The Chartered Institution of Wastes Management (CIWM) is a company incorporated by Royal Charter and registered in England (No RC000777); and a charity registered in England and Wales (No 109096) and in Scotland (No SCO37903). The registered office address is CIWM, Quadra, 500 Pavilion Drive, Northampton Business Park, Northampton, NN4 7YJ.
In addition, CIWM comprises CIWM Enterprises Ltd (registered in England and Wales with company number 2731563), a wholly owned subsidiary of the CIWM, trading only to raise funds for its parent organisation (collectively referred to herein as “the controllers”, “we”, “us”, “our”).
The CIWM and CIWM Enterprises Ltd are the joint data controllers and are regulated as such by the UK Information Commissioner’s Office (ICO).
In December 2021 the activities of WAMITAB, a subsidiary of CIWM (a company limited by guarantee in England. Registered No. 2332283), was merged into CIWM. At this point all data transferred to CIWM from WAMITAB.
The CIWM is strongly committed to protecting your privacy and complying with your choices. Both personal and non-personal information collected is protected in accordance with the highest privacy and data protection standards adopted worldwide. We maintain robust and effective data protection protocol which comply with existing law and data protection principles, including those of the General Data Protection Regulations (GDPR).
- Your information will not be shared, rented or sold to any third party, unless required by applicable law or to fulfil legitimate service provision, i.e. delivery of membership services, professional training, and/or qualifications.
- We use modern security measures to protect your information from unauthorised users.
- We limit the data we require from you only to what is necessary for providing our products and services to you and administering your relationship with us.
- Where we require consent to process your personal data for specific purposes, we enable you to easily withdraw your consent.
Principles of the GDPR
The CIWM is committed to processing data in accordance with its responsibilities under the GDPR, Article 5 of which requires personal data to be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
We will clearly inform you when information that personally identifies you (“personal information”) is requested. We only collect personal data that is necessary for the purposes in which we need to process it. For example, we make it optional for you to provide data for:
- Learner support
- To help us improve our services that we provide to you
In some cases additional information, which may include sensitive personal data relating to health, will also be collected to support requests for access arrangements and reasonable adjustments and/or special consideration. Such personal data will be supplemented by the results of examinations and assessments undertaken by the respective learner.
We collect your information:
Directly from you
- when you provide it to us directly by completing forms on the CIWM’s website, or when corresponding with us by phone, email or otherwise;
- when you register for a new account to become a member, to become an Affiliated Organisation, to purchase our products and services or when you opt-in to receive communications from us (you can unsubscribe from CIWM communications at any time);
- when you provide permission to other organisations to share it with us (including social media networks, such as Facebook, LinkedIn or Twitter) or when you use our websites or other applications;
Indirectly from other sources
- when you have given it to a third party and given your permission for them to pass your information to us – e.g. through a learning provider etc.
- In relation to our status as an Ofqual regulated body, if you are a member of centre delivery staff, an apprentice, or learner, we may also receive information about you from your centre, training provider, or employer when they register to receive products and/or services from us.
- When you visit our website, through social media etc.
The information we collect
We only collect the information that is necessary to carry out our business, provide the service you have requested and keep you informed. The personal information we collect, or you give us, may include (but not be limited to) your prefix (Dr, Miss, Mr, Mrs, Mx, etc.); name; contact information, including address, email address and phone number; date of birth; gender; education history; employment information; information related to your professional qualifications, designations and memberships; payment information, including debit/credit card details; and other information necessary in order to enter into a contract with us and for us to fulfil that contract.
We may also collect other information about each of your visits to our site and linked third-party websites, including products and services, IP address, and information regarding what pages are accessed and when.
Our website, which has a URL starting https://, is a secure website which is scanned regularly (at least once per calendar quarter) for compliance with the credit card companies’ security requirements. We do not store any financial information, including debit/credit card details, on our website. Where you choose to pay online via debit/credit card to purchase any of our services or products, your payment will be processed and managed through our secure website and links automatically to an independent third-party payment solution provider.
We use this information to:
- manage your account with us and personalise your use of the website;
- determine eligibility for membership and other career development opportunities;
- respond to your requests and inquiries;
- serve relevant advertisements to you when you visit our sites or other third-party sites;
- process your order or request for our products or services (such as membership, training, webinars, events, directory listings, qualifications etc.);
- process payments, accounting and administration (including, but not limited to, membership subscriptions and renewals, registration fees, or processing the delivery and payments of any products or services that you choose to purchase from us);
- evaluate your performance on learning courses and assist you in the tracking of your progress;
- carry out our obligations arising from any contracts entered by you and us (for example, if you have purchased a product or service from us) or where we are required to do this by law or other regulations;
- seek your views or comments on the services we provide;
- notify you of changes to our services and policies;
- send newsletters and communications about events and other products and services offered by CIWM and its trading subsidiary that we think may be of interest to you;
- request your participation in surveys, focus groups, or other initiatives which help us to gather information used to develop and enhance our products and services; and/or
- manage reporting and business planning – we produce internal documents to monitor our own activities.
Lawful Basis for processing personal data
The CWIM’s lawful basis for processing your personal data is your consent and/or any other applicable legal bases, such as our legitimate interest in engaging in commerce and offering products and services that may be of value to you; where such processing is necessary to perform our contract with you or to take steps before entering into our contract with you; and/or where such processing is necessary to comply with our legal obligations, resolve disputes and enforce our contractual agreements.
When you provide your personal information, we will process it in line with the appropriate lawful basis. Where consent is required for the processing, we will ensure that it is captured in line with the requirements of the GDPR. If you choose not to register or provide personal information, you can still use our website, but you will not be able to receive additional services or access certain areas that require registration. Where we require your consent for specific communications, you will have the opportunity to unsubscribe from further communications in each communication you receive from us; alternatively, you may contact us to express your choices at firstname.lastname@example.org.
You can withdraw your consent at any time by emailing email@example.com.
Access To Your Information
You are entitled to review your personal information at any time to ensure its accuracy, relevance, and/or currency. To review or update this information simply email firstname.lastname@example.org to request a copy of the information which we hold about you.
Security Of Information
The CIWM is committed to protecting your information and ensuring that your choices are honoured. We have taken strong security measures to protect your data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. All sensitive data is stored behind multiple firewalls on secure servers with restricted employee access.
We guarantee that all e-commerce transactions follow the latest security measures and use the best available technologies. Secure Sockets Layer (SSL) technology is employed when you place online orders or transmit sensitive information. SSL is one of the safest methods of passing information over the Internet.
Where you have a username or password (or other identification information) which enables you to access certain services or parts of our Website, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
Retention Of Information
If we process your personal data you have the right to access, rectify, download or erase your information, as well as the right to restrict and object to certain processing of your information. While some of these rights apply generally, certain rights apply only in certain limited circumstances:
- The right to rectification: The data subject shall have the right to require us, as the controller, without undue delay to rectify any inaccurate or incomplete personal data concerning them.
- The right to erase (the right to be forgotten): Except where the data are held for purposes of legal obligation or public task (see above) the data subject shall have the right to require us, as the controller, without undue delay to erase any personal data concerning them.
- The right to restrict processing: Where there is a dispute between the data subject and the controller about the accuracy, validity or legality of data held by the CIWM the data subject shall have the right to require us, as the controller to cease processing the data for a reasonable period of time to allow the dispute to be resolved.
- The right to data portability: Where data are held for purposes of consent or contract the data subject shall have the right to require us, as the controller to provide them with a copy in a structured, commonly used and machine-readable format of the data which they have provided to us, as the controller, and have the right to transmit those data to another controller without hindrance.
- The right to object: The data subject shall have the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Public Task or Legitimate Interest, including profiling based on those provisions. We shall no longer process the personal data unless, as the controller we demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
- Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning them for such marketing, which includes profiling to the extent that it is related to such direct marketing.
- Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.
- Rights in relation to automated decision making and profiling: Except where it is a) based on the data subject’s explicit consent, or b) necessary for entering into, or performance of, a contract between the data subject and a data controller, the data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.
What we do with the information you share
The CIWM is committed to only sharing personal data in line with the purposes that it is processed. For example, we will share your data with those who process data for or on our behalf (for example our CRM provider iFinity plc, and our IT support provider, Dragon Information Systems Limited ) and where we have a legal obligation to do so, or if it is in your vital interest (e.g. in the event of an emergency). We also share information with qualification regulators including Ofqual and with the Environment Agency when you undertake a qualification of certificate related to operator competence. We will never share or sell your data to third party organisations without your permission.
When you join the CIWM or subscribe to our communications, you are asked to provide your contact information, including a valid email address. We use this information to send you updates about the CIWM, order confirmations, and information about our services. When you make a purchase from us, we ask for your credit card number and billing address. We use this information only to invoice you for the product or service you order at that time.
We may on occasion require the help of other companies to provide limited services on our behalf, such as packaging, shipping and delivery, customer support and processing event registrations. We will only provide such companies with the information required for them to perform these services; these service providers are bound by strict privacy policies and are prohibited from using your information for any other purpose.
In very rare instances the CIWM may disclose your personal information, without notice, if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on the CIWM; (b) protect and defend the rights or property of the CIWM and its family of websites and properties; and (c) act in urgent circumstances to protect the personal safety of members, volunteers, or staff of the CIWM, its websites, or the public.
Sharing your personal data
Inside the CIWM, data is stored behind multiple firewalls on secure servers with restricted user access.
We take all reasonable steps to ensure our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a genuine business need to access it. We may also share your personal data with trusted third parties including:
- legal and other professional advisers, consultants, and professional experts;
- service providers contracted to us in connection with provision of the products and services such as providers of IT services and customer relationship management services; and
- analytics and search engine providers that assist us in the improvement and optimisation of our website.
We will ensure there is a contract in place with the categories of recipients listed above which include obligations in relation to the confidentiality, security, and lawful processing of any personal data shared with them.
Where a third-party recipient is located outside the European Economic Area, we will ensure that the transfer of personal data will be protected by appropriate safeguards, namely the use of standard data protection clauses adopted or approved by the European Commission where the data protection authority does not believe that the third country has adequate data protection laws.
We will share personal data with law enforcement or other authorities if required by applicable law.
We collect a certain amount of data about the people visiting our website. This is anonymous and is used only to make sure that we are providing content that people are using and finding useful. Our webserver and Google Analytics may collect certain information such as:
- IP addresses;
- host names;
- domain name;
- the time and date information is requested; and/or
- the browser version and platform when information is requested.
We use this information to produce aggregate visitor statistics in relation to which pages are being accessed. We may also use it to monitor usage patterns on this website in order to improve navigation and design features to help you get information more easily. This information is collated and provided to us as daily log files. These statistics will not include information that can be used to identify any individual.
We use IP addresses to analyse trends, administer the website, track users’ movements, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.
Links to other websites
How to opt-out
We provide users with the opportunity to opt-out from receiving updates on our products and services, newsletters and other communications from us. You can opt-out by clicking on the link provided in our electronic mailings or by emailing email@example.com.
Changes to this policy
Enforcement of this policy
If for some reason you believe the CIWM has not adhered to these principles, please notify us and we will do our best to promptly make corrections. Alternatively, if you wish to raise a complaint on how we have handled your personal data, you can contact our Data Controller at firstname.lastname@example.org who will investigate the matter. If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you can make a formal complaint to the Information Commissioner’s Office at https://ico.org.uk.
Questions or comments
500 Pavilion Drive
Northampton Business Park
UPDATED JANUARY 2022