This notice applies across all of our linked websites that we own and operate and all services we provide, including all online products, and any other apps or services we may offer (for example,events or training
The Association of Corporate Governance Practitioners (ACGP) is known as the ‘Controller’ of the personal data you provide to us. Stewardship of your personal data is important to us and a responsibility that we take very seriously. Data is processed in accordance with the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) governed by the Information Commissioners Office updated in May 2018.
To enable us to provide you with your membership we collect basic personal data about you. We collect and associate with your membership account information like your name, email address, phone number, payment info, physical address and account activity.
We may need to collect additional data however we will seek your consent to collect this data only for the purpose of which it is intended. Here we describe how we collect, use and handle your information when you use our services.
Why we need your data
We may need to collect your basic personal data for the administration of the membership services you have requested. We will not collect any personal data from you that we do not need.
What Data Do We Collect
Your name and address
Telephone contact details
Details of any employment past or present or academic qualifications held by you provided on any membership for you have submitted.
Records of your contact and communications with us where key information is given or decisions made (i.e. ACGP membership level).
Access to your Data
All the personal data we process is processed by our staff in the UK and we have a member of staff who oversees the management of such data. Third parties who have access to your personal data do so with our express permission, your consent, and the law allows them to do so.
We have a Data Protection process in place to oversee the effective and secure processing of your personal data. Unfortunately, the transmission and storage of information on the internet is not completely secure. We will do our best to protect your personal data, however we cannot guarantee it's security. Once we have received your information, we will use best-practice procedures and security features to try to prevent unauthorised access. If we do become aware of any breach of our security that may have compromised your personal data, we will use best efforts to notify you without delay.
Your data may be processed in countries other than the country you live in – such as to the United States, where our data hosting provider’s servers are located. These countries may have laws different to what you’re used to. Where we disclose personal data to a third party in another country, we ensure your personal data remains protected.
We'll retain information for as long as we have an ongoing business need to retain it to provide you with the membership you contracted us to provide in accordance with our data retention policies and retention schedule. We often need to retain information to comply with our legal obligations, resolve disputes, or enforce any agreements.
There will be times when we need to share your personal data with third parties. We will only disclose your personal data to trusted third parties, for example
third party service providers and partners who assist and enable us to deliver our products and services to you (i.e. CG FirstTM). Their use of your information will be governed by their privacy policies and terms.
regulators, law enforcement bodies, government agencies, courts or other third parties where we think it’s necessary to comply with applicable European laws or regulations, or to exercise, establish or defend our legal rights. Where possible and appropriate, we will notify you of this type of disclosure
an actual or potential buyer (and its agents and advisers) in connection with an actual or proposed purchase, merger or acquisition of any part of our business
other people where we have your express consent.
We may occasionally advise you of CPD and training and development which are relevant to your membership level.
Postal Marketing – We do not send marketing information by post in line with our environmental policy.
What are your rights under GDPR
Subject Access Request
You have the right to see the information we have on our files which relate to you personally, this is called a subject access request (SAR). To request access of the data we hold about you, please write to the Data Controller to request access. We will acknowledge your request within 7 days and usually respond with the data within 30 days from receipt of your request. We can extend the period of compliance by a further two months where requests are complex or numerous. If this is the case, we will inform you within one month of the receipt of the request and explain why the extension is necessary.
The Right to Rectification
If at any point you believe the information we process on you is incorrect or incomplete you can request to have it rectified under article 16 of GDPR. This is called a notice of correction (NOC). To request rectification of data we hold about you, please write to the Data Controller detailing the
information which requires rectification. We will acknowledge your request within 7 days and rectify the information within 30 days from receipt of your notification. If it will take longer than 30 days we will inform you and provide an estimated timescale which is usually a maximum of 3 months. In certain circumstances we can refuse to rectify information if the request is manifestly unfounded or excess and we will always write to you and inform you of the reasons for refusal. Please note we have the right to request your ID before rectifying information to protect the individual.
The Right To Erasure
If at any point you decide you no longer want your details retained by us you may have the right to request your details to be erased under article 17 of GDPR (certain data may be exempt from this). This is called notice of erasure (NOE). It is also commonly known as your “right to be forgotten’. The right is not absolute and only applies in certain circumstances. To request erasure of data we hold about you, please write to the Data Controller detailing the information which you would like erased. We will acknowledge your request within 7 days and erase the information within 30 days from receipt of your notification if we are able to do so and your request is valid. If it will take longer than 30 days we will inform you and provide an estimated timescale which is usually a maximum of 3 months
We do not charge an administrative fee for any of the above unless your request is excessive or manifestly unfounded. Where a fee is chargeable it will be reasonable based on the administrative resources required to carry out your request
If you are not satisfied by our actions, you can seek recourse through our internal complaints procedure. You can contact us to have the matter investigated by contacting us as follows
Association of Corporate Governance Practitioners (ACGP)
One Victoria Square
If you remain dissatisfied, you have the right to refer the matter to the Information Commissioner. The Information Commissioner can be contacted at:
Information Commissioner’s Office Wycliffe House
Water Lane Wilmslow Cheshire SK9 5AF
Tel: 01625 545745 Fax: 01625 524510
Our aspiration is to achieve national recognition of ‘the ACGP’ and to establish the Governance Practitioner’s contribution to better corporate governance practice.Read More
Whether you are new to governance, already in a senior role or sit on a board of directors, our range of membership offers ensures that there is a grade that fits you.