Digital Marketing Hub Privacy Notice
Welcome to the Digital Marketing Hub (DMH), provided by the Chartered Institute for the Management of Sport and Physical Activity (CIMSPA), Privacy Notice “CIMSPA’s DMH Privacy Notice”). As the professional development body for the UK’s sport and physical activity sector, CIMSPA is shaping a recognised and respected sector through its work with individual members and partner organisations. To make the DMH available, CIMSPA requires access to personal data. The use and sharing of such personal data is on the basis set out in this DMH Privacy Notice.
Privacy Notice purpose
CIMSPA’s DMH Privacy Notice will provide information on how CIMSPA collects, uses, protects, manages, stores and deletes personal data for Users of the DMH. Furthermore, it will outline what CIMSPA will do with individual data and who it will share this information with. It is important that individuals read the CIMSPA’s DMH Privacy Notice when signing-up to use the service and from time to time so that they can remain fully informed on how and why CIMSPA is using individual data.
Digital Marketing Hub services are not intended for children and CIMSPA does not knowingly collect data relating to children.
Chartered Institute for the Management of Sport and Physical Activity
SportPark Loughborough University,
3 Oakwood Drive Loughborough, Leicestershire LE11 3QF Tel: 03438 360200
Incorporated by Royal Charter Charity registration number 1144545
CIMSPA has a single entry on the Data Protection register held by the ICO. The registrable particulars are as follows:
Registration number: Z299023X
Date registered: 03 January 2012
Registration expires: 02 January 2022
Data controller: Chartered Institute for the Management of Sport and Physical Activity Other names: CIMSPA
The Digital Marketing Hub is a platform used to deliver education, training, events and benefits. Funded by Sport England, it is made available to CIMSPA members and non-members whose organisation and/or activity resides in England. In order to access it individuals have to sign-up to the service and provide certain details (“User”). CIMSPA collects personal data from Users which is necessary for CIMSPA to provide access to the Digital Marketing Hub.
As a data controller CIMSPA will make the User aware of the CIMSPA DMH Privacy Notice at the point at which it collects data from them. This Notice will be available at https://digital.cimspa.co.uk/.
CIMSPA has not appointed a data protection officer as it is not required to do so, but has however, adopted the approach that each head of department will be the responsible lead for data protection within their area of work. The CIMSPA Director of Strategy will have overall responsibility for data protection compliance and oversee the heads of department within CIMPSA and provide further support and guidance to them where required.
Any questions regarding the CIMSPA DMH Privacy Notice or requests to exercise individual rights can be sent to CIMSPA at email@example.com.
Personal information CIMSPA collects from Users of the Digital Marketing Hub
Personal data or personal information means any information about an individual from which that person can be identified. CIMSPA collects personal data for the DMH through a single registration form at the point at which a User signs up to use the service, through ongoing usage of the DMH platform (hosted on Brightspace) and from time to time through other mechanisms as needed to provide the DMH platform.
CIMSPA collects the following types of information from Users of the Digital Marketing Hub for the following purposes:
To allow direct communication between CIMSPA and an individual User when providing the DMH
• Email address(es).
Interactions with CIMSPA
To facilitate interactions and requests between individual Users and CIMSPA.
• Email communications.
Use of DMH services
To enable and record the use of and movement through online systems.
• IP addresses.
• User names.
• Record of attendance at events, modules, resource downloads, etc.
Identification and CIMSPA support
CIMSPA identifies individual Users and captures information to ensure the DMH is meeting the needs of people across sport and physical activity, and can provide additional support as needed (for example, recording disabilities to ensure needs are met at events).
• Year of birth
• Employment type.
• Post code.
• Ethnic origin.
Data that CIMSPA records to fulfil its business functions to provide the DMH:
• Mailing preferences.
• Access to and usage of the DMH platform.
Personal details about ethnic origin, disability etc. are considered ‘sensitive’ personal data. CIMSPA processes this data for users of the Digital Marketing Hub to ensure the services provided are accessible, inclusive, and engage individuals and groups across society. CIMSPA will not share any ‘sensitive’ personal data with any third parties From time to time CIMSPA will anonymise and aggregate personal data to analyse User engagement, and report on the usage and uptake of the DMH.
Why CIMSPA collects personal data
CIMSPA will only collate and use personal data in accordance with data protection laws. CIMSPA processes personal information to enable it to provide the DMH which is a voluntary service for the benefit of the public as specified in CIMSPA’s chartered statutes.
Lawful data collection
CIMSPA will collect DMH User data on the basis of genuine User consent.
CIMSPA may also use personal data in the following circumstances:
• Contract – where CIMSPA needs to use the personal data in order to perform the contract that the individual or organisation is about to enter into or has entered into.
• Legal/regulatory obligation – where CIMSPA has legal or regulatory purposes, such as the powers within its chartered statutes or HMRC requirements.
• Legitimate interests – where it is necessary for CIMSPA’s legitimate interests, and this is balanced with the individual User’s rights and freedoms.
Individual Users of the DMH can change their marketing preferences at any point in time. Marketing preferences do not include communications specifically relating to or regarding the management of contracts, membership or partnerships with CIMSPA.
CIMSPA uses data analytics on the DMH Platform (hosted on Brightspace) and third party applications (such as Facebook and Instagram) to improve the function, products, services, marketing, customer relationship and experiences to ensure that the DMH platform remains up to date and relevant to the needs of its users. Further information can be found in CIMSPA’s Digital Marketing Hub Cookies policy.
CIMSPA keeps personal data relating to usage of the DMH platform according to our DMH platform data retention schedule, which can be found below.
Individual Users who have otherwise opted-in to sign-up and use the DMH platform, and/or communication from CIMSPA will have their data used and held by CIMSPA in accordance with the DMH platform Privacy Statement, data protection and IT security policies and procedures.
An individual who has opted-out of using the DMH platform and/or DMH communications from CIMSPA will have their data retained as detailed in the data retention schedule below.
Right to erasure
Individuals may request to have their data deleted and when they do so it will be deleted in accordance with the data retention schedule below. Data which cannot be deleted immediately will be held for CIMSPA’s legal, regulatory or business purposes which are governed by other legal or regulatory bodies, for example the HMRC.
The CIMSPA Data Retention Schedule for Digital Marketing Hub data is detailed below:
CIMSPA is committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout its operations. CIMSPA has put in place appropriate security measures to prevent personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In accordance with its data protection and IT security policy and procedures, CIMSPA limits access to personal data to employees, volunteers, contractors and disclosed third parties who have a business function to complete. The personnel and organisations will only process personal data on CIMSPA instructions and are subject to a duty of confidentiality and compliance with data protection laws. CIMSPA has procedures in place to monitor, identify and manage any suspected breaches of data protection laws with regard to such personal data. If a breach has occurred, CIMSPA will notify the individuals involved, of this breach where it is legally required to do so.
Sharing personal information
CIMSPA discloses personal information to third party organisations in order to operate its business. This is largely to service the benefits of memberships and partnerships with CIMSPA. Where CIMSPA shares personal data with third parties, it has made arrangements to protect and secure this data. Outside of these third parties, CIMSPA does not disclose personal information unless it is required to do so by law. Routine data controllers include organisation in Banking, CRM, eLearning, marketing and publishers, CIMSPA ensures that they are compliant with data protection laws and that such compliance is recorded and monitored through its contracts. CIMSPA may share information with a third party, for example an employer or education provider only where the individual has approved the sharing of the information. In order to provide the Digital Marketing Hub, CIMSPA will share personal data with the following:
• Desire2Learn (D2L) who have been contracted to supply and host the learning system (Brightspace) which provides the DMH platform. Their privacy statement can be found here. Protected characteristics (gender, ethnicity, disability) will not be shared with D2L.
CIMSPA may also share personal data with the following:
• Police, law enforcement and security services.
Individuals have the right to invoke any of the above at any point to CIMSPA and can do this by emailing firstname.lastname@example.org or calling 03438 360200.
CIMSPA will provide the CIMSPA DMH Privacy Notice at the start of the relationship with an individual User. It will be available via https://digital.cimspa.co.uk/ so that individuals can continuously access this information. Where CIMSPA makes substantial changes or a new use for individual data is identified, it will provide an updated version of the CIMSPA DMH Privacy Notice via https://digital.cimspa.co.uk/.
Digital Marketing Hub Cookies Policy
What is a Cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is a piece of data stored by a website within a browser, and then subsequently sent back to the same website by the browser. Cookies were designed to be a reliable mechanism for websites to remember things that a browser had done there in the past, which can include having clicked particular buttons, logging in, or having read pages on that site months or years ago.
NOTE : It does not know who you are or look at any of your personal files on your computer.
Why we use them
When we provide the Digital Marketing Hub (DMH), we want to make the experience easy, useful and reliable. Where services are delivered on the internet, this sometimes involves placing small amounts of information on your device, for example, your computer or mobile phone. These include small files known as cookies. They cannot be used to identify you personally.
These pieces of information are used to improve services for you through, for example:
• Recognising that you may already have given a username and password so you don’t need to do it for every web page requested
• Measuring how many people are using services, so they can be made easier to use and there’s enough capacity to ensure they are fast
• Analysing anonymised data to help us understand how people interact with our website so we can make them better
There are two types of cookie you may encounter when using our site:
First party cookies
These are our own cookies, controlled by us and used to provide information about usage of our site.
Third party cookies
These are cookies found in other companies’ internet tools which we are using to enhance our site. For example Facebook or Twitter have their own cookies, which are controlled by them.
We do not control the dissemination of these cookies. You should check the third party websites for more information about these. We currently use the following third party applications:
• Google Apps (Analytics and Ads)
• Microsoft SharePoint
Log files allow us to record visitors’ use of the site. The CMS puts together log file information from all our visitors, which we use to make improvements to the layout of the site and to the information in it, based on the way that visitors move around it. Log files do not contain any personal information about you. If you receive the HTML-formatted version of a newsletter, your opening of the newsletter email is notified to us and saved. Your clicks on links in the newsletter are also saved. These and the open statistics are used in aggregate form to give us an indication of the popularity of the content and to help us make decisions about future content and formatting.