Keeping your personal information safe is very important to us. RSPH is committed to complying with privacy and data protection laws and being transparent about what we are doing. RSPH is registered with the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promote openness by public bodies and data privacy for individuals. (Registration reference: Z1621105).
We have policies, procedures and training in place to help our employees understand their data protection responsibilities and follow the data protection principles.
- We will process your personal information fairly and lawfully
- When we gather personal information from you, we will ensure what we collect is adequate, relevant and not excessive to our needs
- We take care to ensure your personal information is accurate and up to date
- We will only keep personal information for as long as is necessary
- We will only use your personal information for the reasons for which it was collected
- When we use your personal information, we do so in a way that respects your rights under data protection law
- We have put in place technical and organisational measures to protect your personal information from accidental loss or unlawful processing
- We will not transfer your personal information outside of the European Economic Area unless the country receiving your information has the same or higher data protection standards than those in the UK
How we use personal information
We collect and use personal information about our members, centres, learners, supporters, enquirers, and staff to:
Provide services to our individual and corporate members including publications, conferences and events
If you choose to become a member of RSPH, we will use the information that you provide to process and renew your application as requested. We will send you information relating to your membership. We will also occasionally send you information about events, services and courses which we think will be of interest to you.
We celebrate and promote the contribution and positive impact organisation and individuals have on the public’s health. We will collect, record and hold your personal information if you enter or are nominated for one of our annual awards.
We will collect from our centres information about our learners to ensure our compliance with our regulator’s requirements.
If you choose to register for and attend one of our courses or events, we will use the personal information that you provide to use to manage your attendance. We will need your explicit consent to hold and use any medical or religious information that you may provide in relation to your attendance.
For example, information about any disabilities you may have or specific dietary requirements.
We support and undertake research, sometimes collecting personal information through surveys, to develop evidence-based practice and policy. If you choose to provide personal information by completing one of our surveys, the information will be analysed and anonymised before being published.
If you contact us to make a general enquiry, your personal information will be used to respond to your enquiry and provide information that you have requested.
If you provide us with information about yourself, such as a resume or curriculum vitae, in connection with a job application or enquiry, we may use this information to process your enquiry. We will not store this information for any purpose other than that relating to your application.
We record and use the personal information of our employees in connection with their individual contracts of employment and to comply with our legal obligation as an employer.
We communicate with our customers, via email, post or phone, to provide requested services and with regard to their account.
We send periodic email newsletters to update interested individuals on the latest news and developments in relevant areas of our work. We send these to contacts who have actively consented to receive them, and these can be unsubscribed from at any time. Subscribers’ contact details are not used for any other purpose or shared with third parties unless permission has been given to do so.
We send periodic communications on specific products and services to contacts who have actively consented to receive them, and these can be unsubscribed from at any time. The data for subscribers is not used for any other purpose or shared with third parties unless permission has been given to do so.
We only collect information that we actually need. This may include:
- Email address
- Telephone number
- Job title
- Employment history
- Professional qualifications
- Date of birth
- Payment details
- Dietary requirements
- Accessibility needs
- Information relating to Special Consideration and Reasonable Adjustments
Our legal basis for processing personal information
We may process personal information because it is necessary for the performance of a contract to which you are a party (or to take steps at your request prior to entering a contract). For example, when we process a membership application, an exam entry, an event registration or provide a service or product that you have requested from us.
We will seek your consent to process your personal information when appropriate, for example for direct marketing communications.
We will always ask for your consent to process any medical or religious information that you provide to us, for example in relation to attendance at an event.
We will process employee personal information to comply with our legal responsibilities and duties as an employer.
How long we keep personal information for
We only keep personal information for as long as we have a use for it or are legally obliged to keep it. We have a personal information retention policy and schedule in place which staff are required to follow. Personal information held in our electronic and paper filing systems is securely destroyed or deleted when it is no longer required.
We will keep some membership and learner information indefinitely to be able to prove membership or qualification entitlement and for historical purposes. We will keep Lapsed Members’ data for 6 years. Survey results, Event and Courses registrations will be kept for 2 years.
Sharing personal information
We will not sell, share, distribute or disclose your personal information, unless we believe a regulator or law enforcement agency requires it, for example in cases of suspected fraud or defamation, or in order to comply with any other applicable legal obligation such as safeguarding.
We work with carefully selected partners who carry out work on our behalf. These partners may include mailing houses and IT specialists.
The kind of work that we may ask them to do includes processing, packaging, mailings. We only pass personal information to these partners if they have signed a contract which requires them to abide by data protection legislation requirements, use the information for our purposes only and treat your information as carefully as we do.
Transferring personal data outside of the EEA
We use SSL encryption to protect sensitive information online and we also do everything in our power to protect user-information off-line. Personal information is restricted in our offices and made available only to the appropriate departments.
All employees are provided with a unique username and password in order to gain access to this information. Our servers that store personally identifiable information are password protected and held in a secure environment, in a locked facility. Regular backups are made of this data, and these are stored off site.
Your rights If you no longer wish to receive communications about products and services from us, please email us. You can also unsubscribe at any time to emails that we may send to you about the products and services that we think will be of interest to you.
You have the right to:
- Request a copy of the information we hold about you. Requests should be emailed. We will respond within 30 days
- Tell us to change your personal information if it is incomplete or inaccurate
- Ask us to delete or remove your personal data if there is no compelling reason for us to continue using or holding this information
Please email us if you think our records are inaccurate or you wish us to delete your personal information.
Website user data
In order to facilitate sound information security practices, our technical solution providers record interactions with this website in the form of website server logs, this records your remote IP Address, the resources accessed on our website, date/time and your browser information. This information will be retained for up to 12 months to support our efforts in auditing and to safeguard our website.
Data is collected from users of our website using Google Analytics. This information includes browser type, internet service provider (ISP), referring/exit pages, platform type, date/time of visit, number of clicks, error pages and number of unique visits.
This information is anonymised and not linked to personal profiles or personally identifiable information provided by users. We use it to analyse visitor trends, behaviour, and the use of our website, administer the website and to gather broad demographic information of our website users.
Links to other websites
We do not accept any responsibility or liability for the privacy practices of such third party websites and your use of such websites is at your own risk.
Changes to this policy