Privacy policy - Independent Monitoring Boards

Are you OK with cookies?

We use small files called ‘cookies’ on imb.org.uk. Some are essential to make the site work, some help us to understand how we can improve your experience, and some are set by third parties. You can choose to turn off the non-essential cookies. Which cookies are you happy for us to use?

Google analytics
Name	Purpose	Expires
_ga	These help us count how many people visit on https://imb.org.uk/ by tracking if you’ve visited before	2 years
_gid	These help us count how many people visit on https://imb.org.uk/ by tracking if you’ve visited before	24 hours
_gat	These help us to manage how we collect analytics when we have lots of visitors on the site at one time	10 minutes

Google Analytics 4
Name	Purpose	Expires
_ga	Used to distinguish users.	2 years
_ga_S401P4BC3G	Used to persist session state.	2 years

Google Conversion Linker
Name	Purpose	Expires
_gcl_au	Used by Google DoubleClick segment users into audience types and attribute campaign performance to your actions on this website, including conversions.	90 days
_gcl_dc	To store ad click information (only if remarketing cookies are enabled), generate unique IDs for visitors to remember preferences and track and gather statistics and conversion rates through the website.
_gcl_aw	To store ad click information (only if remarketing cookies are enabled), generate unique IDs for visitors to remember preferences and track and gather statistics and conversion rates through the website.

Meta and LinkedIn marketing tags
Name	Purpose	Expires
li_fat_id	Member indirect identifier for Members for conversion tracking, retargeting, analytics	30 days

Video Streaming
Name	Purpose	Expires
YouTube	YouTube videos play in privacy-enhanced mode. This mode may set third-party cookies on your computer when you click on the YouTube video player. These cookies will not be personally identifiable.	Read the YouTube policy
Vimeo	Vimeo videos set third-party cookies to enable the video to play and collect analytics data. These cookies do not track individuals.	Read the Vimeo policy

Social Media
Name	Purpose	Expires
Twitter	Twitter widgets may add cookies to help analyse usage and remember your session if you are also logged in to your Twitter account.	Read the Twitter policy

All users
Name	Purpose	Expires
wordpress_test_cookie	This is used to test whether the browser accepts cookies	When you close your browser
PHPSESSID	This is used to link your device to the information sent to the server from your browser. It is typically used to avoid you having to retype information when moving from one page to another.	When you close your browser
ccfw-banner-hidden	Lets us know you have chosen which cookies are used so we can stop the cookie banner appearing when you return to the site.	1 year
ccfw-gtm-allowed	Lets us know you have accepted certain cookies so we can stop them loading when you return to the site.	1 year
ccfw-time	This is used to store the cookie expiry dates so we know when to ask you again for consent.	1 year
info_banner_dismissed	This remembers if an information banner has been dismissed and prevents it from being displayed again.	When you close your browser

Logged in users
Name	Purpose	Expires
wordpress_[hash]	This authenticates you when you log in to the admin area	When you close your browser
wordpress_logged_in	This shows the site that you’re logged in and who you are so you can access the functions you need	When you close your browser
wordpress_sec	If you are logged in as a site admin, this stores your authentication details.	When you close your browser
wp-settings-{time}-[UID]	The number on the end [UID] is your individual user ID from the users database.	1 year

Purpose

This privacy statement sets out the standards that you can expect from the Independent Monitoring Board (IMB) when we request or hold personal information (‘personal data’) about you, how you can get access to a copy of your personal data, and what you can do if you think the standards are not being met.

The IMB head office is the data controller for the personal information we hold. The IMB collects and processes personal data for the exercise of its own and associated public functions. These include:

Your application

When you apply for a public appointment as an IMB member, you will be asked to provide personal information to support your application, and to determine your eligibility and suitability as a public appointee. This will include the personal information we need to enable us to select the right candidate for the role, and may include things such as past employment details, political activity, skills, and other volunteering activities. If you are successful in the appointment process any personal information provided to us may then form part of your member record which we will hold.

Security vetting checks

Prior to you being appointed, we will use your personal information to carry out the relevant security vetting checks, including criminal record checks.

Member records

Information held about you while you are a public appointee may include, but is not restricted to, application forms, personal details (such as name, date of birth, contact and next–of-kin details), copies of proof of identification, bank or building society accounts, investigations into conduct concerns, and records of disciplinary proceedings.

Types of personal data we process

We know how important it is to protect individuals’ privacy to comply with data protection laws. We will safeguard your personal data and will only disclose it where it is lawful to do so, or with your consent.

We process only personal data that is relevant for the services we are providing. This may include:

personal details
financial details
employment and education details
racial or ethnic origin
offences, including alleged offences
opinions or views

Purpose and lawful basis for the processing

There are six lawful bases for processing information as made express in the General Data Protection Regulations (GDPR). The IMB has identified that the following two bases apply in accordance with the GDPR:

(c) Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).

(e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Under these lawful bases, we will collect your personal information for the purpose of:

reimbursing your travel and subsistence claims: we process your claims for expenses in conjunction with the central finance team
managing other aspects of your public appointment: the personal information we collect and use will include (or be included in) information about your role as a public appointee, including (but not limited to) your training records, your member development opportunities, identified conflicts of interest, transfer between boards, security (DBS and CTC) renewals, induction, appraisal, and tenure
processing complaints about member conduct: including grievances, inter-member disagreements, or breaches of the IMB conduct policy
contacting you or your nominated contact (next of kin) in the case of an emergency (either yours or ours) as well as for member/Board related issues: we will ask you to provide us with home telephone numbers, mobile numbers and (for next of kin) the names of people
providing administrative support: we may ask you to share personal information with us to support you in processing Subject Access Requests or Freedom of Information requests

With whom we may share your information

We may disclose certain personal information with external bodies if there is a legal obligation or legitimate interest to share. This will include the Ministry of Justice, the Chair of the Board, interview panel members, and the independent interviewer. It may also include your Regional Representative and your National Chair.

As public appointees, your data may be shared with the Civil Service Commission, The Advisory Committee on Business Appointments and the Office of the Commissioner for Public Appointments.

In respect of your vetting data, this will be shared with HM Prisons and Probation Service, the Home Office, and the Disclosure and Barring Service.

At all times the amount of information disclosed and the manner it is disclosed will be in accordance with data protection laws.

Retention period for information collected

The IMB has a retention and deletion policy that complies with data protection requirements. In general, information is kept for as long as there is a business need or a legal obligation to retain it, and deleted when it is no longer needed.

When we ask you for personal data

When we ask for your personal data, we promise to:

inform you why we need your personal data and ask only for the personal data we need and not collect information that is irrelevant or excessive
protect it and make sure no unauthorised person has access to it
share it with other organisations for legitimate purposes only where appropriate and necessary
make sure we do not keep it longer than is necessary
consider your request to correct, stop processing, or erase your personal data

Access to personal information

For more information regarding your rights under the data protection legislation, including:

how to obtain a copy of the personal data we hold about you
contact details of the IMB’s Data Protection Officer
how to make a complaint to the Information Commissioner’s Office

please contact the IMB at: imb@justice.gov.uk.