ROYAL COLLEGE OF CHIROPRACTORS
The Royal College of Chiropractors (RCC) is committed to protecting the personal data of its members, staff and others who have an interest in the organisation. This Policy describes our lawful basis for the processing of personal data, the purpose of collecting personal data, how we collect it and how we process it.
Processing the personal data of RCC members
In line with the General Data Protection Regulation (GDPR), the RCC has identified ‘Legitimate Interests’ as the lawful basis for the processing of personal data for all current members. Legitimate Interests processing refers to an organisation processing personal data where: there is a genuine and legitimate reason for doing so, the personal data is used according to reasonable expectations and the processing of the data has a minimal impact on privacy.
Current members are registered chiropractors who have applied to join the RCC and have been successfully admitted based on their academic achievements and/or experience. These individuals support the RCC through membership subscription payments and donations, and strive to promote high quality care for patients by utilising RCC membership benefits.
The categories of current RCC membership are:
- Honorary Fellow
- Overseas – Licentiate, Member and Fellow
- Senior – Member and Fellow
As a membership body, the RCC’s core activities and services are centred around its membership base. The processing of personal data is key to retaining up-to-date records for all relevant individuals to enable the RCC to:
- Identify individuals and their relationship with us;
- Administer and maintain accurate membership records;
- Administer and maintain accurate records for events;
- Administer efficient billing services, where necessary;
- Notify members and non-members about our services, membership benefits, news, CPD events, new initiatives and other important notifications that we feel may be appropriate;
- Respond to any queries or questions raised;
- Provide an excellent service.
Processing the personal data of others who have an interest in RCC activities
There are individuals who have an interest in the RCC but who are not current members. These individuals are categorised as either ‘Former Members’ (individuals who have previously been a member of the RCC) or ‘Non-members’ (individuals who have never been a member of the RCC but have demonstrated interest or participated in RCC activities such as CPD events or committees).
The RCC has also identified ‘Legitimate Interests’ as the lawful basis for the processing of personal data for these two categories and use personal details for the purpose of keeping these individuals updated with RCC activities and events. The RCC uses its best endeavours to ensure the personal details provided by these individuals is kept up to date.
Purpose of collecting personal data
Personal data is collected through the Membership Application process, through the completion of a membership application form and supporting documentation. The information is logged and retained within the membership database by the RCC’s data processors. Membership and status is awarded based on individual achievements and/or experience.
Non-member information is collected at the point at which non-members choose to contact the RCC, usually when registering for an RCC event.
At the point of data collection, member and non-member email addresses are entered onto an email communication service provided by a third-party supplier. Individuals can opt out of receiving RCC communications at any time, please see the ‘Using personal data – your choices’ section for further information.
Personal data that the RCC collects and processes
The RCC may collect, retain and maintain some or all of the following personal data on members and non-members:
- Date of birth
- Email address
- Telephone number(s)
- Bank account details (if pay by direct debit) – sort code, account number and account name
- A historical record of all financial transactions with the RCC
- Telephone numbers and email addresses for the RCC Specialist Faculty registers on the RCC website, where applicable
- Records of attendance at RCC events
- Membership photos for award recipients and event attendees
- RCC website login names and passwords, where applicable
Other information that the RCC collects
The RCC use a third-party supplier for their email campaigns and one functionality available and occasionally used, when necessary, is tracking to see which recipients have opened and read email campaigns sent by the RCC. When tracking is used this is typically on a wider level to understand open and click rates on email campaigns.
The RCC use analytical reporting tools such as Google Analytics and Survey Monkey, such tools can collect IP addresses, but are not used to disclose identity, they are more often indicative of geographic location.
Access to data held by the RCC
The Chief Executive of the RCC is its Data Controller. Data Processors directly employed by the RCC, either as employed staff or elected/appointed officers, have access to personal data.
The RCC uses a number of third-party service-providers (for example to process payments securely). Where the RCC uses such service-providers, it discloses only the personal information that is necessary to deliver the relevant service. Formal agreements are in place to ensure all information is kept securely and only used for relevant purposes.
Sharing personal data
The RCC does not share, sell or swap personal data with other organisations for their use.
The RCC uses its best endeavours to retain up-to-date records for all current members.
At the point of membership cancellation, all personal data kept within paper files is scanned and retained electronically and the paper files are securely destroyed. Electronic membership files are retained indefinitely for the purposes of referring to historical membership information, should an individual wish to re-join the RCC. Individuals are reminded they can request the permanent deletion or removal of their personal data, if the data does not need to be retained for statutory purposes. See ‘Using personal data – your choices’ for more information.
When a member becomes a former member, the RCC will retain and use their personal data for the purpose of keeping the individual up-to-date with RCC activities and events and/or retaining details of previous financial or training transactions.
The RCC take the security of all data very seriously and take every reasonable effort to ensure electronic and physical data is protected. However, should there be a security breach, the RCC has a Data Breach Policy in place. The Data Breach Policy has been shared with our third-party service-providers to ensure they comply with our policy.
Payments received, via the RCC website and through the RCC’s Data Processors, are processed via a secure platform, provided by a third-party payment bureau.
Where the RCC has given members a password which enables access certain areas of the RCC website, individuals are responsible for keeping this password confidential.
Using personal data – your choices
The RCC understands that members, non-members and former members have a genuine interest in RCC activities and these individuals are content for their personal information to be processed (retained and used), under the legitimate interests basis, for the purpose of receiving relevant RCC communications.
Individuals can opt out of receiving RCC communications by contacting the RCC at firstname.lastname@example.org
If an individual has previously unsubscribed from RCC communications but wishes to re-subscribe, they can do so by contacting the RCC at email@example.com or by following this link: http://eepurl.com/xWjE1
Right to request a copy of the information held about you
Individuals have the right to request a copy of the information the RCC holds about you. There is a maximum administration charge of £15.00, depending on the extent of the data you require, to cover the administrative cost of providing this information. If you wish to request a copy of the information the RCC holds about you, please do this in writing to the RCC’s Data Controller (contact details below) outlining the information you wish to see.
Right to request the deletion of your personal data
Individuals have the right to request the deletion or removal of personal data if there is no compelling reason for its continued processing.
To comply with statutory requirements, if an individual record contains financial transactions, the RCC retains data for a maximum of eight years from the end of the financial year in which the last transaction was made. The information retained is: name, a unique identifier (date of birth, RCC membership ID and/or GCC registration number) and the historical record of all financial transactions with the RCC.
Individuals can request the permanent deletion or removal of their personal data held by the RCC, if the data does not need to be retained for statutory purposes, and can request this in writing to the RCC’s Data Controller (contact details below).
What are your rights?
If you wish to raise a complaint about how the RCC has handled your personal data, you can contact the Data Controller (contact details below) who will investigate the matter. If you are not satisfied with the response, or believe the RCC is not processing your personal data in accordance with the law, you have recourse to the Information Commissioner’s Office (ICO).
Contact details for the RCC’s Data Controller
|Data Controller:||Chief Executive|
|Address:||The Royal College of Chiropractors, Chiltern House, 45 station Road, Henley on Thames, RG9 1AT|
Keeping the RCC informed
To help us maintain up-to-date and accurate records, please let the RCC know if there are any changes to your personal details. You can do this by phone or email firstname.lastname@example.org.
Review of this policy
The RCC keeps this policy under regular review. This policy was last updated in October 2019.