws.
In accordance with the Data Protection Laws, we need a “lawful basis” for collecting and using information about you. There are a variety of different lawful bases for processing personal data which are set out in the Data Protection Laws.
The lawful bases on which we rely in order to use the information which we collect about you for the purposes set out in this notice will be:
During its operations, CIMSPA collects ‘sensitive’ personal data. CIMSPA processes this data only if the individual has given CIMSPA explicit consent
The lawful basis on which we rely in order to use your sensitive personal data/special categories of personal data which we collect about you will be:
Information about criminal convictions and offences - the lawful basis on which we rely in order to use information that may relate to any criminal convictions and offences will be:
We use the information that you have given us in order to carry out the services that individuals request. This includes delivering memberships, partnership, education, training, events, benefits or simply managing a relationship between an individual and CIMSPA.
CIMSPA processes personal information to enable it to provide a voluntary service for the benefit of the national public as specified in CIMSPA’s Charter and Statutes.
As a membership body CIMSPA processes personal data to protect members of the public and act in the public interest. This includes the maintenance of the Member directory and Partner directory and Member and Partner Investigations and disciplinary actions.
Specific details on CIMSPA’s processing of information can be found in the table below.
|Purpose of processing
|Type or category of data collected
|Account creation on the CIMSPA CRM system
|Identification and CIMSPA support
|Digital Marketing Hub (DMH)
|Purpose of processing
|Type or category of data collected
|Interactions with CIMSPA
|Processing of financial transactions
|Use of CIMSPA services
|Purpose of processing
|Type or category of data collected
Article 6(1)(e) for the performance of our public task. In addition, we rely on the processing condition at Schedule 1 part 2 paragraph
Article 6(1)(b) for the performance of a contract. In addition, we rely on the processing condition at Schedule 1 part 1 paragraph 1
CIMSPA’s services are able to be accessed by individuals from the age of 14. Where data is knowingly collected in relation to children, safeguards are in place.
CIMSPA discloses personal information to third party organisations in order to operate its business. This is largely to service the benefits of memberships and partnerships with CIMSPA. Where CIMSPA shares personal data with third parties, it has made arrangements aimed at protecting and securing this data. Routine data processors include organisations in Banking, CRM, HR, eLearning, marketing and publishers.
CIMSPA may share information with a third party, for example an employer or education provider only where the individual has approved the sharing of the information.
Outside of these third parties, CIMSPA does not disclose personal information unless it is required to do so by law.
CIMSPA ensures that organisation that it shares information with operate in a way that is compliant with the Data Protection Laws which is recorded and monitored through its contracts and controller processor agreements.
In order to carry out its business, CIMSPA may (with consent from the individual) share personal data with the following:
Recruitment - When applying for vacancies with CIMSPA, as part of the internal recruitment process we will share information relevant to your application, including your name, current role, CV and other data you may have given us, with the internal hiring managers. We will use this data for the purpose of recruitment only. In support of applications. All data collected will be managed in accordance with this privacy notice and CIMSPA’s data retention schedule. By submitting an application for a vacancy with CIMSPA you are agreeing for your data to be shared in this way.
In order to service its members and partners there are two types of marketing activity; direct marketing (by either CIMSPA or third parties) and ancillary marketing services (which are in extricably linked to services that CIMSPA provides to it members or partner).
CIMSPA will not provide direct marketing to individual members without their consent (and will not allow third parties to do so without consent being provided directly by the individual to such third party). Individuals can change their preferences on their marketing preferences at any point in time by logging into their profile area of the CIMSPA CRM system.
However, switching off marketing preferences will not result in ancillary marketing services being switched off such that communications specifically relating to or regarding the management of the contract with the individual’s, membership with CIMSPA. Even if individuals disable all emails in marketing preferences, individuals will still receive emails that CIMSPA send in order to complete or verify transactions or actions on their account, such as course booking confirmations, registration details and emails sent in the course of individual’s work as an administrator or training provider, as well as important alerts and information relating to individual’s account or personal record.
CIMSPA is committed to preserving the confidentiality and integrity and availability of all the physical and electronic information assets throughout its operations and as such have in place appropriate technical, physical, and administrative security measures to protect the security of your personal information.
In accordance with its data protection and IT security policy and procedures, CIMSPA limits access to personal data to employees, volunteers, contractors and disclosed third parties who have a business function to complete. The personnel and organisations will only process personal data on CIMSPA instructions and are subject to a duty of confidentiality.
CIMSPA has procedures in place to monitor, identify and manage any suspected breaches of personal data. If a breach has occurred, CIMSPA will notify the individuals involved where it is legally required to do so.
All data CIMSPA collects is stored only for as long as is necessary, is managed in accordance with the privacy notice and IT security policies and is deleted in accordance with CIMSPA’s data retention schedule. Further information on retention periods and how CIMSPA deletes your data can be found in the data retention schedule linked below.
Under the Data Protection Laws, you have rights including:
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a request.
CIMSPA uses data analytics on its website to improve the function, products, services, marketing, customer relationship and experiences to ensure that the website remains up to date and relevant to the needs of its users. When you visit the CIMSPA website we may collect information from you through cookies or similar technology. Further information on the types of cookies CIMSPA uses and how to manage cookies can be found in the CIMSPA Cookies Policy below.
In support of its services to the public, CIMSPA provides links to other websites within our website content. CIMSPA’s privacy notice applies only to the CIMSPA website. Our website may contain links to other websites which are outside our control and are not covered by this privacy notice. If you access other websites using the links provided, the operators of these websites may collect information from you which will be used by them in accordance with their own privacy policies, which may differ from ours. Therefore, if you use these links to leave our website and visit websites operated by third parties, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting those websites. Please check these policies before you submit any personal data to these websites.
This privacy notice will be kept under review and if amended notification will be made on the CIMSPA website.
Where CIMSPA makes substantial changes or a new use for individual’s personal data is identified, it will provide individuals with an updated version of the privacy notice before such changes or new uses take place.
Should you have any questions about CIMSPA’s privacy notice, the information we hold on your or how we handle your data you can contact us using the methods below:
Phone: 03438 360200
Writing: SportPark Loughborough University, 3 Oakwood Drive Loughborough, Leicestershire LE11 3QF
If you have any concerns about our use of your personal information, you can make a complaint to us by completing the complaints form found HERE.
You can also complain to the ICO if you are unhappy with how we have used your data or addressed your complaint.
Writing: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Phone: 0303 123 1113
ICO website: https://www.ico.org.uk