The Institution of Environmental Sciences (IES) recognises the importance of safeguarding personal information that is collected or disclosed to us. That’s why we are committed to protecting your privacy and security.
This statement explains how we collect personal data, how we use it and who we might share it with. This will ensure that you always remain informed and in control of your data.
Who are we?
The IES is a membership organisation that represents professionals working across the diverse spectrum of environmental science. We are a charitable organisation with registered charity number 277611. We are also a limited company in England, with a registered office at 3rd Floor, 140 London Wall, London, EC2Y 5DN and registered company number 1053508.
The IES administers the work of its two sister organisations, the Institute of Air Quality Management (IAQM), which develops membership services for air quality professionals, and the Committee of Heads of Environmental Sciences (CHES), which overseas the our education work. The use of ‘we’ within this privacy statement includes the IES, IAQM and CHES.
We are committed to processing personal data in a fair and lawful manner and being fully compliant with all applicable data protection laws, including the General Data Protection Regulation (GDPR). You can read more about this in our Data Protection Policy (pdf).
What personal data do we collect?
Personal data covers all information that relates to you or enables you to be directly or indirectly identified. This includes your name, address, phone number and IP address.
We collect personal data in order to provide services, including membership, event bookings, employment, conducting research, volunteering, publications and awards, and manage the business of our charity. We only collect data which is necessary for the completion of that specific activity or activities, and only store it for as long as it is needed. You can read more about the data we collect and how long it is retained in our Retention & Archiving Policy (pdf).
Most of the personal data we collect is provided by you; however, we do occasionally generate personal data through your involvement with us, when conducting statistical analysis or via third parties, as outlined below.
Personal data provided by you
The common personal data you may provide us is the information you give when you apply for membership, purchase event tickets, subscriptions or services, communicate with us or sign up to receive communications from us, apply for an award, apply for employment, work, volunteer or enter into a contract with us. For example, we may collect and hold:
- Personal details (title, name, date of birth, gender, email address(es), telephone number(s), home address, employer, job title, career history and so on), the amount of detail required will depend on the particular service;
- Financial information (encrypted credit/debit card or direct debit details, or bank details for remuneration or reimbursing expenses);
- Responses to our surveys, feedback forms and marketing questions;
- CVs and cover letters during recruitment;
- Employee contracts or volunteer user agreements; or
- Correspondence (emails, letters, expense forms, invoices, bills and complaints).
Personal data generated by your interaction with us
Your involvement with us may result in personal data being generated. For example, when you visit our websites, use our Wifi or networks, or contribute to our publications, events, communities or policy work.
Information we generate
Some of the information we collect may be used to generate new personal data. For example, if you apply for membership, we may analyse your career history to determine the professional fields and sector you work in. This is to help us decide which communications or events may interest you. Our section on Research & Profiling gives more information about how we use these data.
Similarly, we may determine your highest qualification level from your academic information in order to produce anonymous, aggregated reports which show trends is academic attainment within the environmental sciences.
Sensitive personal data
Sensitive personal data, known as ‘special category data’ under the GDPR, is any personal data which requires greater protection due to its increased sensitivity, such as race, ethnicity, religion, or sexual orientation.
When supplied by the data subject, we may collect and store sensitive personal data through our diversity and equal opportunities monitoring forms, event booking forms, salary surveys and to comply with any legal obligations. Further information is given in the section on how we use your sensitive personal information.
Personal data from third parties
We may occasionally collect personal data about you from the media and other publicly available sources, for example, if you are well-known or influential, or if our existing details for you are out of date. The type of information we collect from these sources may include your name, email address, employer or telephone number.
Children’s personal data
We consider a child to be any person under the age of 16.
For a child to become a member of the IES, we will need clear, documentable evidence of parental consent from a legal parent or guardian through the completion of our Parental Consent Form. This form will request your title, name, telephone number, email address and your child’s name.
It is likely that children will only be eligible for Affiliate Membership of the IES. There is no separate form for children to apply for IES membership, so you will be required to complete a standard Affiliate form. Affiliate forms have fields for title, names, date of birth, address, telephone numbers, email address, professional memberships and environmental interests of applicants. As you have supplied contact details on the parental consent form, you will only be required to provide the names and date of birth of the child to process their membership. You are welcome to fill in the other fields at your discretion.
A diversity monitoring form is also included with all IES application forms; however, this is not mandatory. We advised that this should not be completed until your child reaches the age of 16 and can consent for themselves.
Our events are generally not open to children, even with permission from a parent or guardian.
How do we use your information?
We will only process your personal data in accordance with all applicable data protection laws.
Most processing of personal data relies on consent; however, we may occasionally process your information where it is necessary to form a contract with you, comply with the law, protect your vital interests, carry out a task in the public interest, or for your own, our own or a third party’s legitimate interests.
Your personal data will only be used for the purpose or purposes for which it was obtained. See our Data Protection Policy (pdf) for further details.
As a member, we will use your personal data to deliver you your membership offering. This includes:
- Contacting you about the administration of your membership, including annual renewals, CPD reminders and regrades, via email, phone and post;
- Distributing exclusive members-only content, including our quarterly journal (environmental SCIENTIST), newsletter (ES Monthly), reports and sector-specific guidance, via email and post;
- Informing you of IES events and webinars that may be of interest to you;
- Notifying you of career development opportunities, including our professional registrations: Chartered Environmentalist (CEnv), Chartered Scientist (CSci), Registered Environmental Technician (REnvTech) and ESOS Lead Energy Assessor;
- Administering any professional registration(s) you hold with the IES;
- Providing relevant policy updates and requesting contributions to our policy and guidance work;
- Inviting you to attend and vote on resolutions for our Annual General Meetings; and
- Accessing our career services, including our ‘Back to Work’ and ‘Into Work’ Mentoring Schemes, our Chartership Mentoring Scheme, CV Clinic and graduate workshops.
When you sign up for IES membership, you are automatically subscribed to these services unless you choose to opt out of them via the Preference Centre in the Members’ Area. This allows you to choose which regular communications you no longer wish to receive, such as a paper copy of our journal, our monthly e-newsletter, webinar information and emails about our events.
We will also use your details to verify your identity, such as when you request to access our services, make a payment, redeem discounted event tickets, apply for an award or request proof of membership.
If you are confirmed to attend one of our events as a delegate, exhibitor or speaker, we may use your personal data to:
- Manage your place at the event, including registering your attendance, providing you a name badge and ensuring your dietary or accessibility requirements are accommodated;
- Send you information about the event, including updates to speakers and exhibitors;
- Process your payment for the event or provide you with an invoice;
- Internally identify effective marketing platforms for the promotion of events;
- Maintain a public record of delegates and speakers; and
- Contact you about joining as a member or attending the same event the following year.
Most of the above actions are necessary for administering your event booking, however, you can choose to opt out of further communications if you wish. Note, even if you opt out, we may still need to contact you regarding payment.
It is in our interest to publish a record of attendees within delegate packs as this enables us to analyse which sectors our audiences come from and maintain good record-keeping for our archives. If you do not wish to have your name and employer published, you can directly ask the Events Officer up to two weeks before the event.
If you have attended one of our events in the last year, we believe it is in both our interests to enquire whether you may wish to join as a member and provide you with information about the same event the following year. We will only contact you once immediately after the event in regard to membership and at most twice about attending the same event again. You can easily unsubscribe from these communications within the email or by getting in touch with us.
Your personal data will also be used to ensure the effective administration of the IES and its sister organisations. This includes:
- Maintaining databases of our members and subscribers;
- Processing membership applications, subscriptions and registrations;
- Handling enquiries and requests for further information;
- Managing feedback and complaints;
- Keeping a public record of IES members in our journal, environmental SCIENTIST;
- Auditing CPD records and membership applications;
- Retaining an internal record of our past and present Council Members, Committee Members, Presidents, Vice Presidents, employees and contractors;
- Managing the effective running of boards, committees, sub-committees and working groups;
- Complying with contractual, statutory and legal obligations, including employment;
- Holding details of our accredited courses and their relevant university contacts;
- Circulating the CHES newsletter;
- Providing news, articles, analysis, blogs and sector developments;
- Maintaining financial and human resourcing records;
- Inviting public figures or well-known sector professionals to our events;
- Writing a member profile on you for the IES website and newsletter; and
- Hosting a list of external examiners.
This processing will not normally be done without your knowledge, with exception of the capture of data from publicly available sources.
If you choose to hear from us, we may send you information based on what we believe is most relevant to you. For example, if you register onto one of our air quality events, we may contact you about similar events we hold, joining the IES and IAQM, or contributing to our air quality guidance.
We will only send you these communications if you have engaged with us in the last year, such as attending one of our events or guidance launches, or as a member. You can opt out of these communications at any time within the email body or through the Members’ Area. We will never share your personal information with third parties for external marketing.
Sensitive personal data
We use monitoring forms to determine whether our equal opportunity and diversity policies are sufficient and effective. We do this by analysing the information that is provided to us in a depersonalised and aggregated format to assess whether certain groups are underrepresented or adversely affected by our activities. These forms are collected anonymously during recruitment but identifiably for members. Their completion is entirely voluntary and not required in order to be considered for employment or membership, which is made clear to you on the form. Similarly, you may voluntarily provide us with sensitive personal data when completing one of our surveys, such as our salary survey.
We collect information about your accessibility and dietary requirements within event booking forms to highlight the need for alternative arrangements. Health data may also be collected for employees, when necessary, such as recording absence from work due to sickness, making reasonable adjustments within the workplace or providing statutory pay. This will normally be collected with your knowledge and consent.
All sensitive personal data is subject to enhanced protection and safeguarding, including controlling who can access it, encryption, and physical security measures.
Research & profiling
We conduct research and analysis on our members, employees, volunteers and participants to measure the success of our outputs, improve our services, monitor equality, evaluate professional interests, educational backgrounds and membership levels, and inform future planning and policymaking.
Most of the data is collected and processed with your knowledge. However, we do build profiles on our members to better tailor services and conduct analysis for different demographic groups. This includes:
- Determining your professional interests into primary fields and sector (which can be changed in the Your Profile section of the Members’ Area);
- Noting the level of your highest qualification (which can also be changed in Your Profile); and
- Evaluating demographic information, such as age or location.
Grouping people together can help customise the types of communications, invitations and information which may be important to them whilst filtering out unwanted emails and reducing the amount of resources we use.
Who has access to your information?
We will only give access to personal data when it is necessary for performing a specific task. Whenever a third party is used to process personal data on our behalf, we ensure that we have appropriate agreements in place to protect your data. We will never sell your personal information to any third party.
Personal data may be shared with our trustees, vice presidents, committee members and volunteers in order to assess membership and chartership applications and conduct audits on CPD records.
If you subscribe to one of our registers, your details will be shared with the relevant registration body listed below:
- Chartered Environmentalist: The Society for the Environment
- Chartered Scientist: The Science Council
- ESOS Lead Energy Assessor: Environment Agency
- Registered Environmental Technician: The Society for the Environment
If you are a Lead Energy Assessor, it is a requirement of that register that your name, telephone number, email address and personal statement are publicly available on our website.
We share the names and postal addresses of our members with an external print company to distribute our journal, environmental SCIENTIST, unless you have opted out of receiving paper copies.
If you use our CV Clinic or Mentoring Schemes, your details may be shared with potential matches or relevant environmental experts in order to provide you the requested service.
Finance & legal
We may also share financial information with our bank provider, accountant and, where necessary, the UK’s tax, payments and customs authority, HMRC. If you are an IES employee, we will share your details with our payroll company and with pension providers to comply with our statutory responsibilities. If you are a trustee, your personal data will be shared with the Charity Commission.
We sometimes use third-party providers to send mailings, conduct surveys, take payments, hold financial information and host our databases.
We may also disclose your personal data to a third party to comply with any legal obligations.
Our website uses Google Analytics, a service which transmits website traffic data to Google servers. Google Analytics does not identify individual users or associate your IP address with any other data held by Google. We use reports provided by Google Analytics to help us understand website traffics and webpage usage.
How do we keep your information secure?
We use a variety of organisational and technical measures to protect the information we hold and prevent unauthorised access, use or disclosure. This ensures that your personal data is kept safe.
We have robust controls on who has access to information and maintain secure computer systems. All our staff are trained in ensuring the security and protection of data in line with our data protection and information security policies and procedures.
Payment card security
We maintain compliance with the international Payment Card Industry Data Security Standard (PCI-DSS). As part of this compliance, we ensure that we do not directly store payment card information on our IT systems, including 16-digit card numbers or CVV numbers. If you use a credit or debit card to purchase a subscription, event ticket or any other services, your details will be securely passed on to our payment provider, Worldpay, or for online renewals, Stripe.
How do we store your information?
We will only store and use your information for as long as necessary to fulfil the purposes for which it was collected. The length of time we store information depends on what it is being used for and whether we have any legal obligation to keep it. We provide detailed information about how long we store data in our Retention & Archiving Policy (pdf).
Our operations are based within the UK and most of the data we store is kept within the EU. Some of the third-party providers we use may transfer your data outside of the EU, but only if adequate safeguards and agreements have been put in place, for example, the US Privacy Shield or EU Model Clauses.
What control do you have?
It is important to us that you remain in control of your personal information and understand your rights. Under certain circumstances, you have the right to:
- know whether we hold any personal data about you and, if we do, be sent a copy of that information within one month of requesting it, known as a ‘Subject Access Request’;
- withdraw consent from the storing or processing of your own or your child’s personal data;
- amend your personal data;
- request that your personal data is permanently deleted;
- restrict the processing of your personal data, such as marketing or profiling; and
- raise an official complaint with the relevant authority.
Please bear in mind that there are some exceptions to these rights which means we may not always be able to fully comply with your request. For advice, please contact our Data Protection Officer. We will always do our best to respond to you quickly and in a satisfactory manner.
Accessing your personal information
Subject Access Requests allow you to obtain a copy of all personal data we hold about you, so you can understand how and why your data is being used and ensure it is being done lawfully. Please note, you are only entitled to access your own personal data, unless legally acting on behalf of somebody else.
You can submit a Subject Access Request by filling in our Subject Access Request Form or directly contacting the Data Protection Officer. You will need to let them know which personal information you want to access and be able to provide evidence to confirm your identity.
Once we have all the information we need to handle your request, we will ensure that it is processed within one month of receipt. If your request is deemed to be complex, we may need to extend the processing time by up to two months, although we would notify you of this as soon as possible.
If you have any problems or queries with the way we process your personal data, you are advised to speak to our Data Protection Officer and, if necessary, lodge a complaint with them.
You also have the right to directly contact the Information Commissioner’s Office (ICO) if you would like to make a complaint or have any questions about data protection. Their telephone number is +44 (0)30 3123 1113.
Data Protection Officer
Chloe Fletcher | Operations & Business Development Lead
Institution of Environmental Sciences, 1st Floor, 6-8 Great Eastern Street, London, EC2A 3NT
firstname.lastname@example.org | +44 (0)20 3862 7484
You should contact our Data Protection Officer if you:
- have any questions in relation to this privacy statement;
- are concerned or have any complaints about how we process your personal information; or
- would like to access the personal information we hold about you.
Review of our Privacy Statement
The content of this statement may be reviewed and changed from time to time to ensure it remains up to date. Please check back regularly to read any updates.
This Privacy Statement was last reviewed in August 2019.