Privacy Policy

Privacy Notice

The Institute of Healthcare Engineering and Estate Management (Registered Charity no: 257133, collectively referred to as "IHEEM", "we", "us", "our" in this privacy policy) is a membership organisation that provides technical and professional training and support the Healthcare Engineering and Estate Management Space (the "Services").  In providing these services, we contact members and businesses in relation to the goods and services in which they may be interested.  This Privacy Policy sets out the data processing practices carried out through the operation of our Services and the use of our website. 

The data that IHEEM requests and why it is needed

The Institute of Healthcare Engineering and Estate Management (IHEEM) requests your personal data in order that it can process your requirements and deliver the services that you have requested. It uses the information collected from its members and visitors to enhance the services that it offers, to improve your experience on its website and your contact with Head Office. IHEEM will only hold personal data that is relevant.

Your personal data could include your name, address, date of birth and contact information such as phone numbers and email addresses. This information could be used to process a membership application, event registration or for payment purposes. For membership application purposes, further personal data may be required, such as educational and employment history and sponsor details, to enable IHEEM to assess your application. IHEEM publishes a list of new members quarterly in Health Estate Journal. If you are or wish to be registered with the Engineering Council, then your personal data will be shared with them. The Engineering Council publishes a list of newly-qualified engineers periodically on its website and in the UK press. 

IHEEM records the services, publications and other products that you have selected. If you contribute to the work of IHEEM, for example by serving on a committee, this will be recorded, the information may then be used to provide you with access to any special services that IHEEM provides to assist that committee. IHEEM does not attempt to collect personal information by methods that are indirect or not made obvious to you.

On becoming an individual or company affiliate member (member) of IHEEM you will be invited to create a website log-in account to gain access to the ‘Members Only’ area which allows you to update your personal information and preferences. Updated information will automatically be transferred across to the IHEEM database, which is maintained by a third party, to ensure that you receive the best service.

Non-member registration requires you to provide personal data. This data will automatically be transferred across to the IHEEM database, which is maintained by a third party, and be used to inform non-members of relevant information; such as booking confirmation, receipts.

If you do not wish IHEEM to have your personal data, it may limit the services it can provide to you.

What IHEEM does with your data

The information that you provide IHEEM will be kept confidential and used to support IHEEM’s relationship with you. We will only ask for data that is relevant for those purposes.

Your details will be made available, as appropriate, to those who are responsible, at IHEEM, for the services that you request. For your information, services such as application reviews are mostly delivered by volunteer members.

If you are a member or other registered contact of IHEEM your information will be processed by IHEEM for its sole use and that of its associated organisations, for the purpose of promoting, delivering and improving your experience of IHEEM and its product and services or such other purposes as are described in this Privacy Statement. If either now or in the future you are based outside the European Economic Area (the “EEA”), your information may be transferred outside the EEA to enable you to benefit from IHEEM opportunities overseas or, where required, to enable IHEEM to meet any legal or other legitimate obligations in that country.

Your personal information may be disclosed to reputable third-parties who will help us deliver our services to you.

IHEEM requires all third-parties to treat your personal information as confidential and to comply with all applicable UK and EU Data Protection and Consumer Legislation in place at any given time.

The information that you provide may be held and used by IHEEM for market analysis and production of internal reports, for marketing its products and services generally and (subject to any preference that you may indicate when submitting your details) for sending information to you about its activities, services and publications. Please see the relevant section of the IHEEM website if you would like to change your preferences.

From time to time, IHEEM may invite visitors to the website to provide data to improve the site, or its services or marketing. Answering any questions will be optional.

When you pay online for IHEEM services, you are using a partner company, Sagepay. IHEEM makes it clear on the payment pages that you are being transferred to this site.

Some events listed on IHEEM’s site are organised in co-operation with other organisations. When you register for an event, it will be made clear to you to which of the partner organisations your registration is being submitted.

The IHEEM website gives preferential access to some third-party services; often this is restricted to members only.

If you choose to receive information from other companies and later decide that you no longer want to receive further information, you should contact the relevant company directly. You should be aware that, if you give any personal information to another company, the uses to which that information may be put will be determined by that company's privacy policy. IHEEM’s privacy policy will no longer apply.

Otherwise, except for the purposes of law enforcement, regulation or legal proceedings, or with your explicit permission, IHEEM will not give or sell its members' and other contacts' personal information to third parties.

Tracking your behaviour on the website

In addition to the information, we collect as described above, we use technology to collect anonymous information about the use of our website.  For example, we use technology to track which pages of our website our visitors view.  We also use technology to determine which Internet browsers our visitors use.  This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website. 

Our website contains hyperlinks to other pages on our website.  We use technology to track how often these links are used and which pages on our website our visitors choose to view.  Again, this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.

This anonymous data is used to improve the content and functionality of our website and our e-mail updates, to better understand our members and visitors, and to improve our services.

To collect anonymous data, we may use temporary “cookies”.  Cookies by themselves cannot be used to discover the identity of the user.  A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive.  Cookies do not damage your computer. 

We also use your IP address to help diagnose problems with your server and to administer our website.  An IP address is a numeric code that identifies your computer the internet.  Your IP address is also used to gather broad demographic information, such as determining how many of our visitors are from the outside of the UK.  We may also perform IP lookups to determine which domain you are coming from (ie:, to more accurately gauge our users’ demographics.  We do not share, sell or distribute your personal data with unrelated third parties except as set out above under ‘Use of Personal Data’ or under these limited circumstances:

Personal data may occasionally be transferred to third parties who act for or on behalf of IHEEM, or in connection with the business of IHEEM for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented.  For example, sometimes a third party may have access to your personal data in order to handle our mailings on our behalf.

We may share or transfer the information our databases to comply with a legal requirement, for the administration of justice, to protect your vital interests, to protect the security or integrity of our databases or this website or to take precautions against legal liability.  Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data. 

Our servers and our databases are protected by industry-standard security technology.  Our employees who have access to personal data will handle such data properly and in accordance with our strict standards of confidentiality.  Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alteration or destruction of data, we try to prevent such occurrences.

Other websites

Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy. If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from our own.

Retaining personal data

IHEEM will hold your personal data for 3 years from the date of your resignation, this allows for the re-joining process that we offer within that period.  If you are registered with the Engineering Council, as well, we will keep your personal data for 5 years, as requested by the Engineering Council which are shown in the terms and conditions of our licence to register.  Any accounting information will be kept for 7 years for tax and regulatory purposes. 

GDPR Stance – Legitimate interest

Under the General Data Protection Regulations (GDPR) that came into effect on the 25th May 2019 we take the stance of legitimate interest. We consider that live members have subscribed to receive communication about regional and national events organised by IHEEM and also the monthly publication of the Health Estate Journal (HEJ). Members have the opportunity to update their communication preferences or unsubscribe via the IHEEM website ( and via a prompt on annual subscription notifications at any time. In addition, all marketing communications sent by IHEEM will include links and details to ‘update preferences’ or give individuals the option to ‘unsubscribe’ from all future marketing communications.

Please use the form at the bottom of this page to update how we will stay in touch with you.

If you are an active IHEEM member you will receive the following:   If you are NOT an IHEEM member you will receive the following:
  • Membership renewals
  • HEJ Journal (postal copy only)
  • Receipts for any purchases you make
  • Confirmation of any bookings you have, or your organisation have, made on your behalf
  • AGM notice and other statutory communications
  • e-mails from the Institute - relating to the core business of the Institute as a professional development organisation
  • e-newsletter - promoting IHEEM activities and those of selected partner organisations
  • Receipts for any purchases you make
  • Confirmation of any bookings you have, or your organisation have, made on your behalf

Amending or accessing your personal information preferences

The accuracy of your personal details is important to IHEEM.

  • If you are a registered website user, then you can log on to the site to review and update your contact details and mailing preferences using the ‘Login’
  • Otherwise, if you change email address, you would like to change your mailing preferences, or you need to advise IHEEM of any other changes, please use the ‘Contact Us’ tab on the website.
  • Please ensure that you provide enough information for staff to identify you (such as the address that IHEEM is using to communicate with you, and your membership number if you are a member).

At any point, you have the right to request a copy of the personal data that we hold on you.  Please ensure that you provide enough information for us to identify you and write to the Data Protection Officer at IHEEM’s head office: 2 Abingdon House, Cumberland Business Centre, Portsmouth PO5 1DS or email

Questions and comments

Please contact the Data Protection Officer if you would like further information about this policy, have any questions or are concerned about the security of your personal data. Data Protection Officer, IHEEM, 2 Abingdon House, Cumberland Business Centre, Portsmouth PO5 1DS or

Any formal complaints need to be made to the Information Commissioner’s Office (ICO)

Your responsibilities

You must not share the password for your IHEEM account. Your passwords are your responsibility and must not be disclosed to any third party. This is important for your own protection and that of your personal data.

If you access the IHEEM website from a PC that can be used by any other person, such as those at work or at college or in an Internet café, there are some basic guidelines to follow. Be aware of others close by who may try to take note of your username and password. Never leave the PC unattended when you are logged on to your IHEEM account. At the end of your Internet session, use the Logout link that appears on every page; you should also delete cookies and files, and always close the Web browser correctly using the exit button or File - Close/Exit. IHEEM recommends that you avoid using the "Remember Me" login option in such situations, or wherever PCs are shared.

If you suspect that your password or account information has been compromised, please inform us promptly and change your password.

Your rights

You have the right to access your own personal data that is processed about you. You also have a right to require that your personal information be corrected if it proves to be incorrect or incomplete. Furthermore, you also have a right to be forgotten, which means that you may require that your personal information be deleted. Unless there is a special legal basis for the continued processing of personal data, these will be deleted. It is voluntary to disclose personal data, and consent to the processing of personal data can always be withdrawn. If you wish to contact us, or if you wish to delete or edit any personal information that we process, please see the contact information below.

Updates to this policy

The privacy of members and visitors is important to IHEEM. This policy will be kept under continual review, and changes may be made from time to time. Last updated: 04.08.2020

Contact Us

If you have any questions about this Privacy Policy or want access to your own personal information please contact our Data Protection Officer via