The Chartered Institute of Management and Leadership (CIML, USA) respects your privacy and is committed to protecting the personal data of our members, applicants, website visitors, and all individuals who interact with our services. This Privacy Policy explains in clear terms what personal data we collect, the purposes for which we process it, the legal bases that justify such processing, how long we retain it, and the rights you hold in relation to your data.
This policy applies to all personal data collected through our website (cimlglobal.us), Member Portal (cimlglobal.us/ciml/user/), membership applications, certification enrolments, events, communications, and any other interaction with CIML. Please read this policy carefully. By using our services or submitting personal data to CIML, you acknowledge this policy.
Overview
CIML processes personal data responsibly and in accordance with applicable data protection laws, including those of the United States (specifically the Commonwealth of Kentucky and the State of Oklahoma), and where applicable, internationally recognised data protection principles.
We collect only the data we need, use it only for the purposes for which it was collected, protect it with appropriate security measures, and do not sell it to third parties. Our processing is guided by the following core principles:
- Lawfulness, fairness, and transparency β we process data legally, fairly, and openly.
- Purpose limitation β data is collected for specified, explicit, and legitimate purposes.
- Data minimisation β we collect only what is necessary for the stated purposes.
- Accuracy β we take reasonable steps to ensure data is accurate and kept up to date.
- Storage limitation β data is retained only for as long as necessary.
- Integrity and confidentiality β data is processed with appropriate security safeguards.
Data Controller
For the purposes of this Privacy Policy, the data controller responsible for your personal data is:
Chartered Institute of Management and Leadership (CIML)
212 N. 2nd St., STE 100, Richmond, KY 40475, United States of America
Email: info@cimlglobal.us
Telephone: +1 (859) 203-3256
Website: cimlglobal.us
If you have any questions about how CIML handles your personal data, or wish to exercise any of your rights under this policy, please contact us using the details above or refer to Section 16 of this policy.
Information We Collect
Depending on how you interact with CIML, we may collect and process the following categories of personal data:
3.1 Identity & Contact Information
- Full name, title, and date of birth;
- Postal address, email address, and telephone number;
- Nationality and country of residence;
- Photograph (where submitted as part of a membership application or profile).
3.2 Professional & Academic Information
- Employment history, current job title, and employer details;
- Educational qualifications, academic transcripts, and certificates;
- Professional memberships, licences, and credentials;
- CV or rΓ©sumΓ© submitted as part of an application.
3.3 Membership & Account Information
- Membership grade, application status, and membership number;
- Member Portal login credentials (passwords are stored in encrypted form);
- CPD records, certifications earned, and qualification history;
- Subscription and renewal records.
3.4 Financial Information
- Payment transaction records (amount, date, reference);
- Billing address and invoicing details. Note: CIML does not store full credit or debit card details β payment card data is processed directly by our secure third-party payment processors.
3.5 Communications Data
- Emails, enquiries, and other correspondence sent to CIML;
- Responses to surveys, feedback forms, or event registration forms;
- Records of complaints or disciplinary matters.
3.6 Technical & Usage Data
- IP address, browser type and version, operating system;
- Pages visited on cimlglobal.us, time and duration of visits, and referring URL;
- Cookie identifiers and similar tracking technologies (see Section 10);
- Device identifiers and session data on the Member Portal.
How We Collect Your Data
CIML collects personal data through the following means:
- Directly from you β when you complete a membership application, enrol in a programme, register for an event, subscribe to our newsletter, contact us by email or telephone, or use the Member Portal.
- Automatically β when you visit our website, through cookies and similar technologies that record technical and usage data (see Section 10).
- From third parties β in limited circumstances, from referees, academic institutions, or professional bodies providing verification of your qualifications or credentials as part of a membership or certification application.
- From publicly available sources β such as professional directories, LinkedIn profiles, or published academic records, where relevant to verifying professional standing.
How We Use Your Data
CIML processes your personal data for the following purposes:
| Purpose | Description |
|---|---|
| Membership Administration | Processing applications, managing membership records, issuing membership certificates, processing upgrades, and maintaining your membership account. |
| Certifications & Qualifications | Processing certification enrolments, conducting assessments, issuing credentials, and maintaining qualification records. |
| Fee & Payment Processing | Processing membership fees, subscription renewals, certification fees, and issuing receipts and invoices. |
| Member Portal Access | Providing and managing access to the CIML Member Portal, including account authentication and security. |
| Communications | Sending membership-related correspondence, renewal reminders, CPD notifications, event invitations, and where you have opted in, the CIML newsletter and marketing updates. |
| CPD & Events | Managing event registrations, tracking CPD activity, and delivering training and development programmes. |
| Certificate Verification | Enabling authorised third parties to verify the authenticity of CIML-issued certifications and credentials through the verification portal. |
| Legal & Compliance | Complying with legal and regulatory obligations, responding to lawful requests from authorities, and enforcing CIML's Terms of Service and Code of Conduct. |
| Website Improvement | Analysing website usage to improve functionality, user experience, and content relevance. |
CIML does not sell, rent, or trade your personal data to third parties for commercial purposes. We do not use your data for automated decision-making or profiling that produces legal or significant effects on you without appropriate safeguards.
Lawful Basis for Processing
CIML processes your personal data on one or more of the following lawful grounds:
- Performance of a contract β processing is necessary to fulfil the membership agreement, deliver certifications, process payments, or provide access to the Member Portal.
- Legitimate interests β processing is necessary for CIML's legitimate interests as a professional membership organisation, such as maintaining accurate membership records, improving services, and safeguarding the integrity of the Institute, provided these interests are not overridden by your rights.
- Legal obligation β processing is required to comply with applicable laws or regulations, or to respond to enforceable requests from competent authorities.
- Consent β where you have provided your explicit consent, such as subscribing to our newsletter or marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
Sharing Your Personal Data
CIML may share your personal data with the following categories of recipients, strictly on a need-to-know basis and only to the extent necessary for the stated purposes:
- CIML Staff & Officers β authorised CIML employees, council members, and officers who require access to process your membership, certification, or enquiry.
- Accredited Representatives & Country Directors β CIML's regional representatives may access relevant member data in connection with locally coordinated membership services and events.
- Service Providers β third-party providers who assist with IT infrastructure, website hosting, payment processing, email communications, and event management, all of whom are bound by appropriate data processing agreements.
- Verification Requests β where an employer or third party submits a legitimate certificate verification request through CIML's official verification portal, CIML may confirm whether a certificate is valid, the grade held, and the date of award β no additional personal data beyond this is disclosed.
- Partner Institutions β where you have enrolled in a joint programme or where your consent has been obtained for such sharing.
- Legal & Regulatory Authorities β where required by law, regulation, court order, or in connection with legal proceedings.
All third parties with whom CIML shares data are required to maintain appropriate confidentiality and security standards and to process data only for the purposes for which it was shared.
Data Retention
CIML retains personal data only for as long as is necessary for the purposes for which it was collected, or as required by applicable law. Our general retention guidelines are as follows:
| Data Category | Retention Period |
|---|---|
| Active membership records | Duration of membership plus 7 years after termination or lapse |
| Certification & qualification records | Indefinitely (to enable certificate verification by third parties) |
| Financial & payment records | 7 years from the date of the transaction (legal and tax compliance) |
| Unsuccessful membership applications | 2 years from the date of the application decision |
| General enquiries & correspondence | 3 years from the date of last correspondence |
| Newsletter / marketing subscribers | Until consent is withdrawn or the subscriber unsubscribes |
| Website usage / cookie data | Up to 13 months (varies by cookie type β see Section 10) |
| Disciplinary / complaints records | 7 years from resolution of the matter |
After the applicable retention period, personal data is securely deleted or anonymised. Where data must be retained beyond these periods to comply with a legal obligation or to defend a legal claim, CIML will retain only what is strictly necessary.
Data Security
CIML takes the security of your personal data seriously and has implemented appropriate technical and organisational measures to protect it against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include:
- Secure Socket Layer (SSL/TLS) encryption for data transmitted through our website and Member Portal;
- Encrypted storage of passwords and sensitive credentials;
- Access controls restricting data access to authorised personnel only;
- Regular security reviews and assessments of our systems and third-party service providers;
- Staff training on data protection and information security best practices.
While CIML employs robust security measures, no digital system can be guaranteed to be completely secure. You are responsible for maintaining the confidentiality of your Member Portal login credentials and for notifying CIML promptly if you suspect any unauthorised access to your account.
In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, CIML will notify affected individuals and, where applicable, relevant authorities in accordance with applicable legal requirements.
Cookies & Tracking Technologies
CIML's website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site performance, and understand how visitors engage with our content. A cookie is a small text file placed on your device when you visit a website.
Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Essential for the website and Member Portal to function. Cannot be disabled. | Session / up to 1 year |
| Functional | Remember your preferences (e.g. language, login state) to personalise your experience. | Up to 1 year |
| Analytics | Collect anonymous data on how visitors use the site to help CIML improve performance and content. | Up to 13 months |
| Marketing | Used only where you have provided consent to track engagement with CIML content and communications. | Up to 13 months |
You may control cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of the CIML website or Member Portal. Where required by applicable law, CIML will seek your consent before placing non-essential cookies on your device.
Your Rights
Subject to applicable law, you have the following rights in relation to your personal data held by CIML. To exercise any of these rights, please contact us at info@cimlglobal.us. CIML will respond to all verifiable requests within a reasonable timeframe and in any event within 30 days.
ποΈ Right of Access
You have the right to request a copy of the personal data CIML holds about you and information about how it is processed.
βοΈ Right to Rectification
You have the right to request that inaccurate or incomplete personal data we hold about you be corrected or updated.
ποΈ Right to Erasure
In certain circumstances, you may request that CIML delete your personal data, subject to legal retention obligations.
βΈοΈ Right to Restriction
You may request that CIML restrict the processing of your data while a dispute or objection is under consideration.
π¦ Right to Portability
Where processing is based on your consent or a contract, you may request your data in a structured, commonly used, machine-readable format.
π« Right to Object
You have the right to object to processing based on legitimate interests or direct marketing, including profiling related to direct marketing.
β©οΈ Right to Withdraw Consent
Where processing is based on consent, you may withdraw that consent at any time. Withdrawal does not affect prior lawful processing.
βοΈ Right to Lodge a Complaint
You have the right to lodge a complaint with a relevant supervisory authority if you believe your data has been processed unlawfully.
Some rights are subject to limitations β for example, CIML may be required to retain certain data to comply with a legal obligation or to defend a legal claim, even if you request erasure. CIML will inform you of any applicable limitation when responding to your request.
International Data Transfers
CIML is a global organisation with members in over 70 countries. In the course of operating our international membership network, your personal data may be accessed by or transferred to CIML representatives, country directors, or accredited partners located outside your country of residence, including outside the United States.
Where such transfers occur, CIML takes steps to ensure that your personal data receives an adequate level of protection, including through the use of appropriate contractual safeguards with recipients. CIML's Accredited Representatives and Country Directors are required to handle member data in accordance with CIML's data protection standards and this Privacy Policy.
If you are located in a jurisdiction with specific international transfer requirements, you may contact CIML to obtain further information about the safeguards in place for your data.
Children's Privacy
CIML's services, membership programmes, and certifications are designed for and directed at adults aged 18 and over. CIML does not knowingly collect or process personal data from individuals under the age of 18.
If CIML becomes aware that personal data has been collected from a minor without verifiable parental or guardian consent, we will take prompt steps to delete such data from our records. If you believe that a minor has provided personal data to CIML, please contact us immediately at info@cimlglobal.us.
Third-Party Links & Services
The CIML website and Member Portal may contain links to third-party websites, social media platforms, or partner institutions. These external sites are not operated by CIML and are not governed by this Privacy Policy.
CIML has no control over, and accepts no responsibility for, the privacy practices or content of any third-party website. We encourage you to review the privacy policy of any external site you visit through a link from our website before providing any personal data to that site.
CIML's social media presence on platforms such as Facebook, Twitter/X, LinkedIn, Instagram, and YouTube is subject to those platforms' own privacy policies and terms of service, over which CIML has no control.
Changes to This Privacy Policy
CIML reserves the right to update or revise this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or organisational structure. The "Last Updated" date at the top of this page will be updated whenever material changes are made.
Where changes are significant, CIML will notify members by email or through a prominent notice on the CIML website or Member Portal prior to the changes taking effect. We encourage you to review this policy periodically to stay informed about how CIML protects your personal data.
Your continued use of CIML's services after any changes to this policy constitutes your acknowledgement of the updated policy. If you do not agree with any changes, you should cease using CIML's services and, if applicable, contact CIML to close your account.
Contact & Complaints
If you have any questions, concerns, or requests relating to this Privacy Policy or the way CIML processes your personal data, please contact our team using the details below. We are committed to addressing all privacy-related enquiries promptly and transparently.
If you believe that CIML has processed your personal data in violation of applicable law or this policy, you have the right to lodge a complaint with a competent data protection authority in your jurisdiction. CIML would, however, appreciate the opportunity to address your concerns directly before any formal complaint is made.
Privacy Enquiries & Data Requests
Our team will respond to all privacy and data-related requests within 30 days. For urgent matters, please contact us by telephone during business hours.