Privacy Policy
Independent Ambulance Association | Last updated: June 2026
1. Introduction
The Independent Ambulance Association (“we”, “us”, “our”) is committed to protecting and respecting your privacy. This policy explains how we collect, use, store and share personal data about you, and sets out your rights under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
We are the data controller for the personal data described in this policy. This means we determine the purposes for which, and the manner in which, your personal data is processed.
Please read this policy carefully. If you have any questions, contact us using the details in Section 12.
2. Who We Are
Organisation: Independent Ambulance Association
Registered address: Churchill House, 137–139 Brent Street, Hendon, NW4 4DJ
Data protection contact: quality@iaauk.org
3. Personal Data We Collect and Why
3.1 Member and contact data
When you become a member, enquire about membership, or contact us, we collect:
- Name, job title and organisation name
- Business address, telephone number and email address
- Membership category and renewal dates
- Records of your communications with us
Lawful basis: Performance of a contract (membership agreement) and our legitimate interests in administering the Association and communicating with members.
3.2 Website usage data
When you visit our website, we automatically collect certain technical data, including your IP address, browser type and version, pages visited, and time spent on the site. This data is collected via Google Analytics.
Lawful basis: Our legitimate interests in monitoring and improving our website.
3.3 Event and training data
If you register for events, conferences or training we organise, we collect your name, organisation, contact details and any accessibility or dietary requirements you provide.
Lawful basis: Performance of a contract and our legitimate interests in organising and managing events.
3.4 Newsletter and marketing communications
If you subscribe to our newsletter or opt in to marketing, we process your name and email address to send you relevant communications.
Lawful basis: Consent. You may withdraw your consent at any time by clicking the unsubscribe link in any email or by contacting us directly.
3.5 Financial and transaction data
If you pay for membership, events or other services, we process your contact details and payment information. Card payments are handled directly by our payment processors (PayPal and/or Barclays) and we do not store full card details.
Lawful basis: Performance of a contract and compliance with our legal and financial record-keeping obligations.
3.6 Insurance referral data
We have a commercial arrangement with Specialist Risk Group (“the Broker”), an insurance intermediary, under which we may refer our members to the Broker for insurance products relevant to independent ambulance operators. As part of this arrangement, we may share the following member data with the Broker:
- Name and job title
- Organisation name and business address
- Contact telephone number and email address
This referral is made on the basis that you have indicated an interest in insurance services, or where we consider the Broker’s services to be directly relevant to your business as an independent ambulance operator.
Lawful basis: Our legitimate interests in providing members with access to relevant commercial services. You have the right to object to this sharing at any time — see Section 8.
Transparency: We receive a commission or referral fee from Specialist Risk Group where a member takes out a policy. This commercial relationship is disclosed in accordance with our obligations under applicable financial services regulations.
Specialist Risk Group’s own privacy policy: Specialist Risk Group’s privacy policy, which governs their use of your data once received, is available on their website.
3.7 Legal and compliance data
We may process any personal data we hold where necessary to establish, exercise or defend legal claims, to comply with a legal obligation, or to protect the vital interests of any person.
Lawful basis: Legal obligation and/or our legitimate interests in protecting the Association.
4. Who We Share Your Data With
We do not sell your personal data. We may share your data in the following circumstances:
Insurance broker: As described in Section 3.6, we may share member contact data with Specialist Risk Group for the purposes of insurance referral.
Payment processors: PayPal and/or Barclays Bank process payments on our behalf. They act as independent data controllers for their own privacy purposes.
IT and website service providers: We use third-party providers for website hosting, email services and analytics (including Google Analytics). These providers process data on our behalf under data processing agreements.
Professional advisers: Solicitors, accountants, insurers and other professional advisers where necessary for legal, financial or risk management purposes.
Legal and regulatory authorities: We may disclose data where required by law, court order, or to comply with our obligations to regulatory bodies including the Financial Conduct Authority.
5. International Transfers
Some of our third-party service providers (including Google Analytics) may transfer or store your data outside the United Kingdom. Where this occurs, we ensure that appropriate safeguards are in place in accordance with UK GDPR requirements, including:
- Transfers to countries with UK adequacy regulations in place
- Use of International Data Transfer Agreements (IDTAs) or the UK Addendum to the EU Standard Contractual Clauses
You may request further information about the safeguards we have in place for any specific transfer by contacting us at the address in Section 12.
6. How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected, and to comply with our legal obligations.
Member and contact records: Retained for the duration of membership and for 6 years after membership ends, to comply with our contractual and financial record-keeping obligations.
Financial transaction records: Retained for 7 years in accordance with HMRC requirements.
Marketing consent records: Retained until consent is withdrawn, plus a reasonable period to demonstrate compliance.
Event attendance records: Retained for 2 years following the event.
Website analytics data: Retained in accordance with Google Analytics’ standard retention settings (typically 26 months).
Where data is no longer required, it will be securely deleted or anonymised.
7. Your Rights
Under UK GDPR, you have the following rights in relation to your personal data:
Right of access: You may request a copy of the personal data we hold about you. This is free of charge and will be provided within one month.
Right to rectification: You may ask us to correct inaccurate or incomplete data.
Right to erasure: You may ask us to delete your data in certain circumstances, for example where it is no longer necessary for the purpose it was collected.
Right to restrict processing: You may ask us to restrict how we use your data in certain circumstances.
Right to object: You may object to processing based on our legitimate interests, including the sharing of your data with our insurance broker partner. If you object, we will stop that processing unless we have compelling legitimate grounds to continue.
Right to data portability: Where processing is based on consent or contract and carried out by automated means, you may request your data in a structured, commonly used and machine-readable format.
Right to withdraw consent: Where we rely on consent as our lawful basis, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
To exercise any of these rights, please contact us in writing using the details in Section 12. We will respond within one calendar month. We may need to verify your identity before acting on your request.
8. Cookies
Our website uses cookies — small text files stored on your device when you visit our site. We use the following types of cookies:
Essential cookies: Required for the website to function, including session management and security. These cannot be disabled.
Analytics cookies: We use Google Analytics to understand how visitors use our site. This sets cookies that collect information in aggregate and anonymous form. You can opt out via your browser settings or the Google Analytics opt-out browser add-on.
When you first visit our website, you will be asked to consent to non-essential cookies. You can change your cookie preferences at any time through your browser settings.
9. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies independently.
10. Changes to This Policy
We may update this policy from time to time. When we do, we will update the “Last updated” date at the top of this document and, where changes are significant, notify members directly by email.
We encourage you to review this policy periodically.
11. Complaints
If you have a concern about how we handle your personal data, please contact us in the first instance using the details in Section 12. We will do our best to resolve your concern.
If you remain dissatisfied, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
Website: www.ico.org.uk
Telephone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
12. Contact Us
To exercise your rights, ask questions about this policy, or raise a data protection concern, please contact:
Independent Ambulance Association
Churchill House, 137–139 Brent Street, Hendon, NW4 4DJ
Email: quality@iaauk.org