Privacy Policy

This privacy statement explains ICSA's data practice and tells you:

1. Who collects information from you through this website.
2. What information they collect.
3. For what purposes they use that information.
4. When the information is collected.
5. With whom they share that information.
6. Your rights in relation to the collection, use, distribution and correction of that information.
7. The kind of security procedures that are in place to protect against the loss, misuse or alteration of information under the control of ICSA.

If you are not happy, either with the contents of this privacy statement or the practices of ICSA in relation to this statement, you should first contact us at If you do not receive acknowledgement of your enquiry or feel that it has not been properly addressed, you should then contact the Office of the Information Commissioner.

1. Who collects information?

This website is operated by ICSA, the Institute of Chartered Secretaries and Administrators We are a body operated under Royal Charter whose registered office is at Saffron House, 6-10 Kirby Street, London, EC1N 8TS.

We have notified the Office of the Information Commissioner of our processing operations as required by the Data Protection Act and intend fully to comply with the provisions of that Act.

For further information on these matters please contact the Office of the Information Commissioner.

This website is hosted by Rackspace. Rackspace will not collect any data from which you personally may be identified from this website.

2. What information ICSA collects

We collect two types of information from users of the ICSA website: usage information and personal information.

2.1 Usage information

Usage information is information that relates to your use of the website such as which areas of the site you use most or least often, how often you use the website and when.

2.2 Personal information

Personal information is information that you give us about yourself in order to benefit from our services. As such, it may include details such as:

(a) Your name and address (including an e-mail address)
(b) A user name and a password
(c) Your profession or your employer
(d) Your preferences in terms of the different types of information that you would prefer to receive.

Much of this information is optional. Where you do provide it, it will enhance your use of the website and our services. Where information is not compulsory, this will be clearly marked.

3. Why does ICSA collect this information?

Most of the personal information that we collect from you helps us to provide you with our services.Other personal information that we collect helps us generally to provide a better experience for our customers or to market other relevant ICSA products or services to you.

4. When do we collect this information?

We collect it at various points on our website. The following are the main ones.

4.1 Cookies

A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is not linked to any personal information on our site; it collects only usage information. To find out more about or to change the cookie settings at any time, see our cookie policy, below.

4.2 Log files

We use IP addresses to analyse trends, administer the site and to gather broad demographic information for aggregate use. IP addresses are not linked to personal information, only to usage.

4.3 Surveys and competitions

From time-to-time our site may run a survey or competition. Participation in these surveys or contests is entirely voluntary and you will have a choice whether or not to disclose any information. Full details of the information requested and potential uses and disclosures of that information will be given with the notice of the survey or competition.

5. With whom will we share your information?

We will share aggregated usage information within the Institute of Chartered Secretaries and Administrators. This is not linked to any personal information that can identify any individual person.

We may (in appropriate circumstances) use certain other companies to provide services to you, such as a credit card processing company. These companies do not retain, share, store or use personal information for any purposes other than to provide the service to us. The relationship between them and us is regulated by a contract that contains safeguards for your rights.

6. Your rights

If your personal information changes or if you no longer desire the service offered by this website, we provide a way to correct, update or remove your personal information that you previously provided to us.

The Data Protection Act 1998 also grants you certain rights in relation to your personal data. Please contact the Office of the Information Commissioner for more detail on these rights.

7. Security

We take precautions to protect your information. When you submit information through our website, that information is protected both on- and off-line.

Whilst we use SSL encryption to protect sensitive information on-line, we also do everything in our power to protect user information off-line. Your information is restricted in our offices so that only employees who need the information to perform a specific job are granted access to it.

If you have any questions about the security at this website, you can send an e-mail to

This website contains links to other sites. Please be aware that ICSA is not responsible for the privacy practices of other sites. We encourage users to be aware when they leave our site and to read the privacy statements of each and every website that collects personal information from them. This privacy statement applies solely to information collected by this website.

The terms of this privacy statement may change from time to time, so please check back regularly to keep up to date on our practices.

ICSA cookie policy

What is a cookie?

A cookie is a piece of information in the form of a very small text file that is placed on an internet user's device. It is generated by a web page server, which is the computer that operates a web site. The information the cookie contains is set by the server and it can be used by that server whenever the user visits the site.

Types of cookies

Cookies can be grouped in the following categories:

Session cookies

These cookies are temporary. They are stored in the devices’ memory only during a user's browsing session and are automatically deleted from the user's device when the browser is closed.

Persistent or permanent

These cookies are stored on the user's device and are not deleted when the browser is closed. Permanent cookies can retain user preferences for a particular web site, allowing those preferences to be used in future browsing sessions. These cookies remain on your device until you erase them or they expire (this depends on how long the visited website has defined the cookie to last).
Here is a list of all the cookies used on this website:

First party cookies

First party cookies are set by our website, you are visiting and they can only be read by our site.

Cookies Name Category Description
Session Resources 
Strictly neccessary The cookies are essential in order to enable you to move around the website and use its features, such as accessing secure areas of the website. These cookies do not contain any personal information. Without these, services on the website may not function properly.
Persistent  accept Cookies Strickly neccessary This cookies is used to record if a user has accepted the use of cookies on our website. 

Third party cookies

Our website uses the following third-party suppliers who may also set cookies on your device as you browse our website. Please note that, where we embed content from third-party sites such as YouTube, you may also have cookies from these third-party websites installed on your device. ICSA does not control these cookies and you should check the privacy policy of the relevant website for more information.

Cookies Name Category Description


Google Analytics


These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site. The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited. For more information about Google’s privacy policy, please use this link: Google’s privacy policy
To opt out of Google Analytics, please use this link: Opt out of Google Analytics



  Twitter Twitter set a series of cookies on any page that includes a Twitter feed. Twitter will automatically create these cookies. These cookies are installed by Twitter and are used to detect if you are currently logged into Twitter when you visit our website, and if you are already following us. For more information about Twitter’s privacy policy, please use this link: Twitter’s privacy policy

Privacy policy, Please use this link: Twitter's privacy policy

Site usage and consent

By continuing to use the site we assume that you agree to accept cookies on your device in accordance with this cookie policy. We have detailed where to find information on how to delete and manage cookies.

Deleting and managing cookies

Most web browsers allow you to manage or delete your cookies by accessing the browser settings. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

This cookie policy is in relation to the ICSA’s website. This statement does not cover links within this site to other websites.

Data protection policy
The Data Protection Act 1998 sets out a framework for the handling of personal data and is supported by eight data protection principles as follows.

  1. Personal data shall be processed fairly and lawfully.
  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
  4. Personal data shall be accurate and, where necessary, kept up to date.
  5.  Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
  7.  Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

ICSA is committed to respecting and protecting the privacy and rights of its Members, students, Professional Subscribers and other contacts in accordance with the Data Protection Act 1998. This document sets out how ICSA seeks to apply the requirements of the Data Protection Act.

Personal data collected by ICSA and how it is used
ICSA will only collect the information required to maintain your membership, studentship and professional subscriber records. We also give you the opportunity to tell us more about your interests and preferences in order to receive information about relevant products and services.

ICSA needs for administrative and operational purposes to collect and process certain data about its members, students, Professional Subscribers and other individuals (i.e.people who enquire about which of our qualifications may be best suited to their needs). In particular:

Administration of membership, student and Professional Subscriber records

The information collected includes: title, name, date of birth, gender, contact details, job title and previous study and qualifications.

This information is essential for us to be able to register and contact Members, students and Professional Subscribers regarding their membership, studentship or Professional Subscriber status, and to ensure they receive the vital information required to enable them to continue as a member, student or Professional Subscriber of the ICSA, such as renewal notices and membership updates. This information may also be used for verification purposes.

Financial information

If a membership fee or a donation to the ICSA Benevolent Fund is paid by Direct Debit, ICSA collects bank account details to enable the transaction to be processed. The ICSA does not retain any credit card details as all payments are taken directly through SecPay. Any hard copies of credit card information received are processed and immediately securely destroyed.

Enquirers about membership, student registration, Professional Subscriber status and other services

The information collected includes: title, name, contact details, how enquirers heard about ICSA and their current employment status.

The information is necessary for ICSA to send the relevant information in response to the enquiry (and to understand the background of our prospective students and members so we can better serve our key markets).

Student examinations

The information collected includes details of each examination module sat, number of times attempted, grade achieved and any postponements or exemptions awarded.
The information enables ICSA to be able to administer the examinations, track student progress and produce examination results/transcript. The examination results may be released to the tuition provider and/or employer if the student has consented to their release.


If a Member, student or Professional Subscriber has agreed to hear from us, we will perodically use their prefered contact address - usually email - to send updated information, invitations to ICSA or related events content and services.

From time-to-time we may also to send information to all Members, students or Professional Subscribers, on topics that are an essential part of the membership experience, such as notice of the Annual General Meeting, or an invitation to take part in our annual graduation and membership ceremony.

Commercial mailing lists for marketing campaigns are only used and retained for the period stipulated by the agent supplying the list.

Governance and Compliance Magazine

ICSA uses a third party mailing house to assist with the despatch of the Governance and Compliance magazine. The name, address and grade (if a Member) is sent to the mailing house and all data is securely encrypted. Once the list has been used it is deleted. Members and non-members can also opt in to recieve a digital edition by email.

CPD (Members only)

ICSA provides an online log for members to record their CPD hours.  ICSA uses this information as part of its wider monitoring of Members’ progress and completion of this compulsory requirement. Information held on the log includes: Date and nature of course/event/activity, name of organiser, number of hours of each course/event/activity and declaration of completion.

ICSA Services 

Our Membership services are also supported by our trading companies which provide professional development resources to members and customers. These include training and conferences, books and online subscriptions and consultancy services.

All ICSA users have the ability to opt in and out of receiving this communication.

Personal data collected and recorded by ICSA's commercial services 
The information collected includes: title, name, company name, job title, correspondence address, email address, telephone number, past purchases and requests for future information on products. This information is recorded and reviewed to improve marketing and product development activities

Access to information
We may occasionally use this  data to market ICSA events and services t i.e.: the annual Awards but only to those who have agreed to receive marketing from ICSA.

Events, training and conference evaluation forms

Events, training and conference evaluation forms are retained for a one year period and then securely destroyed.

Methods of data collection
ICSA uses several methods for collecting data, including: online via the website/ email and hard copy such as application, registration and enquiry forms. In addition the marketing department occasionally acquires external mailing lists to enable promotion of ICSA and its services.

Data storage & security

Your data is kept on a secure system. All staff with access to your data are contractually bound to keep this information confidential.

In addition to receiving messages for ICSA HQ in London, your contact details are provided to your local branch chairman in the UK, Republic of Ireland and Crown Dependencies so that you can hear about branch networking events and activities.

In overseas branches, your contact details may be provided to your local branch chairman if your  branch has entered into an appropriate data transfer agreement.

Your contact details are also provided to agents conducting business on our behalf. However, all agents who process data on our behalf are contractually obliged to keep that data secure.

Disclosure to third parties
We provide data to third parties principally in the following respects:

Mailings - Print companies / fulfilment houses

ICSA will only disclose your information to agents who are conducting business on our behalf and only use it for the agreed purposes i.e.: distribution of the Governance and Compliance magazine, dissemination of your membership card.

Tuition providers

Examination results will only be provided to Registered Tuition Providers and/or your current employer with your prior consent.

Membership upgrades, prize-winners and external publications

To publicly record your achievement, when you gain graduate or full membership:
• your name may be published in the Governance and Compliance magazine
• your contact details may be provided to your local branch chairman to publicly record your achievement.

Similarly, as a student if you are awarded a prize for achieving the top mark on an exam paper, details of your achievement and your name may be published in the Governance and Compliance magazine. Your contact details may be provided to your local branch chairman to publicly record your achievement.

Members and students who do not wish their names to be published can opt out using the relevant examination entry and membership application forms.

Directory of Members

ICSA publishes the name, grade and date of achieving the current membership status in its directory of members. You can choose to enhance your profile to include contact details, or to withdraw your name from this publication via My ICSA.


If a Member or student is subject to a disciplinary case in which the complaint is upheld, ICSA may publish their name and the outcome of the disciplinary case in the Governance and Compliance Magazine.

Details provided in support of employment applications

As your professional body and as a service to Members / students, if ICSA receives verification requests from current or prospective employers, employment agencies, regulators or other third party contacts we will confirm only that you are a member or student unless a consent form, signed by you, accompanies the request.

Sharing / selling data to third parties

ICSA only shares data internally between its membership and trading arms. In all uses we  ensure that member, student and Professional Subscribers preferences are always respected.

Your data is never sold or made available to a third party.

Retention of data – relevant periods

Your member and student information will be retained indefinitely, to produce a transcript, to verify that you studied or became a Member of the Institute, to re-register as a student, or to re-elect your membership.

Professional Subscriber records will be retained for a period of seven years from date of termination of Professional Subscriber status, as they contain the financial records.

Changes to data

ICSA will review and maintain up-to-date records for all members and students. However it is the responsibility of the individual to ensure that the data held by ICSA is accurate and up-to-date. Individuals should notify ICSA of any changes to their circumstances i.e.: address, contact details, email address etc. to ensure accurate records are maintained. The best way to do this is online via your profile and preference centre in My ICSA.


The Data Protection Act gives individuals a right of access to a copy of the information comprising their personal data. ICSA charges an administrative fee of £10 for this service.

If you wish to access a copy of your data please write to:

Head of Client Relations and Members
Saffron House,
6-10 Kirby Street,
London, EC1N 8TS
United Kingdom

Please enclose a cheque payable to ICSA to cover the administrative fee of £10.

ICSA as a data controller maintains its statutory rights to hold data for as long as is required for legitimate purposes.

Right to object

You have the right to object to the use of your personal data for direct marketing and the right to object to the processing of this data if it construed likely to cause damage or distress.


ICSA is registered as the Data Controller with the Information Commissioners Office.

Direct Marketing

ICSA and its subsidiaries can directly market to members, students and other contacts by mail and electronic means, provided the members, students and other contacts have given their consent to receiving this information by the relevant opt-out or opt-in, via marketing preferences .

Key definitions as defined by the Data Protection Act

Data means information which is being processed by means of equipment operating automatically in response to instructions given for that purpose; is recorded with the intention that it should be processed by means of such equipment; is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system.

The Act refers to a relevant filing system as any paper or manual filing system which is structured in such a way as to make that information about an individual readily accessible.

Personal data is data relating to a living individual who can be identified from that data or information which is in the possession of, or is likely to come into the possession of, the data controller. This includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual.

Data controller means any person (or organisation) that determines the purposes for which and the manner in which any personal data are, or are to be, processed. The data controller has a responsibility to ensure all files relating to individuals are kept securely, are accurate, are up-to-date and are used only for the purposes specified.

A data controller must be a “person” recognised in law; this would be individuals, organisations and other corporate or unincorporated bodies of persons. The ICSA is a data controller. ICSA companies are separate data controllers in their own right.

Processing in relation to information or data, means obtaining, recording or holding the information or data or carrying out any operations on the information or data i.e.: viewing, amending, copying, extracting storing, disclosing, destroying, deleting etc.

Third party means any individual and or organisation other than the data subject, the data controller (ICSA) or its agents/branches

Search ICSA