Privacy policy

This Privacy Policy outlines how the Chartered Institute of Human Resource Management (the “Institute,” “we,” “us,” or “our”) collects, uses, maintains, and discloses information collected from members, prospective members, training participants, website visitors, and other individuals who interact with the Institute (collectively, “Data Subjects” or “you”).

The Institute is a chartered body providing direct membership and professional training for human resource management professionals. In carrying out our functions, we are committed to protecting your privacy and handling your personal data in a transparent and secure manner, in accordance with the Nigeria Data Protection Act 2023 (NDPA), the Nigeria Data Protection Regulation 2019 (NDPR), and other applicable data protection laws.

1. Collection of Personal Data

We may collect personal data from you through various means, including but not limited to:

• Membership Application and Administration: When you apply for membership, renew your membership, or update your membership details, we collect information such as your name, contact details (address, email, phone number), date of birth, gender, nationality, educational background, professional qualifications, employment history, job title, and payment information.
• Training and Events Registration: When you register for our training programs, workshops, seminars, conferences, or other events, we collect your name, contact details, job title, organization, payment information, and any specific requirements you may have (e.g., dietary needs, accessibility).
• Website and Online Services: When you visit our website, use our online portals, or interact with us online, we may collect technical information such as your IP address, browser type, operating system, and usage data through cookies and similar technologies.¹
• Communications: When you communicate with us via email, phone, or other channels, we may collect the content of your communication and your contact details.
• Surveys and Feedback: When you participate in surveys, provide feedback, or engage in research conducted by the Institute.
• Publicly Available Information: We may collect information from publicly available sources for membership verification or other legitimate purposes.

2. Types of Personal Data Collected

The types of personal data we may collect and process include:

• Identity Data: Name, date of birth, gender, nationality.
• Contact Data: Postal address, email address, phone number.
• Professional Data: Educational background, professional qualifications, certifications, membership status, employment history, job title, organization.
• Payment Data: Billing address, payment card details, bank account information (processed securely through third-party payment processors where applicable).
• Usage Data: Information about how you use our website, services, and resources.
• Technical Data: IP address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system² and platform, and other technology on the devices you use to access our website.
• Communication³ Data: Your preferences in receiving marketing and other communications from us, and your communication history.
• Sensitive Personal Data: In limited circumstances, and where necessary for a specific purpose (e.g., accessibility requirements for training), we may collect sensitive personal data with your explicit consent. This may include health information or other categories of sensitive data as defined by applicable law.

3. Purposes and Legal Basis for Processing Personal Data

We collect and process your personal data for the following purposes and under the following legal bases:

• To provide membership services: This includes processing membership applications, managing membership records, providing access to member benefits and resources, communicating with members about Institute news, updates, and activities.
  • Legal Basis: Performance of a contract (membership agreement), Legitimate Interests (maintaining a professional body and serving members).
• To deliver professional training and events: This includes processing registrations, managing training logistics, issuing certificates of completion, and communicating with participants.
  • Legal Basis: Performance of a contract (training registration), Legitimate Interests (providing professional development opportunities).
• To communicate with you: Responding to inquiries, providing information about our services, sending important notices and updates.
  • Legal Basis: Performance of a contract, Legitimate Interests (managing customer relationships), Consent (for marketing communications where required).
• To process payments: Managing membership fees, training fees, and other payments.
  • Legal Basis: Performance of a contract, Legal Obligation (tax and accounting requirements).
• To improve our services: Analyzing usage data, conducting surveys, and gathering feedback to enhance our membership offerings, training programs, and website functionality.
  • Legal Basis: Legitimate Interests (business improvement).
• To send marketing and promotional materials: With your consent, or where otherwise permitted by law, sending you information about our upcoming training programs, events, publications, and other relevant offerings.
  • Legal Basis: Consent, Legitimate Interests (promoting our services to relevant professionals).
• To comply with legal and regulatory obligations: Meeting requirements imposed by the NDPA, NDPR, and other applicable laws, regulations, or professional body requirements.
  • Legal Basis: Legal Obligation.
• To protect our legitimate interests: Including preventing fraud, ensuring the security of our systems and data, and defending our legal rights.
  • Legal Basis: Legitimate Interests.

4. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data from unauthorized access,⁴ disclosure, alteration, and destruction.⁵ These measures include:

• Implementing physical, technical, and administrative security safeguards.
• Regularly reviewing our security procedures and controls.
• Training our staff on data protection and security best practices.
• Using secure systems for data storage and processing.

While we take reasonable steps to protect your personal data, no method of transmission over the internet or electronic storage is⁶ 100% secure. Therefore, we cannot guarantee absolute security.

5.⁷ Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected,⁸ including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Membership⁹ data will generally be retained for the duration of your membership and for a specified period thereafter to allow for potential re-joining or for historical record-keeping relevant to the profession. Training participant data will be retained for a period necessary to provide training records and comply with any accreditation requirements.

6. Disclosure of Personal Data

We may share your personal data with the following categories of recipients:

• Service Providers: We may share your data with trusted third-party service providers who assist us in operating our website, conducting our business, or providing¹⁰ services to you (e.g., payment processors,¹¹ IT support, training platform providers, mailing houses). These third parties are obligated to protect your data and use it only for the purposes for which they were engaged.
• Accreditation Bodies and Regulatory Authorities: We may share information with relevant accreditation bodies or regulatory authorities as required for the recognition of our qualifications or compliance with regulatory obligations.
• Partner Organizations: With your consent, we may share your information with partner organizations for specific purposes, such as joint training programs or events.
• Legal and Professional Advisors: We may share your data with our legal, accounting, or other professional advisors when necessary.
• Law Enforcement and Government Authorities: We may disclose your data if required by law, court order, or government regulation.

We will not sell or rent your personal data to third parties for their marketing purposes without your explicit consent.

7. International Data Transfers

In some cases, your personal data may be transferred to and stored in countries outside of Nigeria where our service providers or partners are located. In such instances, we will take steps to ensure that your personal data is afforded a similar level of protection as required by the NDPA and NDPR, including implementing appropriate safeguards such as standard contractual clauses or relying on the recipient country’s adequacy status.

8. Your Data Protection Rights

Under the NDPA and NDPR, you have certain rights regarding your personal data. These rights may include:

• The right to access: You have the right to request a copy of the personal data we hold about you.
• The right to rectification:¹² You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
• The right to erasure (right to be forgotten): You have the right to request that we delete your personal data¹³ under certain circumstances.
• The right to object to processing: You have the right to object to our processing of your personal¹⁴ data where we are relying on a legitimate interest¹⁵ or for direct marketing purposes.
• The right to restriction of processing: You have the right to request that we restrict the processing of your personal data under certain¹⁶ circumstances.
• The right to data portability: You have the right to request a copy of your personal data in¹⁷ a structured, commonly used, and machine-readable format and to transmit that data to another controller.¹⁸
• The right to withdraw consent: Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at¹⁹ any time. This will not affect the lawfulness of processing based on²⁰ consent before its withdrawal.
• The right to complain: You have the right to lodge a complaint with the Nigeria Data Protection Commission (NDPC) if you believe that your data protection rights have been violated.

To exercise any of these rights, please contact us using the²¹ contact details provided in Section 10 of this Privacy Policy. We may need to request specific information from you to help us confirm your identity and ensure your right to access²² your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

9. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies to enhance your Browse experience, analyze website traffic, and personalize content. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly.

10. Contact Information

If you have any questions or concerns about this Privacy Policy or our data processing practices, please contact²³ us at:

The Data Protection Officer

[Address of the Institute – Please insert the actual address]

Email: info@cihrmglobal.org

[Phone Number – Please insert the actual phone number]

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal obligations.²⁴ The updated version will²⁵ be posted on our website with a revised “Last Updated” date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your²⁶ information.

Last Updated: May 13, 2025