Prior to reading these policies we recommend visiting the Information Commisioners Website for details on the implementation of GDPR
The CIE has a legal responsibility to know what data it holds on its membership and other persons it interacts with, for example suppliers, guest lecturers or lecture attendees who request attendance certificates. It also has a requirement to disclose that data upon request from the person concerned and in some cases delete it upon request.
As part of compliance with those responsibilities all personal data queries and requests can be addressed via email to firstname.lastname@example.org.
What personal data does the CIE collect ?
There are three main classes of personal data that the CIE collects and stores;
Membership data – Under GDPR this is considered ‘opt-in’ by its nature. We store this data to share events with our members and to administer direct debits of membership fees. We will delete personal data if a membership expires but otherwise will require it to maintain that membership. We are not required to gain additional consents to retain this data as each membership renewal is considered an extension of the ‘opt-in’ period.
CPD certificate data – Under GDPR this is considered ‘opt-in’ by it’s voluntary nature but may be deleted upon request. We collect the person’s name and email address in order to distribute attendance certificates and to provide evidentiary support should any queries be raised concerning professional chartership. If deleted we will not be able to provide that evidentiary support.
Operational data – this is collected and will be stored as part of operational necessity or interactions with suppliers. Each operational instance will have a different set of data and a different reason for storage. Reasonable requests for deletion will be accomodated but, while it may include personal data such as names and telephone numbers, this class of data is generally not considered ‘personal’ in the legal sense and no explicit opt-in is required for its storage.
The Cornish Institute of Engineers does not routinely collect personal data outside these classes.
Outside of any legally enforcable data requests (e.g. from the police) The Cornish Institute of Engineers does not and will not sell, share or distribute personal data with any persons or organisations except its parent entity, the IOM3. Only those data relating to lecture attendance are shared, as is shown on the lecture attendance sheets. This data sharing is necessary in order to facilitate essential funding of CIE activities.