Royal College of Chiropractors Privacy Policy - Full Details

The Royal College of Chiropractors (RCC) is committed to protecting the personal data of its members, staff and others who have an interest in the organisation. This Policy describes our lawful basis for the processing of personal data, the purpose of collecting personal data, how we collect it and how we process it.

Processing the personal data of RCC members

In line with the General Data Protection Regulation (GDPR), the RCC has identified ‘Legitimate Interests’ as the lawful basis for the processing of personal data for all current members. Legitimate Interests processing refers to an organisation processing personal data where: there is a genuine and legitimate reason for doing so, the personal data is used according to reasonable expectations and the processing of the data has a minimal impact on privacy.

Current members are registered chiropractors who have applied to join the RCC and have been successfully admitted based on their academic achievements and/or experience. These individuals support the RCC through membership subscription payments and donations, and strive to promote high quality care for patients by utilising RCC membership benefits.

The categories of current RCC membership are:

  • Licentiate
  • Member
  • Fellow
  • Honorary Fellow
  • Overseas – Licentiate, Member and Fellow
  • Senior – Member and Fellow
  • Provisional
  • Student

 

As a membership body, the RCC’s core activities and services are centred around its membership base. The processing of personal data is key to retaining up-to-date records for all relevant individuals to enable the RCC to:

  • Identify individuals and their relationship with us;
  • Administer and maintain accurate membership records;
  • Administer and maintain accurate records for events;
  • Administer efficient billing services, where necessary;
  • Notify members and non-members about our services, membership benefits, news, CPD events, new initiatives and other important notifications that we feel may be appropriate;
  • Respond to any queries or questions raised;
  • Provide an excellent service.

 

Processing the personal data of others who have an interest in RCC activities

There are individuals who have an interest in the RCC but who are not current members. These individuals are categorised as either ‘Former Members’ (individuals who have previously been a member of the RCC) or ‘Non-members’ (individuals who have never been a member of the RCC but have registered an interest in the RCC’s activities, for example through participation in RCC CPD events or committees).

The RCC has identified ‘Consent’ as the lawful basis for the processing of personal data for these two categories and routinely seeks consent to collect, retain and use personal details for the purpose of keeping these individuals updated with RCC news and CPD events. The RCC uses its best endeavours to ensure the personal details provided by these individuals is kept up to date.

There may be instances where it is not practical to obtain and record consent. In these instances, the RCC only processes personal information if another legal basis e.g. Legitimate Interests applies.

The RCC’s Membership Application forms include a consent element to ensure individuals applying for membership of the RCC are content to provide permission to use their personal data. ‘Consent’ is the lawful basis used to cover the use of personal data throughout the transitional period from the submission of the membership application to receiving confirmation of membership and status, or not.

Purpose of collecting personal data

Personal data is collected through the Membership Application process, through the completion of a membership application form and supporting documentation. The information is logged and retained within the membership database by the RCC’s data processors. Membership and status is awarded based on individual achievements and/or experience.

Non-member information is collected at the point at which non-members choose to contact the RCC, usually when registering for an RCC event.

At the point of data collection, member and non-member email addresses are entered onto an email communication service provided by a third-party supplier. Individuals can opt out of receiving RCC communications at any time, please see the ‘Using personal data – your choices’ section for further information.

Personal data that the RCC collects and processes

The RCC may collect, retain and maintain some or all of the following personal data on members and non-members:

  • Name
  • Address
  • Date of birth
  • Email address
  • Telephone number(s)
  • Bank account details (if pay by direct debit) – sort code, account number and account name
  • A historical record of all financial transactions with the RCC
  • Telephone numbers and email addresses for the RCC Specialist Faculty registers on the RCC website, where applicable
  • Records of attendance at RCC events
  • Membership photos for award recipients and event attendees
  • RCC website login names and passwords, where applicable

 

Other information that the RCC collects

Use of cookies

The RCC uses cookies when individuals access its website. Cookies enable certain functions, provide analytics, store preferences, maintain site performance and social media/advertising.

The RCC website would not function correctly without the use of cookies. The data gathered in this way does not contain any personal information or information about which other sites you have visited.

For further information, the RCC’s Cookie policy can be found here.

Email campaigns

The RCC use a third-party supplier for their email campaigns and one functionality available and occasionally used, when necessary, is tracking to see which recipients have opened and read email campaigns sent by the RCC. When tracking is used this is typically on a wider level to understand open and click rates on email campaigns.

IP address

The RCC use analytical reporting tools such as Google Analytics and Survey Monkey, such tools can collect IP addresses, but are not used to disclose identity, they are more often indicative of geographic location.

Access to data held by the RCC

The Chief Executive of the RCC is its Data Controller. Data Processors directly employed by the RCC, either as employed staff or elected/appointed officers, have access to personal data.

The RCC uses a number of third-party service-providers (for example to process payments securely). Where the RCC uses such service-providers, it discloses only the personal information that is necessary to deliver the relevant service. Formal agreements are in place to ensure all information is kept securely and only used for relevant purposes.

Sharing personal data

The RCC does not share, sell or swap personal data with other organisations for their use.

Data retention

The RCC uses its best endeavours to retain up-to-date records for all current members.

At the point of membership cancellation, all personal data kept within paper files is scanned and retained electronically and the paper files are securely destroyed. Electronic membership files are retained indefinitely for the purposes of referring to historical membership information, should an individual wish to re-join the RCC. Individuals are reminded they can request the permanent deletion or removal of their personal data, if the data does not need to be retained for statutory purposes. See ‘Using personal data – your choices’ for more information.

The RCC seeks consent from the individual to retain and use their personal data for the purpose of keeping them up-to-date with RCC news and CPD events. Consent continues to be sought on a periodic basis. If consent is not given personal data is irretrievably deleted from the RCC’s records.

To comply with statutory requirements, if an individual record contains financial transactions, the RCC retains data for a maximum of eight years from the end of the financial year in which the last transaction was made. The information retained is: name, a unique identifier (date of birth, RCC membership ID and or GCC registration number) and the historical record of all financial transactions with the RCC.

Data security

The RCC take the security of all data very seriously and take every reasonable effort to ensure electronic and physical data is protected. However, should there be a security breach, the RCC has a Data Breach Policy in place. The Data Breach Policy has been shared with our third-party service-providers to ensure they comply with our policy.

Payments received, via the RCC website and through the RCC’s Data Processors, are processed via a secure platform, provided by a third-party payment bureau.

Where the RCC has given members a password which enables access certain areas of the RCC website, individuals are responsible for keeping this password confidential.

Using personal data – your choices

RCC communications

The RCC understands that members, non-members and former members who have given consent for the RCC to contact them, have a genuine interest in RCC activities. The RCC understand that these individuals are content for their personal information to be processed (retained and used) for the purpose of being sent RCC communications of relevance and potential interest.

Individuals can opt out of receiving RCC communications by contacting the RCC at optout@rcc-uk.org

If an individual has previously unsubscribed from RCC communications but wishes to re-subscribe, they can do so by contacting the RCC at optin@rcc-uk.org or by following this link: http://eepurl.com/xWjE1

Right to request a copy of the information held about you

Individuals have the right to request a copy of the information the RCC holds about you. There is a maximum administration charge of £15.00, depending on the extent of the data you require, to cover the administrative cost of providing this information. If you wish to request a copy of the information the RCC holds about you, please do this in writing to the RCC’s Data Controller (contact details below) outlining the information you wish to see.

Right to request the deletion of your personal data

Individuals have the right to request the deletion or removal of personal data if there is no compelling reason for its continued processing.

Individuals can request the permanent deletion or removal of their personal data held by the RCC, if the data does not need to be retained for statutory purposes, and can request this in writing to the RCC’s Data Controller (contact details below).

What are your rights?

If you wish to raise a complaint about how the RCC has handled your personal data, you can contact the Data Controller (contact details below) who will investigate the matter. If you are not satisfied with the response, or believe the RCC is not processing your personal data in accordance with the law, you have recourse to the Information Commissioner’s Office (ICO).

Contact details for the RCC’s Data Controller

Data Controller:

Chief Executive

Address:

The Royal College of Chiropractors, Chiltern Chambers, St Peters Avenue, Reading RG4 7DH

Email:

admin@rcc-uk.org

Keeping the RCC informed

To help us maintain up-to-date and accurate records, please let the RCC know if there are any changes to your personal details. You can do this by email admin@rcc-uk.org or by calling 0118 946 9727.

Review of this policy

The RCC keeps this policy under regular review. This policy was last updated in October 2018.