Chartered Institution of Civil Engineering Surveyors (CICES)

Privacy Notice
Last updated: 20 October 2025

Who we are

This privacy notice explains how CICES and its subsidiary SURCO Ltd collect, use, store and share your personal data. This applies when you visit our website, become a member, apply for services, or purchase products.

Data Controllers:

  • Chartered Institution of Civil Engineering Surveyors (RC000832)
  • SURCO Ltd (Company No. 02664923)
  • Registered address: Dominion House, Sibson Road, Sale, Cheshire M33 7PP, UK
  • Data Privacy Manager: Simon Hamlyn (Email: simon.hamlyn@cices.org)

What data we collect

We may collect the following types of personal data:

  • Identity Data: Name, date of birth, gender, title
  • Professional Data: Education, employment history, membership status
  • Contact Data: Email, phone number, postal address
  • Financial & Transaction Data: Payment details, purchase and order history
  • Technical Data: IP address, browser type, usage statistics (via cookies)
  • Marketing Preferences and Communication History
  • Special Category Data: On limited occasions, we may collect special category data such as information about health, ethnicity, or disability status—for example, to support equality monitoring, accessibility requests, or event accommodations. This data is collected only where necessary and with your explicit consent or where otherwise permitted under data protection law.

We do not collect criminal conviction data unless explicitly required and permitted by law.

How we collect your data

Data is collected through:

  • Forms and applications (e.g. membership, events, services)
  • Direct interactions (e.g. email, phone calls, surveys)
  • Automated means (e.g. cookies, analytics tools)
  • Third-party sources (e.g. references, sponsors, employers, educational institutions)
  • How We Use Your Data
  • Your data is used to:
  • Register and manage your membership
  • Deliver services, events, or products
  • Respond to enquiries or support requests
  • Communicate news, updates, and relevant information
  • Process payments and manage accounts
  • Improve our website and services through usage analytics
  • Fulfil our legal, regulatory, or contractual obligations
  • Where applicable, support equality, diversity, and inclusion initiatives (if you’ve provided special category data with consent)

Special category data is only processed:

  • With your explicit consent
  • Where necessary to carry out obligations in employment, social security, or social protection law
  • Where processing is necessary for reasons of substantial public interest, such as equality monitoring under the Equality Act 2010

Marketing and preferences

You may receive communications about services or products if:

  • You have given consent; or
  • You are a current or former member or customer with whom we have a legitimate interest
  • You can opt out at any time by contacting us.

Data sharing

Your data may be shared with:

  • Internal staff and approved volunteers
  • Sponsors, employers, and educational institutions
  • Third-party service providers (e.g. IT support, mailing services)
  • Professional advisers and regulatory bodies
  • International representatives (for overseas members)
  • The Engineering Council (for registration purposes)

We only share special category data where strictly necessary and with appropriate safeguards in place.

International data transfers

Where data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place, such as:

  • Standard contractual clauses approved by the UK ICO or European Commission
  • Transfers to countries with an adequacy decision
  • Other lawful mechanisms to ensure adequate protection

Data security

We have implemented appropriate technical and organisational measures to:

  • Protect your data against unauthorised access, loss, misuse, or alteration
  • Limit access to personal data to authorised individuals only
  • Respond quickly and transparently in the event of a data breach

Data retention

  • Most personal data is retained for 3 years after your last interaction or membership ends
  • Membership history may be retained for 12 years for historical and verification purposes
  • Special category data is retained only for as long as necessary and securely deleted when no longer required
  • Some data may be anonymised and used indefinitely for research, statistics, or reporting purposes

Your legal rights

You have the right to:

  • Access your personal data
  • Correct any inaccurate or incomplete data
  • Request erasure (‘right to be forgotten’)
  • Restrict or object to processing
  • Request data portability
  • Withdraw consent (where processing is based on consent)
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

To exercise your rights, please contact the Data Privacy Manager. We aim to respond within one month.

Contact us

For questions or requests related to this notice, contact:
Data Privacy Manager: Simon Hamlyn
Email: simon.hamlyn@cices.org
Phone: +44 (0)161 972 3100
Address: Dominion House, Sibson Road, Sale, Cheshire M33 7PP, UK