Privacy Notice

This notice explains what data we process, why, how it is legal and your rights.

  1. ABOUT US AND THIS NOTICE
  2. USEFUL WORDS AND PHRASES
  3. WHAT INFORMATION DO WE COLLECT? 
  4. WHY DO WE PROCESS YOUR PERSONAL DATA?
  5. HOW IS PROCESSING YOUR DATA LAWFUL?  
  6. WHEN WILL WE DELETE YOUR DATA?  
  7. WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?
  8. YOUR RIGHTS 

ABOUT US and THIS NOTICE

This Privacy Notice is provided by the Investment Property Forum ("IPF" or "we" or "us") who is a 'controller' for the purposes of the General Data Protection Regulation (EU) 2016/679. This Privacy Notice applies to our members, individuals who are non-members but have an interest on our services, and website visitors. 

We are a company incorporated in England, whose registered office is at 2nd Floor, 2 City Place, Beehive Ring Road, Gatwick, West Sussex, RH6 0PA (registered company number 2763992) and registered for VAT purposes with number 677 9801 73. We are also registered with the Information Commissioner's Office as a data controller (registration reference ZA114149). 

We take your privacy very seriously. We ask that you read this Privacy Notice carefully as it contains important information about our processing and your rights.

How to contact us
If you need to contact us about this Privacy Notice, use the details below :

  • Privacy Manager: Frankie Clay 
  • Address: IPF, New Broad Street House, 35 New Broad Street, London EC2M 1NH
  • Telephone number: 020 7194 7929
  • Email: ipfoffice@ipf.org.uk

If you would like this Privacy Notice in another format (for example: audio, large print, braille), please contact us.

Changes to this Privacy Notice
The latest version of this Privacy Notice can always be found at www.ipf.org.uk/privacy-policy

We may change this Privacy Notice from time to time. We will alert you by posting a notice on our website when changes are made.

Current version: v1 May 2018

USEFUL WORDS AND PHRASES

Please familiarise yourself with the following words and phrases (used in bold) as they have particular meanings in the Data Protection Laws and are used throughout this Privacy Notice: 

Term Definition
controller This means any person who determines the purposes for which, and the manner in which, any personal data is processed.
criminal offence data This means any information relating to criminal convictions and offences committed or allegedly committed. 
Data Protection Laws This means the laws which govern the handling of personal data. This includes the General Data Protection Regulation (EU) 2016/679 and any other national laws implementing that Regulation or related to data protection.
data subject The person to whom the personal data relates.
ICO This means the UK Information Commissioner's Office which is responsible for implementing, overseeing and enforcing the Data Protection Laws.
personal data

This means any information from which a living individual can be identified. 

This will include information such as telephone numbers, names, addresses, email addresses, photographs and voice recordings.  It will also include expressions of opinion and indications of intentions about data subjects (and their own expressions of opinion/intentions).

It will also cover information which on its own does not identify someone but which would identify them if put together with other information which we have or are likely to have in the future.
processing

This covers virtually anything anyone can do with personal data, including:

  • obtaining, recording, retrieving, consulting or holding it;
  • organising, adapting or altering it;
  • disclosing, disseminating or otherwise making it available; and
  • aligning, blocking, erasing or destroying it.
processor This means any person who processes the personal data on behalf of the controller. 
special categories of data

This means any information relating to:

  • racial or ethnic origin;
  • political opinions;
  • religious beliefs or beliefs of a similar nature;
  • trade union membership;
  • physical or mental health or condition;
  • sexual life; or
  • genetic data or biometric data for the purpose of uniquely identifying you.

 

WHAT PERSONAL DATA DO WE COLLECT?

- Information provided by you

We collect some or all of the following information from you when you become a member of the IPF, visit our website, book on an event or communicate with us directly (whether by email, telephone, post or the website):  

Personal data

Contact/ID data: 
Your personal details such as your name, job title,organisation, email, phone number and contact details. If you complete a membership application form, we will collect further details on your career history in order to process your application. If you book on an event, we collect the appropriate information for us to administer this event.

Payment data:
Such as credit or debit card details. This does not apply when you pay online via the IPF’s SagePay portal.

Online and usage data:
Your online account activity, for example pages you visit or documents you download. Your IP address, web browser, operating system, geographical location and similar, as standard from Google Analytics. Your activity from our email communications, for example whether you have opened an email from us and what links you have clicked on.


- Personal information about other individuals

If you provide us with information about other individuals you confirm that you have informed the relevant individuals accordingly. For example, consent to include personal details of individuals attending as your guest at one of our events.

WHY DO WE PROCESS YOUR PERSONAL DATA?

We use your personal data for the following purposes listed in this section. We are allowed to do so on certain legal bases (please see section 'How is processing your data lawful' for further detail). 

  • To administer your membership
  • To communicate with you regarding your ongoing involvement with the IPF, for example: events, research, prizes, sponsorship, committee membership
  • To send you marketing communications keeping you informed of what the IPF is doing 
  • To analyse and produce membership statistics to ensure we are providing the best and most appropriate service
  • To provide general customer support services
  • For compliance, accounting/audit, regulatory, legal and fraud prevention purposes
Purpose explanation
To administer your membership This includes processing your annual subscription through email/telephone reminders, and then processing payment of the subscription, or cancellation of your membership.
To send you information about events you have booked on This includes updates or changes to the date, time, venue or speakers at an event, invoices or receipts where appropriate, delegate/guest lists, and presentations/feedback following the event.
To manage events you/your guests may be booked on, attending or speaking at This includes event marketing (both online and by email), organising conference call, collating and disseminating delegate/guest lists, producing event booklets, video recording the event and subsequent dissemination of presentations and recordings.
To keep you informed about IPF news, events, research and updates This will take the form of monthly email newsletters and other email communications. This is subject to your expressed preferences.
For complance and fraud prevention This is to cover our legal obligations with regard to regulation and tax etc.
To include you in the online Member Directory This includes your name, job title, organisation and organisation contact details. This directory entry is subject to your expressed preferences.

HOW IS PROCESSING YOUR PERSONAL DATA LAWFUL? 

Personal data

We are allowed to process your personal data for the following reasons and on the following legal bases:

- Legitimate Interests 

We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in the interests of the IPF. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible.  

In order to carry out its mission (as below), the IPF relies on our legitimate interests. Without the processing of personal data, we would be unable to provide preferential, beneficial or bespoke services to our members, or improve education, research and networking within the industry, as per our mission.

“To enhance the understanding and efficiency of property as an investment, including public, private, debt, equity and synthetic exposure, for our members and other interested parties, including government, by:

  • undertaking research and special projects and ensuring effective communication of this work;
  • providing education; and
  • providing a forum for networking, discussion and debate amongst our members and the wider investment community.”

You can object to the processing that we carry out on the grounds of legitimate interests. See the section headed "Your Rights" to find out how.

- Contract

It is necessary for our performance of the contract you have agreed to enter with us. If you do not provide your personal data to us, we will not be able to carry out our obligations under the terms of your contract as a member of the IPF. 

- Legal obligation

We are subject to legal obligations to process your personal data for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements. 

- Consent  

Sometimes we want to use your personal data in a way that is entirely optional for you. On these occasions, we will ask for your consent to use your information. You can withdraw this consent at any time.

Special categories of data 

We are allowed to process your special categories of personal data for the following reasons and on the following legal basis:

- Legal claims

We need to process your personal data if, we are required to process your personal data to defend or establish a legal claim.

- Manifestly public personal data

The processing relates to information that you have made public, for example, information made public on a public social media platform. 

WHO WILL HAVE ACCESS TO YOUR PERSONAL DATA?

The table below lists some of our key service providers that act as our processors who will have access to your personal data If you would like to know the names of our other service providers please contact us using the details at the start of this Privacy Notice.

who information is shared with: processors

IPF Service Providers

  • SmartImpact (CRM provider)
  • DotMailer (marketing communications provider)
  • Pixl8 (CMS provider and website host)
  • Ezis (IT services and hosting)
  • Google Analytics (analytics provider)
  • SagePay (online payment processor)

IPF Event Partners

Where we run events with third parties, we share your personal data (your name and organisation) with these companies purely for the purpose of administering that event. We require that these third parties have appropriate privacy policies in place to ensure your data is safe. In addition, we share your personal data (your name and organisation) with the host organisation for security purposes at the event. We require that these third parties have appropriate privacy policies in place to ensure your data is safe.

In addition, we share your personal data with the following entities who act as separate controllers of your personal data. We provide them with your name and contact details so that they can contact you separately in order to arrange services/benefits directly with you, or to note you on our company group policies. You should review their privacy notices to find out how they process your personal data. If you have any queries or complaints about how they process your personal data by them, please contact them separately using the contact information provided on their website.

N/A

We will also share your personal data with the police, other law enforcements, auditors or regulators where we are required by law to do so.

Transfers of your personal data outside the EEA

We may need to transfer your personal data outside the European Economic Area.

Any transfer of your data will be carried out in accordance with the law to safeguard your privacy rights and give you remedies in the unlikely event of a security breach or to any other similar approved mechanisms. If you want to know more about how data is transferred, please contact us using the details in the section above. 

How we keep your personal data secure

We strive to implement appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. We aim to ensure that the level of security and the measures adopted to protect your personal data are appropriate for the risks presented by the nature and use of your personal data. We follow recognised industry practices for protecting our IT environment and physical facilities. 

WHEN WILL WE DELETE YOUR DATA? 

Our main rule is not to keep your data for longer than we need to in order to meet all the purposes we included in the section "Why do we process your personal data?". 

For example, if you are a member, we will keep your data for the time your membership lasts; then, we will keep that data if we need it to comply with a legal obligation or for research or statistics purposes, but if we do not need all the data you provided at first instance, we will delete the remaining data. 

YOUR RIGHTS

As a data subject, you have the following rights under the Data Protection Laws

  • the right to object to processing of your personal data;
  • the right of access to personal data relating to you (known as data subject access request); 
  • the right to correct any mistakes in your information;
  • the right to ask us to stop contacting you with direct marketing;
  • the right to prevent your personal data being processed;
  • the right to have your personal data ported to another controller;
  • the right to withdraw your consent;
  • the right to erasure; and
  • rights in relation to automated decision making

These rights are explained in more detail below. If you want to exercise any of your rights, please contact us (please see "How to contact us"). 

We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with the Data Protection Laws.

  • Right to object to processing of your personal data
    You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing.

    If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so. We believe we have demonstrated compelling grounds in the section headed "How is processing your personal data lawful". 
     
  • Right to access personal data relating to you
    You may ask to see what personal data we hold about you and be provided with:
    • a copy of the personal data;
    • details of the purpose for which the personal data is being or is to be processed; 
    • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are overseas and what protections are used for those overseas transfers; 
    • the period for which the personal data is held (or the criteria we use to determine how long it is held); 
    • any information available about the source of that data; and
    • whether we carry out an automated decision-making, or profiling, and where we do information about the logic involved and the envisaged outcome or consequences of that decision or profiling.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see. 

  • Right to correct any mistakes in your information
    You can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.
     
  • Right to restrict processing of personal data
    You may request that we stop processing your personal data temporarily if: 
    • you do not think that your data is accurate. We will start processing again once we have checked whether or not it is accurate;
    • the processing is unlawful but you do not want us to erase your data;
    • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
    • you have objected to processing because you believe that your interests should override our legitimate interests.
       
  • Right to data portability
    You may ask for an electronic copy of your personal data which we hold electronically and which we process when we have entered into a contract with you. You can also ask us to provide this directly to another party.
     
  • Right to withdraw consent
    You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required use of that personal data.
     
  • Right to erasure
    You can ask us to erase your personal data where:
    • you do not believe that we need your data in order to process it for the purposes set out in this Privacy Notice;
    • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data; 
    • you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
    • your data has been processed unlawfully or have not been erased when it should have been.
       
  • Rights in relation to automated decision making
    You have the right to have any decision that has been made by automated means and which has a significant effect on you reviewed by a member of staff and we will consider any objections you have to the decision that was reached. 

What will happen if your rights are breached?

You may be entitled to compensation for damage caused by contravention of the Data Protection Laws.

Complaints to the regulator

It is important that you ensure you have read this Privacy Notice - and if you do not think that we have processed your data in accordance with this notice - you should let us know as soon as possible. You may also complain to the ICO. Information about how to do this is available on their website at www.ico.org.uk.