This Privacy Statement (together with our Terms and Conditions of Business sets out the basis on which any personal data that we, the Institute of Risk Management (IRM), collect from you or that you provide to us, and explains how it will be processed by us. 

IRM values and respects the privacy of its members, customers and visitors to its website.  We are committed to ensuring the protection of personal information that we hold and to fulfilling our rights and obligations under data protection legislation, in particular the Data Protection Act 1998 (the Act).  We take appropriate technical and organisational security measures to protect your personal information while providing you with the opportunity to receive products and services that we think you may find beneficial. 

By entering, browsing and using this website, you consent to the collection and use of your personal information in accordance with this Privacy Statement.  Where you submit information to us, you confirm that you have all necessary permissions and consents to do so. 

If you do not accept this Privacy Statement, you must not use our website.

We may change this Privacy Policy from time to time without notification and we advise you to regularly review when you visit our website.

What personal information is collected and what is it used for?

Data such as contact details, date of birth, employment details, membership history and details (including payment information and reasons for resignation), examination results, qualifications, CPD details, course attendance, queries and complaints is collected and held by IRM and used for the following reasons:

  • to administer and manage your membership; to process your payments, including subscriptions, examination fees, course fees, etc.;

  • to maintain details of any accreditations; to monitor examination performance;

  • to enhance and improve IRM’s services and qualifications; to deliver specific services or products you have requested; to maintain CPD and course attendance records;

  • to improve your browsing experience by personalising the website;

  • to deal with queries and/or complaints made by you in relation to our website; and

  • to communicate with you.

Some of this information is provided by you when you make enquiries with us or when you make an application for membership, or to sit an exam or to enrol on a course. We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.  Other information will be obtained during the course of your membership from you or third parties, such as employers or members of the public, to enable us to carry out the purposes set out above.

We may also collect and store information transmitted by your computer when you use our website.  This may include your IP address, browser data and information we receive from cookies .

IRM members

The personal information we collect will enable IRM to keep you updated with relevant information which forms part of your package of membership benefits.  It will be relevant to the purposes for which it is to be used and we will do our utmost to ensure that such information is accurate and complete.  If any of the information we hold about you is inaccurate we will do our best to correct it quickly once you notify us.  You can update your contact details yourself online by selecting ‘”On-line Member Facilities” available from the ‘Members’ homepage after logging in to


The personal information we collect will only be used for the purposes for which it was originally submitted.  For example we will contact you if you have submitted a request for information to us and you have supplied your contact details to us for this purpose.  We will not retain your details for future mailings unless you specifically opt-in to this type of mailing.  Neither will we disclose your details to third parties, unless you specifically opt in to this type of mailing.

If you are giving us information about another person we will take this as confirmation that they have appointed you to act for them and that you are properly authorised to consent on their behalf.

Sensitive Information

Some of the information we ask you for or which you provide may be sensitive personal data, such as information about medical conditions. We will not use such sensitive personal data except for the purposes of processing your membership and, in the case of information about medical conditions, for the purpose of making any reasonable adjustments where possible to enhance your membership or the sitting of examinations.

Disclosure of information to third parties

We do not disclose your information to any third parties or bodies with which we are not associated unless we have your permission to do so or are required to do so by law.

We may disclose your information to our approved service providers, such as venues and mailing houses where it is necessary to deliver a service that you have ordered (for example, to arrange delivery of your member magazine). Our suppliers may include providers based outside the EU. Where this is the case, we will only contract with such providers where we are satisfied that they meet EU standards on data protection.

From time to time we may undertake controlled mailings on behalf of third parties on a commercial basis where the product being advertised is likely to be of interest to you, and if you have chosen to opt-in to this type of communication.

Where your employer pays for any of your course fees, tuition, including e-learning, examination entries, or membership fees, we will upon the employer’s request provide your employer with details of your membership status and/or examination record, including attempts, where we either have your permission or are required to do so by law.

Storage of personal information

The information that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA).  It may also be processed outside the EEA by one of our associated companies or a third party engaged by us.  By submitting your personal information to us, you agree to this transfer, storing or processing.  We will take all steps reasonably necessary to ensure that your personal information is treated securely at all times and in accordance with this Privacy Statement.

The transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal information, we cannot guarantee the security of data transmitted via the internet (including by email).  Any transmission is at your own risk.  Once we have received your personal information, we will use strict procedures and security features to prevent unauthorised access.

Appropriate security measures are in place to protect the personal information that we hold.  We limit access to your personal information to those who we reasonably believe need to use that information in order to carry out their jobs.  We have physical, electronic, and procedural safeguards that comply with our legal obligations to protect your personal information. 

Our website contains links to other websites.  Please note that when you click on one of these links you are "moving" to another website.  IRM is not responsible for the information privacy practices or the content of these other websites.  We encourage you to read the privacy policies of these linked websites as their privacy practices may differ and they may not be subject to the same data protection legislation.

Opting out

You may choose to opt-out of receiving communications alerting you to news and offers at any time.  To do so please use the unsubscribe link provided in our emails or contact

Access to your personal data

You have the right to ask for a copy of the information we hold about you. We may make a charge (of no more than £10) for this. Please see ‘Further Information and Questions’ at the bottom of this statement for the contact details of IRM’s Data Protection Officer.


We reserve the right to update this Privacy Statement at any time.

Further Information and Questions

If you have any questions regarding privacy or do not feel that your concerns have been addressed, please contact:

Data Protection Officer
Institute of Risk Management
2nd Floor, Sackville House
143-149 Fenchurch Street

Tel: + 44 (0)20 7709 9808  Email: