Privacy Policy

At the Institute of Enterprise Risk Practitioners (IERP®), we are committed to protecting your privacy. This notice explains what Personal Data the IERP® holds about you in connection with your use of our website and network, how we collect, use, disclose, safeguard and share Personal Data collected when you visit our website or use our products and services. Please ensure that you read this privacy notice and any other privacy notices we may provide to you from time to time when we collect or process Personal Data about you.

Data Controller:

IERP® is the controller for the Personal Data collected from employees unless this is stated otherwise. In this privacy notice, references to ‘we’, ‘us’ or ‘our’ mean IERP®.

Types of Personal Data We Collect:

Where we collect information, we do so to enable us to provide you better services, both on the website and in the rest of our operations.

The personal data collected by us may be in the form of but is not limited to:

  • Identity data (e.g., name, title, date of birth)
  • Contact data (e.g., email address, phone number)
  • Financial data (e.g., payment details)
  • Transaction data (e.g., details of products/services you have purchased)
  • Technical data (e.g., IP address, browser type)
  • Usage data (e.g., information about how you use our website/services)
  • Marketing and communication data (e.g., preferences for receiving marketing communications)


Purposes of Processing:

We collect your personal data for the following purposes:

  • Conducting Research to understand more about our users and how better to serve our users.
  • Building a profile of how you use our website and its facilities to improve our website and interactions.
  • Serving you with targeted and retargeted advertisement where you have consented to the use of cookies to provide you with targeted and retargeted advertisements
  • Sending you Emails where we have a legitimate business interest to send you service/research emails
  • Collecting Management Information on our email campaigns to improve content and services
  • Communicating with you via and responding to your queries as a means of communication and support.
  • Audit related activities to ensure we understand our business practices when auditing our internal processes and procedures to ensure that we are complying with applicable laws and internal and managing risk appropriately.
  • Anonymisation of personal data for the onward activities of Management Information and Business Intelligence for business improvement and intelligence purposes.
  • Performing system testing in order to enhance and improve our products and services to review and improve our services provided to you.


Lawful Basis for Processing:

We rely on the following lawful bases for processing your personal data:

  • Contractual necessity
  • Consent
  • Legal obligations
  • Legitimate interests

Data Sharing:

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent. However, we may share your information with:

  • Service providers and third-party processors
  • Legal and regulatory authorities when required by law


Your Personal Data may be transferred to other third-party organisations in certain scenarios:

  • If we are discussing a merger or acquisition, Personal Data may be transferred to respective third parties under suitable terms as to confidentiality;
  • If we are reorganised or sold, Personal Data may be transferred to a buyer who can continue to provide services to you;
  • If we are required to by law, or under any regulatory code or practice we follow, or if we are asked by any public or regulatory authority to share your Personal Data; or
  • If we are investigating or defending any legal claims your Personal Data may be transferred as required in connection with defending such investigations and/or claims.

Other websites

  • Our website and emails may contain links to other websites. We are not responsible for the content or practices of these other sites and we recommend that you check their own privacy policies.

International Data Transfers:

We or our suppliers may need to process Personal Data outside the European Economic Area (EEA) and/or United Kingdom (UK). Where this is the case we will only share the minimal amount of Personal Data necessary for the purpose of processing and, where possible, we will share the Personal Data in an anonymised form.

Whenever we transfer your Personal Data across borders, we ensure a similar degree of protection is afforded to it.

Data Retention:

We retain your personal data for as long as necessary for the purposes stated in this Privacy Notice or as required by law.

Security Measures:

We have appropriate security measures in place to prevent Personal Data from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your Personal Data to those who have a genuine business need to know it. Those processing your
Personal Data will do so only in an authorised manner and are subject to a duty of confidentiality.

We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Your Rights:

Under data protection law, you have rights including:

  • Access your personal data – You have the right to ask us for copies of your Personal Data.
  • Rectify inaccurate or incomplete data – You have the right to ask us to rectify Personal Data you think is inaccurate. You also have the right to ask us to complete Personal Data you think is incomplete.
  • Erase your personal data – You have the right to ask us to erase your Personal Data in certain circumstances.
  • Restriction of processing – You have the right to ask us to restrict the processing of your Personal Data in certain circumstances.
  • Object to processing – You have the right to object to the processing of your Personal Data in certain circumstances.
  • Data portability – You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, in certain circumstances.
  • Rights related to automated decision making, including profiling -You have the right not to be subjected to a decision based solely on automated processing (including profiling) which may significantly affect you. We do not make any employment decisions, solely using automated decision making technologies.
  • Withdraw consent (where applicable)
  • In most cases we will deal with your request as soon as possible and at the latest within one calendar month of the request. If we need to extend the time period for responding to your request, we will let you know within the one-month period. We do not charge a fee for any such requests, unless there are exceptional circumstances.

Changes to This Privacy Notice:

We may update this Privacy Notice from time to time. The latest version will be posted on our website with the effective date.

Contact Us:
If you have any questions about this Privacy Notice, please contact us at

Last updated: March 12, 2024