Privacy Notice for IIGCC members
This Privacy Notice explains the reasons why the Institutional Investors Group on Climate Change (“IIGCC”, “we”, or “us”) collects and processes personal information from or about you as an individual with a role at a member of our organisation and/or an individual who is using our website (www.iigcc.org) or other services , and how we comply with our obligations under the law (including the UK General Data Protection Regulation). It also includes information about how we use your personal information, how we keep it secure, and how you can let us know if you would like us to change how we manage it.
IIGCC is committed to being transparent about how it collects and uses your personal information, and to meeting its data protection obligations. Given that personal information can be used to identify you, we want you to be confident that we are using it responsibly.
Who we are
IIGCC is a company limited by guarantee (with registration number 07921860), incorporated in England and Wales. We act to bring the investment community together to make significant progress towards a net zero and climate resilient future. Our registered address is: Pennine Place, 2a Charing Cross Road London WC2H 0HF, UK.
If you have questions regarding your personal information or its use, please contact us using the details set out in the ‘How to contact Us’ section below.
What personal information does the IIGCC collect?
Personal information is any information that relates to an individual. It does not include information where the identity of the individual has been fully and effectively removed (anonymous data).
IIGCC collects and processes a range of information about you. This includes your name, job title, employer (or name of your organisation), email address, telephone and/or mobile number, fax number and work address, as well as certain preferences (such as whether you belong to any of our working groups or programmes.) We also hold details of our correspondence and communications with you.
When you access our website, we also collect information about your computer, including, where available, your IP address, operating system, and browser type. We do this for system administration purposes, including to analyse trends and gather broad demographic information for aggregate use so that we can improve the site, and deliver customised, personalised content.
We collect this information in a variety of ways. In most cases, we will collect the information from you directly. For example, personal information might be collected through letters or emails, on telephone calls, or from business cards that we receive from you directly. We also collect information when you voluntarily participate in our events or surveys or engage with us on social media.
If you have a role with one of our member organisations, we may, in some circumstances, collect additional information from you, such as passport information, nationality, date of birth or home address, for example when:
You are nominated or appointed to our board of directors
You attend or apply to attend events requiring accreditation through us
In some cases, we may also collect your personal information from third parties, for example by introduction/referral from other members. Further, if your organisation becomes a member of IIGCC, your organisation may provide us with your contact details or ask that you are added to our databases.
How will we use the information about you?
We collect and process your personal information in order to:
maintain contact with you;
manage your membership contract (if relevant);
send you invitations to events, meetings, webinars, or group calls;
send you newsletters, updates and publications;
invoice your organisation; and
make you aware of issues or services that we think may be of interest to you.
Our lawful bases
We will only use personal information when the law allows us to (i.e., where we have a ‘lawful basis’). Most commonly, we will use your personal information in the following circumstances and for the following lawful bases:
Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. For example, we have a legitimate interest in carrying out our work, providing our services and communicating with our members;
Where it is necessary for the performance of a contract with you (including for example your organisation’s membership contract);
Where it is necessary to comply with a legal obligation on us (for example, reporting to HM Revenue and Customs, Companies House or the Charity Commission).
In some circumstances, we may ask for your consent to use your personal information for a specific purpose. In particular, we may obtain your consent before we send you any email marketing, newsletters or other communications about topics and events which we think might interest you.
You may withdraw your consent and/or unsubscribe from our email communications by following the instructions in any email that we send you, or you can withdraw your consent and request us to remove your personal information at any time by emailing us at email@example.com.
We do not carry out any automated decision-making using personal information which produces legal effects or otherwise significantly affects individuals.
Who has access to your personal information?
Your personal information is stored in a range of different places, including our membership database, our email system, our website platform and our online platforms (including but not limited to Eventbrite, HubSpot, Insightly, Mailchimp, Microsoft Office forms, Survey Monkey). If you are a member of a particular working group or collaboration such as the Policy working group or Climate Action 100+ initiative, then your personal information may also be stored on databases and sharepoints specific to these groups and accessible by those groups. This information is accessible by all internal IIGCC staff for the purposes described above.
IIGCC will not sell, rent, loan or trade any of your personal information.
However, your personal information may be shared with selected third parties, including
to the extent necessary for us to provide opportunities for collaboration and sharing of information or where we deem it necessary to deliver our services to you;
where you are attending an IIGCC event, we may share your name, job title and details of your employer with other speakers or organisers of the event (or their teams) but will not share your contact information;
with contractors, suppliers, or other third parties that provide services on our behalf (such as our database and online platform providers);
as part of a sale, merger or acquisition, or other transfer of all or part of our assets including as part of a bankruptcy proceeding;
pursuant to a subpoena, court order, or other legal process or as otherwise required or requested by law, regulation, or government authority programs, or to protect our rights or the rights or safety of third parties;
with our professional advisors, lawyers, accountants and auditors; or
with your consent or as otherwise disclosed at the time of data collection or sharing.
We may share your contact information with other investor groups (including but not limited to Ceres, PRI, UNEP-FI, AIGCC, IGCC ) to ensure that you receive relevant information and invitations for collaborative projects or events. Where we share your personal information with other groups and partners, please note that the privacy notices or policies of those groups or partners will apply to their handling of your personal information. These policies will include details about how these organisations will process your personal information, including (among other things) information about the purposes for processing, the types of organisations that your information might be shared with and relevant contact details. For example, the following privacy policies apply to some of our partners (this list is not exhaustive).
Ceres – https://www.ceres.org/privacy-policy
PRI – https://www.unpri.org/privacy-policy
AIGCC – https://aigcc.net/privacy-policy/
IGCC – https://igcc.org.au/privacy-policy/
International Data Transfers
We may transfer your personal information out of the UK in some circumstances, for example if we are using a service provider in another jurisdiction (e.g. Eventbrite, HubSpot, Insightly, Microsoft Office forms, Mailchimp or Survey Monkey) and/or if we are sharing your personal information to one of our partner organisations or investor groups in another jurisdiction (including but not limited to the US). When we transfer personal information out of the UK, we take steps to ensure that your personal information is protected in accordance with appropriate safeguards, especially where the recipient country is not considered to be adequate under UK law. In particular, we rely on appropriate safeguards under data protection legislation, such as the UK International Data Transfer Agreement to protect your personal information.
For how long does IIGCC keep your personal information?
IIGCC will only hold your personal information for as long as necessary to provide you with our services or to comply with legislation. Usually this will be for the duration of your organisation’s membership and until the end of the calendar year in which your organisation ceases to be a member.
The criteria we use to determine the retention period of personal information are: (i) the respective statutory retention period; (ii) our contractual and/or business relationships with you; (iii) (potential) disputes; and (iv) any guidelines issued by relevant regulators. After expiration of that period, the relevant information is routinely deleted, as long as it is no longer necessary for the fulfilment of a contract, the initiation of a contract or to protect or defend our position or that of a third party. If you have any questions about our retention periods, please contact us using the details set out in the ‘Contact us’ section below.
How does IIGCC protect your information?
IIGCC takes the security of your personal information seriously and relies on a series of people, processes and physical and technological controls that help us to protect your personal information. We store personal information on computer systems that have access controls in place, are checked for vulnerabilities, and are protected against malicious attack. We also have physical access controls in our offices. IIGCC has implemented a number of administrative controls to try to ensure that your personal information is not lost, stolen, accidentally destroyed, misused, disclosed or altered. While we seek to use appropriate organisational, technical and administrative measures to protect personal information within our organisation, unfortunately no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us in accordance with the “Contact us” section below.
Access to information and your rights
As a data subject, you have a number of rights. You can:
request us to provide you with a copy of your personal information;
request that we change incorrect or incomplete personal information;
require that we delete or stop processing your personal information, for example where the information is no longer necessary for the purposes of processing;
request that we restrict the processing of your personal information;
object to the processing of your personal information in certain circumstances;
under certain circumstances, request us to port personal information about you that you have provided to us to you or to a third party; and
where we previously obtained your consent, to withdraw consent to processing your personal information.
If you would like to exercise any of these rights, please contact Anthony Rigby at firstname.lastname@example.org. Please be aware that IIGCC may be unable to provide these rights to you under certain circumstances, for example if we are legally prevented from doing so or can rely on exemptions.
If you believe that IIGCC has not complied with your data protection rights, you can contact the UK Information Commissioner’s Office (ICO) by visiting https://ico.org.uk/concerns.
Our platforms and newsletters may contain a link to other websites. Please note that when you click on one of these links, you are entering another website for which IIGCC has no responsibility (even if you access the website via a link on our website). We encourage you to read the privacy notices on all such websites.
This Notice may change from time to time – for example, to take into account changes at IIGCC or to reflect changes in regulation or legislation. It was last updated on 13th September 2023.
Updates to this Notice will be posted on this page – please check back from time to time. We will also use reasonable efforts to inform you of any significant changes by email where appropriate.
How to contact us
If you have any questions about this Privacy Notice or our handling of your personal information, please contact us:
By email at: email@example.com
By post at:
2a Charing Cross Road London WC2H 0HF
LAST UPDATED: SEPTEMBER 2023