Your cart

Privacy Policy

Effective Date: 12 May 2026
Last Updated: 12 May 2026

At MIM®, your privacy matters. This Privacy Policy explains how MIM® collects, uses, stores, shares, and protects your personal data when you interact with our websites, services, training programmes, events, certifications, digital platforms, and communications.

We are committed to protecting your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the EU GDPR where applicable, the Privacy and Electronic Communications Regulations (PECR), and other applicable privacy laws.

This Privacy Policy explains:

  • What personal data we collect
  • How and why we use your personal data
  • The lawful bases we rely on
  • How we protect your data
  • Your rights and choices
  • How to contact us about privacy matters

Who We Are

MIM® is the professional body dedicated to creating the best Major Incident Managers in the world.

Throughout this Privacy Policy, references to “MIM®”, “we”, “us”, or “our” mean Major Incident Management Ltd and its affiliated brands, products, training services, events, certifications, platforms, and websites.

For the purposes of applicable data protection law, MIM® acts as the data controller of your personal data unless otherwise stated.

If you have any questions about this Privacy Policy or how your personal data is handled, please contact:

Email: info@majorincidentmanagement.com

 

Personal Data We Collect

We collect personal data directly from you, automatically through your use of our services, and occasionally from trusted third parties.

The categories of personal data we may collect include:

Information You Provide Directly

  • First name and last name
  • Business email address
  • Telephone number
  • Company or organisation name
  • Job title or role
  • Billing and payment information
  • Event registration information
  • Training and certification records
  • Account login credentials
  • Personal profile information
  • Profile photographs or uploaded images
  • Survey responses and feedback
  • Information submitted through forms, enquiries, webinars, downloads, or support requests
  • Communications you send to us

Information We Collect Automatically

When you use our websites, platforms, or services, we may automatically collect:

  • IP address
  • Browser type and version
  • Device identifiers
  • Operating system and hardware information
  • Website usage information
  • Cookie identifiers
  • Session and interaction data
  • Referral source information
  • Approximate geographic location
  • Error logs and diagnostic information

Information From Third Parties

We may receive personal data from:

  • Event sponsors and partners
  • Learning management systems
  • CRM and marketing platforms
  • Payment providers
  • Analytics providers
  • Advertising and social media platforms
  • Publicly available business sources such as LinkedIn or company websites

How We Use Personal Data

MIM® uses personal data to operate effectively, deliver services, improve experiences, and support the global Major Incident community.

We may use your personal data to:

  • Deliver training, certification, webinars, and events
  • Provide access to MIM® digital platforms and learning environments
  • Process purchases and payments
  • Manage your account and authentication
  • Respond to enquiries and support requests
  • Communicate important service updates
  • Deliver newsletters, insights, reports, and marketing communications
  • Personalise your experience with MIM® content and services
  • Improve our products, services, websites, and training experiences
  • Analyse website performance and user engagement
  • Detect fraud, misuse, security incidents, or technical issues
  • Comply with legal and regulatory obligations
  • Protect the rights, safety, and security of MIM®, our clients, users, and partners

We only process personal data where we have a valid legal basis to do so.

Lawful Bases for Processing

Under UK GDPR and EU GDPR, we rely on one or more of the following lawful bases:

Contractual Necessity

Where processing is necessary to provide services you have requested, including:

  • Training and certification delivery
  • Event registrations
  • Account management
  • Payment processing
  • Support services

Legitimate Interests

Where processing is necessary for our legitimate business interests, including:

  • Improving our services and user experience
  • Business administration and operations
  • Marketing relevant products and services
  • Preventing fraud and maintaining security
  • Measuring engagement and website performance

When relying on legitimate interests, we ensure your rights and freedoms are not overridden.

Consent

Where required by law, we rely on your consent for:

  • Certain marketing communications
  • Non-essential cookies and analytics technologies
  • Optional profile information

You may withdraw consent at any time.

Legal Obligations

Where processing is necessary to comply with applicable laws, regulations, legal processes, or governmental requests.

Marketing Communications

MIM® may send you communications relating to:

  • Training and certification opportunities
  • MIM® EXPO and industry events
  • Podcasts, articles, reports, and resources
  • Product updates and new services
  • Industry insights and community initiatives

You can unsubscribe from marketing communications at any time by:

We do not sell your personal data to third parties.

Cookies & Similar Technologies

MIM® uses cookies and similar technologies to improve functionality, understand website usage, personalise experiences, and support security and analytics.

Cookies may include:

Essential Cookies

Required for website functionality, authentication, accessibility, and security.

Analytics Cookies

Help us understand how visitors use our websites and services.

Functional Cookies

Remember your preferences and settings.

Marketing Cookies

Used to measure advertising performance and provide relevant content.

Where legally required, non-essential cookies are only placed after you provide consent through our cookie banner or consent management platform.

You can manage cookie preferences through:

  • Our cookie settings tool
  • Your browser settings
  • Third-party opt-out mechanisms where available

Please note that disabling cookies may affect website functionality.

Sharing Personal Data

MIM® only shares personal data where necessary, lawful, and appropriate.

We may share data with:

  • Trusted technology and service providers
  • Learning management and certification platforms
  • CRM and email communication providers
  • Event partners and sponsors where applicable
  • Payment processors
  • Professional advisers, auditors, insurers, or legal representatives
  • Regulatory authorities or law enforcement where required by law

All third-party providers handling personal data on behalf of MIM® are required to maintain appropriate security measures and comply with applicable data protection laws.

Where event sponsors or partners receive your information, their use of your data will be governed by their own privacy policies.

International Data Transfers

MIM® operates internationally and may transfer personal data outside the United Kingdom or European Economic Area.

Where international transfers occur, we implement appropriate safeguards, including:

  • UK International Data Transfer Agreements (IDTA)
  • UK Addendum to EU Standard Contractual Clauses
  • European Commission Standard Contractual Clauses (SCCs)
  • Transfers to countries recognised as providing adequate protection

We take reasonable steps to ensure your data remains protected wherever it is processed.

Data Retention

We retain personal data only for as long as necessary to:

  • Deliver services
  • Meet legal, regulatory, tax, accounting, or reporting obligations
  • Resolve disputes
  • Enforce agreements
  • Maintain appropriate business records

Retention periods vary depending on the nature of the information and legal requirements.

When personal data is no longer required, it is securely deleted, anonymised, or destroyed.

Data Security

MIM® uses appropriate technical and organisational measures to protect personal data against:

  • Unauthorised access
  • Loss or destruction
  • Misuse
  • Alteration
  • Disclosure
  • Cybersecurity threats

Security measures may include:

  • Encryption
  • Access controls
  • Secure hosting environments
  • Multi-factor authentication
  • Monitoring and logging
  • Staff confidentiality obligations
  • Vendor due diligence and security assessments

While we take reasonable steps to protect personal data, no online platform or transmission method can be guaranteed completely secure.

Your Privacy Rights

Depending on your location and applicable law, you may have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete information
  • Request deletion of your personal data
  • Restrict or object to processing
  • Withdraw consent
  • Request portability of your data
  • Object to direct marketing
  • Request human review of automated decisions
  • Lodge a complaint with a supervisory authority

To exercise your rights, contact:

Email: info@majorincidentmanagement.com

We may need to verify your identity before processing certain requests.

We aim to respond to legitimate privacy requests within one month where required by law.

UK Information Commissioner’s Office (ICO)

If you are based in the United Kingdom and believe your data protection rights have been breached, you have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO).

For more information, visit the ICO website:

https://ico.org.uk

We encourage you to contact MIM® first so we can work to resolve your concerns.

Children’s Privacy

MIM® services are not directed to children under the age of 16.

We do not knowingly collect personal data from children under 16 without appropriate legal consent.

If we become aware that personal data relating to a child under 16 has been collected improperly, we will take reasonable steps to delete it.

Parents or guardians who believe a child has provided personal data should contact:

support@majorincidentmanagement.com

Automated Decision-Making

MIM® does not use personal data to make solely automated decisions that produce legal or similarly significant effects on individuals.

Third-Party Websites & Services

Our websites, events, platforms, and communications may contain links to third-party websites, services, or applications.

MIM® is not responsible for the privacy practices, content, or security of third-party services.

We encourage you to review the privacy policies of any third-party websites or providers you engage with.

Changes to This Privacy Policy

MIM® may update this Privacy Policy from time to time to reflect:

  • Changes in legal or regulatory requirements
  • Changes to our services or operations
  • Improvements in privacy and security practices

When material changes are made, we will update the “Last Updated” date above and take appropriate steps to notify users where required.

Contact Us

If you have questions about this Privacy Policy or how MIM® handles personal data, please contact:

MIM®
Email: support@majorincidentmanagement.com