Protecting your data: The NHS Confederation privacy statement
Protecting your privacy is very important to us. So that you can feel in control of your personal information, we want to be clear with you about the information we collect and how it is used.
In order to provide you with our full range of services and benefits, we sometimes need to collect information about you.
Who we are
The NHS Confederation is a charity and membership organisation, which includes NHS Employers, NHS Clinical Commissioners, the Mental Health Network, the Welsh NHS Confederation and Northern Ireland Confederation. We operate a trading subsidiary, The NHS Confederation (Services) Company Limited, together they form the NHS Confederation group. Hereafter, the term NHS Confederation is used to describe all the different elements of the group listed above.
- NHS Confederation
- NHS Employers
- Social Partnership Forum
- Step Into Health
- NHS Clinical Commissioners
- Apprenticeships for All
- NHS Confed Conference
The NHS Confederation’s registered office is: 2nd Floor, 18 Smith Square, London, SW1P 3HZ and we are a registered Charity in England and Wales under number 1090329 and company number 04358614. We are registered on the Information Commissioner's Office and act as the data controller. Our designated Data Protection Lead can be contacted via the following methods:
Tel: 0207 799 6666
Fax: 0844 774 4319
What data we collect
We collect the personal data you provide to us when signing up for membership, newsletters, updates or events, to receive information from us. This personal data includes your name, email address, job title, organisation address, land and mobile phone numbers and other contact details.
We may also combine this personal data with other personal data we hold about you across the NHS Confederation group for example attendance at our events and the different channels you use to interact with us.
As part of the services we supply we may ask you to participate in consultations, surveys etc and we may keep copies of any communications between you and the NHS Confederation.
How we use your personal data
We will process your personal data for several reasons:
- processing is necessary for our legitimate business interests, we have legitimate business interests in:
- delivering communications
- attracting new members
- collecting opinions
- managing events
- you have given us consent. All electronic marketing communications (such as newsletters) include the option to directly unsubscribe or you can email email@example.com to ask for your preferences to be updated;
- is necessary to deliver a contract or service.
Transfer data outside the EEA
In some cases we may process your personal data outside the European Economic Area (EEA) where countries may not have laws which protect your personal data to the same extent as in EEA. We will ensure that your personal data is processed securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this privacy notice.
How long will we keep your data
We will keep your personal data for as long as you continue to be a member and as long as is reasonably necessary afterwards to fulfil any legal requirements.
How we protect your data
We take the security of your personal information seriously. In order to prevent unauthorised access or disclosure and unlawful or unauthorised processing and accidental loss, destruction or damage, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.
We take all reasonable steps to protect any personal information you submit via the website. However, as our website is grouped to the internet, which is inherently insecure, we cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, we have no responsibility or liability for the security of personal information transmitted via our website.
Our website may, from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Cyber Essentials Plus
We are accredited with the Cyber Essentials Plus certification, a government backed scheme which ensures our IT infrastructure is protected against common online security threats. We undertake Cyber Essentials audits annually to continue to keep our certification up to date and ensure that our new systems, policies and ways of working have been implemented to comply with the guidelines.
Who we share your personal data with
The NHS Confederation will not sell your information to any third party.
We may share your information with third parties where we have a legal duty to do so or to provide you with a service you have asked for. We may share your personal data within our group of companies as detailed in “who we are”.
As an individual you have explicit rights under general data protection regulation:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure (also known as the ‘right to be forgotten’)
- The right to restrict processing
- The right to data portability
- The right to object
- Rights with respect to automated decision-making and profiling
- The right to withdraw your consent to the collection, holding and processing of your personal data at any time.
Accessing your data
We are legally required to act on requests and provide information free of charge with the exception of requests that are manifestly unfounded, excessive or repetitive. If we determine this to be the case we may charge a reasonable fee or refuse to act on the request. We will respond to acknowledge your request and provide the information within one month of receiving your request. Please send your request to firstname.lastname@example.org with subject access request in the subject line.
Lodging A Complaint
If you are not satisfied with our response or believe we are processing your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You can contact the ICO via their website – https://ico.org.uk/concerns/ - or by calling their helpline – 0303 123 1113.
Changes to The NHS Confederation’s Privacy
Our privacy and cookies Policies may be updated from time to time so you may wish to check them each time you submit personal information to the us. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use The NHS Confederation’s websites to submit personal information to us.
This Privacy Notice was last updated in June 2020.