Privacy Policy

The data that IHEEM requests and why it is needed

The Institute of Healthcare Engineering and Estate Management (IHEEM) requests your personal data in order that it can process your requirements and deliver the services that you have requested. It uses the information collected from its members and visitors to enhance the services that it offers, to improve your experience on its website and your contact with Head Office.  IHEEM will only hold personal data that is relevant.

Your personal data could include your name, address, date of birth and contact information such as phone numbers and email addresses.  This information could be used to process a membership application, for event registration or for payment purposes.  For membership application purposes, further personal data may be required, such as educational and employment history and sponsor details, to enable IHEEM to assess your application.   IHEEM publishes a list of new members quarterly in Health Estate Journal.  If you are or wish to be registered with the Engineering Council, then your personal data will be shared with them.  The Engineering Council publishes a list of newly qualified engineers periodically on its website and in the UK press. 

IHEEM records the services, publications and other products that you have selected. If you contribute to the work of IHEEM, for example by serving on a committee, this will be recorded, the information may then be used to provide you with access to any special services that IHEEM provides to assist that committee.  IHEEM does not attempt to collect personal information by methods that are indirect or not made obvious to you.

On becoming an individual or company affiliate member (member) of IHEEM you will be invited to create a website log-in account to gain access to the ‘Members Only’ area and to allow you to update your personal information and preferences.  Updated information will automatically be transferred across to the IHEEM database, which is maintained by a third party, to ensure that you receive the best service.

Non-member registration requires you to provide personal data. This data will automatically be transferred across to the IHEEM database, which is maintained by a third party, and be used to inform non-members of relevant information; such as booking confirmation, receipts.

If you do not wish IHEEM to have your personal data, it may limit the services it can provide to you.

What IHEEM does with your data

The information that you provide IHEEM will be kept confidential and used to support IHEEM’s relationship with you.  We will only ask for data that is relevant for those purposes.

Your details will be made available, as appropriate, to those who are responsible, at IHEEM, for the services that you request. For your information, services such as application reviews are mostly delivered by volunteer members.

If you are a member or other registered contact of IHEEM your information will be processed by IHEEM for its sole use and that of its associated organisations, for the purpose of promoting, delivering and improving your experience of IHEEM and its product and services or such other purposes as are described in this Privacy Statement. If either now or in the future you are based outside the European Economic Area (the “EEA”), your information may be transferred outside the EEA to enable you to benefit from IHEEM opportunities overseas or, where required, to enable IHEEM to meet any legal or other legitimate obligations in that country.

Your personal information may be disclosed to reputable third-parties who will help us deliver our services to you.  We will only do this with your permission.

IHEEM requires all such third-parties to treat your personal information as confidential and to comply with all applicable UK and EU Data Protection and Consumer Legislation in place at any given time.

The information that you provide may be held and used by IHEEM for market analysis and production of internal reports, for marketing its products and services generally and (subject to any preference that you may indicate when submitting your details) for sending information to you about its activities, services and publications. Please see the relevant section of the IHEEM website if you would like to change your preferences.

From time to time, IHEEM may invite visitors to the website to provide data to improve the site, or its services or marketing. Answering any questions will be optional.

When you pay online for IHEEM services, you are using a partner company, Sagepay. IHEEM makes it clear on the payment pages that you are being transferred to this site.

Some events listed on IHEEM’s site are organised in co-operation with other organisations. When you register for an event, it will be made clear to you to which of the partner organisations your registration is being submitted.

The IHEEM website gives preferential access to some third-party services; often this is restricted to members only. You will be told, when you register for a third-party service, that this will mean that IHEEM will need to share your data with the third-party company before you can receive the service.

If you choose to receive information from other companies and later decide that you no longer want to receive further information, you should contact the relevant company directly. You should be aware that, if you give any personal information to another company, the uses to which that information may be put will be determined by that company's privacy policy. IHEEM’s privacy policy will no longer apply.

Otherwise, except for the purposes of law enforcement, regulation or legal proceedings, or with your explicit permission, IHEEM will not give or sell its members' and other contacts' personal information to third parties.

Tracking your behaviour on the website

In addition to the information we collect as described above, we use technology to collect anonymous information about the use of our website.  For example, we use technology to track which pages of our website our visitors view.  We also use technology to determine which Internet browsers our visitors use.  This technology does not identify you personally, it simply enables us to compile statistics about our visitors and their use of our website. 

Our website contains hyperlinks to other pages on our website.  We use technology to track how often these links are used and which pages on our website our visitors choose to view.  Again, this technology does not identify your personally – it simply enables us to compile statistics about the use of these hyperlinks.

This anonymous data is used to improve the content and functionality of our website and our e-mail updates, to better understand our members and visitors, and to improve our services.

To collect anonymous data, we may use temporary “cookies”.  Cookies by themselves cannot be used to discover the identity of the user.  A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive.  Cookies do not damage your computer. 

We also use your IP address to help diagnose problems with your server and to administer our website.  An IP address is a numeric code that identifies your computer the internet.  Your IP address is also used to gather broad demographic information, such as determining how many of our visitors are from the outside of the UK.  We may also perform IP lookups to determine which domain you are coming from (ie: aol.com, yourcompany.com) to more accurately gauge our users’ demographics.  We do not share, sell or distribute your personal data with unrelated third parties except as set out above under ‘Use of Personal Data’ or under these limited circumstances:

Personal data may occasionally be transferred to third parties who act for or on behalf of IHEEM, or in connection with the business of IHEEM for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have subsequently consented.  For example, sometimes a third party may have access to your personal data in order to handle our mailings on our behalf.

We may share or transfer the information our databases to comply with a legal requirement, for the administration of justice, to protect your vital interests, to protect the security or integrity of our databases or this website or to take precautions against legal liability.  Where appropriate, before disclosing personal data to a third party, we contractually require the third party to take adequate precautions to protect that data. 

Our servers and our databases are protected by industry standard security technology.  Our employees who have access to personal data will handle such data properly and in accordance with our strict standards of confidentiality.  Although we cannot guarantee against any loss, misuse, unauthorised disclosure, alternation or destruction of data, we try to prevent such occurrences.

Retaining personal data

IHEEM will hold your personal data for 3 years from the date of your resignation, this allows for the re-joining process that we offer within that period.  If you are registered with the Engineering Council, as well, we will keep your personal data for 5 years, as requested by the Engineering Council which are shown in the terms and conditions of our licence to register.  Any accounting information will be kept for 7 years for tax and regulatory purposes. 

Amending or accessing your personal information preferences

The accuracy of your personal details is important to IHEEM.

  • If you are a registered website user, then you can log on to the site to review and update your contact details and mailing preferences using the ‘Login’
  • Otherwise, if you change email address, you would like to change your mailing preferences, or you need to advise IHEEM of any other changes, please use the ‘Contact Us’ tab on the website.
  • Please ensure that you provide enough information for staff to identify you (such as the address that IHEEM is using to communicate with you, and your membership number if you are a member).

At any point you have the right to request a copy of the personal data that we hold on you.  Please ensure that you provide enough information for us to identify you and write to the Data Protection Office at IHEEM’s head office: 2 Abingdon House, Cumberland Business Centre, Portsmouth PO5 1DS.  IHEEM may charge a fee of £10 for responding to an access request.

Questions and comments

Please contact the Data Protection Officer if you would like further information about this policy, have any questions or are concerned about the security of your personal data. Data Protection Office, IHEEM, 2 Abingdon House, Cumberland Business Centre, Portsmouth PO5 1DS.  office@iheem.org.uk .

Any formal complaints need to be made to the Information Commissioner’s Office (ICO) https://ico.org.uk/ .

Your responsibilities

You must not share the password for your IHEEM account. Your passwords are your responsibility and must not be disclosed to any third party. This is important for your own protection and that of your personal data.

If you access the IHEEM website from a PC that can be used by any other person, such as those at work or at college or in an Internet café, there are some basic guidelines to follow. Be aware of others close by who may try to take note of your username and password. Never leave the PC unattended when you are logged on to your IHEEM account. At the end of your Internet session, use the Logout link that appears on every page; you should also delete cookies and files, and always close the Web browser correctly using the exit button or File - Close/Exit. IHEEM recommends that you avoid using the "Remember Me" login option in such situations, or wherever PCs are shared.

If you suspect that your password or account information has been compromised, please inform us promptly and change your password.

Updates to this policy

The privacy of members and visitors is important to IHEEM. This policy will be kept under continual review, and changes may be made from time to time.