Operational Privacy Notice

Our privacy notice: What happens to the information you give us

CIISA respects your right to privacy.  This privacy notice describes who we are and explains how we use and look after information about you, or that could identify you, when we are carrying out our work.

We have a separate website privacy notice for how we use and look after information about you when using our website.

We manage all the personal information we hold in accordance with the UK General Data Protection Regulation and the Data Protection Act 2018.

If you have any queries, please email us on info@ciisa.org.uk

You can also write to us at:

22 Wycombe End

We are registered with the Information Commissioner’s Office (ICO) as a Data Controller. Our registration number is ZB543188

Who we are

CIISA is an independent standards authority which will provide services to help uphold and improve standards of behaviour across the creative industries and to prevent and tackle all forms of bullying and harassment, including bullying and harassment of a discriminatory nature.

CIISA is currently not operational.  This privacy notice reflects CIISA’s current status regarding the development of its service and will be revised when CIISA becomes operational.

Where we get personal information from

We get personal information from people directly or from organisations who we engage with during our work.  We do not receive personal information from other third parties.

What information do we collect about you?

We collect or use your personal information directly from you when you choose to contact us (via email, post or by telephone), or when we contact you via these sources.

We will record your name, email address, postal address, and telephone number (where applicable), and details of your engagement with us along with any other information you choose to tell us about yourself.

Why we collect this information

Our lawful bases for collecting and using personal information for the development of CIISA and the design of its services are consent and our legitimate interests.

We collect and use information from a wide range of people and organisations to help us with the design and development of CIISA before it becomes operational.

We use this information to keep a record of our engagement with people and organisations in this design phase so to build up and retain useful organisational knowledge and keep an audit trail of key decisions we make about CIISA’s development.  This is our legitimate interest.

When you contact us, you agree that we can process your information in line with our legitimate interests, unless you ask us not to.

Use of your personal information

We use the personal information we collect from and about you only for the purposes described in this Privacy Notice, or for purposes that we explain to you at the time we collect your information.

Sharing your information

We will share information you have given us with others to help us with our legitimate interests regarding the design and development of CIISA and its operational services.  This includes third parties who CIISA uses to provide professional services on our behalf (for example, our public relations consultants or accountancy services).

By contacting us, you agree that we can share information for this purpose. If you do not want us to share the information you have given us, please tell us straight away.

We may share your personal data for any other purpose with your consent.

We will share information with any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers) where we believe disclosure of your personal data is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.

How long will we keep your information?

We only keep personal data for as long as is required to achieve the purpose for which the information was collected.

In CIISA’s developmental stage, we primarily store and retain information for up to seven years from when it is collected (our retention period). This is to help us retain and build up useful organisational knowledge related to the design and development of our service and helps us to provide an audit trail of key decisions. This also is important for keeping a record of our engagement and relationships with stakeholders.

At the end of our retention period, we will either automatically erase information we no longer need, or identify data for review if we believe we this information is important to help us keep a corporate memory of our development or relationships with stakeholders.

Should we decide to retain this information for longer than our primary retention period, we will anonymise any relevant personal information.

Your data protection rights

Under data protection law, you have rights including:

Your right of access – You have the right to ask us for copies of your personal data.

Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.

Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.

Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.

Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.

Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.

Your right to withdraw consent – when we use consent as our lawful basis you have the right to withdraw your consent.  To do so, please contact us using the contact details at the top of this privacy notice.

You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you.

To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.

How to complain

If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.

If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the Information Commissioner’s Office (ICO).

The ICO’s address:

Information Commissioner’s Office
Wycliffe House
Water Lane

Helpline number: 0303 123 1113

Website: https://www.ico.org.uk/make-a-complaint

Last Updated

We keep our privacy notice under regular review. This notice was last updated in July 2024.