IMC Privacy Policy

This Privacy Notice communicates the arrangements that we follow when personal data is collected and processed, such as:

  • Our identity and how we intend to use the information,

  • The lawful basis for processing the data,

  • Our data retention periods,

  • The rights of individuals to complain to the ICO if they think there is a problem with the way we are handling their data.


We are totally committed to taking care of your data. Our sole motivation for collecting and storing data is to serve the needs of the IMC participants and those accessing the knowledge contained on the IMC website or other repositories. We have measures in place to safeguard your privacy. We:

  • Only collect data that is essential and lawful

  • Ensure it is not accessed by unauthorised personnel and bodies

  • Retain it for no longer than is necessary.


We take all reasonable steps to ensure that the IMC and any of our suppliers of services that we interact with meet an equivalent standard.


Any processed data is anonymised, non-personal and not capable of being reconstructed to breach privacy. It is never shared with or sold to third parties except when there is a legal duty to do so.


Scope of personal data

This policy only covers the IMC and its coordinating Hub.


Scope of individuals needing privacy embraces:

  • IMC general participants

  • IMC Hub volunteers

  • Authors of documents published on the IMC website

  • Participants in IMC events

  • Members of the Public who may interact with the IMC.


Who we are

We are the Integrated Management Community (IMC) and not affiliated to any other organisation. It succeeds the CQI long established special interest group and focuses on integrated management theory and practice. The governance of IMSIG is defined on this website. The IMC is coordinated by its IMC Hub and may be contacted via


Our group is open to anyone who wishes to develop their integrated management knowledge and expertise and who may wish to contribute to the objectives of the group.

What information do we collect and hold that constitutes personal data?

Most of the information we collect and hold that can be classed as ‘personal data’ is name, address and other contact details such as email address and telephone number and this is held to enable us to organise group meetings and provide group information. 

Photographs taken of people attending an IMC related event, where the face of an individual is recognisable would be considered personal data.


We also may hold information required for the collection and payment of invoices where applicable.


How is it collected and by whom?

Personal data is collected when someone asks to join our special interest group.   This may be done via the following routes: -


1. Individuals making direct contact via our website link  or network events

  • They will be contacted by an IMC Hub volunteer to establish their requirements and their information will only be shared within the IMC as needed to fulfil their contact request.


2. Individuals joining the IMC Hub.

  • The IMC Hub uses its Google Group membership to hold basic volunteer member contact details e.g. member names, email addresses. It may use this data in employing IT services to facilitate on-line meetings. 


4. Individuals joining the IMC LinkedIn group

  • The IMC administers the IMC LinkedIn group membership and maintains its standards. Members are free to join and leave if they comply with its requirements.

  • View LinkedIn’s Privacy here:


Documents placed or otherwise embedded on the IMC website may contain personal data such as names, contact details and photographs of authors or participants. This data is only placed on the website following the consent of the author. 


Photograph consent will be obtained from individuals whose picture is taken at an event to cover situations whereby event photographs may be published via the IMC website.


The IMC Hub may use Google Analytics and Cookies on this web site to record quantitative data such as visitor numbers, pages viewed etc. but we do not track individuals online e.g., using Lead Forensics, or use inferred information through algorithms, or profile people by analysing data derived from combining other data sets. We do not share data with other parties. 


What we do with the personal data we process

The IMC only collects information that it needs and is going to use. The IMC may use the ‘personal data’ generally for providing a networking and information service relating to integrated management to its members.


The IMC do not use your information for any purpose other than to carry out group activities and communicate with you where appropriate, nor does it collect personal data by observation or draw inference from any individual’s behaviour.

  • It will never sell your personal data. 

  • It will not share any data with third-parties for marketing or other purposes.

  • It will not share your data with any third parties without your prior consent (which you are free to withhold) except where legally required to do.


The IMC website provides links to other websites. This privacy statement applies only to our website. IMC is not responsible for any use of your personal information that you provide to third party websites which may be accessed from this website. So, when you move to another site, you should read the Data Protection and Privacy statement of that website.


Any documents created by the IMC containing personal data shall prominently display the following:

  • ‘CONFIDENTIAL – this document shall be secured from unauthorised access at all times and managed within the restrictions of the IMC Privacy Policy’ (this policy).


How long do we keep personal data?

IMC will hold your personal data on its systems for as long as you are a member of the group and for as long afterwards as it is in the group’s legitimate interest to do so for example maintaining meeting minutes in an archived form for no longer than 12 months.  IMC will review the personal data it holds every year to establish whether the IMC is still entitled to retain or process it.


Who will your data be shared with?

Data will only be shared with external third parties when a legitimate and lawful need has been identified, for example the IMC website subscription list will be held within the website management dashboard. See privacy policy for more details on GDPR compliance


All reasonable steps are taken to ensure data security both organisationally and technologically. As part of our data security measures, group post holders can only access information with access levels as relevant to their responsibilities. 


What will be the effect of this on the individuals concerned?

There should be no impact on the individual as a result of our processing. The IMC aim to always be fair, transparent and ensure that people know how their information will be used. Data security is a key consideration and the IMC will do everything it can to protect the data that it holds. This applies whether the personal data was obtained directly from data subjects or from other sources. 


Is the intended use likely to cause individuals to object or complain?

IMC use of data will not have any unjustified adverse effects on individuals. The IMC is only using information in a way which would reasonably be expected. There are no adverse consequences of not providing information to the IMC - for example, non-receipt of a benefit.


The Lawful Basis of our data processing

The lawful bases for IMC data processing activity is Legitimate Interest and Consent

In general terms the purpose of processing information is to enable the IMC to provide information to group members and prospective members, to promote and advertise MSS1000, and maintain IMC accounts and records. 


Legitimate Interests:

  • IMC use people’s data in ways they would reasonably expect in order to carry out group activities and communicate with them.

  • Processing is necessary as the IMC could not provide information to members and networking groups without processing this information.

  • IMC have balanced group interests against the individual’s interests, rights and freedoms. IMC processing has a minimal privacy impact.



The IMC aims to deliver effective, timely communications to its members and prospective members, such as newsletters, information on integrated management and MSS1000.


Consent is the most appropriate legal basis for the processing of prospective member’s information and for use of photographs on the IMC website. The IMC will always make it clear when requesting Consent what the data will be used for and have clear, simple ways for people to withdraw consent.


The IMC will explain its lawful basis for processing personal data when it answers a ‘subject access’ request.


Who is the Data Controller and Data Protection Officer

The MCR have identified that it is not necessary for it to appoint a Data Protection Officer (DPO) - however the IMC Hub volunteers acting jointly has overall responsibility for the control of data.


Your Rights

You have rights under the General Data Protection Regulations (GDPR) to:

  • Access your personal data

  • Be provided with information about how your personal data is processed

  • Have your personal data corrected

  • Have your personal data erased in certain circumstances

  • Object to or restrict how your personal data is processed

  • Have your personal data transferred to yourself or to another business in certain circumstances


Individuals have the right to request access to the data the IMC holds on them by submitting a request to the IMC Hub, who will provide details on any information retained by the IMC as outlined in its Data Protection Policy.


Any publication on the IMSIG website can be requested to be contacting the IMC Hub.


Transfer of data abroad

As a global organisation IMC Hub roles are open to those residing within and outside of the EU.  If transfer of  personal data is required to a person residing outside of the EU the IMC will ensure that this will be undertaken by a secure means and the requirements of the IMC's Data Protection Policy will apply regardless of location.


IMC action if there is a data breach?

If a breach involving your personal information takes place the IMC will establish the likelihood and severity of the resulting risk to your rights and freedoms.  If it’s likely that there will be a risk arising then the IMC will notify the ICO as soon as possible, seeking to do this within 72 hours of the breach occurring.  If such breach/loss is likely to result in a high risk to individual rights and freedoms the IMC will directly notify any individuals that have been affected.


The right to complain

The IMC always seeks to treat an individual’s data fairly - however, individuals have the right to complain and the IMC will investigate and respond accordingly within one month.  As the IMC has no physical address, complaints should be emailed to :


Should the response not be resolved to the satisfaction of the complainant, the individual can also take up their issue with the Information Commissioner’s Office (the ICO) at the following address:


The Information Commissioner’s Office,

Wycliffe House, Water Ln, Wilmslow SK9 5AF

Or via EMAIL:

If you have any concerns about our privacy arrangements or how IMSIG may be impacting your personal data please contact us.