CQI IMSIG Privacy Policy

This Privacy Notice communicates the arrangements that we follow when personal data is collected and processed, such as:

  • Our identity and how we intend to use the information,

  • The lawful basis for processing the data,

  • Our data retention periods,

  • The rights of individuals to complain to the ICO if they think there is a problem with the way we are handling their data.


We are totally committed to taking care of your data. Our sole motivation for collecting and storing data is to serve the needs of IMSIG members and those accessing the knowledge contained on the IMSIG website or other repositories. We have measures in place to safeguard your privacy. We:

  • Only collect data that is essential and lawful

  • Ensure it is not accessed by unauthorised personnel and bodies

  • Retain it for no longer than is necessary.


We take all reasonable steps to ensure that the CQI and any of our suppliers of services that we interact with meet an equivalent standard.


Any processed data is anonymised, non-personal and not capable of being reconstructed to breach privacy. It is never shared with or sold to third parties except when there is a legal duty to do so.


Scope of personal data

This policy only covers the CQI Integrated Management SIG. There is a separate CQI privacy policy available on its website https://www.quality.org/article/privacy-policy. Any IMSIG website links to other organisations are subject to their privacy arrangements and are not vetted or endorsed by the CQI or CQI IMSIG.


Personal data relevant to the operation of IMSIG may be held by:

  • the CQI and managed by its administrative staff.

  • the CQI Integrated Management SIG administered by its own appointed officers.


Scope of individuals needing privacy embraces:

  • IMSIG members

  • IMSIG appointed officers

  • Authors of documents published on the IMSIG websites

  • Participants in IMSIG events

  • CQI employed and contracted staff

  • Members of the Public who may interact with us.


Who we are

We are the Integrated Management Special Interest Group (IMSIG) and are a long established special interest group within the Chartered Quality Institute focusing on integrated management theory and practice. The governance of IMSIG is defined on the following webpage https://www.integratedmanagement.info/imsig-governence . We can be contacted at:  secretaryimsig@quality.org.


Our group is open to CQI and non-CQI members who wish to develop their integrated management knowledge and expertise and who may wish to contribute to the objectives of the group. This is the link to the CQI Special Interest Groups website page https://www.quality.org/content/special-interest-groups-sigs.


What information do we collect and hold that constitutes personal data?

Most of the information we collect and hold that can be classed as ‘personal data’ is name, address and other contact details such as email address and telephone number and this is held to enable us to organise group meetings and provide group information. 

Photographs taken of people attending an IMSIG related event, where the face of an individual is recognisable would be considered personal data.


We also may hold information required for the collection and payment of invoices.


How is it collected and by whom?

Personal data is collected when someone asks to join our special interest group.   This may be done via the following routes: -


1. Individuals using the CQI Link to join special interest group https://www.quality.org/content/sig-registration-form

  • We do not maintain data of members joining via this route, all contact with members is managed via the Chartered Quality Institute, who is the Data Controller, to whom we provide information to be circulated by their processes.

  • View the CQI’s Privacy Policy here: https://www.quality.org/article/privacy-policy.


2. Individuals making direct contact via our website link https://www.integratedmanagement.info/contacts  or network events

  • They will be contacted by an Officer of the group to establish their requirements and their information will only be shared within IMSIG or the CQI as needed to fulfil their contact request.


3. Individuals joining the IMSIG steering group.

  • Our Group Secretary maintains a contact list of members names, addresses, EMAILs, information on meeting attendance and meeting minutes. Minutes are not shared with non-committee members and are only retained for 12 months.


4. Individuals joining the LinkedIN group CQI Integrated Management SIG


Documents placed or otherwise embedded on the CQI IMSIG website may contain personal data such as names, contact details and photographs of authors or participants. This data is only placed on the website following the consent of the author. 


Photograph consent will be obtained from individuals whose picture is taken at an event to cover situations whereby event photographs may be published via the IMSIG website.


We also maintain personal information on key contacts within Chartered Quality Institute to enable us to contact them regarding day to day management of the steering group.


We may use Google Analytics and Cookies on our web site to record quantitative data such as visitor numbers, pages viewed etc. but we do not track individuals online e.g., using Lead Forensics, or use inferred information through algorithms, or profile people by analysing data derived from combining other data sets. We do not share data with other parties except summary data provided to the CQI.


What we do with the personal data we process

We are only collecting information we need and are going to use. We use the ‘personal data’ generally for providing a networking and information service relating to integrated management to our members.


We do not use your information for any purpose other than to carry out our group activities and communicate with you where appropriate, nor do we collect personal data by observation or draw inference from any individual’s behaviour.

  • We will never sell your personal data. 

  • We will not share any data with third-parties for marketing or other purposes.

  • We will not share your data with any third parties without your prior consent (which you are free to withhold) except where legally required to do.


The IMSIG website provides links to other websites. This privacy statement applies only to our website. We are not responsible for any use of your personal information that you provide to third party websites which may be accessed from this website. So, when you move to another site, you should read the Data Protection and Privacy statement of that website.


Any documents created by CQI IMSIG containing personal data shall prominently display the following:

  • ‘CONFIDENTIAL – this document shall be secured from unauthorised access at all times and managed within the restrictions of the CQI IMSIG Privacy Policy’ (this policy).


How long do we keep personal data?

We will hold your personal data on our systems for as long as you are a member of the group and for as long afterwards as it is in the group’s legitimate interest to do so for example maintaining meeting minutes in an archived form for no longer than 12 months.  We will review the personal data we hold every year to establish whether we are still entitled to retain or process it.


Who will your data be shared with?

Data will only be shared with external third parties when a legitimate and lawful need has been identified, for example our website subscription list will be held within the website management dashboard. See Wix.com privacy policy for more details on GDPR compliance https://www.wix.com/about/privacy


All reasonable steps are taken to ensure data security both organisationally and technologically. As part of our data security measures, group post holders can only access information with access levels as relevant to their group job responsibilities.  All IMSIG appointed officers and committee members have defined responsibilities which are available to view via the following webpage http://cqiimsig.wixsite.com/imsig/organisation.


What will be the effect of this on the individuals concerned?

There should be no impact on the individual as a result of our processing. We aim to always be fair, transparent and ensure that people know how their information will be used. Data security is a key consideration and we do everything we can to protect the data that we hold. This applies whether the personal data was obtained directly from data subjects or from other sources. 


Is the intended use likely to cause individuals to object or complain?

Our use of data will not have any unjustified adverse effects on individuals. We are only using information in a way which they would expect. There are no adverse consequences of not providing information to us - for example, non-receipt of a benefit.


The Lawful Basis of our data processing

The lawful bases for our data processing activity are Legitimate Interest and Consent

In general terms the purpose of processing information is to enable us to provide our information to group members and prospective members, to promote and advertise MSS1000, and maintain our own accounts and records. 


Legitimate Interests:

  • We use people’s data in ways they would reasonably expect in order to carry out our group activities and communicate with them.

  • Processing is necessary as we could not provide information to members and networking groups without processing this information.

  • We have balanced our group interests against the individual’s interests, rights and freedoms. Our processing has a minimal privacy impact.



We aim to deliver effective, timely communications to our members and prospective members, such as newsletters, information on integrated management and MSS1000.


Consent is the most appropriate legal basis for the processing of prospective member’s information and for use of photographs on our website. We will always make it clear when requesting Consent what the data will be used for and have clear, simple ways for people to withdraw consent.


We will explain our lawful basis for processing personal data when we answer a ‘subject access’ request.


Who is the Data Controller and Data Protection Officer

We have identified that it is not necessary for IMSIG to appoint a Data Protection Officer (DPO) - however the IMSIG Chair has overall responsibility for the control of data  which is under the control of IMSIG officers.  The responsibility is discharged by maintaining formal IMSIG Officer role descriptions approved by the IMSIG Steering Committee. These may be viewed via the following webpage http://cqiimsig.wixsite.com/imsig/organisation.


The CQI has appointed a Data Controller that maintains an oversight over the IMSIG arrangements to ensure they are compliant and fit for purpose – refer to https://www.quality.org/article/privacy-policy.


Your Rights

You have rights under the General Data Protection Regulations (GDPR) to:

  • Access your personal data

  • Be provided with information about how your personal data is processed

  • Have your personal data corrected

  • Have your personal data erased in certain circumstances

  • Object to or restrict how your personal data is processed

  • Have your personal data transferred to yourself or to another business in certain circumstances


Individuals have the right to request access to the data we hold on them by submitting a request to do so addressed to Group Secretary, who will provide details on any information retained by us as outlined in our Data Protection Policy.


Any publication on the IMSIG website can be requested to be removed.by contacting secretaryimsig@quality.org.


Transfer of data abroad

As a global organisation IMSIG Officer roles are open to those residing within and outside of the EU.  If transfer of  personal data is required to a post holder residing outside of the EU we will ensure that this will be undertaken by a secure means and the requirements of our Data Protection Policy will apply regardless of location.


Action we will take if there is a data breach?

If a breach involving your personal information takes place we will establish the likelihood and severity of the resulting risk to your rights and freedoms.  If it’s likely that there will be a risk arising then we will notify the ICO as soon as possible, seeking to do this within 72 hours of the breach occurring.  If such breach/loss is likely to result in a high risk to individual rights and freedoms we will directly notify any individuals that have been affected.


The right to complain

We always seek to treat an individual’s data fairly - however, individuals have the right to complain to us and we will investigate and respond accordingly within one month.  As we do not have a physical address complaints should be sent via EMAIL to :



Should the response not be resolved to the satisfaction of the complainant, the individual can also take up their issue with the Information Commissioner’s Office (the ICO) at the following address:


The Information Commissioner’s Office,

Wycliffe House, Water Ln, Wilmslow SK9 5AF

Or via EMAIL: https://ico.org.uk/global/contact-us/email/

If you have any concerns about our privacy arrangements or how IMSIG may be impacting your personal data please contact us.