Privacy Policy

 

Introduction

In this Privacy Policy, "We", "Us" and "Our" mean the Society of Radiographers Limited, registered in England and Wales, company number 00169483 and the College of Radiographers, registered in England Wales, company number 01287383. Our registered office is 207 Providence Square, Mill Street, London SE1 2EW.

We are firmly committed to protecting your privacy. We aim to be clear and transparent when we collect your information and use it only as you would reasonably expect. We have processes and procedures in place to help us comply with the Data Protection Act 2018 and UK General Data Protection Regulation, and we undertake to process your personal information in line with this policy.

Please contact our Data Protection Officer if you have any questions about this policy [email protected].
 

Who we collect personal information about

We collect and use personal information about our members, prospective members, committee members, course and event attendees, employees and prospective employees, and beneficiaries.
 

We use personal information for different purposes. We will not use your personal information unless we have first told you how we will use it or it is obvious how we will use it.

Usually we will only process sensitive personal data if we have your explicit consent. In extreme situations, we may share your personal details with the emergency services if we believe it is in your or someone else’s ‘vital interests’ to do so. For example, if someone is taken ill during one of our events.

The purposes for which we collect and use personal information are:
 

  1. Membership applications and administration

    We collect personal information from prospective members and members renewing their membership. We use this information for membership payment, renewals, providing event information, delivery of CPD, campaigning, and keeping a record of our relationship with a member. It includes name, contact details, date of birth, details of HCPC registration, place of work and job title, pay and hours worked, information about specialities and qualifications, mailing preferences,

    bank or credit card details. Our legal basis for processing personal information for membership purposes is for the performance of a contract.

    We also ask our members for gender, nationality, ethnicity, and if they have a disability. We make it clear that providing this information is optional. If provided, we use it for equal opportunities monitoring. Our legal basis for this processing activity is explicit consent.

    We also process members’ personal information to communicate about membership services. Membership services include, but are not limited to, administering personal data, subscription fees, and trade union activity (e.g. industrial action ballots). Delivery of these services is predominantly through electronic communication such as email and text messaging (SMS) but may also include social media, phone, and post (where no other way is possible). Due to the nature of our membership service delivery, it is not possible to opt out of electronic communication about membership services. Our legal basis for processing personal information for membership services, including sending member communications, is for our legitimate interest.

    We use personal information to deliver membership benefits like our publications, member communities, and events and courses. We enable members to manage our communication about these benefits inside the communications and through our membership team. Our legal basis for processing personal information for membership benefit administration purposes is for our legitimate interest.

    We retain membership information indefinitely so that we can administer and prove membership. Non-core information (e.g. personal details not relevant to prove membership at any point in time) about a member is destroyed ten years after membership has lapsed. CPD records are deleted if membership is not renewed.

  2. Representation of members - the whole membership, a workplace group or individual

    We collect workplace name, address and contact information from a member if we represent them as an individual or as part of a workplace group. Our legal basis for processing personal information for this purpose is for our legitimate interest. We hold representation case data of an individual for three years from resolution of case. Summary data of cases is held on indefinitely as a record of activity.
     
  3. Elections and appointments to committees

    We will ask a person for information about their qualifications, training and employment history if they stand in an election for one of our committees. Our legal basis for processing personal information for this purpose is for our legitimate interest. We keep information about elections and appointment to committees indefinitely to maintain a record and history of committee members.
     
  4. Nominations and awards

    If a member nominates another member for an award, such as the UK Radiographer of the Year, we will collect some personal circumstance information about the nominee from the person making the nomination. Our legal basis for processing personal information for this purpose is for our legitimate interest. We keep information about award recipients indefinitely, and nominations information for five years.
     
  5. Personal injury claims and indemnity insurance

    If a member seeks our assistance with a personal injury or indemnity insurance claim, we will ask them to provide their medical records and information relating to the circumstances surrounding the claim. Our legal basis for processing personal information for this purpose is explicit consent. We keep personal injury claims information for three years after settlement has been made to maintain a record that a claim was made and of the results.
     
  6. Administering Benevolent Fund applications and donations

    The Benevolent Fund (ICO registration number Z9185794) exists to help members, former members and their dependants. If a person applies for support from the Benevolent Fund in the form of advice or financial assistance, they will be asked to provide financial and possibly medical information. We keep Benevolent Fund applications for five years after applications are made so that we can identify repeat applications to the Fund.

    If a person kindly makes a donation to the Benevolent Fund, we will collect financial records and information from them as well as their name and contact details.

    Our legal basis for processing personal information for both of these purposes is consent.

  7. Maintaining student records

    Universities provide us with a student’s personal information when they register them for student membership with us. This will include the student’s name, contact details, and information about their education and qualifications. We may share a student’s information with their University to administer SoR membership or their University student record. Our legal basis for processing personal information for this purpose is for the performance of a contract.
     
  8. Event and course applications, registrations and administration

    If a person registers to participate in one of our courses or events, as well as their name and contact details, we may ask them for information about their qualifications and employment. Our legal basis for processing personal information for this purpose is for the performance of a contract. We keep event application, registration and administration information for 2 years until after the event has taken place.

    We also ask event participants for dietary requirements and medical information such any disabilities relevant to accommodating event attendance. Our legal basis for collecting and using this information is explicit consent.

  9. Informing people about our events

    If a non-member gives their consent, we will collect and use their name and contact details to inform them about our events. Our legal basis for this processing activity is legitimate interest. If a non-

    member chooses to opt in to our communications we will send them information about our events, in accordance with the Privacy and Electronic Communications Regulation. They can opt-out out of receiving these communications at any time. Members will receive communications about relevant events as part of their membership unless they choose to opt out.

  10. Carrying out surveys of members

    In carrying out surveys of our members, we may ask a member for information about their employer. Our legal basis for processing personal information for this purpose is for our legitimate interest. We keep member surveys for three years so that data can be referenced for statistical analysis.
     
  11. Forwarding member surveys and consultations run by other organisations with whom we collaborate or are funding

    We may contact a member with member surveys and consultations which are run by other organisations. Our legal basis for processing a member’s personal information for this purpose is for our legitimate interest.
     
  12. Grant applications and awards

    In addition to name and contact details, we will ask a grant or award applicant for information about their education, employment and qualifications. Our legal basis for processing personal information for this purpose is for our legitimate interest and for the performance of a contract. Grant applications and awards information is kept indefinitely for successful applications to abide by company rules.
     
  13. Maintaining a historical record of public voluntary register of sonographers

    Our legal basis for processing personal information for this purpose is for our legitimate interest. We keep historical information collected for the public voluntary register of sonographers (PVRS) indefinitely for our historical records.
     
  14. Practitioner and practice educator accreditations

    Members must provide information about their employment history, qualifications, specialisms, education and training when applying for accreditation. They are also required to provide the name and contact details of ‘reviewers’ to verify their CPD records. Our legal basis for processing personal information for this purpose is for the performance of a contract. Accreditation records are retained for 5 years.
     
  15. Programme approvals and endorsements

    We ask applicants for their name and contact details in order to process a request for programme approval or endorsement. Our legal basis for processing personal information for this purpose is for the performance of a contract. We keep personal information relating to programme approvals and endorsements for 5 years.
     
  16. Member expenses

    We need to collect financial information from our members in order to process their expense claims. Our legal basis for processing personal information for this purpose is for performance of a contract. Member’s expenses information is kept for six years as required by law.
     
  17. Digital member experience

    We use digital tools like HotJar to collect data on our members experience on our website to troubleshoot problems and identify areas for improvement. If a member chooses to use our website they are opting into monitoring of their experience. This is not shared outside of the organisation and our technical support partners. Our legal basis for processing personal information for this purpose is for the performance of a contract. We will retain data for 30 days.
     
  18. Employee recruitment and administration

    We collect personal information directly from a person if they apply to work for us. Personal information collected is likely to include:

    · Contact details such as name, title, addresses, telephone numbers, and personal email addresses

    · Copies of driving licence, passport, birth certificates and proof of current address, such as bank statements and council tax bills

    · Evidence of how a person meets the requirements of the job, including CVs and references

    · Diversity and equal opportunities monitoring information – this can include information about race or ethnicity, religious beliefs, sexual orientation, disability and other ‘special category data’

    · Health information, including any medical needs or conditions

    · Information about criminal records and proceedings

    Our legal basis for processing this personal information is for the performance of a contract and to meet our legal obligations as an employer.

    We ask job applicants to provide diversity and equal opportunities monitoring information, which is special category personal data. However, providing this information is optional. Our legal basis for this processing is explicit consent.

    A job applicant’s personal information will be shared internally for the purposes of the recruitment exercise.

    We will also collect personal information about a successful applicant from a referee named by them.

    We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We are required to check eligibility to work in the UK before employment starts. We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in a job applicant’s criminal convictions history which makes them unsuitable for the role. We will share and obtain data with former employers and referees named by an applicant and with our employment background check provider to undertake a criminal record check.

    We keep information about unsuccessful job applicants for six months after the end of the interview process. We maintain a reserve list of candidates who met our requirements but were not successful in securing the specific post they applied for. We ask a person’s consent to be added to this list. We will refer to the list when other roles are advertised and will contact a person if they match the role.

    We will keep personal information about successful job applicants within our personnel files for six years after their employment ceases in accordance with the law. We share employee personal information as needed with third parties such as HMRC and our pension providers.

    Our legal basis for processing the personal information of our employees is for the performance of a contract and to meet our legal obligations as an employer.

  19. Management and facilitation of online meetings, discussion forum and workshops
    We use various audio, visual and digital tools to facilitate meetings, discussion forum and workshops for members, non members and employees. If a person chooses to participate in a meeting, workshop or discussion forum that we facilitate, they are required to provide their name and sometimes other personal information which may include their contact details, job title, employment and qualifications information. Our legal basis for processing personal information for this purpose is for the performance of a contract. We will always clearly inform participants in advance if we are going to record a meeting, discussion forum or workshop. Participants are instructed not to record meetings. We will retain recordings for as long as they are required. Further information about retention in relation to a specific meeting, discussion forum or workshop recording will be provided if requested.
     
  20. Dealing with complaints, misconduct and inappropriate behaviour
    We will retain relevant information provided to us in relation to a complaint about a member of staff, a member or individual attending one of our events or courses. Personal data will be retained for only as long as it is required; this will vary on a case-by-case basis. Our legal basis for processing personal information for the purpose of dealing with complaints and reports of misconduct and inappropriate behaviour is for our legitimate interest. Where appropriate we will also seek the consent of data subjects.

 How we collect personal information

We collect most personal information from our members, prospective members, committee members, course and event attendees, employees and prospective employees, and beneficiaries directly through our website, through surveys and sometimes paper forms.

We may collect information about the software on your computer (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with the Website and for our records. This may happen automatically without your being aware of it.

We may use cookies (small text files which we and other website operators store on your computer when you visit our websites) to deliver a better and more personalised interaction. They enable us to recognise you when you return to the Website, store information about your preferences, and improve the way your searches are processed. They also enable us to generate statistics about the number of visitors we have and how they use the Website and the internet. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites. For more information about cookies, please see our cookies statement.


How we may share personal information

We may share some personal information with organisations that carry out processing operations on our behalf, such as web services companies and mailing organisations. We carry out checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.

We do not sell or share personal information to third parties for the purposes of marketing.

If we run an event in partnership with another named organisation we may need to share participants’ details with them. We will be very clear what will happen to your personal information if you register for such an event.

We may share some personal information with the Electoral Reform Society in the event of an election or a ballot.

Members' contact details, including email addresses, may be shared with SoR volunteers such as accredited representatives and committee members to aid communication between members and interest groups.

We may need to disclose your details if required to the police, regulatory bodies or legal advisors.

We may need to make our list of membership available for the Personal Indemnity Insurance.

We may share some personal information with third-party market researchers to help us understand member views and improve our services. However, this information would normally be aggregated and it is never possible to identify individuals from the data. Your participation is always gratefully received but not mandated and you are welcome to decline taking part. We will not share your personal information directly with academic researchers but you may see invitations to participate in existing SoR communications channels. Again participation is always gratefully received but is not mandated.

We may need to share your personal information with your employer and their appointed third-parties (e.g. solicitors) in accordance with accepted practices in trade union representation.

We will only ever share your data in other circumstances if we have your explicit and informed consent.

It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in compliance with data protection regulation. UK data protection law allows the transfer of personal information to countries within the European Economic Area.

If it is necessary for us to transfer personal information outside of the European Economic Area or to a country which is not considered to have adequate data protection in place, we will make a restricted transfer with an appropriate contract in place to protect the personal information that is transferred.
 

How we protect personal information

We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.

We provide guidance and regular data protection training to our staff.

We ensure that there are appropriate technical controls in place to protect your personal details. For example, our computer network and servers are protected and routinely monitored.

We store all personal information that you supply us with on secured servers or in secure paper files. For your protection, any payment details that you provide us with will be encrypted using SSL (Secure Sockets Layers) technology.

Unfortunately, the transmission of information over the internet is not completely secure. Although we will do our best to ensure that your personal information is protected, we cannot guarantee the security of your data transmitted to the website. Any transmission of your personal information by you is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
 

Your rights

You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.

You have a right to ask us not to process your personal data for direct marketing purposes unrelated to SoR membership.

You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.

You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.

You have a right to ask us to erase your personal information.

These statutory rights are qualified by exceptions and exemptions.

To exercise any of these rights, please contact us using the address below.

If you are unhappy with how we have dealt with your request or used your data please tell us so that we can sort it out. However, if you are still unhappy you have the right to complain to the Information Commissioner’s Office (ICO). Please visit https://ico.org.uk/concerns or call the ICO helpline on 0303 123 1113 for further information.
 

Changes to this policy

We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.

Contact

Please feel free to contact us with any questions, comments or queries regarding this Privacy Policy. All questions should be directed to the Data Protection Officer at the Society and College of Radiographers at 207 Providence Square, Mill Street, London SE1 2EW, [email protected].