Website Privacy Notice

Last updated: 21 July 2023

The Creative Industries Independent Standards Authority (“CIISA”, “we”, “us” or “our” ) respects your right to privacy.

This Privacy Notice describes who we are and Our policies and procedures on the collection, use and disclosure of your information when you use and interact with our website at (“Website”)  and tells you about your privacy rights and how to exercise them.

If you have any questions or concerns about our use of your personal data, then please contact us using the contact details under the “Contact Us” heading at the end of this Privacy Notice.

About Us

CIISA is an independent standards authority headquartered in the UK, which seeks to provide services to help uphold and improve standards of behaviour across the creative industries and to prevent and tackle all forms of bullying and harassment, including bullying and harassment of a discriminatory nature.

For more information, please see the “About Us” section of our Website at About US

Collecting and Using Your Personal Data

Types of Data Collected

While using our Website, we collect personal data from you, either directly or indirectly. We collect personal data about you from the following different sources:

Information that you provide directly

 We collect your personal data directly from you when you choose to provide us with this information online. Certain parts of our Website ask you to provide personal data when you subscribe to receive updates from us via email.

Information that we provide indirectly

We collect your personal data indirectly, including through automated means from your device from your use our Website. Some of the information we collect indirectly is captured using cookies and other tracking technologies, as explained further in the “Cookies and similar tracking technology” section below.

Information from third parties

We do not collect your personal data from third party sources.

The table below describes the categories of personal data we collect from you and about you through our Website.

Personal Data Description Source
Identity and Contact  Data such as your name and email address Directly from you
Marketing Data such as your preferences in relation to receiving marketing materials from us. Directly from you
Device Data collected using tags and pixels, including your IP address, your ISP, and the browser you use to visit our Website, device type, unique device identification numbers or other identifiers. Automatic collection
Website Usage Data such as the pages of our Website that you visit, the time and date of your visit, the time spent on those pages. As well as details of Website performance and diagnostic data. Automatic collection

We do not collect any sensitive personal data about you, such as health related information or information about your race or ethnicity or sexual orientation through our Website.

Use of Your Personal Data

How we use your personal data (our purposes) and our legal basis for processing it

We use the personal data that we collect from and about you only for the purposes described in this Privacy Notice or for purposes that we explain to you at the time we collect your information.

The following table provides details on the purposes for processing your personal data and the related legal bases. The legal basis on which your personal data is processed will depend on the data concerned and the specific context in which we use it.

Purpose/Activity Type of personal data Lawful basis for processing/
To send you updates and marketing about CIISA when you subscribe to receive them on our Website Identity and Contact Data

Marketing Data

Consent (where required under applicable law).
Otherwise our legitimate interests (to communicate with you to promote CIISA).
To administer and maintain our Website, including to keep it secure. Device Data

Website Usage Data

Necessary for our legitimate interests to manage the security of our Website.
Manage our use of tracking technologies such as cookies (including, where applicable, to enable you to manage you cookie preferences). Device Data

Website Usage Data

Consent (where required under applicable law).
Otherwise (for strictly necessary cookies) our legitimate interests to operate, provide and improve our Website.
Comply with legal and regulatory obligations to which we are subject, including our obligations to respond to your requests under data protection law. Identity and Contact Data

Device Data

Website Usage Data

Marketing Data

Legal obligation.
Protect our legal rights (including where necessary, to share information with law enforcement and others), for example to defend claims against us and to conduct litigation to defend our interests. Identity and Contact Data

Device Data

Website Usage Data

Our legitimate interests to protect our business interests.

Who we share your personal data with

  • With service providers: we may share your personal data with service providers to monitor and analyze the use of our Website, and to contact you.
  • For business transfers: we may share or transfer your personal data in connection with, or during negotiations of, any merger, sale of CIISA assets, financing, or acquisition of all or a portion of our business to another company, provided that we inform the buyer it must use your personal data only for the purposes disclosed in this Privacy Notice.
  • With your consent: we may disclose your personal data for any other purpose with your consent.
  • With any competent law enforcement body, regulatory, government agency, court or other third party (such as our professional advisers): where we believe disclosure of your personal data is necessary (i) as a matter of applicable law or regulation, (ii) to exercise, establish or defend our legal rights, or (iii) to protect your vital interests or those of any other person.


Tracking Technologies and Cookies

We use cookies and similar tracking technologies to collect and use personal data about you on our Website.

We use essential cookies which are required for our Website to operate.

Where we use any non-essential cookies, we will provide you with the ability to manage your preferences and request your consent to such cookies through a preference centre on our Website.

Retention of Your Personal Data

We will retain your personal data only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Website, or we are legally obligated to retain this data for longer time periods.

Transfer of Your Personal Data

Your personal data may be transferred to — and processed in —  locations outside of your country where the data protection laws may differ than those from your jurisdiction.

We are located in the UK and our Website servers are located in Strasbourg, France.

Where your personal data is transferred, we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Notice and no transfer of your personal data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Your Personal Data Rights

You have the following data protection rights. To exercise any of them please contact us using the contact details provided under the “Contact Us” heading at the end of this Privacy Notice.

  • You may access, correct, update or request deletion of your personal data.
  • You can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data
  • You have the right to opt-out of marketing communications we send you at any time.  You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you.
  • If we have collected and processed your personal data with your consent, then you can withdraw your consent at any time by using the contact details provided. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.
  • You have the right to complain to a supervisory authority about our collection and use of your personal data.  For more information, please contact your local supervisory authority. Contact details for supervisory authorities in Europe are available here and for the UK here.  Certain supervisory authorities may require that you exhaust our own internal complaints process before looking into your complaint.

We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

Security of Your Personal Data

The security of your personal data is important to us, and we use appropriate technical and organisational measures to protect the personal data that we collect and process about you. The measures are designed to provide a level of security appropriate to the risk of processing.

Children’s Privacy

Our Website does not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from anyone under the age of 13 without verification of parental consent, ee take steps to remove that information from our servers.

If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.

Links to Other Websites

Our Website may contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Notice of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to this Privacy Notice

We may update our Privacy Notice from time to time. When we update this Privacy Notice, we will take appropriate measures to inform you, consistent with the significant of the changes we make.

When we make any changes we will by post the new Privacy Notice on this page and update the “Last updated” date at the top of this Privacy Notice.

You are advised to review this Privacy Notice periodically for any changes.

Contact Us

If you have any questions about this Privacy Notice, you can contact us:

By email:

The data controller of your personal data is The Creative Industries ISA