Who runs this website ?

The website instituteofcouriers.com and the synonym www.ioc.uk.com are internet properties of The Society of Couriers registered at Companies House No 09425122 as a Private Limited Company by guarantee without share capital.

Registered Office Address

c/o UHY Hacker Young,
St. James Building
79, Oxford Street,
Manchester M1 6HT

Legal representation

Bircham, Dyson, Bell LLP
50 Broadway,
Westminster
London SW1H 0BL

 

What information do we have about you ?

If you are a website visitor from the general public

We record technical data about the devices and software used to view our pages and the internet addresses our visitors arrive from. We gather this data through our use of Statcounter analytics - DATA A.  In addition, the web server software logs access to the pages on this web site - DATA B. Your use of this website is conditional upon your acceptance of this collection.

DATA A serves the following purposes

It informs our decision-making about how to keep the site relevant and useful

DATA A resides on the servers of the analytics company, which is headquartered in Ireland - within the EU. Statcounter is therefore a subsidiary data processor. Our service level agreement with Statcounter indicates a retention period for this data of no more than 1 month. IP address collection by Statcounter is anonymised. We therefore avail ourselves of the protections of Recital 26 of the GDPR i.e. the GDPR does not apply to our collection of statistical data because it contains no personal identifiers.

DATA B serves the following purposes

It allows the owner of the server to determine whether the site is being misused

DATA B resides on the managed server that runs this website. Access to this data is controlled by Namesco - the hosting company that manages the server for us. Namesco is therefore a subsidiary data processor. Recital 73 of the GDPR states that Subject access rights can properly be overridden in the specific case of the prevention, investigation and prosecution of criminal offences, e.g. matters under the Computer Misuse Act 1990. Recital 49 further establishes a specific overriding legitimate interest in processing personal data for the protection of the information system (server) itself.

 

If a website visitor chooses to fill in a contact or booking form and supply personal data, that form data is immediately transmitted via e-mail to our admin systems; it is not stored on the website after form submission.

We have a separate page that details our use of cookies.

If you participate in an occasional research survey conducted by us

We use recognised and accredited survey tool SurveyMonkey to collect and store data responsibly for scholarly research purposes. We ask you at the time of survey whether you wish to give us your e-mail address for inclusion on our newsletter list. Otherwise, the data is randomised and the results presented are aggregate statistics only and contain no personal identifiers, hence Recital 26 also applies.

If you are a recipient of our occasional newsletter e-mails

We have an e-mail address - nothing else. This data is stored with other newsletter recipients in a mailing dataset that is used solely for sending our newsletters. We process data about your e-mail address solely to ensure that the subscriber list only contains valid e-mail addresses (MX domain lookups and RFC3834 return-path messages) of business people who wish to receive the newsletter. We do not send out versions of our newsletter - every subscriber receives the same newsletter (apart from the pseudonymised unsubscribe link) . We believe that this means that we are regulated under the PECR B2B rules. This data resides in the United Kingdom at rest in a secure managed server hosting facility and protected in transit by end-to-end strong encryption.

Fee-paying members of the Institute

In addition to an e-mail address, we separately maintain the information necessary to process subscriptions and communicate privately about Institute affairs - this includes a full name, telephone number, a billing address, data regarding the current subscription period, class of membership and the fee category payable.

This membership information is stored on a computer in the United Kingdom which is not usually connected to the internet except during the membership renewal period, when data is processed to generate invoices and reminders. It is not the same dataset that is used to send e-mails.

Some members of the Institute have also requested credentials to allow them to log in to the website's members-only areas. They do this using usernames and passwords which have significance only on the website. Members cannot currently store their own private personal information on the site - the members-only area is for IOC-related information only.

Disclosure of information to third parties

We would only ever disclose information if the law says that we must or if you give us permission to do so.

Our duty to keep records of data processing

Article 30 Paragraph 5 of the GDPR states

The obligations referred to in paragraphs 1 and 2 [record keeping duties] shall not apply to an enterprise or an organisation employing fewer than 250 persons unless [...] the processing is not occasional [...]

 

Recital 13 Point 3 of the GDPR states

To take account of the specific situation of micro, small and medium-sized enterprises, this Regulation includes a derogation for organisations with fewer than 250 employees with regard to record-keeping.

 

The Institute of Couriers has fewer than 250 employees and does not send newsletters regularly, neither is it part of the regular course of activity of the data controller. Our processing of the e-mails is therefore occasional, as defined by the Position Paper dated April 19 2018 on Article 30 published by the Article 29 Working Party (WP29).

How do I find out what you know about me and get it changed ?

You can contact us via e-mail at This email address is being protected from spambots. You need JavaScript enabled to view it. to ask what information we may hold about you. We will always require proof of identity before we can begin processing your request - we must do this to discharge our duty not to disclose your information to third parties. The ICO have provided guidance on when it is permissable to charge an administration fee and we will follow this procedure. This fee, if applicable, must be paid in full before we will process your request.

If we do hold information about you, you can ask for it to be deleted and we will comply if the law says we must do so, otherwise we will normally comply if the law says we can do so, with the following exceptions (this list may change)

accurate published public-domain journalistic reportage - you do not have the right of censorship.

if the deletion would prevent the delivery of or payment for services to you that we have entered into a contract to provide

if we otherwise have a legitimate interest in the retention of the data that overrides your right to have it deleted.

You can also ask for it to be amended (without exception) if it is factually inaccurate and we will either correct or remove the information in question.

 

Nothing in the above removes any of your rights under UK law, or the rights of the Society of Couriers.