Improving Software for Society

Privacy Policy | GDPR

This privacy policy explains how we use any personal information we collect about you when you use this website and your rights under the General Data Protection Regulation | GDPR. This applies to citizens of states in the European Economic Area.


•  What information do we collect and hold about you?

•  Purpose and Legal Basis for Processing

•  Marketing

•  Subject Access Requests and Correction

•  Data Retention Policy

•  Cookies

•  Other Websites

•  Changes to our Privacy Policy

•  How to Contact Us

•  Complaints Procedure

•  Data Breaches


We collect information about you when you register with us with an enquiry, an application for membership and when you become a member.

For an enquirer, we hold your name and the email address you supply.

For an application, we hold your name, addresses, email addresses, telephone numbers, date of birth and any documents you send us. We also hold details of your application progress.

For a member, we hold all of the details from your application and any additional information you provide, for example home and work address, email and telephone number. We also hold the details of any website(s) you have asked us to display. We also hold a history of your subscription payments. You may add additional consultant details. This is managed by you and can be amended at anytime.

All this information will be kept until you request your details be deleted, subject to GDPR rules. For example you cannot have your details deleted and remain a member.

We also hold your details to allow us to advise you of offers and events that you may be interested in.

Any follow-up emails to or from you with any of the above are logged onto our systems.

We may get other information about you from your social media pages or other public internet sources.

Provided you have given your explicit permission, we may contact colleagues in support of your application or regrading requests.


We collect information about you to process your enquiry about the Institution, your membership application or your ongoing membership of the Institution. These are defined below.

As an enquirer we will log your enquiry and send you a link to our free weekly IAPetus newsletter. You can opt in and out of this as you wish. We may occasionally send you information about the IAP and you can opt out of this by contacting us.

When you apply to be come a member we will process your application (information provided by you) through various steps. We may request more information from you and our Membership Panel will review your application. You will be notified of the progress of the assessment of your application. You will be contacted if more information is required or when your application has been accepted and we have requested your membership payment. We will send reminders as appropriate. You can, at anytime, cancel your application.

As a Member of the Institution you will receive some information from us, for example your Membership Pack, Annual Membership Subscription Details, Subscription Reminders, Annual Personal Details Check, Annual Diary, XMAS Message, New Year Message, Details of Events, Symposium, IAPetus, our Newsletter, Software Development Practice, our in-depth magazine. Some of these i.e. those not related to subscriptions can be opted out of by contacting us.

The IAP will not share your information for marketing purposes with companies outside the Institution.

In processing your membership, we may send your details to 3rd parties to produce your membership card and/or membership plaque. We may also share information with prospective employers where you have authorized access. This is usually limited to confirmation of membership. Where appropriate we send this data securely and is deleted shortly after use.

If you entered Consultant information; this a an online freely accessible database for prospective employers and is publicly searchable.

There is also a Member Check facility. This allows people to check you are a member. This is technically public but requires your Surname and Membership Number. It then confirms your full name, when you became a member and your current membership status.

We will ask you for consent to contact you. Existing members will continue to get everything they have previously requested, but may be asked to confirm some option items of membership. Currently this will be by email as our systems are being updated to cater for GDPR.

If we lose contact with you we may use social media and other sources to try and reconnect with you.

We may produce internal reports on membership statistics and management reports for the normal processing of the business that may contain individuals’ details. These are only used by the staff and management team of the Institution.


We would like to send you information about our products and services and those of other organisations which may be of interest to you. If you have consented to receive marketing material, you may opt out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. Please inform us if you no longer wish to be contacted for marketing purposes.


You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please email or write to us. Under GDPR this is free but repeated requests may be charged for.

We will confirm your request for information and confirm your identity. We will normally get your information back to you within a month.

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.


Our data retention policy is to retain all data unless you request it is deleted. We may keep certain information on file to allow lapsed members to rejoin in the future and maintain their grade etc. Applications will be kept to ensure that applicants who may apply more than once can be advised of this and inadvertent errors reduced.


Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.

For further information visit or

You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, some of our website features may not function as a result.


Our website contains links to other websites. This privacy policy only applies to this website so when you link to other websites you should read their own privacy policies.


We keep our privacy policy under regular review and we will place any updates on this web page. This privacy policy was last updated on 25 April 2018.


Due to our size we do not have a dedicated Data Protection Officer, all communications should therefore be directed to the office.

The Institution of Analysts and Programmers is a Data Controller under GDPR. Please contact us if you have any questions about our privacy policy or the information we hold about you.


Under Article 77 of the GDPR act you are entitled to complain to the ICO if you believe our processing of your personal data infringes the Regulation.

Without prejudice to any other administrative or judicial remedy, every data subject shall have the right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.

The supervisory authority with which the complaint has been lodged shall inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78.

The ICO, currently has no specific page for GDPR complaints but we have provided this link that is more generic.

You may wish to contact our Operations Director, John Ellis, in the first place to see if he can resolve or explain your complaint. Please contact the office in this event.


In the unlikely event of a data breach, we will immediately notify the ICO and then any individuals concerned. This will usually be within 72 working hours, but we may need longer to identify some individuals.