Privacy Policy

Privacy Policy

Introduction

Welcome to The College of Podiatry’s privacy policy.  

The College of Podiatry respects your privacy and is committed to protecting your personal information. This privacy policy explains how we look after your personal information when you visit our website (regardless of where you visit it from), or when you interact with us, and tells you about your privacy rights and how the law protects you.

This privacy policy is provided in a layered format so you can click through to the specific areas set out below. Alternatively, you can download a pdf version of the policy here. Please also use the Glossary to understand the meaning of some of the terms used in this privacy policy.

Important information and who we are?

The information we collect about you

How is your personal information collected?

How we use your personal information

Disclosures of your personal information

International transfers

Information security

How long will you use my personal information for?

Your legal rights

Glossary

1. Important information and who we are

Purpose of this privacy policy

This privacy policy aims to give you information on how The College of Podiatry collects and processes your personal information through your use of this website, including any data you may provide through this website.   

This website is not intended for children and we do not knowingly collect data relating to children.

Controller

The College of Podiatry, a company registered in the UK with Company Number 00400709 and registered office address at 207 Providence Square, Mill Street, London SE1 2EW is the controller and responsible for your personal information (collectively referred to as "we", "us" or "our" in this privacy policy).

We are registered as a data controller with the UK Information Commissioner’s Office as The College of Podiatry, registration number Z6708066.

Contact details

If you have any questions about this privacy policy or our privacy practices, please contact the Data Protection Officer in the following ways:

Email address: contact@cop.org.uk

Postal address: The College of Podiatry, 207 Providence Square, Mill Street, London, SE1 2EW.

Telephone number: 020 7234 8620.

You have the right to make a complaint at any time to the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

Changes to the privacy policy and your duty to inform us of changes

We keep our privacy policy under regular review.   This version was adopted on 17^th August 2020.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us.

Third-party links

This website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. The information we collect about you

In this policy we use the term personal information to mean any information you give us from which you can be identified. Personal information doesn’t include information where your identity has been removed i.e. anonymous data.

The type and quantity of information we collect and how we use it depends on why you are providing it. We have grouped the different types of personal data we may collect, use, store or transfer about you together as follows:

• Identity Information includes [name, username or similar identifier, marital status, title, date of birth, details of your HCPC registration, your place of work and job title, and gender].
• Contact Information includes [personal billing address, delivery address, email address and telephone numbers and workplace name, address, telephone numbers and name and contact details of nominee in processing nominations and making awards].
• Transaction Information includes [details about payments to and from you and other details of products and services such as CPD you have purchased such from us].
• Financial Information includes [bank account and payment card details]
• Technical Information includes [internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website].
  • Profile Information: includes [information about events you attend, your specialities, information about your areas of interest,information about your qualifications, employment history, your username and password, purchases or orders made by you, your preferences, feedback and survey responses and any equalities monitoring information you give to us (for example yournationality, ethnicity, if you have a disability)].
• Usage Information includes [information about how you use our website].
• Marketing and Communications Information includes [your mailing preferences including your preferences in receiving marketing from us and our third parties and your communication preferences].

We also collect, use and share Aggregated Information such as statistical or demographic information for any purpose, Aggregated Information could be derived from your personal information but is not considered personal data in law and this information will not directly or indirectly reveal you identity. For example, we may aggregate your Usage information to calculate the percentage of users accessing a specific website feature, i.e. using Google Analytics. However, if we combine or connect Aggregate Information with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this privacy policy.

We may need to collect and use some Special Categories of Personal Information about you. For example, we may collect information for personal injury claims, trade union, employment dispute claims and indemnity insurance which includes medical records and circumstances surrounding claims, information for equal opportunities monitoring. We may also collect medical records and information for the purposes of processing and administering benevolent fund application (i.e. Arch Support in the event of financial support or in the event of death).

We do not collect any information about criminal convictions and offences.

If you fail to provide personal information

Where we need to collect personal information by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to process your donation but we will notify you if this is the case at the time.

3. How is your personal information collected?

We use different methods to collect data from and about you including through:

• Direct interactions. You may give us your Identity Information, Contact Information and Transaction Information by corresponding with us by contact form, post, phone, email or otherwise. This includes personal information you provide when you:
• Submit a membership application;
• Submit a Trade Union membership application;
• Requesting funding from the Benevolent Fund (i.e. Arch Support);
• Buying a product or service;
• Provide information regarding a personal injury claims and indemnity insurance;
• Register for an event;
• Carry out a survey supplied by us or an organisation with whom we are collaborating or funding;
• Apply for grants;
• Contact us relating to member expenses;
• Seek election or appointment to a committee;
• give us feedback or contact us
• Automated technologies or interactions. As you interact with our website, we will automatically collect Usage Information and Technical Information about your equipment, browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. Please see section 4 for information on how we use this information.
• Third parties. We will receive personal information about you from various third parties as set out below:

Technical Information from the following parties:

• [analytics providers such as APT Solutions Hubken’s and Google]
• Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as Hubken’s Group PayForCourses based on eCommerce sales].  

4. How we use your personal information

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

• Where we need to perform the contract we are about to enter into or have entered into with you.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
• Where we need to comply with a legal obligation.

Refer to the “Glossary” to find out more about the types of lawful basis that we will rely on to process your personal information.

Generally, we do not rely on consent as a legal basis for processing your personal information although we will get your consent before sending direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We have set out below a description of the ways that we plan to use your personal information, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need details about the specific legal grounds we are relying on to process your personal information where more than one ground has been set out in the table.

 

To register you as a new customer	Identity, Contact	Performance of a contract with you
To register you as a new member and to renew your membership	Identity, Contact, Financial, Transaction, Marketing and Communications	Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us)
To process and deliver any order for goods or services  including: -     Manage payment, fees and charges -     Collect and recover money owed to us	Identity, Contact, Financial, Transaction, Marketing and Communication	Performance of a contract with you. Necessary for our legitimate interests (to recover debts due to us)
To manage our relationship with you which will include: -     Keeping a record our relationship with you -     Notifying you about any changes to our terms or our privacy policy	Identity, Contact, Profile	Performance of a contract with you. Necessary to comply with a legal obligation Necessary for our legitimate interests (to keep our records updated
To process applications and administer grant awards and benevolent fund applications	Identity, Contact, Financial,      Transaction, Marketing and Communications
To process elections and appointments to committees	Identity, Contact, Profile
To process personal injury claims and for the purposes of indemnity insurance	Identity, Contact, Financial,      Transaction,
To process and administer student records	Identity, Contact, Profile
To  carry out surveys or forward surveys and consultations run by other organisations with whom we collaborate or are funding	Identity, Contact, Financial, Marketing and Communications
To process job adverts	Identity, Contact, Financial, Marketing and Communications
To process member expenses	Identity, Contact, Financial,      Transaction,
	Identity, Contact,  Marketing and Communications
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	Identity, Profile, Contact, Transaction, Marketing and Communications
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences	Identity, Profile Contact, Transaction, Marketing and Communications

We may also collect information about how you use our website and our Cookies Policy has information about how we use cookies on our website. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

We use third party data processor listed in the glossary. Where we share personal information with third parties, we carry out checks with these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.

If you send a query or send a complaint to us, we will use the personal information you have provided to use in order to process you query or complaint and respond to you. Where we consider it necessary or appropriate we will share this information with third parties such as the Information Commissioners’ Office or the Charity Commission.  

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

5. Disclosures of your personal information

We may share your personal information with:

• Third parties to whom we may choose to merge. If we merge the newly merged entity may use your personal information in the same way as set out in this privacy policy.

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

6. International transfers

We may transfer the personal information you give us to countries outside the European Economic Area (EEA), specifically:

We do not transfer your personal information outside the European Economic Area (EEA).

7. Information security

We have appropriate security measures in place to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

• We hold data electronically in our secure document management system and on our on-site file servers, which are protected by both hardware and software firewalls.
• We have off-site back-up servers in secure locations.
• We encrypt all data stored on our servers with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered.
• We regularly back up and encrypt all of the data we hold. ??
• We store papers in lockable cabinets in our offices when not being actively used and we have a secure off-site document storage facility for archived papers. ??
• Our offices are secure and only personnel holding appropriate security passes can access areas where personal information are stored.
• When necessary, we dispose of or delete your data securely.
• We ensure that our employees, agents and contractors are aware of their privacy and data security obligations and we take reasonable steps to ensure that employees of third parties working on our behalf are aware of their privacy and data security obligations.
• We limit access to your personal information to those employees, agents, contractors and other third parties who have a need to know.

The transmission of information via the internet is never completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your electronic information transmitted to us and any transmission is at your own risk.

We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

8. How long will you use my personal information for?

We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal information for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal information, we consider the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

By law we have to keep basic personal information about our customers for seven years after they cease being customer for tax purposes. Information about specific types of personal information and how long it is retained for is included in the table below.

Personal information about members and membership	7 years after ceasing to be a customer
Representation case data of an individual
Elections and appointment to committees
Award recipients
Award nominees
Personal Injury claims
Benevolent Fund applications	7 years
Unsuccessful Benevolent Fund applications	3 months
Event applications, registrations and administrations
Survey of members
Grant applications and awards	7 years
Members expenses	7 years
Records relevant for tax purposes	7 years
Health and safety records e.g. an accident book held at our premises
Personal Information held on marketing or business development records

In some circumstances you can ask us to delete your data: see “Your legal rights” below for further information.

In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

We review the personal information (and the categories of personal information) we hold on a regular basis to ensure the data we are holding is still required and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take steps to correct or delete that data.

9. Your legal rights

You have the right to:

• Request access to your personal information (commonly known as a "data subject access request"). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Ask us to correct personal information that we hold about you which is incorrect, incomplete or inaccurate.

In certain circumstances, you also have the right to:

• Ask us to erase your personal information from our files and systems where there is no good reason for us continuing to hold it.
• Object to us using your personal information to further our legitimate interests (or those of a third party) or where we are using your personal information for direct marketing purposes.
• Ask us to restrict or suspend the use of your personal information, for example, if you want us to establish its accuracy or our reasons for using it.
• Ask us to transfer your personal information to another person or organisation.

If you have given your consent to us processing your personal information, you have the right to withdraw your consent at any time. To withdraw your consent, please contact our Data Protection Officer contact@cop.org.uk.  Once we have received notification that you have withdrawn your consent, we will no longer process your personal information and, subject to our retention policy, we will dispose of your data securely.

You also have rights in relation to automated decision making which has a legal effect or otherwise significantly affects you. You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces significant legal effects concerning you.

If you want to exercise any of these rights, please contact our Data Protection Officer, in writing at contact@cop.org.uk.

If you wish to exercise any of the rights set out above, please contact us.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

10. Glossary

LAWFUL BASIS

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.

Performance of Contract means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract.

Comply with a legal obligation means processing your personal information where it is necessary for compliance with a legal obligation that we are subject to.

THIRD PARTIES

External Third Parties

• Service providers acting as processors based in the UK who provide IT and system administration services.
• Professional advisers acting as processors or joint controllers including lawyers, bankers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
• HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
• Third parties who we are under a legal duty to disclose or share your personal information with, for example, if required to do so by court order or for the purposes of prevention of fraud or other crime.
• Electoral Reform Society in the event of an election of ballot.