Privacy Policy

Last updated 06 October 2021

In this policy, we lay out: what data we collect and why; how your data is handled; and your rights to your data.


Who Are We?

b2b partnerships Ltd. is an organisation specialising in working with independent professional associations. We have been contracted by The Chartered Institute of Internal Auditors – UK and Ireland to operate this website on their behalf.

We respect and are committed to protecting your privacy. We aim to maintain consistently high standards in our use and storage of your personal data, and endeavour to comply with the Data Protection Act 1998, the EU General Data Protection Regulation (GDPR) and other relevant legislation.

Our registered office is 6th Floor, Charles House, 108-110 Finchley Road, London NW3 5JJ. We are registered in England and Wales under the company number: 05702184. The VAT registration number is: 893932965. Our ICO Registration Number is: ZA757849. For enquiries, please contact us by email at

What We Collect and Why

We collect only what we need to serve providers or suppliers of industry solutions for the internal audit and risk sector, and users seeking these services on this website.

This information can consist of, but is not limited to, information such as your name, email address and telephone or mobile number, depending on how you are engaging with us. By submitting your details, you enable us to provide you with the products or services that you have selected, and agreed we will provide.

Information we do not collect

We don’t collect any characteristics of protected classifications including age, race, gender, religion, sexual orientation, gender identity, or gender expression. We also do not collect any biometric data. You may provide this data voluntarily, such as if you include a pronoun preference in your email signature when writing into our Support team.

When we access or share your information


  • To provide products or services you've requested. We use some third-party services to run our applications and only to the extent necessary to process some or all of your personal information via these third parties. Having sub-processors means we are using technology to access your data.

  • To share with the Chartered IIA and service providers. Your information is provided to the Chartered Institute of Internal Auditors – UK and Ireland. We do not sell or rent your information to other organisations. We may pass your information to third party service providers. This is only done when stated and for the purposes of completing tasks and providing goods and services to you on our behalf.

  • To investigate, prevent, or take action regarding restricted uses. We have an obligation to protect the privacy and safety of both our customers and the people reporting issues to us. We do our best to balance those responsibilities throughout the process. If we do discover you are using our products for a restricted purpose, we will report the incident to the appropriate authorities.

  • When required under applicable law. We will not release your information to other organisations unless in exceptional cases when we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime. In all other instances, we would only share your information with another party if you have given your explicit permission to do so.

How long do we keep your personal data?

We hold personal data for a variety of different purposes and the length of time we keep your information for will vary depending on the products and services we are providing to you. We will only keep your personal data for a reasonable period of time and we base this on the purpose for which we are using it.



What are Cookies?

A cookie is a small file of letters and numbers that is downloaded on to your computer when you visit our website. It allows our website to recognise your device and store some information about your preferences or past actions.

The Cookies Directive was adopted as an amendment to the e-Privacy Directive in May of 2011 by all countries in the EU. Websites that are either owned by EU businesses or directed towards EU citizens must inform visitors that cookies are in use, how these cookies are used, and obtain consent before cookies can be used.

How do we use cookies?

We use analytics to monitor the traffic on the website. It helps us to improve its usability by understanding how you use our information and how you navigate the site. It collects information anonymously. We use analytics cookies to store anonymous information such as what time you visited our website and whether you have visited before.

How do I change my cookie settings?

Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, visit or

Find out how to manage cookies on popular browsers:

To find information relating to other browsers, visit the browser developer's website.


Ensuring your personal data is kept secure is of the highest importance to us and will be held on secure systems.

Your personal data may be transferred to a country outside the European Economic Area (EEA). This may be required for the purposes of our staff based outside the EEA or where a supplier of a service is based outside the EEA. We will take all reasonable steps necessary to ensure your personal data is treated securely.


Accessing or Deleting Your Personal Data


You can request a copy of the personal data we may hold relating to you, and the purposes for which we are using it. This is known as a Subject Access Request.

In responding to such a request we may ask for proof of your identity, to ensure we do not inadvertently send your personal data to another person. We will endeavour to respond to any such requests as soon as possible, but at least within one calendar month.

We give you the option to ‘Delete’ your data on the website. Once submitted, this information will no longer be accessible via the website. In this case, there is no period of time where the data is kept in a temporary ‘recycle bin’, your data is purged immediately.


Links to Other Organisations’ Websites

This website may contain links to other third-party websites operated by other organisations. This Privacy Policy applies to this website only‚ so we encourage you to read the privacy statements on any third-party websites that you visit. We cannot be responsible for the privacy policies and practices of external websites even if you access them using links on this website.

Changes & Questions

We may update this policy as needed to comply with relevant regulations and reflect any new practices. Whenever we make a significant change to our policies, continued use of the Services will require you to accept these revised policies.

If you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information, please get in touch by emailing us and we’ll be happy to answer them. Email our Data Protection Officer:

Alternatively, you can contact the Information Commissioner’s Office to make a complaint or report a concern by calling their helpline on 0303 123 1113 (in the UK), or contacting them at: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.



Adapted from the Basecamp open-source policies / CC BY 4.0

Back to the top