Data Privacy Notice
Protecting your privacy
We are strongly committed to protecting your personal data.
This Privacy Notice explains the types of personal data we collect from you when you join us. It also explains how we will store and handle that information and keep it safe.
We may need to update this Privacy Notice from time to time – and we will of course notify you of any significant changes that take place.
2. What is The Institute of Healthcare Management?
The Institute of Healthcare Management is the leading independent membership organization for health and social care managers, supporting their personal and professional development.
3. What are the legal bases for collecting and processing your information?
The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:
- Consent – in specific situations, we can collect and process your data with your consent e.g. when you complete a membership application form. We will seek your consent to allow us to contact you in regards to all membership matters of interest
- Contractual obligations – there will be times when we need to use your personal data to comply with our contractual obligations e.g subscription queries etc
- Legal compliance – there may be a legal requirement for us to collect and process your data e.g. in the case of fraud or other illegal activity we may be approached by law enforcement agencies
- Legitimate interest – there may be situation where we use your data to pursue our legitimate interests for the benefit to members e.g. we may undertake analysis to understand the make up of our membership so that we can ensure we are continuing to meet their needs.
4. When do we collect your personal data?
When you complete the membership application form you create a membership account with us. You may contact us by email or telephone to request information regarding your membership or the services we offer, and in order to ensure we respond correctly we will make a note of the contact information you provide to us.
5. What sort of personal data do we collect?
When you complete your membership application form we request the following information from you: your name, gender, job role, organisation, home address, email address, telephone number, membership type and payment method.
6. How and why do we use your personal data?
We aim to provide the best possible service to our members. In order to do this, we need to understand the make-up of our membership in order to ensure that we can best meet your needs.
We may use your information under the following circumstances:
- to send you regular newsletters containing all the latest healthcare news and policy updates together with a wider range of information relating to healthcare, Information Technology, management skills etc.
- as part of our legitimate interest in understanding our customers and providing the highest levels of service to our members.
- to respond to your queries, refund requests, and any issues you may raise. We do this on the basis of our contractual obligations to you, our legal obligations and our legitimate interests in providing you with the best service and understanding how we can improve our service based on your experience.
- There may be times when we wish to contact you by post in relation to membership services. We will undertake this on the basis of our legitimate business interest.
- To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Notice. These service messages will not include any promotional content and do not require prior consent. If we do not use your personal data for these purposes, we would be unable to comply with our legal obligations.
- To comply with our contractual or legal obligations to share data with law enforcement.
- To send you survey and feedback requests to help improve our services. These messages will not include any promotional content and do not require prior consent when sent by email. We have a legitimate interest to do so as this helps make our products or services more relevant to you.
Of course, you are free to opt out of receiving these requests from us at any time by updating your preferences in your online account. However, should you choose not to share your personal data with us, or refuse certain contact permissions, this will mean we may not be able to provide some services for you.
7. How we protect your personal data
We understand how important data security is to our members and we will take every precaution possible to protect it.
All payment areas of our website use ‘https’ technology.
Access to your personal data is password-protected and details of your payment cards etc are not available to us – these are kept solely by our banking partners.
8. How long will we keep your personal data?
Any data we collect or process will only be kept for as long as necessary in relation to the purpose for which it was collected. Once a member officially cancels their subscriptions we will keep their full membership details for 4 weeks in order to ensure any payment errors can be rectified, and thereafter we will keep and archive the minimum amount of information necessary to meet our legal obligations to agencies such as HMRC. For failed subscriptions, where no formal notice of cancellation is received, we will keep their full membership details for 3 months in order to allow time for renewal/initial payments to be made, and thereafter we will keep and archive the minimum amount of information necessary to meet our legal obligations to agencies such as HMRC.
9. Who do we share your personal data with?
There are occasions when we have to share your personal information with trusted third parties such as IT companies who support our website and business systems. Such third parties will only have access to the information they need to perform the services specified in our contract with them. Our contract will specify that they must respect and protect your privacy at all times.
For fraud management, we may share information about fraudulent or potentially fraudulent activity in our premises or systems. This may include sharing data about individuals with law enforcement bodies.
We may also be required to disclose your personal data to the police or other enforcement, regulatory or Government body, in your country of origin or elsewhere, upon a valid request to do so. These requests are assessed on a case-by-case basis and take the privacy of our customers into consideration.
10. Where your personal data may be processed
We will need to share your personal data with third parties within the USA who manage our membership database for us. This is a large multinational organisation which processes data for many UK based organisations.
11. What are your rights over your personal data?
You have the right to request:
- Access to the personal data we hold about you
- The correction of your personal data when incorrect, out of date or incomplete.
- Destruction of your data when you withdraw consent, or object and we have no legitimate overriding interest, or once the purpose for which we hold the data has come to an end e.g. your membership is no longer active
- Withdrawal of consent for receipt of e-newsletters
Should we choose not to agree to a request for any of the above then we will need to explain in detail to you the reason for our refusal.
12. How to stop us sending you e-newsletters?
Please contact us with your request.
You may continue to receive communications for a short period after notifying us while we update our systems.
13. Contacting us
If you have any queries or requests regarding the data we hold for you, you can send your request to us by email at firstname.lastname@example.org. We will respond to your request within 30 days.
14. Contacting the Regulator
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office www.ico.org.uk/concerns
If you are based outside the UK, you can complain through the relevant data protection regulator in your country of residence.
15. If you live outside the UK
By providing your personal data to us, you expressly consent to the processing of your personal data by us, or on our behalf, in accordance with this policy. Please note our information technology storage facilities and servers are located outside your country of residence and could include storage of your personal data on servers in the UK.
16. Any questions?
If you have any questions relating to this Privacy Notice please contact us email@example.com
This notice was last updated on 16/05/2018