Skip to content
PLEASE BE ADVISED WE HAVE SOME ESSENTIAL SITE MAINTENANCE PLANNED FOR WEDNESDAY 20TH AUGUST BETWEEN 08:00-09:00 GMT. DURING THIS TIME OUR WEBSITE WILL BE UNAVAILABLE.
Login to bookmark this
Added to your Saved Content Go to my Saved Content

APM Privacy Statement

We do our best to protect and respect your personal data. This statement explains how we collect that data, why we use it, how we keep it safe, and the rights you have in relation to it.

Who are we?

Association for Project Management (APM) is incorporated by Royal Charter (No. RC000890) and a registered charity (No. 1171112). Our office is Ibis House, Summerleys Road, Princes Risborough, HP27 9LE. Tel: 0845 458 1944. For general queries, contact info@apm.org.uk. For queries in relation to data protection, email dataprotection@apm.org.uk. APM is a Data Controller.


How do we collect your information?

We obtain information about you when you contact us. For example, when you register on our website, become a member, study for or take one of our qualifications, or attend an event or conference. We have explained below what data we typically collect, what we use it for and how long we keep it.

On occasion, we may collect limited information about you indirectly, for example, where a colleague has made an event delegate booking on your behalf, or when you book an exam with one of our accredited training providers, who will pass the details of this booking to us to administer the associated qualification.


How long do we keep your data for?

We will retain your personal data for no longer than is necessary to comply with our legal obligations, noting that this may extend beyond your actual relationship with us. For instance, following the end of your relationship with us, we will restrict the processing of your data to those purposes which form a legal obligation for us, such as financial reporting. Please see below under ‘What information we collect, why and for how long’ for more specific information relating to your engagement with us.


How do we protect your data?

We take several steps to protect your data. This includes robust IT security, which is independently verified by our Cyber Essential+ accreditation. All staff receive regular data protection and Cyber Security training, our premises are physically secured, and we work only with trusted suppliers and service providers. Each is subject to thorough due diligence and contractual obligations requiring them to uphold the same high standards of data protection that we do.

The information we collect

For website users, visitors and non members

  • Profile data if you register on MyAPM:

Email address (username), password, CPD entries, interests, comms preferences any other personal data you provide, such as biographic information for your APM online profile. You also have the option of uploading a profile photo.

You can manage yourself what data you provide and you can have your profile removed at any time, as this is based on consent. Please look under ‘Your Rights’ for more information. We keep the data for as long as you keep your MyAPM profile.

  • Technical Data:

IP Address, login data, Information generated by Cookies.

This helps us improve our website and deliver a more personalised service for you. Cookies are used based on your consent and you can read more on consent expiry date in our Cookies Policy

  • Transactional data:

Including billing address, bank account and payment card details.

This is necessary when you purchase any items from our website, such as event tickets, bookshop items and data is processed as part of the contract we enter into. We keep the data for 7 years after transaction.

We use third party payment providers to process and manage transactions, such as Direct Debit payments and card payments.

  • Contact information and correspondence:

If you contact us via the website, you consent for us to use this information to deliver our service to you.

We keep this data for as long as necessary to successfully deliver our service to you.

  • Bookshop transactional data:

Including billing address, bank account and payment card details. Name and Email address.

We use your information to process any orders or requests you have. We keep your transactional data for 7 years after transaction.

  • Name and access status of corporate partner employees:

We use this data to verify eligibility for APM services offered through corporate partner agreements. This is based on your consent. 

We keep this information for the duration of the service access or partnership agreement, whichever is shorter.

  • Call summaries:

Telephone calls may be summarised by AI to support accurate customer records and improve agent efficiency. No name or contact details are shared with the AI, only the content of the call. This is voluntary, so if you opt out, the agent will summarise the call manually. Your consent is obtained prior to the conversation.

Summaries are only retained after being reviewed and approved by a human and are kept only for as long as necessary for the purpose of the call.

You will be given the opportunity to opt out before the call begins.

For members / qualification takers

  • Registration details:

Your name, address, email address, phone numbers, and any additional personal data you provide, such as detailed information about your professional achievements when applying for Chartered Status.

To manage your membership, to assess your qualification applications, process any orders or requests, and provide you with relevant information and services. This is processed as part of our contract with you. We keep your data for the duration of your membership.

  • Engagement history:

Such as products and services you have purchased, your grade of membership, events attended, renewal dates, membership applications.

To provide you with relevant information and services to ensure you get the most out of your membership. We do that as part of our contract with you. We keep this data for the duration of your membership.

  • Transactional data:

Including billing address, bank account and payment card details

When you provide payment information to us, either direct debit or over the phone as part of a purchase of our products and services.

We keep this data for 7 years after transaction.

  • APM Community | APM Learning

These are member paid benefits you can access once logged in to our website, so it’s based on the contract we have with you.

We keep your data on the APM Community or APM Learning for as long as you keep your APM membership. For more information on the data handled within the APM Community, please check under “For APM Community Users”

  • Contact information for marketing and communication | communication preferences:

We rely on Legitimate Interest as the lawful basis for marketing activities to ensure you are up-to-date about the benefits and services available to you, enhancing your experience and ensuring you receive relevant updates.

You can set your own communication preferences so you only receive what suits you or you can opt out entirely at any time.

  • Video, audio and photography:

From time to time we may invite members to be photographed, or video recorded for promotional purposes. This is entirely voluntary and is based on your consent prior to any photoshoot. You can contact us at info@apm.org.uk to revoke your consent.

  • Medical data in cases of reasonable adjustments:

Qualification takers have the right to have reasonable adjustments considered ahead of an assessment if they have reasonable evidence to support this. This may be due to a medical issue or a disability. We collect this data by explicit consent and it is kept secure with restricted access and will be deleted after completion of Qualification.

  • Market Research Surveys including:

    • Customer satisfaction

    • Diversity, Equity, and Inclusion (DEI)

    • Salary and market trends

    • Brand perception, and corporate partner feedback

To help us gain a better understanding of customer needs and ensure our offerings are welcoming, accessible, and valuable to everyone. It also helps to promote the project management profession. The data collected is anonymous and used solely for statistical purposes. Participation is entirely voluntary and based on consent. Invitations are securely deleted once the survey window has closed.

For Event attendees

  • Registration details:

Your name, address, email address, phone numbers, and any additional personal data you provide when registering for an event.

To manage event registrations, communicate with you about the event, and provide relevant information and services. Here we enter into a contract with you.

  • Sharing attendee details for networking purposes:

At our in-person events we share first name, last name and company of attendees with other attendees and qualified sponsors. Networking is a benefit of these events and we rely on Legitimate Interest in sharing these details. We will use our trusted supplier Cvent’s secure app to share these details and you can manage yourself whether you’d like to share your details or not. 

  • Video, audio and photography:

At our events, we may be filming or taking photos that may be shared online in news articles, on our website, or on social media for promotional purposes, and we will rely on Legitimate Interest for this. We will notify you before and during the event. We have various ways to ensure you can be kept out of photos and you can always opt out ahead of an event; please let us know at events@apm.org.uk.

For Volunteers

  • Registration details

Your name and address, your contact details and any additional personal data you provide to support and facilitate your role as a volunteer.

To administer the volunteer group and communicate with you about events and services by APM staff. Other volunteers and APM members may be processing your data.

We process this data as part of our contract with you. We rely on the Lawful Basis of Legitimate Interest when we send you newsletters.

If you’re a member, we keep this information for the duration of your APM membership and four years after it has lapsed, if you are a non-member, this is only kept for the duration of the project you have worked on.

  • Diversity information:

This is collected voluntarily and anonymously on a regular basis via surveys to help us track diversity trends and to ensure volunteering is welcoming, accessible and valuable to everyone.

We only keep statistical data and invitation emails are deleted as soon as the survey has closed.

  • Financial data:

To reimburse any business expenses.

We keep your information for 7 years after reimbursement as a legal obligation and correspondence is kept for 3 years.

For APM Community users

  • Registration details:

Upon enabling your account, default data is pushed across. This includes name, email address,  membership grade, membership number and mobile number

Name, email address and member grade is fixed and cannot be edited. All other data entered and made visible is controlled by yourself as the user.

This is kept for the duration of your membership, however, you can delete your account sooner by contacting us.

  • For prospective mentors and mentees in the Mentorship Programme:

Name, email address, membership grade, skills, areas of interest qualifications and competences.

This is based on the contract you enter into with us when signing up as a mentor or mentee and it will be kept for the duration of the mentorship

  • Content in posts within the APM Community:

When your membership lapses, any published posts within the community will stay but the author will be made anonymous.

  • Regular data monitoring:

As the APM Community is a user-content generated platform, we take our responsibility seriously in safeguarding children and vulnerable individuals. We do not collect data for this purpose but we are monitoring the platform regularly and have reporting features available.

For more information on Children’s privacy and online safety and see Safeguarding Policy

Any concerns will be handled confidentially. If you have a concern, please email safeguarding@apm.co.uk.

  • User activity, behavioural data and member activity

We collect anonymous behavioural data via Google Analytics 4 (GA4), including sessions, new and returning users, and engaged sessions, to understand how users interact with our site. 

We also track member activity and use an engagement scoring system to highlight participation. All data is collected anonymously and used to improve the platform experience.

Sharing with Third Parties

APM will share personal data with third party training providers as necessary for the administration of training and examinations. In addition, data is shared with appointed examiners and/or assessors for the purpose of assessment, and in order to maintain records of your qualifications. The staff and contractors of APM will have controlled access to your information to enable us to provide you with membership services. In the event that you choose to become involved with one of our volunteer groups, then data will be shared with volunteers running these services, for the purposes of offering you those services.

We will not sell or rent your information to third parties. We will not share your information with third parties for them to market to you. We may pass your information to our third-party service providers, subcontractors and other associated organisations to provide services on our behalf (for example management of digital qualification badges).

However, when we use third parties, we only disclose the personal information that is necessary to deliver the service, we thoroughly assess them before they’re appointed and they are under contractual obligation to keep your information secure and not to use it for other purposes. Third party services providers will delete all personal data when no longer required to perform services and in line with any legal obligations.

Customers wishing to access the benefits associated with being employed by a corporate partner can do so on agreeing that their name and their access to those benefits are shared with that corporate partner.

Marketing

We process your data for marketing purposes based on our legitimate interest. We believe that providing you with relevant content and information tailored to your interests benefits both you and us. This allows us to enhance your experience with our services and ensure that our communications are useful and engaging. You will have the opportunity to opt out at any time in the footer of our emails or via the Communication Preferences on your MyAPM online account.

On your MyAPM Communication Preference Centre you can also choose to tell us which subjects most interest you and which method of communication you prefer. This will be used to tailor your online experience and our communications to you. The accuracy of your information is important to us. Please do regularly check and update your information in your account settings.

Targeted Advertising

We may collect and use your personal data, including browsing behaviour, membership grade, renewal date and email preferences, to deliver targeted advertising that is relevant to your interests. We may also track how you interact with our content in the newsletters we send. This data helps us tailor and improve our marketing efforts to provide you with more personalised content and offers.

You consent to us using cookies for targeted advertising, and you can opt out at any time by adjusting your cookie preferences. For more information on cookies and browsing data, please see our section on "Use of Cookies and Automated Decision Making."

We may also use the email preferences you have set on MyAPM to tailor the advertising you see on external sites such as Meta and Google, ensuring it is relevant to your interests.

We will not share your identifiable data with any third parties for targeted advertising. When we use your data for targeted advertising with platforms like Meta and Google, we employ advanced privacy-enhancing techniques to ensure that your personal information remains secure and is not shared externally.

Newsletter tracking

We use tracking technologies in our newsletters to understand how our subscribers interact with our content. This includes tracking whether emails are opened and which links are clicked. This data helps us improve our newsletters and provide more relevant content to our subscribers.

You can opt out of us using your email preferences for targeted advertising and newsletter tracking in your MyAPM Communication Preferences at any time.

We will always use data under Legitimate Interest with appropriate caution and have conducted a balancing test to ensure this does not override your rights and freedoms. You have the right to object to this processing at any time by adjusting your preferences, unsubscribing directly via our unsubscribe links in our emails or contacting us directly.

APM Recruitment Data

We collect and process personal data from job applicants, including contact information, employment history, qualifications, and references. This data is used solely for evaluating candidates for employment opportunities within APM. Your data will be retained only as long as necessary and only in relation to the opportunity you applied for; we do not keep a CV bank but we can keep your CV for 6 months after an unsuccessful application if you wish, in case other suitable opportunities arise.

Business to Business

Data protection applies to personal data held about individuals. It does not always cover ‘business to business’ contacts or information. However, we will also do our best to secure and protect the contact details of our corporate contacts.

Your Rights

You have various legal rights over your information which we will always respect. These rights include the right to access a copy of the data we hold about you, and to ask us to rectify or erase the data. You also have the right to data portability, you can ask us to restrict the processing of your data, or you can raise an objection to the processing. Where processing is based on your consent then you have the right to withdraw that consent.

If you wish to invoke any of these rights in regards to your data then please contact us at dataprotection@apm.org.uk or submit your request via the ICO’s SAR Service. You can also write to: The Data Protection Officer, Association for Project Management, Ibis House, Regent Park, Summerleys Road, Princes Risborough, Bucks, HP27 9LE.

Should you exercise your right by making a verbal request, the ICO recommends that you follow this up in writing to provide a clear trail of correspondence and evidence of your actions. If you are unhappy with the way in which your personal data is handled by APM then you also have the right to make a complaint to the Information Commissioner’s Office. www.ico.org.uk

APM is registered with the Information Commissioner's Office (ICO) as a data controller for the processing of personal data (ZA253638).

As we undertake marketing activity to our members and potential members on the basis of our legitimate interests, you have a choice about whether and how you wish to receive marketing information from us. You can opt out of marketing at any time in our correspondence with you and your preferences can be updated at any point if you have registered online via MyAPM here. Please read more about how data is used for marketing purposes in our section on Marketing.

International Data Transfers

When you use our services, your personal information may be transferred to third parties outside of the UK and the EU. We only do this if there is an adequacy regulation in place. Otherwise, we conduct a transfer risk assessment and ensure the transfer to the third-party organisation is subject to appropriate safeguards. These safeguards include, but are not limited to, the International Data Transfer Agreement, EU Standard Contractual Clauses, and certification with the EU-US Data Privacy Framework and UK extension. This ensures that your personal data is provided with a level of protection essentially equivalent to that of the UK and EU.

Use of 'Cookies' and Automated Decision Making

Like most websites, APM pages uses ‘cookies’. Cookies are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognise you when you visit. Cookies make it possible for your browser to remember your setting and preferences. Cookies also collect statistical data about your browsing and do not identify you as an individual. This helps us to improve our website and deliver a more personalised service for you. We also use cookies to provide tailored advertising to you on other websites such as LinkedIn, Google and Facebook. We do not pass on your personal details to others in this way. It is possible to switch off cookies in your browser preferences. Regulations state we may use cookies which are necessary for the operation of the site. Other categories of cookie (such as for preferences and marketing) are optional and can be selected when you first visit the site. We may use automated decision-making as part of this process but not without human review. No other systems use your information for automated decision making.

IP addresses

An internet protocol (IP) address can allow us to track which organisations visit our webpages. We may use software to plan our services and provide information on what topics specific organisations may be interested in. We will not match IP addresses to an individual.

Links to other websites

Our website contains links to websites run by other organisations. This statement applies only to our site and we are not responsible for the policies and practices of other sites.

Children’s Privacy and Online Safety

We take the safety of our audience seriously and we’re committed to online safety and compliance with the Online Safety Act and The Children's Code.

We do not knowingly collect, use or disclose personal information from children under 16 years old. The APM Community is only accessible for APM members who have gone through our membership application process. This includes an age-verification process to ensure all users are aged 16 and older. If a user misrepresents their age and we become aware they are under the age of 16, we will take steps to close their account and delete any associated personal information.

We actively moderate user-generated content within the APM Community and website comments to ensure compliance with applicable laws and policies to protect our users and their personal data and to ensure a positive and respectful community environment. This may include reviewing posts, comments and other contributions for inappropriate. illegal or harmful content.

Users can report any content they believe is inappropriate by using the ‘Report Content’ function on Community posts or via email.

Review of this statement

We keep this statement under review as part of our overall Data Protection Policy. It was last updated in August 2025.

Communication preferences

Don't miss out. Ensure that your communication preferences are kept up-to-date so that we can keep in touch.

Update my preferences  Not registered?  Register for Free today