Disclaimer and Privacy Policy


The information contained in this website is for general information purposes only. The information is provided by The Institute of Transport Administration and whilst we endeavour to keep the information up-to-date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.

In no event will we be liable for any loss or damage including without limitation, indirect or consequential loss or damage, or any loss or damage whatsoever arising from loss of data or profits arising out of or in connection with the use of this website.

Through this website you are able to link to other websites which are not under the control of The Institute of Transport Administration. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them.

Every effort is made to keep the website up and running smoothly. However, The Institute of Transport Administration takes no responsibility for and will not be liable for the website being temporarily unavailable due to technical issues beyond our control.


IoTA privacy policy & statement

Your privacy is important to us

We recognise that when you write to us or visit our website and provide us with personal information, you trust that we will act responsibly and keep your information secure and confidential.

1. Purpose of this notice

This notice describes how we collect and use personal data about you. In the UK this will be in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act 1998 and any other national implementing laws, regulations and secondary legislation, as amended or updated from time to time.

Please read the following carefully to understand our practices regarding your personal data and how we will treat it.

2. About us

The Institute of Transport Administration (the Institute / the society) is a professional body, registered in England and Wales as a friendly society (under the Friendly Societies Act 1974) number: 53SA. The Institute’s registered office is at: “The Old Studio”, 25 Greenfield Road, Westoning, Beds. MK45 5JD.

Where used in the singular the term ‘the society’, ‘we’ or ‘the Institute’ shall include any of its servants such as the societies elected management, approved trainers, approved service providers and providers of essential professional support services.
For the purpose of the Data Protection Legislation and this notice, any one of the above entities is the ‘data controller’ (and “we”, “us”, “our” and “ours” in this notice refer to any of those entities). This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this privacy notice.

In most cases it will be clear which entity is the data controller with respect to your personal data (for example because your contract is with that entity), however if you have any queries about this please contact the Director at the above mailing address or email: director@iota.org.uk

The Director is responsible for assisting with enquiries in relation to this privacy notice or our treatment of your personal data.

3. Data retention period

The Institute’s general policy is to hold data for seven years. This applies to all categories of personal data unless a shorter or longer period is specified in respect of particular categories of data. However, for existing members where the information may be required or relevant to future periods the information may be held for longer periods.

4. How we collect and use personal data

How we collect and use personal data varies according to our relationship with the person whose data it is (the ‘data subject’). How we collect data can be categorised as follows:

• Members of the society and persons associated our members.
• Other individuals whose personal data we obtain in the course of providing services such as training or consultancy.
• Business contacts
• Our employees
• Suppliers
• Users of our website
• Visitors to our offices


We collect information about individual members, which can include the collection of data from the owners or management of the firm a member works for, who we may need to interact with in the course of our work (for example we may have contact details for various people within the finance department of members firm who provide us with information during the course of our work).

It is our policy to only collect the personal information which is actually required for our work. – see Privacy Statement 12 – In some cases, this may mean that the only personal information that we hold is contact information and details of any communications with that person, but in other cases this may also include:

• a person/members’ place and date of birth
• a person/members’ drivers’ license details
• a person/members’ bank account details
• a person/members’ evidence of qualifications
• a person/members’ curriculum vitae

This information is usually supplied by members but may also be supplied by third parties who have been authorised by members or from publicly available information?

We may use this data to carry out our obligations arising from any agreements entered into between members, the competent authorities and us (for example in providing tax receipts to members or providing evidence of a members’ competence to the authorities).

In addition, we may use this data in managing our relationships with our members and in providing to our members information about our services or other information that we consider may be of interest to them.
The basis for this processing is the contracts that we have with our members, legal obligations and/or that such processing is necessary for our or our members’ legitimate interests.ng do we retain this data

We will retain personal data in accordance with our data retention policy for as long as is necessary to fulfil the purposes for which it is collected, including any retention period required by laws or regulations (for example audit regulations require information on audit files to be retained for the current year plus the previous six years).

5. Data sharing?

We will share your personal data with third parties where we are required by law or regulation, where it is necessary in the provision of services to our members, or for administration purposes, or where we have another legitimate reason in doing so. my personal data?

“Third parties” includes third-party service providers. The following activities are carried out by third-party service providers: IT and cloud services, professional advisory services, and banking services. All of our third-party service providers are required to take commercially reasonable and appropriate security measures to protect your personal data. We only permit our third-party service providers to process your personal data for specified purposes and in accordance with our instructions.

We may share your personal data with other third parties, for example in the context of the possible restructuring of the society. We may also need to share your personal data with a regulator, professional body or an external quality control reviewer, or to otherwise comply with the law. In the case of the external quality control reviewers, they are not allowed to use or share your data with anyone else.

6. Transferring personal data outside of the European Economic Area (EEA)

Except as noted below or where specifically requested by you, we will not transfer the personal data that we collect about you outside the EEA.

Data in respect of members, suppliers and others connected with society is stored in the UK.
Where a member asks us to introduce them to a service provider outside the EEA and have instructed us to transfer personal data to them, we will make this transfer in accordance with their instructions only.

7. Data security

We have put in place commercially reasonable and appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an un-authorised way, altered or disclosed. In addition, we limit access to your personal data to our employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

8. Rights to access, correction, erasure and restriction

It is important that the personal data we hold is accurate and current. Should your personal information that you have supplied to us change, please notify us of any changes of which we need to be made aware by informing your usual Institute contact.
Under certain circumstances, by law you have the right to:

• Request a copy of your personal information held on our files.
• Request amendments to that personal information held.
• Restrict consent as to how your personal information may be used.
• Request, subject to prevailing legislation that, any information held on our files is erased.

Should you wish to exercise any of the above rights, please contact us in writing or email: compliance@iota.org.uk.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

9. Right to withdraw consent

In the limited circumstances where you may have provided your consent to the collection, processing and transfer of your personal data for a specific purpose (for example, in relation to direct marketing that you have indicated you would like to receive from us), you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us in writing or email our data protection point of contact at: compliance@iota.org.uk.

Once we have received notification that you have withdrawn your consent, we will no longer process your personal information (personal data) for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

10. Changes to this notice

We will keep this privacy statement under regular review and any changes will be shown on this web page.
This privacy notice was last updated on 23 May 2018.

11. Contact us

If you have any questions regarding this notice or if you would like to speak to us about the manner, in which we process your personal data, please contact us in writing or email the Director at director@iota.org.uk

You also have the right to make a complaint to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues, at any time. The ICO’s contact details are as follows:

Information Commissioner’s Office
Wycliffe House
Water Lane
Telephone – 0303 123 1113 (local rate) or 01625 545 745
Website – https://ico.org.uk/concerns


We comply with our obligations under GDPR by not collecting or retaining excessive amounts of data, ensuring appropriate measures are in place to protect personal data from loss, misuse, unauthorised access and disclosure.

We only collect information that is relevant to enable us to transact business with you to provide courses, services, registration and examinations related to the provision and maintenance of your mandatory and vocational transport industry qualifications; and for services related to the operator licensing regulatory regime.

You may give us information, which may include your name, date of birth, email address, postal and business address, telephone number and when appropriate your driving licence details, when you contact us to use our services; complete the application form you have requested from us for registration on a course. On providing your details for use of our services and/or completing our application form you are acknowledging and consenting to the processing of your information by us.

The data you provide us with is used to register attendance on courses and registration with appropriate professional and regulatory bodies related to the transport industry; to provide proof of attendance for you to retain or replace; to provide proof of attendance to the relevant authorities; examination entry; relevant study materials and industry updates as necessary or required.

We may share your information with third parties for legitimate reasons only; in order to secure examination entry; to register attendance on courses with the relevant professional or regulatory bodies; to source replacement qualification certificates.

The information you provide to us is securely stored in our systems, we are PCI compliant and we will take all steps reasonably necessary to ensure your data is treated securely. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. We reserve the right to update or alter our privacy statement and practices, making the information available on our website for review.

When signing up for any of our services you may be required to provide information such as your name, postal address, email address and telephone number.

This data, and any subsequent data gathered, will normally be used by us solely for the purposes of the management and billing of your membership of this Institute. We may also use this data for the purposes of informing you of any important information connected with the day to day running of IoTA.

We may also supply the data we collect to relevant third parties in the event that you are found to be in breach of any of the terms and conditions of your membership.  But except as specified above, unless required to do so by a law enforcement agency or other authorised government agency, we will not pass on your personal details to any third party without your consent.

Please also note that this privacy policy only applies to members and potential members of the Institute of Transport Administration.
Our Information Commissioner’s Office (ICO) number is Z5455763



When you visit this site, one or more cookies may be stored on your PC.

We have endeavoured to identify where this situation may arise and to make your options clear to you. In the meantime you must allow cookies to be set if you wish to use this website. If you would prefer that a cookie not be stored on your computer you must either cease to visit this website or alternatively you can make adjustments to the settings in your Web Browser (e.g. Internet Explorer, Firefox, Opera, Safari etc) – most allow you to configure whether or not cookies may be stored on your device either globally or on a site-by site basis.

Please refer to your Web Browser’s Help section for additional details on exactly how to do this.

Please note that if you decide to prevent this site from storing cookies on your computer you may be prevented from accessing any or all sections of this site and may be unable to sign up for any of services.


What exactly is a cookie?

For more information on cookies, what they are and how they work, please visit the Webopedia.com definition of a cookie The page also has links to additional information on the subject. Alternatively why not visit www.howstuffworks.com/cookie.htm which also provides some interesting information on cookies.

For more even more information on how cookies work, along with information on how to configure Internet Explorer to reject third party cookies, try visiting: www.cookiecentral.com/faq/


Institute of Transport Administration


Registered Friendly Society: No 53 SA

Head Office

The Old Studio, 25 Greenfield Road

Westoning, Beds MK45 5JD

Tel: +44 (0)1525 634940

Mobile/TXT: +44 (0)7768 303588

Email: director@iota.org.uk