Terms & Conditions


The Institute of Risk Management (ISRM) is legally established and is a non-profit organisation.

The ISRM has been established in order to create a global centre where practitioners, academics and policy makers can come together to share information, help progress and promote the underlying understanding and capabilities associated with strategic risk and crisis management, and develop their own personal and professional networks.

You can contact the ISRM via email: admin@theisrm.org

Please read this privacy policy carefully. It explains what personal information we may collect about you when you become a member of the ISRM, register for one of our webinars or events, and subscribe to our mailing lists, and any other ways you may engage with us.

This policy tells what we do with your personal data, and who we may share it with. This policy also tells you about your rights in respect of the personal information we hold about you, and how to contact us to exercise your rights, or to find out more about how we handle personal data.


In order for us to fulfil our functions as a professional association, we process personal data relating to existing and prospective members, members of the public, our partners and other individuals we do business with (also referred to in this notice as ‘you’), including:

  • ISRM current, prospective and former members
  • Advisory Council Members and others
  • Other supported and members of associated organisations
  • Survey respondents and others
  • Subscribers to newsletters and other publications
  • Registrants for professional development training seminars, webinars or other events
  • Representatives and contacts from other organisations and service providers
  • Other recipients of services provided by the ISRM
  • Complainants and enquirers


The ISRM is committed to preserving the appropriate confidentiality, integrity and security of the personal data we process by complying with the Data Protection Act 2018 (which incorporates the provisions of the 2016 General Data Protection Regulation (GDPR)) and all applicable Privacy and Electronic Communications Regulations.


We will update this privacy policy from time to time. We will notify you of any changes as required by law. We will also post an updated version on our website.

This Privacy Policy was last updated on 29 March 2019.


Personal data is any information relating to an identifiable living individual. We may collect the following information about individuals:

  • Personal details including your full name and date of birth
  • Contact details, including postal and email addresses, and preferences
  • Education
  • Work/employment details
  • Application forms and references
  • Account and payment details
  • Membership details
  • DBS certificate numbers
  • Details of legal queries
  • Details of complaints
  • Financial details
  • Any other information you choose to give us


We may also process in certain circumstances sensitive classes of information that may include:

  • Social circumstances
  • Physical or mental health details
  • Racial or ethnic origin
  • Criminal records


We collect data directly from you (for example from registration forms, change of details forms, surveys, at fairs and events and via our website) and will create some data internally (e.g. when we assign you an ISRM membership number).

We will also collect data directly from you when you voluntarily subscribe to any of our mailing lists.

Where we collect information, whether that be via websites, telephone, or manual forms, we will provide at the point of collection amore tailored and specific privacy statement pointing out the relevant information for that product or service and justifying why the collection is necessary.

We may also receive information from third parties, including referees in support of your membership application.

Information we collect through our website:

When you visit our websites, we automatically collect some technical information from your computer or mobile device such as IP address, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms, and information about your visit to the website and your use of it.

Our websites use cookies. Cookies are text files placed on your computer to collect Standard Internet Log information and visitor information. These cookies allow us to distinguish you from other users of the website and allow us to collect information about your visit to our website.


We may process the information we collect about you for the following purposes:

ISRM members

Administration of membership: We will hold personal data relating to members in order to administer membership. This includes to process your membership (and application for membership), payments and to notify you of any matters affecting your membership.

The legal basis for this processing is to perform the contract with you related to these activities and services or because you have asked us to take specific steps before entering into a contract in respect to these activities and services;

Membership benefits: we will use your information to administer membership benefits including to send you publications, etc.

The legal basis for this processing is to perform the contract with you related to these activities and services.

Communications and information: we will use your information in order to send you ISRM publications such as our Newsletter and any other publication intended primarily for members. You can unsubscribe from our newsletters at any time.

We will also use your information:

  • To send you registration or information packs, surveys, questionnaires, feedback forms, information regarding ISRM campaigns and events and related courses,etc.
  • To correspond with you about any ISRM projects or initiatives.


The legal basis for this processing is to perform the contract related to these activities and services.

Governance: we will use your information where you are an elected or appointed Advisory Council Member for governance purposes.

The legal basis for this processing is legal obligation.

Seminars, conferences, webinars and other events: the ISRM offers seminars, conferences, webinars and other training events, online or offline, for both members and non-members. If you choose to register for any of these, we will need your information in order to administer your registration and attendance.

The legal basis for this processing will be contractual in some cases or it will be to fulfil a legitimate interest.

Other individuals who engage with us:

Campaigns, newsletters and other resources: if you opt in to receive newsletters about our activities or if you want to access some of our resources available to the public, we will email you with information relevant to the mailing list to which you have given your consent. You may withdraw your consent at any time.

The legal basis for this processing is consent.

To assist you: we will use your information to respond to enquiries and assist you with any requests. Your communications with the ISRM, including online, by email, text message (SMS), via ISRM’s website (or otherwise) may be recorded and retained for quality, trainingand record-keeping purposes. If you post or interact with us via social media, we may use your information, in order to contact you in relation to the query. We will not use this forthe purpose of further marketing or communications, unless you give us your consent to do so.

The legal basis for this processing is legitimate interest because it is necessary for the administration of our business and the provision of our services, which is necessary for the legitimate interests of our business.

Professional conduct: we will use your information for the purpose of enquiries, investigations and complaints relating to ISRM members. Such matters may be sensitive in nature and the ISRM restricts internal access to information to those teams responsible for investigating and resolvingthe relevant matters.

The legal basis for this processing is the effective administration of such enquiries which is a legitimate interest of our business.

Partner relationship management: we will use personal information of nominated individual representatives of firms and other organisations as part of our partner relationship management activities, including of our corporate members.

Communications (including marketing): We use your information for:

  • Marketing purposes and to send you relevant communications about our products, services, news and other initiatives.
  • To send you registration or information packs, surveys, questionnaires, feedback forms, information regarding ISRM campaigns and ISRM courses and events
  • To correspond with you about any ISRM projects or initiatives.
    Where you have given us consent for us to contact you for these activities, you will have the right to withdraw your consent for these at all times, and we will make this process as easy as possible.


We will not pass your information on to other marketing providers and we will not sell your information to any third party.


We must have a legal basis to use your personal information when the law allows us to. In accordance with the law, we process the personal data described above because:

  • It is necessary in order to perform the contract we have entered into with you;
  • It is necessary for the purposes of our legitimate interests (or those of a third party). Where we use your personal data for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. If we believe your interests or fundamental rights and freedoms override our legitimate interests, we will not use your personal data on this basis and may seek your specific consent, and/or another lawful basis.
  • It is necessary for our compliance with a legal obligation.


We may also use your personal information in the following situations:

  • Where we need to protect your interests (or someone else’s interests).
  • Where it is needed in the public interest.


Service providers

The ISRM uses a number of third-party service providers in order to carry out some of the activities described above. For example, to send you mailings, to provide professional insurances, to obtain DBS certificates, to collect direct debit payments and to manage surveys, campaigns and events. The ISRM requires such service providers to use your personal data only forthe purpose of the relevant service.

We also engage external IT consultants and suppliers to provide support and development services in relation to our systems and databases. These consultants may from time to time need to access information which may contain personal data for the purposes of systems testing and development.

Regulatory obligations

Our auditors are given access to our systems for the purpose of annual audit of our accounts.

In some circumstance, we may need to share your personal data where necessary with other third parties (including legal or other advisors, regulatory authorities, courts and government agencies) to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

We require third parties to maintain appropriate security to protect information from unauthorised access or processing.

We may be under an obligation to report certain matters to internal senior management, committees within the ISRM and/or to external bodies including local authorities, Companies House, etc.

General public

The ISRM may wish to publish your details online or via other media. This is only done with your consent and you can withdraw this consent by emailing us at admin@theisrm.org.

Transfers of your information out of the EEA

We may need to transfer your personal data to data processors working for us or one of our suppliers which are located outside the European Economic Area (EEA). One such example is where any of the computer services used to host our website are located in a country outside of the EEA. We may also transfer your data to the USA to organisations such as Campaign Monitor, SurveyMonkey, Facebook, Twitter and Google for contentdelivery, communication and marketing services in accordance with your preferences.We will take all steps reasonably necessary to ensure your personal data is treated securely and in accordance with this privacy policy. These steps may include entering into processing agreements with these parties or ensuring the parties receiving your data are certified under an approved certification mechanism such as the Privacy Shield framework (details of which can found at www.privacyshield.gov).


We will retain your details for as long as they are needed for the relevant purposes listed in the section above Why does the ISRM hold information on me?

We may also retain certain records for other legitimate reasons (including after your relationship with the ISRM has ended), for example to resolve any potential disputes, cross-check against future membership applications and to comply with other retention obligations e.g. safeguarding issues.


The law gives you certain rights in relation to your data. The ISM is committed to respecting individuals’ rights. You may action your rights by contacting us via email to admin@theisrm.org. We will comply with your requests unless we have a lawful reason not to do so. We will endeavour to handle any requests within a reasonable period and, in any event, within a month of the original request.

Your rights include:

Right to information and access

You have the right to be informed about what personal data we collect about you, why, on what lawful basis and what your rights are. This Privacy Statement is the key document we use to inform you about this.

You also have a right to request access to the information that we hold about you, and to receive a copy of this information, along with other information which is generally contained in this Privacy Statement.

ISRM members also have the right to receive a copy of any information we hold about them in connection with the performance of our contract with them.

We will respond to you within the time frame specified within the applicable data protection law, which is generally within one month of receipt of the written request. We will provide the information without charge, but we may charge a reasonable fee for the administrative cost of providing the information where the request for information is unfounded, repetitive orexcessive.

Right to rectification

You have the right to request that inaccurate personal data be rectified, or completed if it is incomplete. We will respond to you within the time frame specified within the applicable data protection law, generally within one month of receipt of the request. If we have disclosed your personal data to any third parties, we will also inform those third parties of any correction to your personal data where possible. Members can update their details via the Members’ area of our website at theisrm.org.

Right to erasure and restriction

You have the right to ask us to limit or cease processing or erase information we hold about you in certain circumstances. When responding to such requests, we will tell you how such restrictions or deletions may affect our ability to fulfil our contracts with you or otherwise affect your interests.

Right to object

You can ask us to stop using your information, where we are processing it on the basis of our legitimate interest. We will do so unless we believe we have a legitimate overriding justification to continue processing your personal data.

Right to ask us to stop contacting you with direct marketing

You can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please email us at admin@theisrm.org.

Right to withdraw consent

If you have given us any specific consent to use your personal data, you have the right to withdraw it any time. If you wish to tell us that you are withdrawing your consent, please email us at admin@theisrm.org


We will use technical and organisational measures to safeguard your personal data. All information you provide to us is stored securely and any access to your online user account is controlled by a password and username that is unique to you.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmissionis at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

Our website may include links to, or content embedded from third party web service providers. Please note that we have no control over these third-party websites and therefore cannot accept responsibility for the protection and privacy of any information which you provide whilst visiting such third-party websites and such websites are not governed by this privacy policy. It is your responsibility to exercise caution and note the terms of privacy policies relevant to any such third-party websites.

If you have reason to believe that your interaction with us is not secure, please notify us of the problem immediately by contacting us using the details below.

Prior to introducing new systems or technologies relevant to the processing of personal data, we will undertake any necessary impact assessments with aparticular focus on any associated risks.


In the event of any breach of our systems impacting on the security of a member’s or any other individual’s personal data, we will inform the affected member(s) or individuals at the earliest opportunity describing the nature of the breach, the possible consequences and the measures being taken to remedy the situation in accordance with our procedures and applicable law. Where necessary, we will notify the Information Commissioner’s Office in accordance with the law.


If you are unhappy with the way in which we process your personal data, please contact us via email admin@theisrm.org

You also have the right to lodge a complaint before the Information Commissioner’s Office (ICO), the UK’s data protection authority.

Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; Tel: 0303 123 1113 (local rate) or 01625 545 745; or see their website.


Via email: admin@theisrm.org

Stay up to date with ISRM Corporate

Sign up to ISRM Corporate Newsletter to receive the latest news and analysis from across our global network.

Stay up to date
with ISRM Corporate