Privacy policy

This Policy applies as between you, the User of this Web Site and Agile Business Consortium Limited the owner and provider of this Web Site. This Policy applies to our use of any and all Data collected by us in relation to your use of the Web Site and any Services or Systems therein.

Privacy and user consent

The Agile Business Consortium (“the Consortium”) collects personal data about the people we deal with while carrying out our business and delivering our services. As such, this Privacy Policy sets out to explain how any personal information about you will be processed and used by the Consortium. The Consortium undertakes to make use of your personal information only in the ways described in this policy, and in accordance with applicable data protection legislation and guidance. 

About us

The Agile Business Consortium is an independent professional body dedicated to advancing business agility worldwide in accordance with a defined set of professional standards and a code of practice. When we process personal information, we are the Data Controller, unless stated otherwise.

If you have any queries with regard to this Privacy Policy, please contact our Data Protection Officer, Karen Mcallen by email: info@agilebusiness.org

Data we collect and process

In this section you will find:

  • Details about the personal data we collect and how we use it.
  • Our lawful basis for processing this data.
  • How long we keep this data.


We will usually process your personal data because you have provided it to us, but in some cases, we may be provided with your personal data by a third-party (e.g. a member). 

A) Visitors to our website

When someone visits our website (https://www.agilebusiness.org/), including our sub-pages and sub-domains, we may collect and process personal data, as follows: 

Purpose

Data

Lawful basis

Retention period

Web server management and logging.
Browser, domain name, what web pages you visited (on our site), referral sites, IP address, time and duration of visit, device and OS details.
N/A (non-identifying information).
N/A
Data collected if you use one of our online contact forms, chat, etc.
Name, contact details, nature of your enquiry.
Contract
Will depend on the nature of your enquiry.

Our use of cookies

Occasionally we will send a ‘cookie’ to your device (we use the term “cookie” to collectively mean cookies, beacons, pixels and other technologies). A cookie is a small piece of data that is sent to your browser from a web server and stored on your device’s storage. A cookie cannot read data off your device or read cookie files created by other sites. Cookies do not damage your system.

We use cookies to identify which areas of our website you have visited or customized, so the next time you visit, those pages may be readily accessible. Data from cookies placed by the Consortium will not be used to keep track of visitors.

When you first visit our website, you will be shown our cookie banner. You can use this banner to accept, reject or change cookie settings. If you click the “Settings” button, you will be presented with options for the different types of cookies you can accept or reject. Once you have accepted or rejected cookies, you can always change your cookie settings by clicking the “C” symbol in the bottom left of the webpage.

You can also choose whether to accept cookies by changing the settings of your browser. You can set your browser to refuse all cookies or allow your browser to show you when a cookie is being sent. If you choose not to accept these cookies, your experience on our website and other websites may be diminished and some features may not work as intended.

It is lawful for us to use cookies that are necessary for the functioning of our website, but you have a choice regarding all other cookies. The lawful basis we rely on for processing cookie information is consent, provided via our cookie controls.

You should note that the cookies we use relate to third party services (e.g. Google Analytics) which may result in some information about your website visit being transferred to that third-party and processed outside the UK.

You can find more information about our use of cookies in our cookie policy: https://www.agilebusiness.org/copyright-legal-policies/cookies-policy.html

Links to third-party websites

The Consortium does not share any personal information you provide with the sites to which agilebuisness.org links, although agilebusiness.org may share aggregated data with such websites, for example, number of visitors to the site. Please check with those sites to determine their privacy policy. 

B) If you contact us

Purpose

Data

Lawful basis

Retention period

Email contact
Name, contact details, content of email.
Contract
Will depend on the nature of the enquiry
Phone contact
Name, contact details, nature of your enquiry.
Contract
Will depend on the nature of your enquiry.

C) If you are a customer or member

Purpose

Data

Lawful basis

Retention period

Customer registration
Name, contact details
Contract
Up to 6 years after an individual is no longer a customer
Access controls and authorisation, security
Name, contact details, user credentials, server information and logs
Contract
Up to 6 years after an individual is no longer a customer
Order fulfilment
Name, contact details
Contract
Up to 6 years after an individual is no longer a customer
Communications about professional status, purchases and bookings
Name, contact details, professional status
Contract
Up to 6 years after an individual is no longer a customer
Processing payments, fulfilling orders and returns
Name, contact details, purchase history, case information
Contract
Up to 6 years after an individual is no longer a customer
Respond to enquiries
Name, contact details
Contract
Will depend on the nature of the enquiry
Relationship services
Name, contact details, employer information, communication preferences, DOB, location data, profile photo, interests, social media handless, professional status, membership details 
Contract
For as long as current customer or member 
Respond to leads and opportunities
Name, contact details
Legitimate interest
For as long as qualified lead or opportunity 
Marketing communications
Name, contact details, marketing preferences
Legitimate interest
For as long as subscribed, and then kept on suppression list
To identify connections with other customers or organisations
Name, contact details
Legitimate interest
Up to 6 years after an individual is no longer a customer 
Analytics and analysis
Name, membership details
Legitimate interest
Up to 6 years after an individual is no longer a customer 

D) If you hold a professional status and/or accreditation

Purpose

Data

Lawful basis

Retention period

Management of professional status
Name, contact details, qualification information, application information, profile, CPD records 
Contract
Up to 6 years after an individual is no longer a customer 
Transactional communications about professional status
Name, contact details, professional status 
Contract
Up to 6 years after an individual is no longer a customer 

E) If you purchase something from our Shopify site

When purchasing something from our Shopify store, we will collect certain information for the purposes of dealing with your purchase. As such we rely on contract as our lawful basis for processing. Such information will include your name, contact details, purchase history, etc.

You can find out more about how we and Shopify handle your personal data, on our store privacy policy https://agilebusinesslearning.com/pages/privacy-policy.

F) Events

If you register for, and attend, one of our events:

Purpose

Data

Lawful basis

Retention period

Management of events
Name, contact details, payment details (where relevant) 
Contract
Up to 2 years after an event, unless required for other purposes 
Health and safety
Any accessibility or dietary requirements 
Legal obligation
Up to 2 years after an event, unless required for insurance purposes 
Marketing
Name, contact details, marketing preferences 
Consent, legitimate interest 
For as long as you are subscribed and then retained on a suppression list 
If you speak at one of our events:

Purpose

Data

Lawful basis

Retention period

Management of events
Name, contact details
Contract
Up to 2 years after an event, unless required for future events
Health and safety
Any accessibility or dietary requirements 
Legal obligation
Up to 2 years after an event, unless required for insurance purposes 

G) If you attend one of our training simulations

If you register to attend a training simulation:

Purpose

Data

Lawful basis

Retention period

Management of access to training simulation 
Name, contact details, learning history/training records 
Contract
Up to 2 years after an event, unless required for future events
Payment processing (where applicable) 
Name, contact details, learning history, payment details (is applicable) 
Contract
For the current year + 6 years, for tax purposes
If you are the simulation trainer:

Purpose

Data

Lawful basis

Retention period

Management of access to training simulation 
Name, contact details, learning history/training records 
Contract
Up to 2 years after an event, unless required for future events

H) Marketing

Purpose

Data

Lawful basis

Retention period

Send marketing information & manage potential leads
Name, contact details, employer information, communication preferences, DOB, location data, profile photo, interests, social media handles, gender 
Consent, Legitimate interest 
For as long as qualified lead or opportunity and not opted-out 

I) If you are a supplier or accredited delivery partner

Suppliers

Purpose

Data

Lawful basis

Retention period

Administer and make payments for invoices

Name, contact details, organisation name, job title, bank details, VAT number 
Contract
6 years + current year

Delivery partners

Purpose

Data

Lawful basis

Retention period

Order fulfilment

Name, contact details
Contract
Up to 6 years after an individual is no longer a customer

J) If you are a business contact

Purpose

Data

Lawful basis

Retention period

Managing networking contacts
Name, contact details
Legitimate interest
For as long as a useful/relevant contact 
To identify connections between customers and organisations 
Name, contact details
Legitimate interest
Up to 6 years after an individual is no longer a customer 

K) If you are an employee

If you are an employee, you will be provided access to our employee privacy policy. This sets out how we handle employee personal data. 

L) If you apply for a job

Purpose

Data

Lawful basis

Retention period

Assessing and identifying appropriate candidates
Name, contact details, DOB, qualifications, employment history, interview notes, application, CV, references 
Contract
For successful candidates will become part of HR record. If unsuccessful will keep up to 6 months after rejection 
Equal opportunities monitoring
Ethnicity, disability 
Legal obligation
Will remain with application during interview process then deleted if unsuccessful 
Talent pool – future opportunities for unsuccessful candidates 
Name, contact details, DOB, qualifications, employment history, interview notes, application, CV, references 
Consent
Until consent is withdrawn, or up to 1 year 

M) Our use of social media

We use various social media platforms. When we post information to our channels on those platforms, we do not process any personal information.

However, if you contact us via the platform, we will handle your information in the same way as we do if you were to email (see above). We may also, as a legitimate business interest, collect information from you from social media channels for the purposes of marketing our services to you (where it is lawful for us to do so), in which case we handle this information in the same way we do any other marketing information (see above). 

Sharing your information

A) Third-party processors

We use a number of third-party cloud-based services for the purposes of effectively running our business and providing our services to you. We also use a number of third-party organisations, e.g. accountants, HR support, etc.

In all cases where we are using a third-party service or company, we will only provide the minimal amount of information for the purposes of delivering the service to us and to meet our requirements.

We always carry out due diligence against all our third-party suppliers for the purposes of ensuring their compliance with data protection, maintaining adequate security of your data and ensuring they apply adequate data protection principles to the processing of the data we supply. We also make sure a legally binding contract (sometimes called a Data Processing Agreement or DPA) is also in place to protect your data. 

B) Our legal obligations to disclose information

If required to by law or in the good-faith belief that such action is necessary, the Consortium will disclose personal information to:

  1. Comply with a legal process served on the Consortium or to conform to the edicts of the law;
  2. Protect and defend the rights or property of the Consortium or visitors to agilebusiness.org
  3. Identify persons who may be violating the law, the legal notice or the rights of third parties,
  4. Cooperate with the investigations of alleged unlawful activities (e.g. handling requests for information from the police). 

Security

The Consortium uses appropriate organisational and technical precautions to keep the information disclosed to us secure. If you have concern about your data or would like more information about the security of your personal data, please contact us using the contact details above. 

Transfer of your data outside the UK

Due to the way we manage the Consortium, it’s members and provide its services it is possible your information may be processed outside the UK. If this is the case, we will always make sure the processing meets the strict criteria set out in UK data protection law. As such, if an adequacy regulation does not apply to the country where your data is processed, we will ensure an appropriate safeguard is in place such as standard contract clauses, and if required, carry out a transfer risk assessment. 

Your rights

In this Section, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights. 

A) The right to access and portability

You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data.

Your right to portability allows you to request a machine-readable format of the data you supplied to us and associated service logs (where we store them).   

B) The right to rectification

You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed. 

C) The right to erasure (or right to be forgotten)

Under some circumstances you may request us to delete your data from our systems. Where this is possible (e.g. we don’t have any legal purpose for continuing to process your data) we will erase it from our systems. If it’s not possible for us to delete your data, we will explain the reasons why.  

D) The right to restrict our processing

In some circumstances you have the right to restrict the processing of your personal data. Those circumstances include, if you contest the accuracy of the personal data; processing is unlawful, but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest. 

E) The right to object to our processing and to withdraw consent

You have the right to object to our processing of your personal data, if we are relying on our or a third party’s legitimate interest and you dispute those interests. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing to continue, which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

Where we are processing your data and needed to ask your permission to do so, you are able to withdraw your consent at any time. If you wish to stop receiving our marketing emails you can do so, by clicking on the “unsubscribe” link at the bottom of the email or by contacting us. 

F) Complaints

If you feel this privacy notice does not go far enough in explaining how we have used your personal data, we are happy to provide any additional information or explanation needed. Any requests for this should be sent to info@agilebusiness.org.


If you want to make a complaint about the way we have processed your personal information, we’d rather you brought it to us in the first instance, but of course you can contact the Information Commissioner’s Office in their capacity as the statutory body that oversees data protection law in the UK – https://ico.org.uk/make-a-complaint/  

More information

For more information about your data rights and privacy or data protection in general visit the Information Commissioner’s Office website: https://ico.org.uk 

Amendments to this privacy policy

We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you are happy with any changes to this policy. We will notify you of significant changes to this policy by email or on our website.