CIRIA privacy policy

CIRIA takes great care to preserve your privacy and safeguard any personal details you share with us. We aim to be clear when we collect your information and not do anything you wouldn’t reasonably expect. This policy explains how we collect and use your personal information. Examples of your personal information would include your name, address and email address.

CIRIA is a member-based research organisation which aims to improve the performance of all concerned with construction and the built environment. To enable us to achieve this, we hold information about our members, collaborators and customers and the products and services in which they have expressed an interest. This information is used to keep our members, collaborators and customers up-to-date with new developments in the industry, service the agreements we hold with them and from time to time to obtain feedback on CIRIA’s activities.

By using our website or providing us with your personal information you are agreeing to this policy. 

This Privacy Policy only relates to personal information collected by us via our websites or from:

  • membership of CIRIA and its networks, including, but not limited to; BuildOffsite, Susdrain, EMSAGG, LACL, BRMF, CIRIA Bookclub and GAOF
  • purchasing goods or services from us
  • completion of an industry survey
  • downloading FREE online resources via Sharefile 
  • participation in a collaborative activity
  • participation in a research project
  • participation in and provision of feedback from our training and network events
  • applying for a job 
  • phoning us
  • writing to us
  • sending us an email.

This Privacy Policy does not apply to personal information provided to us via any other website.  Users should be aware that if they access other websites, using the links provided, these are outside our control. If you provide personal information to other companies, the privacy polices of those companies determine how the information is used and our Privacy Policy will no longer apply.


This Privacy Policy should be read alongside, and in addition to, the Terms and Conditions. Please read this Privacy Policy carefully.

Unless otherwise defined in this Privacy Policy, terms used have the same meaning as in the Terms and Conditions.

About Us

In this Privacy Policy, references to “we” or “us” are to CIRIA Limited, a company incorporated in England and Wales (registered number 790505) whose registered office is, Griffin Court, 15 Long Lane, London EC1A 9PN, who will be the controller of any personal data processed as described in this Privacy Policy.


How do we collect information?

We may collect information about you whenever you interact with us. For example, when you contact us regarding our activities, register on one of our websites, download free publications and content, sign up to one of our newsletters, participate in a collaborative or research activity, sign up for an event or training course, order goods or services or engage with our social media accounts, you may specifically and knowingly provide us with your personal information. If your employer is a member of CIRIA or one of its networks, we may receive information from them to enable us to contact you on their behalf to fulfil our service agreement with them. 
In addition, we collect aggregated or anonymous information about the services you use and how you use them, like when you visit our website or view and interact with our content.


What information do we collect?


When you interact with us, we may ask you to provide us with your name, job title, address, email address, telephone number and areas of professional interest. We will require bank account details, if for example you are making a book purchase, or booking a place on one of our events. As a provider of business to business goods and services, CIRIA would not ordinarily require you to provide us with any personal sensitive information, for example regarding your health or marital status. We may ask you to advise us of any dietary requirements when you register for events or training courses which are catered, however this information is not stored.
We may collect some, or all, of this information when you visit our website, depending on how you use it. We also monitor how people use our website so we can improve it. However, you can use our website without giving us any personal information. If you visit our site anonymously, we may however still record information about:
  • the areas of the website visited
  • the amount of time spent on the site
  • whether you are new to the site, or have visited it before
  • how you came to our website – for example, through a link in an email or a search engine
  • the type of device, browser, network location and internet connection used
  • specific actions taken on the website, for example downloading our information resources.
We do this by using cookies, which you can learn more about in the specific section below.

We may also receive information about you from third parties, such as credit reference agencies, who are legally entitled to disclose that information.


How do we use your information?

We may use your information in a number of ways and for a number of purposes including:
  • To provide you with information, products or services that you have requested from us (including member level access to our websites) or that we feel may be of interest to you where you have consented to being contacted
  • To provide you with information about our work or our activities where you have consented to receive communications from us
  • To invite you to participate in research or collaborative industry activities
  • For administrative purposes (for example, we may contact you regarding an event for which you have registered)
  • For internal record keeping relating to any feedback or complaints
  • To invite you to participate in one of our networks, for example as a speaker or contributor
  • To contact you where you have been identified as a contact person for an organisation (either a member or non-member), (if we obtain your contact details in this way, we will only use them to contact you in your capacity as a representative of that organisation)
  • To analyse and improve the operation of our website
  • To comply with legal and regulatory requirements

Marketing

We may use the information you have provided us with to contact you for marketing purposes by email if you have specifically provided your consent to for us to do so. We may also send you service communications via email, for example where you place an order for goods or services, or to advise you of your eligibility to take advantage of services and research if you are an employee of a member organisation.

We promise to make all reasonable efforts to keep your details secure and as required by law, we will never share your details with other organisations to use for their own or marketing purposes.

As of 25th May 2018, CIRIA will operate a consent based approach to marketing activities. From this date, you will be specifically asked whether you consent to our contacting you for marketing and information services. If you decline to consent we will no longer contact you for marketing or information purposes.

You can withdraw your consent to be contacted by CIRIA at any time. All of our communications provide a clear route for you to opt out and should you wish to change your communication preferences, you can do this at any time, either via your website registration account, emailing enquiries@ciria.org, or writing to us at Griffin Court, 15 Long Lane, London EC1A 9PN.

Sharing of your information

CIRIA does not share or sell personal information about any member, collaborator or customer with third parties for the purposes of marketing. 
CIRIA may disclose your personal information to third parties when permitted by law including:
  • with your consent
  • to our suppliers in order for them to help us provide our services to you, this includes:
  • our providers of customer relationship management services (which allows us, for example, to manage your membership benefits or purchases)
  • our provider of file storage and management services if you email us directly
  • our payment services provider, to process your payment when you make a purchase 
  • event venue providers for registration and dietary requirement confirmation.
If you register to attend any CIRIA event or training course, in order to enable you to gain maximum benefit from networking opportunities, we do publish and share a delegate list with registered attendees.If you do not wish your details to be added to the delegate list, please let us know in writing. 

CIRIA requires all suppliers with access to personal information collected or maintained by CIRIA to demonstrate compliance with the relevant legislation. 
  • if we sell or buy any business or assets, in which case we may disclose your information to the prospective seller or buyer of such business or assets, provided that they continue to use your information substantially in accordance with the terms of this Privacy Policy
  • if all, or substantially all of our assets, are acquired by a third party provided that they continue to use your information substantially in accordance with the terms of this Privacy Policy, in which case information held by us will be one of the transferred assets
  • if we are under a duty to disclose or share your information in order to comply with any legal obligation, or in order to enforce or apply our Terms and other agreements; or to protect our rights, property, or safety, our users, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

Holding and storing your information

We retain personal information we collect from you where we have an ongoing legitimate business need to do so, for example, to provide you with a service you have requested, provide access to membership benefits, maintain copyright information, meet contractual research agreements, or to comply with applicable legal, tax or accounting requirements.

When CIRIA has no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible. Where this is the case, CIRIA will always aim to proactively delete or anonymise data within 12 months.

All information is stored on our secure servers. 

When you register on one of our websites, we will ask you to choose a password which enables you to access the online content. You are responsible for keeping this password confidential. We ask you not to share this password with anyone.

In addition, we (or third parties acting on our behalf) may also store or process information that we collect about you in countries outside the European Economic Area, which may have lower standards of data protection. Specifically, servers used by our Website, Customer database and accounts systems are located in the UK and our third party service providers operate around the world. 

Our emailing system, Informz provided by Higher Logic, recently achieved the TrustArc certification that confirms globally recognized privacy requirements, including Fair Information Practice Principles, OECD Privacy Guidelines, APEC Privacy Framework, and the EU-U.S. and Swiss-U.S. Privacy Shield Principles. Their servers are based in the USA and Canada.

We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.

If you have any questions about security please contact us on 020 7549 3300 or enquiries@ciria.org.

Consent 

By giving us your personal information, you consent to us collecting and using that information in the ways that we describe in this privacy policy and / or that you have specifically consented to. Where we need your consent, we will always ensure that you are as fully informed as possible at the time on what we do with your information, with whom it may be shared and how long we will keep it. This is in line with the requirements of the relevant legislation. You can alter your preferences or withdraw your consent at any time as described below.


Job applicants and current and former employees

If you apply to work at CIRIA, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside of CIRIA, for example if we need a reference, we will make sure we tell you beforehand, unless we are required to disclose this information by law.

If you apply for a job opportunity we will also collect information so we can assess your suitability for the role.

If you are unsuccessful in your job application, we will hold your personal information for a maximum of six months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.

If you begin employment with us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.

Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.


Your rights and accessing your personal data held by CIRIA

You have a right to ask us to stop processing your personal information, and if it’s not necessary for the purpose you provided it to us for (e.g. processing your purchase or registering you for an event) we will do so. Contact us on 020 7549 3300 or enquiries@ciria.org if you have any concerns.

You have a right to ask for copies of the personal information we hold about you, and details of how we use that information. If there are any discrepancies in the information we provide, please let us know and we will correct them.

You can also update your personal information or change your preferences for communications by accessing your online account on the relevant CIRIA website.

You have a right to be ‘forgotten’ by CIRIA. This will involve us identifying and deleting all data held about you by us and any suppliers we use to provide services to you and process our data, where this does not affect CIRIA’s ability to comply with applicable legal, tax or accounting requirements.

In relation to all of these rights, please email us at enquiries@ciria.org in the first instance, outlining your specific request. We will then advise you of the process. This will, as a minimum, involve supplying us with proof of your identity to ensure that we only provide personal information to the right person.

We will always acknowledge your request within 5 working days and respond as fully as possible within one month of receipt. Where the request is complex we will always seek to fully respond within two months. We reserve the right to charge a fee for unfounded and excessive requests.

In certain circumstances (e.g. where required or permitted by law) we might not be able to provide you with access to some of your personal information, but where appropriate we will notify you of the reasons for this.

You have a right to complain to a data protection authority about our collection and use of your personal information.  For more information, please contact your local data protection authority.
 

Payment card information

If you use your credit or debit card to buy something or pay to register your place at an event online or over the phone, we will ensure that this is done securely and in accordance with the Payment Card Industry Data Security Standard.  You can find out more information about PCI DSS here.

This is the international standard for safe card payment processes. Our online payment solutions are carried out using a 'payment gateway' which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us. This means that your payment card information is handled by the bank and not processed or held by us.

Following the completion of your transaction, we do not store your credit or debit card details. All card details and validation codes are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.

If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this. 

We use SagePay as our payment gateway and you can find out more about this here.

Cookies

Cookies are small, often encrypted text files, located in your browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites. There are different types of cookies, each used to do different things such as allowing you to navigate between pages on a website efficiently, remembering your preferences, or storing your username, account passwords or the contents of your shopping cart.

Most web browsers automatically accept cookies but you can disable this function by changing the settings in your browser. To find out more about cookies including what they are, how to control them or how to delete them, please visit www.aboutcookies.org.

CIRIA uses a number of cookies across all of our websites, including:
  • Cookies for Google Analytics, this stores non-specific information which allows us to understand how our users arrive at our website, what they do whilst they are on the website, what information they look at whilst on the website, etc. The data collected is anonymous and does not in any way impact on Cookies that are set when a customer logs in to the CIRIA website or accesses their member account, this allows you to log in more easily and improves user interaction with the CIRIA website.
  • Cookies used to store the contents of a user's shopping cart and purchase history, enhancing the shopping experience. These cookies are essential for site functionality as well as making the website as user-friendly as possible.
  • Cookies used to remember your preferences for tools found on our web sites, so you don't have to re-enter them each time you switch a page or each time you visit. They will remember your user login, the language you prefer and other things such as what video streaming speeds you use.
  • On some of our pages, third parties may also set their own anonymous cookies, for the purposes of tracking the use of their application, or tailoring the application for you. Because of how cookies work, we cannot access these cookies, nor can the third parties access the data in cookies used by us. As an example, when you share an article using a social media sharing button on our sites, the social network that has created the button will record that you have done this.

Third Party cookies

The CIRIA website contains links to third party websites, this means that when you click on the links to those websites you may be agreeing to the use of cookies from their websites. This privacy policy only applies to CIRIA and its websites, so when you visit external websites please read their privacy policies carefully. We accept no responsibility for external websites.

  

Contacting CIRIA

The Data Controller for CIRIA is Dirk Vennix, Chief Executive.


If you have any questions, comments or complaints about this Privacy Policy, please contact us using the details below:

CIRIA
FAO: Data Controller
Griffin Court
15 Long Lane
London
EC1A 9PN
United Kingdom
Email:  enquiries@ciria.org
Tel: 020 7549 3300

Changes to the privacy policy

We may update or amend this Privacy Policy from time to time, to comply with law or to meet our changing business requirements. When we update our Privacy Policy, we will take appropriate measures to inform you, consistent with the significance of the changes we make. Any updates or amendments will be posted on the website.
By continuing to use our website you will be deemed to have accepted such changes.

This privacy policy is to be read in conjunction with our Terms and Conditions.

This policy was last updated on 20 July 2018.