Here at the College of Podiatry we take your privacy seriously and will only use your personal information to administer your membership and to provide the products and services related to being a member of this organisation.
We are registered as a data controller with the UK Information Commissioner’s Office as The College of Podiatry, registration number Z6708066.
We are firmly committed to protecting your privacy and aim to be clear when we collect your information and use it only as you would reasonably expect.
This policy was last updated on 25 May 2018.
How we use personal information
We will not use your personal information unless we have first told you how we will use it or it is obvious how we will use it.
We collect and use personal information for:
- Membership applications
- Membership administration including but not limited to: payment, renewals, providing event information, delivery of CPD, campaigning, keeping a record of our relationship with a member
- Membership benefit administration is by post, telephone, and electronic means
- Representation of the whole membership, a workplace group or individual
- Elections and appointments to committees
- Processing nominations and making awards
- Personal injury claims and indemnity insurance
- Processing and administering benevolent fund applications
- Processing and administering student records
- Event applications, registrations and administration
- Informing people about our events
- Carrying out surveys of members
- Forwarding member surveys and consultations run by other organisations with whom we collaborate or are funding
- Processing grant applications and awards
- Processing member expenses
- Employee administration
Our legal basis for processing personal information
Our lawful basis for the purposes that we process personal information is consent, for the performance of a contract, or for our legitimate interests.
The law allows us to collect and use personal data if it is necessary for our legitimate business interest and so long as its use is fair, balanced and does not unduly impact your rights. In many situations, the best approach for our members is to process personal data because of our legitimate interests, rather than consent.
We will ask for your consent to send you marketing emails and text messages. You can withdraw consent for this at any time.
Usually we will only process sensitive personal data if we have your explicit consent. In extreme situations, we may share your personal details with the emergency services if we believe it is in your ‘vital interests’ to do so. For example, if someone is taken ill during one of our events.
We may also share your personal information where we are compelled by law to do so.
We process employee personal information to meet our legal obligations as an employer.
How we collect personal information
We collect personal information from you directly through our website, through surveys and sometimes paper forms.
Universities may provide us with your personal information when they register you for student membership with us.
We may collect information about the software on your computer (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with the Website and for our records. This may happen automatically without your being aware of it.
The personal information that we collect
The type and quantity of information we collect and how we use it depends on why you are providing it.
For membership applications, administration and renewals we will collect:
- Your name
- Your contact details
- Your date of birth
- Details of your HCPC registration
- Your place of work and job title
- Your pay and hours worked
- Information about your specialities
- Information about your areas of interest
- Information about your qualifications
- Your mailing preferences
- Your bank or credit card details
- Your gender, nationality, ethnicity, and if you have a disability. We make it clear that providing this information is optional. If provided it is used for equal opportunities monitoring.
In addition to the personal information that is needed for membership applications, renewals and administration, we may collect other personal information as follows.
For whole membership, workplace group or individual representation we may also collect:
- Work place name, address and contact information
For elections and appointments to committees we may also collect:
- Qualifications, training and employment history
For processing nominations and making awards we may also collect:
- Some personal circumstance information
- Name and contact details of the nominee
For personal injury claims and indemnity insurance we may also collect:
- Medical records and circumstances surrounding claims information
For processing and administering benevolent fund applications and donations we may also collect:
- Financial records and information
- Medical records and information
For event applications, registrations and administration we may also collect:
- Source of referral
- Medical information such as dietary requirements and any disabilities relevant to accommodating event attendance
For informing people about our events we may also collect:
- Names and contact details of non-members
For carrying out surveys of members we may also collect:
- Employer information
For processing grant applications and awards we may also collect:
- Employment history
- Education and training
- Referee name and contact details
For processing member expenses, we may also collect:
- Financial records and information
For processing adverts to go in Podiatry Now, we may also collect:
- Work place name, address, contact information and payment details
How we may share personal information
We may share some of your personal information with organisations that carry out processing operations on our behalf, such as web services companies and mailing organisations. We carry out checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.
We do not sell or share personal information to third parties for the purposes of marketing. But, if we run an event in partnership with another named organisation your details may need to be shared with them. We will be very clear what will happen to your personal information if you register for such an event.
We may share some personal information with the Electoral Reform Society in the event of an election or a ballot.
We will not sell personal information other than as part of a sale of a substantial part of our assets.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We may need to make our list of membership available for the Personal Indemnity Insurance.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in compliance with data protection regulation.
How we protect personal information
We’re committed to protecting the security of your personal data, and as such we’ve put in place appropriate measures to:
- prevent your data from being accidentally lost, used or accessed in any unauthorised way, altered or disclosed
- deal with, and notify you and any applicable regulators, of any suspected personal data breaches where we’re legally required to do so
- limit access to your personal details to only those employees, agents, contractors and other third parties who have a business need. They will only be able to process your personal data on our instructions and will be subject to a duty of confidentiality.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We provide guidance and regular data protection training to our staff.
How long we keep personal information
We will only keep personal information for as long as we have a valid reason for keeping it. After that we delete or dispose of the information securely.
We keep personal information about:
- Our membership indefinitely so that we can administer and prove membership. Non-core information (e.g. personal details not relevant to prove membership at any point in time) about members is destroyed ten years after membership has lapsed.
- Representation case data of an individual are held for 6 years from resolution of case. Summary data of the case are held on indefinitely as a record of activity.
- Elections and appointment to committees indefinitely to maintain a record and history of committee members.
- Award recipients indefinitely, and all nominations for five years for our records.
- Personal injury claims for 3 years after settlement has been made to maintain a record that a claim was made and of the results.
- Benevolent fund applications for 5 years after applications are made so that we can identify repeat applications to the fund.
- Event applications, registrations and administration for 1 year until after the event has taken place.
- Surveys of members for 3 years after the survey so that data can be referenced for statistical analysis.
- Grant applications and awards indefinitely for successful applications and persons to abide by company rules.
- Member’s expenses for 6 years as required by law.
- Employees for the duration of their employment and 6 years after employment ceases in accordance with the law.
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to process your personal data for direct marketing purposes unrelated to your membership.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact us using the address below.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
Changes to this policy