Privacy notice: Membership, Enquiries and Visit Requests
We use your personal data to assist us in answering your enquiry and to provide you with information about our services and to assist with membership services. We also process personal data of a medical nature in order to help you and make your membership useful and meaningful.
- We respect your personal data and take its security very seriously.
- We only hold what data we need for the purpose for which we obtained it.
- We delete your data when it has reached the end of its retention period.
- You have privacy rights.
- We are happy to answer your questions. Our contact details can be found at the end of this notice.
What data we hold
For a general enquiry we will process your name and contact information. If your enquiry is about your medical condition we will only process what is necessary and we will only do that with your explicit consent.
If you join our organisation we will process your contact details, the medical information you provide us with and your bank details so that we can take payment for your membership.
If you make a complaint or give us a compliment we will process your name, address, and contact details.
If you request support from our visiting service we will process your name and contact information, and any necessary medical information to enable us to provide that support. We will only process what is necessary, and we will only do that with your explicit consent.
When you are on our website we generate log files from various servers. This will include an IP address assigned to you or to your internet service provider.
How we use your personal data
References to the legal basis for processing of your personal data (e.g. “(Basis: Art. 6(f).)”) are a reference to the article of the General Data Protection Regulation. Each piece of personal data that we process must have a legal basis.
To deal with general enquiries and requests for literature. If you call us or email us, we will follow up on your enquiry and see if there is a way in which we can help you. We keep a record of enquiries received and store them securely. We do not share your details with anyone else.
The basis for us processing your data is your consent for us to do so.
If your enquiry is medical in nature or you request support from our visiting services. In order to help you, we will need your explicit consent for us to process any of your medical information. We will not be able to provide feedback to any healthcare professional without your specific consent.
Art. 9(2(a): you have given explicit consent to the processing of your personal data that reveals your health.)
If you join our organisation as a Member
If you join IA as a member, we will collect your personal details and bank details as part of our contract with you. For all members, the collection of your medical information will be by your explicit consent. There will be a tick box on the application form which means that you consent to us holding details about your health condition.
We will share your information with your local IA member organisation. IA will send regular communication to you regarding your membership such as renewal reminders and information and awareness events etc.
(Basis: Art. 6(b): processing is necessary for the performance of a contract Art. 9(2(a): you have given explicit consent to the processing of your personal data that reveals your health.)
We use the logs from our servers to help with our company’s security as well as to look at visitor behaviour (e.g. which website pages get the most traffic or are the most popular).
(Basis: Art. 6(c): we have a legal obligation to protect the data of our clients and our staff. Art. 6(f): strategy planning is a legitimate activity for a business.)
Your data and transfers outside of the EEA
We do use systems whose servers are outside the EEA. In most cases adequate safeguards are in place either via EU-US Privacy Shield Framework or EU Model Contracts. We are addressing systems which do not yet have sufficient safeguards.
You have rights in respect of our processing of your personal data which are:
- To access to your personal data and information about our processing of it. You also have the right to request a copy of your personal data (but we will need to remove information about other people).
- To rectify incorrect personal data that we are processing.
- To request that we erase your personal data if:
- we no longer need it;
- if we are processing your personal data by consent and you withdraw that consent;
- if we no longer have a legitimate ground to process your personal data; or
- we are processing your personal data unlawfully
- To object to our processing if it is by legitimate interest.
- To restrict our processing if it was by legitimate interest.
- To request that your personal data be transferred from us to another company if we were processing your data under a contract or with your consent and the processing is carried out automated means.
If you want to exercise any of these rights, please contact us using the details at the end of this notice.
As an enquirer or member, we will transfer your personal data to these third parties:
- Companies that provide services to us. Our telephone service providers will get to see your phone number if we call you and our broadband supplier which could see your email address (but not the content of what you send us, if you encrypt it).
- Cloud service providers. We use a number of cloud service providers, such as our accountancy software, email providers, Microsoft Office 365.
- Payment providers. We use WorldPay to process your payments.
- We never share your details with companies providing goods and services, however from time to time you may receive information from them, but this will have been sent to you by IA on their behalf. If you would like to opt out of this please contact national office.
- If you become of one our journal distributors, your name and address will be passed onto our printers so that we can post the Journals to you.
- If you become one of our member organisation secretaries, treasurers, chairmen, or a member of a member organisation management committee, your personal data may be shared within the organisation, in the magazine and also made available on our website. If you choose to share your story and with your express permission, we will share your name and member organisation in our members’ journal, on our website or via social media
- If you choose to write to the journal in the form of a ‘letter’ and with your express permission, we will share your name, address and email address in our members’ journal
- If you use our visiting service, we will share your details with one of our volunteer visitors. Information following this visit will not be shared with anyone unless you give permission.
- If you come to our conferences/events we will share your details with the relevant hotels and conference centres.
- If you would like to apply for one of our welfare grant applications, your data will be shared with the welfare sub-committee. If you are approved, we will retain your information for 7 years for legal reasons and if declined we will dispose of it securely.
This is the length of time that we will continue to process or store your personal data.
Data enquiries: duration of enquiry, then 1 year
Data about members: the length of membership and 7 years for HMRC and accounting purposes.
Server logs: one year
We have appointed a data protection consultant, Sapphire Consulting, and any issues regarding data protection or this fair processing notice should be addressed to them at firstname.lastname@example.org. In the event of wanting further information about your data subject rights, or in the case of making a complaint, you can contact the ICO, the supervisory authority in the UK on 0303 123 1113. Or via the website here https://ico.org.uk.
IA Danehurst Court
35-37 West Street
Essex SS4 1BE
This notice will be reviewed regularly and updated.