CDI Privacy Policy (May 2018)

This privacy policy sets out how the Career Development Institute uses and protects any information that you give us when you use this website. The Career Development Institute is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement. The Career Development Institute may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This privacy policy was last updated on 25 May 2018. You can download a PDF copy of this document here.

1. WHAT WE COLLECT

  1. We may collect the following information: a) Name, b) Contact information including email address and telephone number, c) Demographic information such as postcode, preferences and interests, d) Other information relevant to your professional status including your academic and professional qualifications e) information connected with reviews you leave on our website and the UK Register of Career Development Professionals f) your marketing communication preferences g) details of the device with which you transacted with us h) your membership purchase history with us i) your browsing history on our websites.
  2. We use different methods to collect data from and about you, including through you using our website, filling in forms or by corresponding with us by post, phone, email or otherwise. We may also collect data from you by using cookies. For the exhaustive list of cookies we collect see the 'How we use Cookies' section.
  3. To the extent permitted by applicable law, we may receive additional information about you, such as demographic data or fraud detection information, from third party service providers and/or partners, and combine it with information we have about you in order to improve the service and marketing that you receive from the Career Development Institute.

 

2. WHAT WE DO WITH THE INFORMATION WE GATHER

We require this information to understand your professional needs and provide you with a better range of services, and in particular for the following reasons:

  1. Where the information is necessary for the adequate performance of the contract between you and us for us to provide our services.
  2. For customer service and resolution purposes.
  3. Internal record keeping.
  4. We may use the information to improve our products and services.
  5. We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and we may personalise such content based on what we believe may be of interest to you.
  6. From time to time, we may also use your information to contact you for survey and research purposes. We may contact you by email, phone or mail.
  7. We may use the information to customise the website according to your interests.
  8. We may use the information to send you relevant, personalised communications by post in relation to updates, membership renewal; offers, services and products. We’ll do this on the basis of our legitimate business interest. You are free to opt out of hearing from us by post at any time by writing to or emailing us at privacy@thecdi.net
  9. We may use the information for the purposes of fraud detection and prevention and enhancing safety on our website.
  10. As a member of the CDI, we will also contact you on a yearly basis regarding membership service renewals. This will include an automatically generated invoice sent a month before your membership is due to renew, with an opportunity to lapse your membership if you no longer wish to be a part of the CDI. If a membership payment is not made within the payment guidelines, then we will continue to contact you regarding this renewal until such time that a payment is made, or the account is lapsed and all services are discontinued.

We have a legitimate interest in obtaining and using the information as set out above in being able to provide and improve the service and marketing that you receive from the Career Development Institute. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications or changing your notification settings within your Account.

 

3. WHO WE SHARE YOUR INFORMATION WITH

It is our policy not to share your information with third parties. There are three named exceptions:

  1. Our technology partners: website providers - Senior and Axia – who will access member data only when errors occur within the system that requires their review and action.
  2. Our professional service partner - The Magazine Company - who print and distribute our quarterly magazine, Career Matters.

 

4. DATA SECURITY

Any data stored with us undergoes a rigorous security process, both physical and digital, to ensure maximum safety and protection. No third parties will ever gain access to any of your submitted data, and we do not sell or trade member data for the purposes of marketing with other companies. Any third party marketing is done exclusively through the CDI and our own inherent systems.

Our data is split between three primary sources; a physical server based with the CDI Head Office, and two secure data servers based in Nottingham and London operated by our website partner Senior. Our data is backed up daily for 30 days both onsite and offsite.

Physical Security for the CDI data server

  1. Dual coded building security - Passcode protected access system for the office, and restricted hardware token access to the building.
  2. Digital CCTV camera surveillance.
  3. Password protected server with purpose authentication for select members of CDI staff only.
  4. Strict security processes are in place to ensure the delivery and loading of goods is secure.

Physical Security for the Senior data servers

  1. Independent client card identification access system.
  2. Secure and monitored single-person point of entry, physically guarded 24/7 and integrated digital video camera surveillance.
  3. Proximity card access is provided from the main data centre building and is issued to provide access only to authorised facilities management suites.
  4. Strict security processes are in place to ensure the delivery and loading of goods is secure.
  5. CCTV coverage for the perimeter, common areas and facilities management suites.

IT Security

  1. Physical Firewalls
  2. Intrusion prevention
  3. VLAN network segregation
  4. Individual databases per client
  5. Anti-virus
  6. IPSec VPN for management

Data Breach

We have a responsibility to report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it. If a breach is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly and without undue delay.

 

5. HOW WE USE COOKIES

  1. A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
  2. We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website and app in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.
  3. Overall, cookies help us provide you with a better website and app, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website and app. The ICO provide an extensive explanation of the ways that you can block cookies, please visit https://ico.org.uk/for-the-public/online/cookies/ for more information on how to block cookies.

 Google Analytics

Google Analytics uses cookies to collect data that helps us understand how people are using the Career Development Institute website and where they came from. We use this information to identify how and where we can improve the customer experience. The information collected through these cookies is anonymous and does not identify specific individuals or their details.

 Social Sharing

Please note that if you wish to share a product on a third-party website (such as Facebook, Twitter etc) you may be sent cookies from these websites. We don't control the setting of these cookies, so we suggest you check the third-party websites for more information about their cookies and how to manage them.

 

6. LINKS TO OTHER WEBSITES

Our website contains links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

 

7. CONTROLLING YOUR PERSONAL INFORMATION

You may exercise any of the rights described in this section by sending an email to privacy@thecdi.net Please note that we will ask you to verify your identity before taking further action on your request. We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

  1. Managing Your Information. It is your responsibility as a member of the Career Development Institute to regularly check and update your personal information through the members’ area of the website.
  2. Rectification of Inaccurate or Incomplete Information. You have the right to ask us to correct inaccurate or incomplete personal information concerning you, but you can also do this for yourself.
  3. Data Access and Portability. You have the right to request copies of your personal information held by us. You may also be entitled to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).
  4. Data Retention and Erasure. We generally retain your personal information for a period of five years after your last active use of our website or app (in line with our legal obligation to keep order information for this duration for tax, legal reporting and auditing obligations). If you no longer want us to keep your information, you can request that we erase your personal information. Please note that if you request the erasure of your personal information:
  5. We may retain some of your personal information as necessary for our legitimate business interests, such as fraud detection and prevention and enhancing safety. For example, if we suspend a Member Account for fraud or safety reasons, we may retain certain information from that Account to prevent that user from opening a new Member Account in the future.
  6. We may retain and use your personal information to the extent necessary to comply with our legal obligations. For example, we may keep some of your information for tax, legal reporting and auditing obligations.
  7. Additionally, some copies of your information (e.g. log records) may remain in our database but are disassociated from personal identifiers.
  8. Withdrawing Consent and Restriction of Processing. Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you. Where you have provided your consent to the processing of your personal information you may withdraw your consent at any time by sending a communication to the Career Development Institute specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, you have the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to paragraph 7.7 and pending the verification whether the legitimate grounds of the Career Development Institute override your own.
  9. Objection to Processing and Profiling. You are entitled to require the Career Development Institute not to process your personal information for certain specific purposes (including profiling) where such processing is based on legitimate interest. If you object to such processing we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or such processing is required for the establishment, exercise or defence of legal claims.
  10. Data Security. The security of our your data is very important to us. With this in mind we will take all appropriate steps to protect your data and will treat it with the utmost care and attention. We use ‘https’ technology to secure access to all areas of our websites. Access to your personal data is password-protected, and sensitive data such as payment card information is held securely by our 3rd party payment providers. We ensure that our systems are regularly monitored for possible vulnerabilities and attacks.
  11. Lodging Complaints. You have the right to lodge complaints about the data processing activities carried out by the Career Development Institute before the Information Commissioner's Office. In the UK, please read: https://ico.org.uk/for-the-public/raising-concerns/ for details of how to do this. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
  12. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at privacy@thecdi.net.
  13. We will not sell, distribute or lease your personal information to third parties unless we have your permission, are required by law to do so or it is required for the provision of our services as detailed above. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.