2. When do we collect personal information
3. What do we collect
4. How we use your information
5. People Who Use Our Services
6. Access to personal information
7. How Long Do We Keep Information
9. Job Application and Former Employees
10. Disclosure of Personal Information
The College is responsible for processing the personal information you provide to us and is the controller for the personal information we process, unless otherwise stated.
We collect information about you for the following reasons:
- Membership applications
- Direct Debit payments
- Event and conference bookings
- Shop orders
- Enquiries and complaints
- Paid and voluntary role applications
- Usage of learning and CPD programmes
- Details of current/former employees
- Details of current volunteers
If you only visit our website and do not create an account, we will not gather any personal information beyond that referenced in Section 4.4 below. Information that is collected once you create an account is essential to ensure that we can provide the best possible service and experience.
Data that is collected as part of procurement of supplies and services is primarily collected as part of a ‘contract’ with you, i.e. for us to provide a service to you as listed above.
If you are member of the College, or if you apply to become a member, we will collect from you, and hold, information including your name, the date you registered your place and programme of study (student members), your HCPC number (registered members), your home address, telephone number, email address, bank account details.
We also hold details of your job role, pay band/range, and work setting as well as equality monitoring data (which includes special category data described in Section 4.2). You do not need to provide this additional information if you prefer not to, however it will help us to provide appropriate and wide-ranging services to our members if you provide all of the information we ask for.
We will use the personal information that we collect about you to:
- Assess your eligibility to become a member of the College
- Verify your HCPC registration status
- Administer your membership, including by collecting membership payments from you
- Provide the benefits of membership services to you
- Comply with our legal obligations, protect and defend our rights and pursue our legitimate business interests
- Prevent and detect financial irregularities and/or identity fraud
- Keep you up to date with news about the College’s activities, according to your communication preferences.
We may also ask you to provide us with sensitive personal information (classed as ‘special category’ under GDPR) such as your ethnic origin, details of any disabilities you have, your religion or belief and your sexual orientation, along with age, gender identity and pay band/range. You do not have to provide us with this information, however if you do choose to do so, we will use it to ensure that services are delivered in an equitable and non-discriminatory way. We will also anonymise sensitive or ‘special category’ personal information in order to gather statistics and assess the demographics of our membership.
In the process of providing member services and pursuing our charitable aims, we may also process your data in the following ways:
- Record details of your interactions of with us
- Record details of information you have given us and advice we have provided to you in your membership record, when dealing with your enquiries.
We may analyse details of your visits to our website using Google Analytics. For more information on cookies, click here
to see our Cookies statement on our website.
We may use the data that you have provided to let you know of any events that may count towards your CPD. The College intends to rely on the lawful basis of ‘legitimate interests’ for our existing members when sending direct marketing about events that may be of interest to you. We will not send direct marketing to those who are not current members without their explicit consent.
We will share your personal information with specific third parties in order to facilitate provision of products or services to you, or to help us evaluate and improve our membership services. For instance, we use third parties to administer the voting in our elections and to provide medical and public liability insurance.
If you are not a College member but interact with our organisation, we may collect and hold information about you if you:
- Contact us by any means with an enquiry
- Visit our website
- Make an online purchase
- Book an event with us
- Purchase a product or service by phone
- Engage with us on our social media platforms
- Fill in any forms, such as surveys, research or applying for paid and voluntary roles.
Under the GDPR you have the following rights in relation to your data. All requests can be made free of charge and we have one calendar month to respond:
- The right to be informed
You have the right to be informed when we collect your personal data from you directly or indirectly from another source.
- The right of access
You have the right to request copies of the data we hold about you.
- The right to rectification
You have the right to request that we complete any information about you that you think is incomplete. You also have the right to request that we rectify any inaccurate information that we hold about you.
- The right to erasure
Also referred to as the “right to be forgotten”, you have the right to ask us, in certain circumstances, to erase your data.
- The right to be informed
You have the right to be informed when we collect your personal data either directly from you or indirectly from another source.
- The right to object to us processing your personal data
You have the right to object to us processing your personal data in certain circumstances. For example – for the purposes of direct marketing.
- The right to restrict us processing your personal data
You have the right to restrict us processing your data in certain circumstances. This means that we may still be able to hold the data, but not process it.
- The right to portability
You have the right to request that we transfer the information we hold about you to another organisation or to yourself in certain circumstances.
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. We may also keep it to comply with our legal obligations, resolve any disputes and enforce our rights. These reasons can vary from one piece of information to the next and depend on the products or services you have signed up to, in some cases the amount of time we keep your personal information for may vary.
In all cases, our need to use your personal information will be reassessed on a regular basis, and information which is no longer required for any purposes will be deleted/disposed of securely.
All data will be kept in line with our retention schedule.
Online privacy and security is the most important aspect of any member service and we take it extremely seriously. We use a variety of the latest technologies and procedures to protect your personal information from unauthorised access, destruction, use or disclosure.
We restrict access to your personal data to those employees, and third parties, who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards to protect your personal data.
Security measures are in place to secure personal information include encryption technology and firewalls as well as restrictions regarding the storage of sensitive information (see section 4.2 above).
Your College website account is password protected, and you can log on using your username and password to edit any personal information held on your account.
Staff access to the customer relationship management (CRM) system is also password protected and is not accessible by members of the public.
If you apply for a job with us, we collect your name, address, email address, phone numbers, employment history, and qualifications/education. We, also enable you to voluntarily provide equality monitoring data (which includes special category data described in Section 4.2), in order to ensure we recruit in an equitable and non-discriminatory way.
When you apply to work at College, we will only use the information you supply to us to process your application and to monitor recruitment statistics. Where we want to disclose information to a third party, for example where we want to take up a reference, we will not do so without informing you beforehand.
Personal information regarding unsuccessful candidates will be held for six months after the recruitment process has been completed, it will then be destroyed or deleted. We retain de-personalised statistical information about applicants to help inform our recruitment activities, but no individuals are identifiable from that data.
Once a person has taken up employment with the College, we will compile a file relating to their employment. The information contained in this will be kept secure and will only be used for purposes directly relevant to that person’s employment. Once their employment with College has ended, we will retain the file in accordance with the requirements of our retention schedule and then delete it.
In many circumstances we will not disclose personal data without consent. However, if we are involved in the investigation of a complaint, for example, we may need to share personal information with regulatory organisations and with other relevant bodies.
If at any point you wish to stop the processing of the data you have given consent for us to hold, please contact the relevant member of staff at the College, who will cease the processing of such data promptly and without delay, within one calendar month of your contact. Alternatively, contact the Data Protection Officer (details below) with details of the data processing you wish to be ceased.
This page was last updated 02.12.2022.