Introduction: GDPR and data transparency
The Society of Operations Engineers is committed to open and transparent use of data which is secure and gives members, potential members and suppliers full confidence that we are using data exactly how we say we will. Our data collection is in accordance with the General Data Protection Regulation (GDPR), Data Protection Act 2018 and Privacy and Electronic Communication Regulation (PECR). This document sets out in plain English how that operates in practice. SOE believes in privacy by design, and giving you bite size and understandable information on data usage at the point we ask for permission.
What is SOE? How can you contact us?
The Society of Operations Engineers is a Professional Engineering Institution (PEI), licensed by Engineering Council (EngC) and Society for the Environment (SocEnv). We are a registered charity, (number 1081576), as well as a company limited by guarantee (number 03667147). IRTE Services Ltd is a company limited by guarantee (number 02854868), and a wholly-owned trading subsidiary of SOE which carries out our commercial activities. This data policy applies equally to both, and the term ‘SOE’ in this document covers the two organisations. Our business and registered address is 22 Greencoat Place, London SW1P 1PR. You can call us on +44 (0)20 7630 1111 or email us at soe@soe.org.uk. Unless otherwise stated below, SOE is the sole Data Controller for any data we collect from you.
When does SOE collect personal data?
- When you communicate with us by email, telephone or post, or visit us in person at the SOE business address or at an event
- When you apply to be a member of the Society of Operations Engineers
- When you apply for professional registration through us, or to transfer a registration to us from another PEI.
- If you apply through SOE for Eur Ing or Professional Engineer designation
- When you or your organisation purchases or applies for SOE products and services
- When you apply for one of our accreditations, either through us direct, or those organisations who are licensed to award and deliver them them
- When you consent to receive our marketing communications, or update your preferences regarding them
- When you have a profile on the SOE website, either as a registered visitor, member, or other customer
- In the form of cookies when you visit soe.org.uk – you can find out exactly which cookies we use and why here
- When you take out or manage a subscription to one of our magazines, Plant Engineer, Transport Engineer or Operations Engineer or our partner magazines
- When you register, attend, or otherwise take part in one of our events, awards or competitions
- When you agree to be featured in an article, press release or other published editorial piece of work. This could be written, photographic or both
- When you fill in surveys or polls from SOE
How do we process data? And why do we?
Under GDPR, there are six lawful bases for processing personal data – we have listed below which ones we use, and why. Data, and any communications are processed using secure systems which are regularly reviewed by our GDPR Working Group. Our systems record any and all processing reasons clearly, with the exact lawful basis and dates attached.
1) Consent – we use this as the basis for marketing and business development email and telephone communications, letting you opt-in and -out as you wish to hear about our products and services. This may be directly through SOE (using the email opt-in channels which are presented to all members and potential members as part of the sign-up process and can be controlled on the My SOE area of the website), or it may be consent you give through a third party, using an application form for one of our products where your contract is with the third party and the form has a marketing consent section specifically for SOE. We also use consent when we collect data from surveys (for example membership satisfaction survey).
2) Contract – we use this basis to process all necessary data for you to become a member of SOE, register with Engineering Council or Society for the Environment, or for us to deliver any of our other products and services, including the irtec licensing scheme. This includes any print, telephone or electronic communications which are necessary for administering these products or part of your membership benefits (for example renewal notices or notifications of a change of membership grade). It may also include data provided to us by your employer if they pay for your membership and/or registration. Contract also covers the practical mechanics of attending SOE events once you have signed up for one.
3) Legal requirement – we use this basis as part of our obligation to comply with the law or other regulatory or statutory bodies which may arrive on a case-by-case basis; for example, we would process our internal Human Resources data under this category
4) Vital Interests – using personal data, if and when necessary, to protect the vital interests of any individual (e.g. “life or death” situations) For example, we may collect dietary requirements as part of an event booking which includes food, and in case of medical emergency we may deem it necessary to share such food information with the emergency services (we do not hold sensitive data such as food requirements between bookings and it is stored securely when we do have it).
5) Public Task – we do not currently process any data under this category
6) Legitimate Interest – this basis is used when we have your details as a customer, and wish to contact you with products and services by post, telephone, or email which we believe will be of interest to you, and where doing so would not impinge on what we reasonably expect you to agree to when you give us your data (for example when we send you your membership pack in the post, we may include a marketing leaflet for professional registration).
Who do we share data with? Why do we need to?
Data processors
These are organisations where we securely pass your data to fulfil either contractual obligations to you regarding one or more of our products or services or undertake marketing, where we have an appropriate basis, or where we are passed such data to do so.
Data is only shared where an appropriate condition from the below list is met, and we have appropriate contracts covering data processing in place with all these organisations. The current list is:
a. MA Business – who act as publisher to SOE, for fulfilment of member and non-member subscriptions to SOE magazines. They also fulfil print, email and tele-marketing campaigns for the Society, where we have an appropriate data processing basis.
b. Messagepipes by Pixl8 – this is our email distribution software used for both contractual and marketing communications.
c. UK Engage – if you are a corporate (full) member of SOE, you will be entitled to vote in elections for the Trustee Board as well as your appropriate Professional Sector Council, UK Engage manage the process of elections for us. UK Engage also manage any voting SOE needs to coordinate for external projects (such as UK Trailblazer Apprenticeships steering group elections.
d. The Institution of Mechanical Engineers (IMechE) – SOE members are entitled to discounted subscription rates to IMechE publications, and we pass on mailing data of those members who do for fulfilment; this is turn is passed to the IMechE publisher, currently Think Publishing.
e. The Institution of Power Engineers (IPowerE) – as part of our service to IPowerE whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to IPowerE where necessary.
f. Chartered Association of Building Engineers (CABE) – as part of our service to CABE whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to CABE where necessary.
g. Romax Direct Marketing – who are our print fulfilment partner for mail campaigns, regarding subscription renewal and, where we have an appropriate data processing basis, marketing.
h. Smart Impact – this is the organisation who SOE partners with to run our Microsoft Dynamics Customer Relationship Management (CRM) system.
i. Pixl8 – our web agency, soe.org.uk is run on the Preside Content Management System (CMS) supplied and maintained by Pixl8.
j. HSBC – our bank, who we use to process payments and direct debits.
k. Pt-X and Smart Debit – these are the organisations that process Direct Debit payments for SOE through HSBC, using their secure systems.
i. Opayo (formerly SagePay) – who process card payments for SOE whether you pay online, over the phone and in person.
j. The Institute of Corrosion (ICorr) – as part of our service to ICorr whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to ICorr where necessary.
k. The Institute of Concrete Technology (ICT) – as part of our service to ICT whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to ICT where necessary.
l. The Institute of Demolition Engineers (IDE) – as part of our service to IDE whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to IDE where necessary.
Joint data controllers
This is where we need to pass your data to a secondary organisation or organisations for the purposes of fulfilling a contractual service or a material obligation (or are passed it from another organisation for the same reasons), and all organisations in the chain need to process this data to deliver. Data is only shared where an appropriate condition from the below list is met. We have appropriate agreements covering data control in place with all these organisations. The current list is:
a. The Engineering Council – when you apply for registration through SOE, we control your data in respect to your membership, but the Engineering Council also control this data in respect to awarding registration on our recommendation once we have passed it to them.
b. The Society for the Environment - when you apply for SocEnv registration through SOE, we control your data in respect to your membership, but SocEnv also control this data in respect to awarding registration on our recommendation once we have passed it to them.
c. The Audit Bureau of Circulations (ABC) - we may share your personal data with ABC, so they can verify aggregated statistics about circulation and usage of our products or review our policies, processes and procedures for compliance with relevant standards. You can view their privacy policy by following this link.
d. The Driver and Vehicle Standards Agency (DVSA) – if you apply for a Certificate of Professional Competence (CPC) through SOE, we are obliged to pass this information to the DVSA twice a year, so they can act as data controller for administering the scheme and keep an up-to-date register.
e. The Institution of Power Engineers (IPowerE) – as part of our service to the IPowerE whereby we affiliate their registered engineers, we control the data and store on our systems to process Engineering Council registration on behalf of applicants.
f. Chartered Association of Building Engineers (CABE) – as part of our service to CABE whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to CABE where necessary.
g. The Institute of the Motor Industry (IMI) & irtec centres – if you apply for an irtec licence, your contract will be with the originating irtec centre, however the IMI and the SOE will also be joint data controllers (the IMI for quality assuring the scheme and SOE for administering & awarding it). You can find a full list of current irtec centres here.
h. S&B Automotive – our partner in the IRTE Skills Challenge competition, you can find out more about the competition here.
i. Workshop Accreditation delivery partners – when your business applies for IRTE or MHE Workshop Accreditation, the contract will be with the originating centre authorised to deliver the accreditation, however SOE will be joint data controller for administration purposes. You can find a full list of current delivery partners here.
j. The Institute of Corrosion (ICorr) – as part of our service to ICorr whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to ICorr where necessary.
k. The Institute of Concrete Technology (ICT) – as part of our service to ICT whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to ICT where necessary.
l. The Institute of Demolition Engineers (IDE) – as part of our service to IDE whereby we affiliate their registered engineers, we process data and pass it to the Engineering Council, and back to IDE where necessary.
m. Fee paying organisations and corporate partners – SOE runs schemes whereby:
* an organisation may agree to pay for membership and/or professional registration for an individual
* being a member of our Corporate Partner Scheme entitles employees of that member to discount on their membership and/or registration
In these circumstances it may be that we acquire and share your data with/from the organisation so we can administer the appropriate products and services, and verify that you are entitled to any discounts or fee remission on a yearly basis
You can find a current list of fee paying organisations here and a full list of our corporate partners here.
n. SOE's regional network - as part of our regional CPD events and lectures programme, we process data and share with key contacts within the regional network. Regions will have 'view only' access to essential member data (name, email address, phone number, company name and membership status) to manage event registrations and contact registrants in relation to the events they have signed up for. 'Members can opt-out of this feature by updating their preferences on MySOE'.
Profiling and data for marketing
SOE does not use solely automated profiling to make marketing decisions, a human is always involved in the process. We do use your interests from ‘My SOE’ such as a) our products and services GDPR options and b) your membership record and any topics you have indicated you are interested in to ensure we send you relevant messages and content – for example if you are an IEng qualified Plant Engineer who is interested in alternative fuels, we may ensure that an article on this topic is presented to you when you log in, and you may also receive marketing emails regarding gaining CEng, where appropriate to furthering your career.
What are your rights?
GDPR provides you with the following rights; please see below for more detail and for how to use them:
The right to be informed – when we collect data from you, it is your right to be told how and why we require or would like it, and what we will be doing with it as well as how you can control what data of yours we have. We will always do this at the point where we collect your data, unless the data comes to us through a third party, in which case we will tell you as soon as possible after we receive it, and certainly within one month. This policy is part of that overall process, but we will use bite-size and easy to understand relevant parts of it at each of the touchpoints between SOE and the individual.
The right of access – anyone has the right to request if we hold data on them, and what data it is that we hold if so. You can do this by sending a written request to us either by email or post, using the details at the start of this notice. The data request will be free of charge – unless it is repetitive, excessive or manifestly unfounded, in which case we will charge a reasonable fee of £50. We will aim to get you the information within one working week, however this may take up to one month at busier times of the year for us.
The right to rectification – if any data we hold about you is incorrect, we will update it as soon as you inform us, unless we require verification of that information (for example a change of Engineering Council status). We also provide full self-service facilities for members to keep their contact and personal details up-to-date themselves vie the online membership area and offer similar preference centres for non-member prospects.
The right to erasure – you have the right to request that we completely erase any data we hold on you, which can be done easily by using the contact details at the start of this document. We will inform you of the outcome of this request and any associated erasure within one month.
The right to restrict processing – you may request that we restrict your data from being processed (for example to fulfil a magazine subscription), but still hold it on our systems if required and this is necessary under GDPR, you can do this in writing to the contact details at the start of this notice.
The right to data portability – if you wish that we share your personal data with other controllers (for example if you apply for Engineering Council registration and we need to share your information to get you registered) the right under GDPR is that this should be in an easily transferable format (you also have the right to ask us to send you a copy of your data in a similar easy to use format). We usually do this by secure data transfer between organisations’ portals, however if this is not an option (or if you wish us to transfer your data to you) we will do this in password protected excel or CSV file via encryption software.
The right to object – we use appropriate legal bases as outlined above for processing data for marketing purposes, and we enable you at every opportunity to keep your preferences up-to-date. However, you have the right at any point to object to marketing communications, and as soon as you do so in writing or by telephone to the SOE office, we will stop all marketing contact. The same applies if you wish us to remove your input from a survey you have filled in, even if you previously gave permission, although anonymised data would not be included in this.
Rights in relation to automated decision making and profiling – you have the right to know if we profile you or make marketing decisions about you using wholly automated processes, as stated above, SOE does not use automated marketing
systems using data we collect under this agreement.
Jurisdiction and geography
Our data processing activities take place within the European Union; however, if you live within one of our non-UK regions, we may, with your permission, pass data to a local SOE representative. For example, if you live in Hong Kong and wish to apply for CEng, we would need to offer you a local mentor to assist you.