APM Privacy Statement
We do our best to protect and respect your personal data. This statement explains how we collect that data, why we use it and how we keep it safe.
Who are we?
Association for Project Management (APM) is incorporated by Royal Charter (No. RC000890) and a registered charity (No. 1171112). Our office is Ibis House, Summerleys Road, Princes Risborough, HP27 9LE. Tel: 0845 458 1944. For general queries, contact email@example.com. For queries in relation to data protection, email firstname.lastname@example.org. APM is a Data Controller.
How do we collect your information?
We obtain information about you when you contact us. For example, when you register on our website, when you become a member, when you study for or take one of our qualifications, when you attend an event or conference. On occasion we may collect limited information about you indirectly, for example where a colleague has made an event delegate booking on your behalf, or when you book an exam with one of our accredited providers, who will pass the details of this booking to us in order to administer the associated qualification.
What types of information do we hold?
The information we collect might include your name, address, email address and phone numbers. Depending on the relationship you have with APM and any products or services you sign up for, you may be asked to provide further personal data. For example, when applying for assessment for Chartered Status, APM will ask you detailed information about your professional achievements in order for us to assess your application.
On occasion, you may provide additional personal data, for example biographic information for the purpose of publishing this within your APM on-line profile. Where this occurs APM will process this data on the basis of your consent.
We will store information on the products and services you hold or have shown an interest in. For example, if you are in one of our volunteer groups, your grade of membership, the events you have attended, your renewal dates, your membership applications and your communication preferences. If you pay us by direct debit we will store your account details securely.
We will record equal opportunities data you give us such as your age and ethnicity. We process this data on the basis of consent for the purpose of providing insight into the diversity of APM’s membership, and in the interests of promoting the interests of project management profession. This is held securely and only used to give statistics to help plan our services.
When joining an APM volunteer group your data may be processed by other APM member/volunteers for the purposes of administering the membership group.
At our events we may be filming or taking photos that may be shared online in news articles, our website or on social media. This is for promotional purposes and we will rely on Legitimate Interest for this. We will notify you before the event if there will be a photographer present. If you prefer not to be included in any photos of films ahead of an event, please do let us know at email@example.com.
Why do we collect your information?
We only use your information in accordance with the law. This gives us various powers to use your data. These are effectively the reasons for our processing and are:
- to perform or take steps to enter a contract with you;
- for the purposes of our legitimate interests. This includes being able to send you marketing or if you would like to apply for a job at APM;
- compliance with a legal obligation;
- if you consent for us to do so.
Collecting and using your data will mean we are able to manage your membership, process any orders or requests you have and to provide you with relevant and topical information relating to your interests, including events and publications. We may also ask for your views on our services and matters relating to the profession, for research purposes.
We will send you marketing information in relation to APM’s products and services on the basis of our legitimate interests. We will use your registered details for this purpose unless you have asked us not to do so. You can opt not to receive marketing information from us at any time by using the unsubscribe link within any marketing communication, by calling us, or by changing the preference information within your user account. This includes being able to specify how we contact you for marketing.
Data protection applies to personal data held about individuals. It does not always cover ‘business to business’ contacts or information. However, we will also do our best to secure and protect the contact details of our corporate contacts.
Who has access to your information?
APM will share personal data with third party training providers as necessary for the administration of training and examinations. In addition, data is shared with appointed examiners and/or assessors for the purpose of assessment, and in order to maintain records of your qualifications. The staff and contractors of APM will have controlled access to your information to enable us to provide you with membership services. In the event that you choose to become involved with one of our volunteer groups, then data will be shared with volunteers running these services, for the purposes of offering you those services.
We will not sell or rent your information to third parties. We will not share your information with third parties for them to market to you. We may pass your information to our third-party service providers, subcontractors and other associated organisations to provide services on our behalf (for example management of digital qualification badges). However, when we use third parties, we disclose only the personal information that is necessary to deliver the service and we require them to keep your information secure and not to use it for other purposes. Third party services providers will delete all personal data when no longer required to perform services.
Some of our services, such as the APM Job Board, The APM Hub and the Book shop on our website are managed by third party processors. Whilst their own respective privacy policies apply, we have assessed and approved their UK GDPR compliant practices prior to appointing them.
When we use third party processors, we only disclose the personal information that is necessary to deliver the service and they are under contractual obligation to keep your information secure and not to use it for other purposes. Third party services providers will delete all personal data when no longer required to perform services and in line with any legal obligations.
Customers wishing to access the benefits associated with being employed by a corporate partner can do so on agreeing that their name and their access to those benefits are shared with that corporate partner.
In some instances we use third party payment providers to process payments such as GoCardless, who we use to process your Direct Debit payments. More information on how GoCardless processes your personal data and your data protection rights, including your right to object, is available at GoCardless.com.
We undertake marketing activity to our membership on the basis of our legitimate interests. You have a choice about whether and how you wish to receive marketing information from us. You can opt out of marketing at any time. You will be asked to make your preferences clear when we collect your information. For most users, this will be when they register online. Your preferences can be updated at any point here. You may also choose to tell us which subjects most interest you and this can be used to tailor your online experience and in communications to you. The accuracy of your information is important to us. Please do regularly check and update your information in your account settings.
You have various legal rights over your information which we will always respect. These rights include the right to access a copy of the data we hold about you, and to ask us to rectify or erase the data. You also have the right to data portability, you can ask us to restrict the processing of your data, or you can raise an objection to the processing. Where processing is based on your consent then you have the right to withdraw that consent.
If you wish to invoke any of these rights in regards to your data then please contact us at firstname.lastname@example.org or you can write to: The Company Secretary, Association for Project Management, Ibis House, Regent Park, Summerleys Road, Princes Risborough, Bucks, HP27 9LE. Should you exercise your right by making a verbal request, the ICO recommends that you follow this up in writing to provide a clear trail of correspondence and evidence of your actions. If you are unhappy with the way in which your personal data is handled by APM then you also have the right to make a complaint to the Information Commissioner’s Office. www.ico.org.uk APM is registered with the Information Commissioner's Office (ICO) as a data controller for the processing of personal data (ZA253638).
Retention of your data
We will retain your personal data for no longer than is necessary in order to comply with our legal obligations, noting that this may extend beyond your actual relationship with us. Following the end of your relationship with us we will restrict the processing of your data to those purposes which form a legal obligation for us, such as financial reporting.
How do we protect your data?
We take several steps to protect your data. This includes robust IT security. All staff receive data protection training and our premises are secured. We have contracts with providers requiring them to protect your information. APM use contracted services outside of the EEA. When doing so, APM ensures the relevant data protection is in place in order to ensure adequate security of your personal data.
Use of 'cookies' and automated decision making
We do not have systems that use your information for automated decision-making.
An internet protocol (IP) address can allow us to track which organisations visit our webpages. We may use software to plan our services and provide information on what topics specific organisations may be interested in. We will not match IP addresses to an individual.
Links to other websites
Our website contains links to websites run by other organisations. This statement applies only to our site and we are not responsible for the policies and practices of other sites.
16 or under?
We particularly wish to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission before you provide us with personal information.
Review of this statement
We keep this statement under review as part of our overall Data Protection Policy. It was last updated in April 2023.