Privacy and Data Protection
This Privacy Notice sets out information about how we process information about you in order to comply with the Data Protection Act 2018 and the EU General Data Protection Regulation. It tells you what to expect us to do with your personal information when you make contact with us or use one of our services.
This notice is layered. So, if you wish, you can easily select the reason we process your personal information and see what we do with it.
We’ll tell you:
- why we are able to process your information
- what purpose we are processing it for
- how long we store it for
- whether there are other recipients of your personal information
The Democratic Orthopathic Council (DOC) is the controller for the personal information we process, unless otherwise stated.
DOC is a profession body. We hold and processes information about our service users for various purposes. For example, to ensure our services are responsive to needs and to report to our members and regulatory body, to enable correspondence and communications, and for safeguarding purposes.
The Democratic Orthopathic Council
46 – 48 East Smithfield,
Tel: 020 7175 6784.
Data which has been collected prior to the introduction of GDPR (25 May 2018) will be processed in accordance with this updated Privacy Notice.
Visitors to our Website
The data controller for the websites is as follows:
www.orthopath.org – DOC
Legal basis for processing data: The legal basis we rely on to process your personal data is article 6(1)(f) of the GDPR, which allows us to process personal data when its necessary for the purposes of the legitimate interests of the Data Controller. The purpose for implementing all of the below on our websites is to maintain and monitor the performance of our websites and to constantly look to improve the site and the services we offer to our users.
Analytics: When you visit our websites we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out such things as the number of visitors to the various parts of the site. This information is only processed in a way that does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
If we do collect personal data through our website, we’ll be upfront about this. We’ll make it clear when we collect personal information and we’ll explain what we intend to do with it.
If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
Your rights: As we are processing your personal data for our legitimate interests as stated above, you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which depend on why we are processing it.
If you contact us through the website
Why we process your data: we will only process your data in order to respond to your query (if applicable).
Legal basis for processing data: we process your data under the basis of ‘legitimate interests’.
Using our online engagement facilities
Why we process your data: we process the personal data you provide in order to be able to offer an online engagement service where individual posts can be responded to and moderated when necessary.
Lawful basis for processing data: we gain your consent to process your personal data when you sign up to use this service.
How long we will store your data: we will store your data for as long as you are using this service, and for up to three years after your last post. Users inactive for more than three years will be deleted from the system.
Your full name and email is not displayed on the service. When you post personal information on a discussion board, on our forum, or any form of online engagement service, your information is publicly accessible. Such information can be viewed online and collected by third parties. We are not responsible for the use of information by such third parties.
When contributing to a discussion we strongly recommend you avoid sharing any personal information that can be used to identify you (such as your name, age, address, name of employer). We are not responsible for the privacy of any identifiable information that you post in our forum, online engagement services, or other public pages of our websites.
Emails and Social Media
Why we process your data: in order to provide you with our newsletter, updates and alerts, we have to process personal data you provide to us when you sign up to receive them.
Legal basis for processing data: we ask for your consent to process your personal data when you sign up for our services. You can withdraw your consent at any time, meaning you will no longer receive the newsletters updates or alerts, by following the ‘unsubscribe’ links included on every newsletter and/or by terminating your membership.
For all newsletters we gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our services. We sometimes use third party data processors to deliver our electronic communications. Any provider we us must comply with the EU-US Privacy Shield Framework.
If you chose to unsubscribe from our newsletters, your details will be kept on a specific ‘do not send’ list to ensure we comply with your wishes.
People who contact us via social media
Why we process your data: we process data provided by you in order to respond to any messages you send via social media. We sometimes use a third part data processor, Hootsuite, to manage some of our social media interactions.
Legal basis for processing data: we rely on legitimate interests to process your data regarding social media. We would not be able to respond to your messages without doing so.
If you send us a private or direct message via social media the message may be stored by Hootsuite. It will not be shared with any other organisations. Hootsuite is based in Canada, but for the purposes of EU data protection law, Canada is considered a country which provides adequate protections for Personal Information, as confirmed by the European Commission in Commission Decision 2002/2/EC.
When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We do compile statistics showing information like the number of complaints we receive, but not in a form which identifies anyone. This information is only shared internally and with our regulator.
We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.
We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.
Your Rights to Your Data
Under data protection law, you have rights we need to make you aware of. The rights available to you depend on our reason for processing your information. You can find more information about this on the Information Commissioner’s Office website.
Accessing your data: You have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information we process.
Correcting your data: You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies.
Erasing your data: You have the right to ask us to erase your personal information in certain circumstances.
Restricting processing: You have the right to ask us to restrict the processing of your information in certain circumstances.
Object to processing: You have the right to object to processing if we are able to process your information because it is in our legitimate interests.
Data portability: This only applies to information you have given us. You have the right to ask that we transfer the information you gave us from one organisation to another, or give it to you. The right only applies if we are processing information based on your consent.
You have a right to access data that DOC holds about you (personal data) and be given access to your information within 30 days of request in accordance with the Data Protection Act 2018 and the General Data Protection Regulations. You can request your personal information by email to firstname.lastname@example.org or by writing to: Data Controller, Democratic Orthpathic Council, 46 – 48 East Smithfield, London, EC1W 1AW.
There is no charge for this. It will help us to find your information if you can tell us something about the nature of your contact with us e.g. which service, your geographic area. We want to ensure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate. You may be asked to provide proof of your identity.
Your right to lodge a complaint with a supervisory authority
If you have a complaint about the way we process your data, you have the right to complain to the Information Commissioner’s Office. Please see the ICO website for more information.
Changes to this privacy notice
We regularly review and, where necessary, update our privacy information. If we plan to use personal data for a new purpose, we update our privacy information and communicate the changes to individuals before starting any new processing.