The FPA

Privacy Policy

Introduction

The Fire Protection Association (FPA) takes your privacy seriously. Please read this Privacy and Cookies Policy carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities if you have a complaint.                                                                        

This Privacy and Cookies Policy relates to our collection, use, disclosure, transfer and storing of your personal information when accessing our services, whether via our website, by phone, email, or in person.

This Privacy and Cookies Policy explains the following:

  • What information we may collect about you;
  • How we will use information we collect about you;
  • When we may use your details to contact you;
  • Whether we will disclose your details to anyone else;
  • Your choices regarding the personal information you provide to us;

Contact details

Data Controller: The Fire Protection Association (FPA)

Data Protection Officer: Rachel Brooks, Head of Quality & Compliance

If you have any questions about this Privacy and Cookies Policy or about how we handle your personal information, please contact Rachel Brooks, Head of Quality & Compliance.

Email

dpo@thefpa.co.uk

Post

The Fire Protection Association, London Road, Moreton-in-Marsh, Gloucestershire, GL56 0RH

Telephone

01608812500

Key terms

We, us, our

The Fire Protection Association (FPA)

Personal data

Any information relating to an identified or identifiable individual

What information does the FPA collect?

We collect personal data provided by you. This includes information you give us when you subscribe to our services, enquire about, or buy products or attend FPA training courses or events.

We collect personal data when you engage with us digitally. This includes downloading information from our website and when you interact with us on social media.

We may collect personal data that is provided by an authorised third party such as an employer purchasing something on your behalf.

We may also use publicly available personal data. This includes information from company websites, news sources and from Companies House.

We only collect data we need to, and we will always make it clear why we are collecting it.

We collect personal details, such as your name, address, email address(es), telephone number(s), where this is necessary for managing membership, shop purchases or training and event bookings, fire and risk services and laboratory clients. For some training qualifications, we are also required to collect date of birth and gender.

We collect financial information, such as personal bank details, payment information, billing and delivery addresses and contact number, where this is necessary for processing sales transactions (including membership, training and event bookings and shop purchases).

We collect information about your job role, areas of interest, visits to our websites and how you would like us to contact you so that we can send you relevant communications which we think will be of interest.

We collect images, such as photographs and video footage from some of our training courses and events to create promotional marketing material. We will always let you know when we are capturing images, either in person at the event or in communications beforehand.

Automatic collection of information

If you do nothing during your visit to our website, but browse through the website or download information, our system (and those systems of our approved third-party data processors) will automatically gather and store certain information about your visit.

This information is not used to identify you personally and is aggregated to help us improve our website, tell us the number of visitors to our site each day, identify the IP address of businesses and their location, but never of individuals. Depending upon the cookie settings you select, our web server may automatically collect and record the following information:

  • The visitor's IP address;
  • The name and release number of web browser software used;
  • The operating system used;
  • The screen dimensions of the visitor’s computer;
  • Date and time the visitor accessed our site;
  • The source of your visit to our website (e.g. referrer URL).
  • The address and title of the page being visited

CCTV is operational at our sites for the purposes of prevention and detection of crime, safety, and good management. Signage is displayed in the relevant areas to notify you of CCTV usage.

Permission-based collection of information

Information may be collected as part of fulfilling service requests, completion of bookings for training courses, purchasing publications, registering for membership, and registering for seminars and events.

There are many occasions when you provide information, that may enable us to identify you personally ("Personal Data") while using our services. The Personal Data we collect from you is outlined in the table below.

Category of Personal Data collected

What this can include

Identity data

First name, surname, last name, username or similar identifier, marital status, title, date of birth and gender, picture, password

Contact data

Your home address, work address, billing address, email address and telephone numbers, LinkedIn IDs

Professional Background Data

Educational and professional history, current industry you are working in, interests and accomplishments, job role and any academic or professional qualifications.

Transaction Data

Any details about payments to and from you and other details of subscriptions and services you have purchased from us. Data in respect of your transactions with third parties.

Content Data

Any content you post to the Services not already included in another category, including without limitation, your profiles, questions, preference settings, answers, messages, comments, and other contributions on the services, and metadata about them (such as when you posted them).

Communications Data

Your preferences in receiving information from us and our external parties and your communication preferences. If you correspond with us by email or messaging through the Services, we may retain the content of such messages and our responses.

Technical Data

Your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website or use our services.

We endeavour to collect information only with your knowledge and with your permission where necessary.

Your rights relating to personal data

You have the right under this Privacy & Cookies Policy and by law to:

Request access to your Personal Data

This enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.

Request correction of the Personal Data that we hold about you

This enables you to have any incomplete or inaccurate information we hold about you corrected.

Request removal of your Personal Data

This enables you to ask us to delete or remove Personal Data where there is no reason for us continuing to process it. Where there is a legitimate reason within the regulations under our responsibilities to maintain information for the services and the 'Public Interest' we reserve the right to retain such information.

Object to the processing of your Personal Data

This right exists where we are relying on a legitimate interest as the legal basis for our data processing and there is something about your particular situation, which makes you want to object to the processing of your Personal Data on these grounds. You also have the right to object if we process your Personal Data for direct marketing purposes.

Request the restriction of processing of your Personal Data

This enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy or the reason for processing it.

Request the transfer of your Personal Data

If you are within the EU, we will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

How to exercise your rights

If you want to exercise any of the rights described above, please contact us by emailing us at dpo@thefpa.co.uk.

Typically, you will not have to pay a fee to access your Personal Data (or exercise any other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive, we will ensure we provide you with the full details of our reasons and reserve the right to refuse to comply with your request. We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or exercise any other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

If you would like to submit a complaint regarding this Privacy Policy or our practices in relation to your Personal Data, please put this complaint in writing to the Data Protection Officer, at our office address/email address as detailed. We will reply to your complaint within 10 working days. If you feel that your complaint has not been adequately resolved, please note that the regulations give you the right to contact your local data protection supervisory authority, which is the Information Commissioner's Office at https://ico.org.uk/.

How will the FPA use the information it collects about me?

We will only use your personal data on relevant lawful grounds as permitted by the General Data Protection Regulation (GDPR) as it applies in the UK, according to the Data Protection Act 2018 and the Privacy of Electronic Communication Regulation (PECR). We only collect personal data we need, and we will always make it clear why we are collecting it.

We will use your personal information for a number of purposes including but not limited to the following:

  • providing our services, activities or online content and information about them;
  • dealing with your requests and enquiries, including where we have a commercial relationship in place;
  • supporting the growth and sustainability of our business;
  • providing you with the most user-friendly online navigation experience;
  • preventing and detecting crime and maintaining your safety.

This includes:

  • monitoring, reviewing, measuring, and analysing website utilisation;
  • modifying, enhancing, and improving the content of our website;
  • responding to any enquiries you submit;
  • processing transactions, e.g. reservation on a training course or the purchase of a publication/membership or training;
  • monitoring and improving our customer service efforts;
  • marketing our services to those that register on our website, existing and former customers and third parties;
  • studying aggregated general usage habits and demographic information for our own marketing research purposes;
  • recording and monitoring images via CCTV.

In respect of each of the purposes for which we use your Personal Data, Data Protection Legislation requires us to ensure that we have a legal basis for that use and these include:

Consent: where you have provided clear consent for us to process your personal data for a specific purpose. If we do rely on your consent to use your Personal Data, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).

Contractual: where there is a need for processing due to a contract we have with you, or you have requested we take specific actions before entering into a contract.

Legal Obligation: where processing is necessary for us to comply with the law.

Vital Interest: where processing is required in order to protect someone’s life.

Public Task: where processing is necessary for us to perform a task in the public interest or for an official function that has a clear basis in law.

Legitimate Interest: where processing is necessary for the legitimate interests of either ourselves or a third party, unless there is good reason to protect your personal data which overrides the legitimate interest.

You can change how we use your personal data at any time, please see section Your rights relating to your personal data.

What happens when you choose not to provide the necessary personal data?

Where we need to process your Personal Data either to comply with law, or to perform the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with the functionalities of the services). In this case, we may have to stop you from using our Services.

Providing our services to you

Membership

We will use the personal data you provide to us as an FPA or RISCAuthority member to fulfil our contractual agreement with you. This includes:

Provision of the Fire & Risk Management journal by post if you have selected this as a means of delivery.

Email and phone notifications regarding the timing and processing of subscription renewal information.

Email communication relating to the services which form part of your membership package.

Personal data is also used to confirm your identity when you contact our Membership team or register on our website.

You cannot remove consent for service or administrative emails while retaining your membership subscription as we need to be able to contact you for contractual reasons. If you no longer wish to receive these communications, you will need to cancel your membership.

Products and services

We will use the personal data you provide as a customer to fulfil any orders or training or event bookings you make with us. This includes:

Processing any orders, bookings, or applications that you make through our websites or at an event. This may include passing your details to third party suppliers to supply or deliver the product or service that you ordered. Your details will be held for a reasonable period of time afterwards in order to fulfil any statutory obligations, such as for refunds.

To respond to your queries, refund requests and complaints. We may keep a record of these for a reasonable time to inform any future communication with us and to demonstrate how we communicated with you throughout.

To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.

To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Policy, product issues, and legally required information relating to your orders, bookings, or membership. These service messages will not include any promotional content and do not require prior consent when sent by email.

To administer any of our prize draws or competitions that you enter based on your consent given at the time of entering.

Marketing

If you consent to receive marketing information from us, we will use the personal data that you provide, as well as details of your past transactions, to keep you informed about products and services which you may be interested in. We may also send you survey and feedback requests to help improve and develop our services and products to meet the needs of our members.

We will contact you according to the preferences you have given us. You are free to opt out of marketing communications any time by updating your communication preferences online or by contacting us directly.

We may ask you to confirm or update your marketing preferences if you ask us to provide further services in the future, or if there are changes in the law, regulation, or the structure of our business.

We will always treat your personal data with the utmost respect and never sell it to or share it with other organisations outside the FPA for marketing purposes.

Social Media and Web Advertising

If you use social media, dependent on your settings, you may receive targeted content on your social media feeds from us, or we may use your profile to help us identify similar people and audiences for marketing purposes.

We will also use your social media username if you choose to interact with us through those channels, to help us respond to your comments, questions, or feedback.

You may also receive targeted adverts on webpages you visit, dependent on your interactions with us, for example if you have visited our membership pages.

Profiling and targeting

We want to make sure you have the best possible experience of the FPA and RISCAuthority and prevent unwanted communications from us.

We use automated profiling and targeting to help us better understand our members and customers, so that we can:

  • Make sure our communications and services are relevant, personalised, and interesting to you.
  • Bring you offers and promotions that are most relevant to your interests.
  • Ensure our services meet the needs of our members and customers.

We will carry out internal research and analyse how you interact with us (for example, on our website) to help us understand the success of our activities, better understand behaviour and responses, and identify patterns and trends.

We will often compile this data and look at it as a whole, rather than on an individual basis. This helps us to understand trends in our audiences and to assess how our different communications and products are performing, and where we can make improvements.

We may use personal data to help us create audience profiles which enable us to better target our communications to you and other people. For example, we may use your personal data to help find other people with similar profiles online who may be interested in FPA products and services.

We may from time-to-time work with third parties to help capture or analyse data. We will always ensure that these organisations meet our strict data policies and standards.

We may also use publicly available information, such as demographic information, to further help us refine and target our messaging and products appropriately.

Card payment information

If you purchase products or services from us and provide your payment details, this information will be processed only for the purposes of taking payment for the service or product you wish to purchase.

We do not store any credit card information electronically. All payment processing is performed directly online via our payment service providers Opayo and NatWest bank.

Who we share your personal data with

We routinely share personal data with:

Recipients

Why we share it

Third Party Awarding and Accrediting Bodies

These bodies may access your personal data for legitimate audit purposes and to develop, maintain and provide our services.

Service Providers

Third parties we use to help deliver our services to you, e.g. providers of our finance system, IT service providers including cloud service providers such as CRM platforms, LMS, distribution houses, data storage platforms, shared service centres and financial institutions in connection with invoicing and payments;

We may also utilise service providers to obtain verification that the relevant submissions we receive, have been created/completed by the applicant alone without the use of AI-generated content or having been produced through collusion or plagiarism.

Professional Advisers

Our lawyers, accountants, bankers, auditors, insurers, and other qualified professionals may need to review your personal data to provide consultancy, compliance, legal, insurance, membership, and similar services.

Legal and Taxing Authorities, Regulators and Participants in Judicial Proceedings

The FPA may disclose your Personal Data if we believe it is reasonably necessary to comply with a law, regulation, order, subpoena, rule of a self-regulatory organisation or audit or to protect the safety of any person, to address fraud, security or technical issues, or to protect our legal rights, interests and the interests of others.

Communication with all viable internal and external contacts

Tailored communications are sent to all members and those held as non-member contacts who have consented to receive communications from us through a variety of communication channels in order to ensure they are aware of future events, training and initiatives undertaken by the FPA.

 

Communication with third parties and external contacts

Communications involving member information are regulated using Non-Disclosure Agreements, privacy statements, Data Processing Agreements, and/or Data Sharing Agreements in order to ensure the Association remains compliant.

We ensure all outsourcing providers operate under service agreements that are consistent with all necessary legal obligations.

Where we store your personal data

Personal data may be held at our premises, third party agencies, service providers, representatives and agents as described above (see ‘Who we share your personal data with’).

How long we store your personal data

We will not keep your personal data for longer than we need it for the purpose for which it was collected or as required by law.

We will retain your information for as long as it is reasonably needed for the purposes set out in ‘How will the FPA use the information it collects about me?’ unless you request that we remove your Personal Data as described in ‘Your Rights Relating to Your Personal Data.’ We will only retain your Personal Data for so long as we reasonably need to use it for these purposes unless a longer retention period is required by law (for example for regulatory purposes). This may include keeping your Personal Data after you have deactivated your membership for the period needed for us to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

How we protect your personal data

We know how much data security matters to all our members and customers and we want to keep your personal data and our information systems safe and secure. We treat your personal data with the utmost care and are committed to taking all appropriate steps to protect it.

The FPA uses industry-standard physical, managerial, and technical safeguards to preserve the integrity and security of your personal information. We limit access to your Personal Data to those employees and other staff who have a business need to have such access. All such people are subject to a contractual duty of confidentiality. We cannot, however, ensure or warrant the security of any information you transmit to The FPA or guarantee that your information on the Services may not be accessed, disclosed, altered, or destroyed by a breach of any of our physical, managerial, or technical safeguards.

We have put in place procedures to deal with any actual or suspected Personal Data Breach. In the event that personal information is compromised as a result of such a breach of security, The FPA will promptly notify those persons whose personal information has been compromised, in accordance with the notification procedures set forth in this Privacy & Cookies Policy, or as otherwise required by applicable law.

The FPA cannot ensure that your Personal Data will be protected, controlled, or otherwise managed pursuant to this Privacy & Cookies Policy if you share your login and password information with any third party, including any third party operating a website or providing other services.

We regularly test our systems and are Cyber Essentials Plus certified, which means we have in place recommended standards for information security.

Communications preferences

You can ask us to stop sending you communication messages or modify your email preferences at any time through any of the following methods:

  • by following the opt-out links on any marketing message sent to you; or
  • by contacting us at any time using the contact details in Contact Details.

How we use cookies and other tracking or profiling technologies

FPA’s use of cookies

The FPA website uses cookies to store information on your computer. Some of these cookies are used for visitor analysis, others are essential to making our site function properly and improve the user experience. By using this site, you consent to the placement of these cookies. If you deny the use of cookies, this may affect the functionality of our website.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

Third-party websites

This Privacy & Cookies Policy applies only to the Services offered by the FPA. The Services may contain links to other websites not operated or controlled by the FPA. We are not responsible for the content, accuracy or opinions expressed in such websites, and such websites are not investigated, monitored, or checked for accuracy or completeness by us. Please remember that when you use a link to go from the Services to another website, our Privacy & Cookies Policy is no longer in effect. Your browsing and interaction on any other website, including those that have a link on our site, is subject to that website's own rules and policies. Such third parties may use their own cookies or other methods to collect information about you.

Social media buttons

Website visitors may use these to bookmark or share our web pages. These work using scripts from other domains and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information.

Changes to our Privacy & Cookies Policy

We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Privacy & Cookies Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy & Cookies Policy regularly for changes. You can determine if changes have been made by checking the issue date and revision number. Your continued use of our services following the posting of any changes to this Privacy & Cookies Policy means you consent to such changes.

We take cyber security very seriously to protect our networks, devices, and data from attack, damage, or unauthorised access. We hold both the Cyber Essentials and Cyber Essentials Plus Badges which provide assurance of our cyber security defences from the most prevalent forms of internet threat.

Cyber Essentials Certified  

This Policy was last updated on 29/04/2025