1 Your Rights Under the Regulation
The General Data Protection Regulation (GDPR) specifies a number of rights that you have with respect to our processing of your personal data. Some of these rights are new, others are existing rights that may have been modified or enhanced. Unless otherwise specified below, you can exercise any of your rights with respect to our processing of your personal data by writing to us at firstname.lastname@example.org or to Member Data, The CQI, 10 Furnival Street, London EC4A 1AB. Please we aware that we may need to verify your identity before we can service your request.
You are entitled to see the personal information that we hold about you. You can access much of this information yourself by logging in to the members’ section of www.quality.org. There is generally no charge for making a data subject access request should you choose to write to us at the address given above.
You are entitled to correct personal information we hold about you that is inaccurate. You may correct some of your personal data by logging in to the members’ section of www.quality.org. Where it is not possible to change your personal information through self-service, you may ask us to correct your data by writing to us at email@example.com.
In certain circumstances you are entitled to ask us to delete the personal information we hold about you. Please note that we may not be able to delete all personal data that we hold about you, for example, because of our duties to regulate the quality profession under our Royal Charter.
In certain circumstances you are entitled to object to our processing your personal information.
In certain circumstances you are entitled to ask us to restrict our processing of your personal information. For example, you may ask us to do this if you dispute the accuracy of your personal information, if our processing is unlawful but you prefer restriction to deletion, if we no longer need the information but you need it to exist in our systems for legal reasons, or if you have objected to our processing and we are dealing with your objection.
In certain circumstances you are entitled to receive the personal information you have provided us in a structured, commonly-used and machine-readable format. Over time we will be changing our systems to make it easier for you to receive your data in this way.
You can also complain to the Information Commissioner's Office (ICO) who is responsible for making sure that organisations comply with the law when they handle your personal information: https://ico.org.uk/global/contact-us/
We have appointed IT Governance Europe Limited to act as our EU representative. If you wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, please email our Representative at firstname.lastname@example.org. Please ensure to include our company name in any correspondence you send to our Representative
2 How We process Your Personal Information
2.1 Your member record
Your application for membership is stored in our database along with your personal contact information, and details of the grade and scheme of your membership. Your personal details may include your training, education, work and professional experience.
Your membership of CQI professional networks such as branches, special interest groups and the Next Generation Network are also recorded on your member record.
Notes of telephone conversations, emails and physical correspondence between you and the CQI/IRCA may be attached to your membership record for future reference.
External assessments of membership applications, regrades, recertification, transition, migration, or CPD evaluation are carried out by assessors under contract to the CQI. Documents generated by the assessor in the course of making an assessment are stored on your member record.
Sometimes more than one record about you is created in our system. We occasionally reconcile our records to identify duplicates and to maintain the accuracy of your information. Should we identify a discrepancy in your data, we may contact you to help us decide which record should be your main record, and to verify that your record is accurate.
2.2 Managing your membership
All new members receive a series of welcome emails. The information provided is for the purpose of advising you of membership benefits and how you can best make use of them.
We notify you in advance that your membership is due for renewal. You are given details of your scheme (IRCA only), grade, the fee payable, methods of payment available to you, and what to do if any information is incorrect. We send reminders both before and after the deadline if payment is not received. IRCA members who do not renew their registration are notified when they are removed from the IRCA register for non-payment of annual fees.
If you fail to renew your membership without informing us that you wish to resign, we may contact you multiple times for up to one year following the expiry of your membership, with information about how you can resume your membership. You may inform us of your wish to resign your membership at any time. We will then amend your membership record and you will receive no further requests to renew your membership.
Following payment of your annual membership fees, a receipt is automatically sent to you by email 1-2 business days after payment. This receipt only contains data directly related to the renewal of your membership.
We maintain financial records related to your membership. For example, we need to reconcile your payments for membership in order to maintain our relationship. These are kept in electronic format and hard copy for 7 years after the end of the financial year in which the transaction took place.
Upon admission to an eligible CQI membership grade, we create and send to you a membership certificate containing your name, membership grade, membership number and date of admission. IRCA members may receive certificates upon request and payment of a fee. We do not keep copies of your certificates.
CQI Chartered Members and Fellows, and IRCA auditors, are required to maintain CPD records. The CQI can request CPD evidence from Chartered Members and Fellows at any time. IRCA Auditors are required to submit CPD evidence every five years as a part of the recertification process. Assessments of your qualifications and CPD evidence are stored in your member record on our database, indefinitely, in order to demonstrate your compliance with CQI / IRCA requirements. This is in keeping with our legal obligation to regulate the profession.
Information that you submit about training that you completed before January 2017, via the Record Your Certificate form on the CQI website, is added to your member record to evidence the training that you have undertaken.
2.3 Managing requests for information about you
Sometimes, agencies or potential employers of CQI / IRCA members may contact us for information about you as part of their referencing process. If we receive a request from a third party about your membership status or record, we only disclose this information with your written consent, unless we are under a legal obligation to do otherwise.
2.4 Self service
Upon joining the CQI you are provided with unique login credentials for the members' self-service section of the website, www.quality.org. These credentials allow you to access your benefits, to update your account with address changes, to pay your fees, to set your email preferences, and to choose your branch and special interest groups.
2.5 Communications you receive as member benefits
We contact you periodically to inform you of our available membership grades, and to advise you as to how you can progress through our grades as you progress in your career. You can tell us if you would rather be excluded from this communication.
We post your copy of Quality World to you every month. To do this, we pass your mailing address on to a third party, Warners, who do the print and dispatch of the magazine.
We provide you with bi-monthly newsletters by email -- one is titled IRCA networks and is received by IRCA members and the other is CQI networks, which is for CQI members -- containing relevant news and articles from the CQI / IRCA. This is a member benefit from which you may withdraw by clicking on the "unsubscribe" option at the bottom of the email.
We send you the latest articles from the online Knowledge hub by email. This is a member benefit from which you may withdraw by clicking on the "unsubscribe" option at the bottom of the email.
2.6 IRCA auditors only
When you join IRCA, you agree that your certification and some details about your identity are to be displayed in the online IRCA register. The register acts as a tool to display and verify your professional competence. Should you wish for your information to be removed from the online register, you may email your request to email@example.com or call +44(0)207 245 6866.
You are required to renew each certification that you hold every five years on the anniversary of joining. The information you supply is used to assess your professional skills and qualifications and ensure you continue to meet the requirements for the grade that you hold. This information is stored indefinitely to ensure that we have records that support your inclusion on the public register, and to demonstrate our diligence in maintaining the accuracy and integrity of the register.
2.6.2 Transition / migration
Changes to an ISO standard commonly lead to a requirement to complete a transition or migration process in order to maintain your IRCA status. In such cases you are required to provide evidence that you meet the transition or migration requirements.
Copies of evidence that you supply in your transition application are stored indefinitely as proof that you are competent to carry out audits to this standard.
2.6.3 Organisations Employing Auditors (OEAs)
We check annually with your employer whether you remain in their employ. This is necessary to keep our auditor list up to date, to ensure that each company is billed the correct amount and to allow the company sufficient time to amend their records before invoices are issued.
When you commence working for an OEA and wish to come under that scheme, we disclose personal data to your employer in order to confirm your identity and eligibility for the scheme.
While you are working for an OEA it may be necessary to disclose personal data to your employer in order to confirm your identity.
Your IRCA Auditor card may be sent to your employer for distribution to you. The card states your name, membership number, scheme and grade.
A notice of the requirement to recertify is sent to you via your employer during the fifth year of your certification. Contact your employer should you wish to be excluded from this communication.
Should you leave the employ of an OEA, your membership remains active until your next renewal date, at which time we contact you directly in order to renew your membership.