- The IET and what it does
- The data that the IET requests and why it needs them
- What the IET does with your data
- Data protection law and the IET
- An individual’s rights under data protection law
- Tracking your behaviour on IET web sites
- Amending or accessing your personal information and preferences
- Questions and comments
- Your responsibilities
- Links to other web sites
- Updates to this policy
The Institution of Engineering and Technology (IET) is a not-for-profit membership body with over 168,000 members in 150 countries. Our mission is to inform, inspire and influence the engineering community and we do this by providing a range of services to members and customers, which may include services to children.
The IET is licensed by the Engineering Council to deliver professional registration to help our members achieve their career goals, while our fundraising activities help aspiring engineers through our support of STEM Education programmes, Awards, Scholarships and Bursaries. In order to develop the services, support and carry out activities our members and customers need, the IET will in many circumstances collect personal data.
It is supported by a wholly-owned trading subsidiary, IET Services Limited. IET brands include Inspec, E&T, Electrical Standards, Wiring Regulations, Faraday and Venues. Additionally, the IET maintains a relationship with Foothold, the benevolent fund, which is a separate charity that offers services to members in need of special assistance
As appropriate, the IET may disclose your information to any of these legal entities for the purposes of introducing and delivering goods and services to you. In order to offer you the IET's global activities, it may be necessary to share personal data with IET Local Networks (set up and run by IET volunteers for the benefit of members), and IET offices outside the European Economic Area (EEA).
IET Services Limited is registered in England & Wales (no 909719).
We want to deliver the best possible member and customer experience so you will be asked to share personal data with us in order to help us process your requirements and deliver the services you have requested. We may also use this information to enhance the services we provide and improve your experience of using them, for example, our websites, online community, events registration portal and other online services.
Typically, the following details are required in order to supply any products that you have ordered, or for event registration purposes: name, address and other contact information such as telephone number and email address. If you are (or are applying to become) a member of the IET, your personal data will be used to provide the members' services that you require.
If you are seeking the MIET FIET or TMIET category of membership, or you have asked for support to achieve professional registration, then further information may be required from you, such as educational and employment history, plus the name of a qualified supporter, in order to assess your application. Some of this information will be shared with the Engineering Council in order to register your professional status (Chartered Engineer, Incorporated Engineer, Engineering Technician or ICT Technician). On the occasion where the IET receives personal data indirectly about a supporter or sponsor, the IET will contact that individual within one month to notify them of their rights under this Policy.
The IET captures the services, publications and other products that you have selected and stores these against your record. If you contribute to the work of the IET, for example by serving on a committee, this will also be recorded; the information may then be used to provide you with access to any special services that the IET provides to assist our volunteers.
When you order products or services through the IET websites, you will be invited to register a website log-in account. You may also create a log-in account to gain access to services such as the IET's online community, to take part in discussions or, as a member of the IET, access pages where you can update your membership information. For website registration, you will be asked for your name and email address, plus the country in which you live. This allows the IET to know which of its events and local member activities take place in your country or region.
The IET sometimes collects the personal data of senior staff of organisations, trusts and foundations, made available publically through sources; such as the organisations own website, Companies House and the Charities Commission website. This information is collected and used in pursuit of the IET’s legitimate interests in furthering the IET’s charitable mission.
The IET protects the privacy of your information using secure servers. The information that you provide will be kept confidential and only used to support the IET's relationship with you.
Your details will be made available, as appropriate, to those officers of the IET who are responsible for the services that you request. Services such as Local Network activities and advice on achieving professional registration are mostly delivered by volunteer members. Publications and membership subscriptions are examples of services mostly delivered by the staff in the main offices.
If you are a member or customer of the IET your information will be processed by the IET for its sole use and that of its associated organisations, including your Local Network, for the purpose of promoting, delivering and improving your experience of the IET, its products and services or such other purposes as are described in this Privacy Statement.
The information that you provide may be held and used by the IET for market analysis and production of internal reports, for marketing its products and services generally and (subject to any preference that you may indicate when submitting your details) for sending information to you about its activities, services and publications. We may use profiling techniques to do this. You can change your preferences at any time; please see the section below for information on how to do this.
Your personal data may be disclosed and transferred to third parties in the UK, to help us deliver our service to you and to enable the IET to meet any legal or other legitimate obligations.
Your personal data may also be disclosed and transferred to third parties outside of the UK and European Economic Area (the “EEA”), to help us deliver services to you and to enable the IET to meet any legal or other legitimate obligations in that country.
Typical examples of where we may use third parties to help us deliver services and meet legal obligations include:
- CRM system providers
- IT and business services providers
- Payment service providers
- Event management organisations
- Auditing, legal and trustees
- HR management
- Survey management providers
- Membership bodies to support professional registration
In both instances, we ensure all such third parties have appropriate measures and controls in place to protect your information, in accordance with applicable data protection laws and regulations and regulatory guidance in place at any given time.
From time to time, the IET may invite visitors to their websites to provide data to improve the site, or its services or marketing. Answering any questions will be optional.
The IET uses payment services providers, for example, Netbanx, PayPal, RBS, WorldPay, or Paysafe, to enable you to make purchases on the IET Webshop or to pay online for other services. The IET makes it clear on the payment pages that you are being transferred to one of these sites.
Some events or publications, listed on the IET sites, are organised in co-operation with other organisations. When you register for this type of event or publication, it will be made clear with whom your registration data is being shared.
The IET websites may give preferential access to some third-party services; often this is restricted to members only. When you register for a third-party service, it will be clearly explained that the IET will need to share your data with the third-party company before you can receive the service.
Otherwise, except for the purposes of law enforcement, regulation or legal proceedings, or with your explicit permission, the IET will not give or sell your personal data.
The IET operates under the European General Data Protection Regulation (‘GDPR’). The GDPR applies to ‘personal data’ we process. Under the GDPR, the data protection principles set out the main responsibilities for organisations and the IET is responsible for and must be able to demonstrate, compliance with the principles.
We must ensure that personal data shall be:
- processed lawfully, fairly and in a transparent manner
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- accurate and where necessary kept up to date
- kept for no longer than is necessary for the purposes for which the personal data are processed
We retain your information in accordance with our information security, data retention and deletion policies. These set out the criteria we use to determine how long we keep information. When deciding what to retain, we take into account what information we need to best provide you with services, to manage your relationship with us, meet our statutory and legal obligations and meet our members’ and customers’ reasonable expectations. For details of our current retention policy contact our data protection officer at firstname.lastname@example.org.
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The IET processes your personal data based on contract, legitimate interests or by obtaining consent.
In the majority of cases, the IET processes personal data based on an individual’s contract with the IET, for example, a membership agreement or request for products or services. In other cases, the IET processes personal data only where there are legitimate grounds for so doing.
Where any IET products and services are offered to children aged 16 and under, we shall obtain consent from a parent or guardian to process the child’s data.
To meet its Data Protection obligations under GDPR, the IET has established comprehensive and proportionate governance measures.
The IET has its own dedicated Data Protection Officer to oversee our GDPR compliance across the organisation.
Under the GDPR an individual has the following rights in respect of the personal data processed by the IET:
- The right to be informed about how the IET uses personal data. This Privacy Statement explains who we are; the purposes for which we process personal data and our legitimate interests in so doing; the categories of data we process; third party disclosures; and details of transfers of personal data outside the UK.
- The right of access to the personal data we hold. In most cases, this will be free of charge and must be provided within one month of receipt. Please contact the IET’s Data Protection Officer to request this.
- The right to rectification where data are inaccurate or incomplete. In such cases, we shall make any amendments or additions within one month of your request.
- The right to erasure of personal data, but only in very specific circumstances, typically where the personal data are no longer necessary in relation to the purpose for which it was originally collected or processed; or, in certain cases where we have relied on consent to process the data, when that consent is withdrawn and there is no other legitimate reason for continuing to process that data; or when the individual objects to the processing and there is no overriding legitimate interest for continuing the processing.
- The right to restrict processing, for example, while we are reviewing the accuracy or completeness of data, or deciding on whether any request for erasure is valid. In such cases, we shall continue to store the data, but not further process it until such time as we have resolved the issue. The right to data portability which, subject to a number of qualifying conditions, allows individuals to obtain and reuse their personal data for their own purposes across different services.
- The right to object in cases where processing is based on legitimate interests, where the IET requirement to process the data are overridden by the rights of the individual concerned; or for the purposes of direct marketing (including profiling); or for processing for purposes of scientific / historical research and statistics, unless this is for necessary for the performance of a public interest task.
- Rights in relation to automated decision making and profiling.
The IET’s supervisory authority for GDPR compliance is the UK Information Commissioner (www.ico.org.uk):
Information Commissioner's Office
Please contact the Information Commissioner's Office for more information about the GDPR and your rights under data protection law.
If you have a complaint about data protection at the IET, please contact our Data Protection Officer (email@example.com).
Subject to the preferences that you have indicated, the IET may send emails to its existing members, customers and registered website users. Links included in these may be personalised to allow us to determine which members and customers followed such links.
All Web servers record each page request, together with the time and date, and the Internet (IP) address of the user who requested the page. In addition, the IET uses Google Analytics, which records the pages requested from particular IP addresses using a small piece of code in the Web page. Where an IET website restricts access to staff or students of particular organisations, the IET may also test your IP address to determine whether it falls into the ranges used by subscriber organisations for that service. Server logs allow the IET to see general trends, such as which areas of the site are popular, the most frequent paths that users follow, and so on. This helps to improve the site for you in future.
The IET may sometimes use tools to track and analyse telephone and website enquiries.
The accuracy of your personal details is important to the IET.
If you are a registered website user, then you can log on to www.theiet.org to review and update your contact details and mailing preferences in the "My IET" area of the site.
Otherwise, if you would like to change your email address, your mailing preferences, or you need to advise the IET of any other changes, please contact us via the online enquiry form or you can telephone us.
Please ensure that you provide enough information for staff to identify you (such as the address that the IET is using to communicate with you and your membership number if you are a member).
You can request a copy of the personal data that the IET holds about you. Please apply in writing to the Data Protection Officer at the IET's business address, including your name, address, telephone number, and membership number if you have one. Please also contact the Data Protection Officer if you would like further information about this policy, at firstname.lastname@example.org.
Your passwords are your responsibility. For your own protection and to protect your personal data, you should not disclose your passwords, including your IET account password, to any third party.
If you access IET websites from a PC that can be used by any other person, make sure you always follow good security practices.
If you suspect that your password or account information has been compromised, please inform us promptly and change your password immediately.
If you choose to log in to our websites using a social media log in, you are granting permissions to that social media provider to share your user details with us.
This privacy statement only covers the web services offered by the IET. Other external websites are governed by their own privacy statements. We are not responsible for policies or procedures for sites not operated for or on behalf of the IET.
The privacy of members and visitors is important to the IET. This policy will be kept under continual review, and changes may be made from time to time.
Updated on: 1 November 2018
Previous review: May 2018