This Privacy Notice has been issued by the Institute of Highway Engineers (IHE) to comply with the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. The Privacy Notice replaces any Fair Collection Notice issued under the Data Protection Act 1998.
Website Visitors (Members and Non Members)
Members (with login details)
We use a third party service, Your Membership (owned by Community Brands), to publish and host the members area of the IHE website. When someone visits theihe.org, a third party service, Google Analytics, is used to collect internet log information and to follow visitor patterns. By knowing the number of visitors to the various pages, we can improve the website and identify areas of particular interest. The information is processed in a way which does not identify individuals. If we are collecting personally identifiable information through our website, we will do so using forms that clearly explain what we intend to do with it.
Your Membership’s Privacy Notice is here.
Filling in forms: Most forms on https://members.theihe.org/ (for example the contact Us form, event registrations, training assignment submissions), are managed through Your Membership, our website third party service above. However, some forms are in PDF version (for example Professional Registration) which are emailed to the IHE and stored securely on our server. If we are collecting personally identifiable information through our website, we will do so using forms that clearly explain what we intend to do with it.
Social buttons: Visitors may use these to bookmark or share our web pages. There are buttons for: Twitter Share, Facebook Share, Google, Linkedin and Email Share. These work using scripts from domains outside of the IHE and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information.
Social Media Contact with the IHE: the IHE uses Twitter and Facebook. If you intend to post a comment on our Twitter or Facebook feed, Twitter and Facebook will require you to set up your own account. Please review the Twitter privacy notice to see how it uses your information and to find out how to opt out, or delete, such information. Direct messages sent to the IHE's Twitter account will be deleted after 1 year.
External web services. We do not use external web services at present.
Other IHE Websites: IHE is responsible for one other website that you can link to from our main website:
Links to other websites: Our website also contains links to other websites that may be of interest to our visitors. However, once you have used these links to leave our site, this privacy statement no longer applies and we cannot be responsible for the protection and privacy of any information which you provide whilst visiting those sites - such sites are not governed by this privacy statement. Again, please check the respective policies of any such sites that you chose to visit.
Our legal basis for processing the data described above is our legitimate interest in keeping our website and services relevant so that we can develop and grow our organisation; as well as a legitimate interest in keeping an appropriate record of any communications entered into with those visiting our website and social media platforms.
Registrations for training and events (Members and Non Members)
Members (anyone who has a membership login to IHE) IHE is the data controller for the information you provide during the membership unless otherwise stated. If you have any queries about membership or how we handle your information, please contact us.
Our legal basis for processing the data described below is the performance of a contract to manage and administer your membership of IHE and to deliver member benefits to you; as well as a legitimate interest in keeping an appropriate record of any communications entered into with members and in keeping up to date member records.
What will we do with the information you provide to us?
Data we hold will be used confidentially, and to help us run our services and keep you informed - for example, to collect subscriptions, post out publications and let you know about our academy training events; or to fulfil legal or regulatory requirements if necessary.
We will use the other information you provide to represent the sector, e.g. to compile sector demographics – you would never be identifiable individually, but such information enables us to more effectively advocate for the sector. We may also use relevant information (e.g. sector or level of membership) to advise you of products and services that may be of interest.
IHE will never sell, trade, rent, exchange or otherwise share your personal information with any other person, company or organisation without gaining consent to do so. The information you provide will be held securely by us and/or our data processors, whether the information is in electronic or physical format. We do not collect more information than we need to fulfil our stated purposes and will not retain it for longer than is necessary.
Joining as a member
By using our online registration system, this will be collected by a data processor on our behalf (please see Your Membership below).
We ask you for your personal details including name and contact details. We will also ask you about your professional details and questions relevant to the sector. Our administration and management teams will have access to all of this information.
Member login information, comprising of name or username, email address, and password is collected/created. There is also the option to sign in using your social profile on Facebook (YM SocialLink will receive your public profile, friends list and email address from Facebook) or LinkedIn (YM SocialLink will receive your name, photo, headline, current positions and primary email from LinkedIn). These work using scripts from domains outside of IHE and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information and to find out how to opt out, or delete, such information.
Further details are then collected in the member profile. The information is used to provide access to the member-only areas of the website and other member-only benefits. The services and information available to you will be governed by the type of membership that you have with us.
Your personal information is also used to track your website preferences and keep you informed, unless you have opted not to receive such communications. In some instances, when a purchase is initiated by a member, billing information, that may include credit card information, is captured.
Membership database: Your membership information is held by a third party processor Your Membership (YM, owned by Community Brands) who provide this online service for us.
Here is a link to their Privacy Notice: https://www.yourmembership.com/legal/
YM complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. YM has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.
IHE Regional Branches: If members have joined IHE we will assign them to their local branch network. Their contact data (email and postal), may be shared with those local branches (taking into account any communication preferences stated by that member), so that they can send newsletters and information about their activities. All IHE volunteers who will be in receipt of personal information are asked to read and sign a Data Processing Agreement – for example if they are on a group committee, they are sending out email communications or organising events.
SocialLink: As well as a member profile, you will have access to a private, member-facing online community called SocialLink where you will be able to network with other IHE members. You can post to your own feed; connect with other members; and can join regional and special interest groups. Participation in Social Link is entirely optional, but by default your name and profile picture (if you choose to upload one) are visible to other IHE members via the Directory on SocialLink. If you’d like other members on SocialLink to know more about you – such as your employer’s name or contact details – you need to change your privacy settings in your profile and also make a connection to that person. You can manage your privacy settings in Social Link by going to 'edit Profile' and clicking the lock icon beside the fields you wish to make visible/not visible.
Registers: As an IHE member and as stated in our membership terms and conditions, the Institute will publish a Register of Members in Highways Magazine on the IHE website containing the names of all members and identifying their category of membership and identifying those who are Registered Practitioners.
Professional Registration: If you apply for Engineering Council Professional Registration (EngTech, IEng, CEng) or, IHE certification, you will create a portfolio for assessment.
When individuals submit their portfolio, they will also make it accessible to Membership and Qualifications Committee who are responsible for assessing all submissions made at certification, engineering technician, incorporated and chartered engineer level. Applicants should be aware that as part of the portfolio submission, they will need to include an up to date CV and Job Description along with other personal information.
Any personal information that is provided to IHE, its volunteers and the M&Q who volunteer as assessors on IHE's behalf, are used only for the purpose of reviewing the professional registration submission. The portfolio will be kept for seven years, after which your portfolio will be destroyed.
For members who successfully pass the review for Engineering Council registration (EngTech, IEng, CEng) it will be necessary to share your personal information with the Engineering Council to create a record of your professional registration(s) on the National Register. The processing of your personal data by the Engineering Council is conducted on the basis of legitimate interest in order to facilitate your registration(s) and all associated processes.
Here is a link to their Privacy Notice: https://www.engc.org.uk/privacy/
Voting on official IHE matters: as an IHE member you are entitled to vote in our annual elections for new committee members. IHE uses Survey Monkey for collecting and analysing the votes. This voting is optional to members and is collect anonymously.
Here is a link to their privacy notice: https://www.surveymonkey.com/mp/legal/privacy-policy/
Volunteers: As a member you may either be an IHE volunteer, or interact with IHE volunteers (who may or may not be IHE members themselves). If IHE volunteers will have access to personal information, it will be appropriate to their role and they will have been asked to sign a Data Processing Agreement. This list is not exhaustive, but volunteers include Branch Volunteers, Assessors, Professional Review Reviewers, Company Training Scheme Assessors, Academic Standards Panel.
Paying for your membership: If you use a credit or debit card to pay, you will be redirected to a third party service, Realex part of Global Payments, who collect payment on IHE's behalf. They will request card number, expiry date and the contact details of the person and address that the card is registered to.
Their privacy notice is here: https://www.globalpaymentsinc.com/en-gb/accept-payments/ecommerce/privacy
If you pay by Direct Debit, (in monthly or annual instalments), your instalments will be processed and collected on our behalf by the Bacs Payment Schemes Limited and Mosaic software. Your bank details (account name, bank sort code and account number) are stored by IHE.
Here is a link to their privacy notice:
Mosaic software: http://www.mosaicsoftware.co.uk/privacy-policy.html
How long is the information retained for? Once you cease to be a member, your membership profile and details of financial transactions made with IHE, will be retained for 5 years. If you decide to rejoin, your original profile will be made active again, if still on record. We will stop all communications with you after one year, or as soon as you unsubscribe, whichever is sooner.
Credit Card and Debit Card Payments
If registering for an event or training, additional information such as dietary or access requirements may be collected, but will only be used for that particular event. If a member is signed in, relevant contact information from their member profile may be pre-filled to speed up the registration process for them.
We use a third party service, Your Membership (owned by Community Brands), to publish and host event details and tickets on the members section of the IHE website. When someone visits theihe.org, a third party service, Google Analytics, is used to collect internet log information and to follow visitor patterns. By knowing the number of visitors to the various pages, we can improve the website and identify areas of particular interest. The information is processed in a way which does not identify individuals. If we are collecting personally identifiable information through our website, we will do so using forms that clearly explain what we intend to do with it.
Your Membership’s Privacy Notice is here.
Training: IHE uses third parties to deliver training courses for organisations and IHE members. Those trainers are under contract to IHE and may be given the names and emails of the individuals attending the course they are delivering, to facilitate learning and to gather feedback. Those personal details will only ever be used for the course being delivered and once the course has ended, trainers are instructed not to retain those details for any purpose.
Our legal basis for processing the data described above is our legitimate interest in facilitating the event or training for the attendees; as well as a legitimate interest in keeping an appropriate record of any communications entered into with those attendees.
If a visitor to our website decides to use a credit or debit card to pay for products or services or donations, you will be redirected to a third party service, Realex part of Global Payments, who collect payment on IHE’s behalf.
They will request card number, expiry date and the contact details of the person and address that the card is registered to. Their privacy notice is here: https://www.globalpaymentsinc.com/en-gb/accept-payments/ecommerce/privacy
This could include payment for items like event, membership, professional registration fees, but this list is not exhaustive.
Our legal basis for processing the data described above is Contractual in terms of completing the financial transaction with our customer; as well as a legitimate interest in the administration of that service e.g. to recover a debt due to us or to study how our customers use our products and services, so we can develop and improve them.
Email Communication (Members and Non Members)
We will periodically carry out anonymous polls and surveys on our website. From time to time we conduct sector research through the use of online surveys. For sector research surveys, the identities of respondents and their answers will be treated as confidential and will only be used for research purposes, unless the correspondent expressly requests or permits otherwise.
We may occasionally carry out market research with our members and non-members regarding the member services and benefits we currently offer or may wish to offer in future.
For all online surveys participation is voluntary at all times. The information you provide will be processed at all times by IHE in accordance with the Data Protection Act 1998 and from 25th May 2018, in accordance with the General Data Protection Regulation which will supersede it.
We use Survey Monkey for our questionnaires. If Survey Monkey is used, this will be made clear to you and in setting up the survey we might include optional boxes for your name and email. However, it is likely the site will collect their own information e.g. anonymous usage information about what you are doing. Here is a link to their privacy notice: https://www.surveymonkey.com/mp/legal/privacy-policy/
Our legal basis for processing the data described above is legitimate interest in understanding and advocating for our sector and customers and so we can develop and improve our services.
Emails that we send to members and non-members: IHE uses a third party provider, Your Membership (owned by Community Brands), to deliver the majority of our email. Your Membership is also used to manage your email preferences, if you have stated on your member profile that you are happy for IHE to contact you by email. You will see an option to manage your email preferences at the end of every email sent from Your Membership where you can subscribe/unsubscribe. This list is not exhaustive, but such emails may be about membership, training, jobs, technical news, branch news and IHE news.
Email tracking. Some emails that we send you have no tracking in at all, for example personal correspondence. Other emails we send are tracked so that we can tell if those emails send traffic to our website or we can tell, at an individual level, whether the user has opened and clicked on the email, to understand open and click rates to try and improve our emails. This information is recorded by Your Membership and Google Analytics. Sometimes we do use the personal information e.g. to re-email people who haven’t opened emails. If you want to be sure that none of your email activity is tracked, then you should unsubscribe from all IHE email correspondence.
Our legal basis for sending emails is legitimate interest where it concerns the administration of correspondence or a financial or membership transaction. For marketing emails our basis is consent.
IHE complies with its obligations under the Data Protection Act 1998 (the DPA), which will be superseded from 25 May 2018 by the General Data Protection Regulation 2016/679 (the GDPR), by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
Only authorised employees and data processors (software suppliers and those working on behalf of IHE e.g. Regional branches, Mentors, Assessors, to deliver our products and services) will have access to your data. All parties who have access to your data are required to process/use that data in accordance with the provisions of current data protection legislation and IHE’s Data Protection Policy.
IHE will never sell trade, rent, exchange or otherwise share your personal information with any other person, company or organization without gaining consent to do so.
Your Membership uses sophisticated security and safeguard measures to protect users' information (e.g. Secure Sockets Layer (SSL) encryption) to ensure that your data, debit/credit card will be protected against fraudulent use on our site.
Controlling your personal information
Cookies are small text files that are placed on your computer by websites that you visit. They allow the website to remember who you are. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
You have the ability to accept or decline cookies by modifying the settings in your browser. However, you will not be able to login to the website if cookies are disabled. You can also manually remove cookies from your system. For more information on disabling and enabling cookies you should search for or lookup 'Cookies' in your Operating System Documentation or visit https://aboutcookies.org/
These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website, where visitors have come to the website from and the pages they visited. You can find out more at https://support.google.com/analytics/answer/6004245?hl=en
Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the Data Protection Act 1998 (the DPA) which will be superseded from 25 May 2018 by the General Data Protection Regulation 2016/679 (the GDPR).
You have rights as an individual which you can exercise in relation to the information IHE holds about you – read more here:
This privacy notice was drafted with brevity and clarity in mind. It does not provide exhaustive detail of all aspects of IHE’s collection and use of personal information. However, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to firstname.lastname@example.org
If any of your personal details are incorrect, please write to us, email us or use the contact form, so that we can make any corrections promptly. Members are asked to review their data at least once a year on renewal.
If you want to make a complaint about the way IHE has processed your personal information, you can contact the ICO in the UK as the statutory body which oversees data protection law – https://ico.org.uk/make-a-complaint/.
Access to personal information
Members have an online login that will allow them to update their membership profile online at anytime – login or reset your password here
You can review the email preferences that we hold for IHE communications here (https://members.theihe.org/members/EmailOptPreferences.aspx) and you can change them at any time.
If you are a member you can change your communication preferences for Social Link at any time by logging into your profile.
Individuals can find out if we hold any personal information by making a ‘subject access request’ under the Data Protection Act 1998. If we do hold information about you, we will:
- give you a description of it;
- tell you why we are holding it
- tell you who it could be disclosed to and
- let you have a copy of the information in an intelligible form.
To make a request to IHE for any personal information we may hold you need to put the request in writing addressing it to our Membership, IHE, Floors 32-34, 286 Euston Road, London NW1 3DP.
If you agree, we will try to deal with your request informally, for example by providing you with the specific information you need over the telephone.
Identity and contact details of controller and data protection officer: IHE is the controller and processor of data for the purposes of the DPA 1988 and GDPR.
If you would like your information to be permanently deleted, please put a request in writing addressing it to Membership, IHE, Floors 32-34, 286 Euston Road, London NW1 3DP.
IHE may change this policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy was last updated 27th September 2018.