Privacy Policy

We are committed to safeguarding the privacy of our website visitors and others for whom we hold personal information; this policy sets out how we will treat your personal information.

What information do we collect?

We may collect, store and use the following kinds of personal data:

(a) information about your computer and about your visits to and use of this website, such as your IP address, geographical location, browser type and version, referral source, length of visit and page views;

(b) information relating to any transactions carried out between you and us on or in relation to this website;

(c) information that you provide to us for the purpose of registering with us including: your name, email, contact number, job title and location;

(d) information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters including: your name, contact number and email address;

(e) your social media identity;

(f) any other information that you provide to us for the purpose of administering membership of The Confederation of Healing Organisations (CHO) and/or the British Register of Complementary Practitioners (BRCP) including name, address/es, email, contact number/s, website, age, job details, training details, insurance details, details of other membership organisations that you may belong to, charity and/or company registration numbers, promotional literature; details of topics/areas of interest to you; your bank details;

(g) job applicants data including name, address, email, contact number, website, age, job details, training details;

(h) any other information that you choose to send to us;

Using your personal data

Personal information submitted on this website will be used for the purposes specified in this privacy policy or in relevant parts of the website.

We may use your personal information to:

(a) administer the website;

(b) improve your browsing experience by personalising the website;

(c) enable your use of the services available on the website;

(d) send you general (non-marketing) commercial communications;

(e) send you email notifications that you have specifically requested;

(f) send to you our marketing communications relating to our business that we think may be of interest to you by post or, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications to be sent by emailing us at: dp@the-cho.org.uk or unsubscribing)

(g) provide third parties with statistical information about our user traffic – but this information will not be used to identify any individual user;

(h) deal with enquiries and complaints made by or about you;

(i)  administer membership with CHO and registration with BRCP under the legitimate interest legal basis;

We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.

How long we will keep your personal information

We retain your information for a range of purposes, which determine the period of time for which we need to keep such information. For example (list is not exclusive):

Data Retention Period
Recorded telephone conversations 28 days from the day of call received
For compliance with legal obligations, for example tax regulations or medico-legal claims against you 10 years from date of last transaction under the legitimate interest legal basis

 

 

 

Disclosures

In addition to the disclosures reasonably necessary for the purposes identified elsewhere in this privacy policy, we may disclose information about you:

(a) to the extent that we are required to do so by law;

(b) in connection with any legal proceedings or prospective legal proceedings;

(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);

Except as provided in this privacy policy, we will not provide your information to third parties.

International data transfers

Information that we collect may be stored and processed in and transferred between any of the countries in which we operate in order to enable us to use the information in accordance with this privacy policy.

If you are in the European Union, information that you provide may be transferred to countries that do not have data protection laws equivalent to those in force in the European Union. You expressly agree to such transfers.

Security of and access to your personal information

We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, misuse, alteration, unauthorised disclosure of or access to your personal information.

If there is a data breach we have a procedure in place to record and report it. 

Your information is only accessible by appropriately trained staff, volunteers and contractors, all of whom have signed confidentiality agreements. 

We may also use agencies and/or suppliers to process data on our behalf.  We may also merge or partner with other organisations and in so doing transfer and/or acquire personal data.

We store personal data in relation to administering membership of the CHO or registration with the BRCP on secure cloud storage via Dropbox, who have signed the EU-US Privacy Shield; you can find Dropbox's Privacy Notice here: https://www.dropbox.com/privacy

We use SurveyMonkey for online survey purposes, who have signed the EU-US Privacy Shield.  You can find SurveyMonkey's Privacy Notice here: https://www.surveymonkey.com/mp/legal/privacy-policy/?  Our current survey is anonymised.

MailChimp is used to send out email newsletters from time to time and have signed the EU-US Privacy Shield.  Their Privacy Notice can be found here: https://mailchimp.com/legal/privacy/

We use PayPal as a means of receiving payments for events and annual renewals of membership.  PayPal's Privacy Notice can be found here: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full

Of course, data transmission over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.

Policy amendments

We may update this privacy policy from time-to-time by posting a new version on our website. You should check this page occasionally to ensure you are happy with any changes.

Your rights

Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our email list at any time. You also have the following rights:

(1) Right to be informed – you have the right to be told how your personal information will be used. This Policy and other policies and statements used on our website and in our communications are intended to provide you with a clear and transparent description of how your personal information may be used.

(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, we have 30 days to comply.

(3) Right of erasure – you can ask us for your personal information to be deleted from our records. In many cases we would propose to suppress further communications with you, rather than delete it due to legitimate interest as already described.

(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be updated.

(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.

(6) Right to data portability – to the extent required by the General Data Protection Regulation where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.

To exercise these rights, please get in touch via email to dp@the-cho.org.uk or by post to: S Knight, Coombedene, Coombe Hill, Keinton Mandeville, Somerton, Somerset, TA11 6DY and we will provide you with a Data Subject Access Request form explaining how to provide evidence of your identity that we may disclose the information requested.

You are further entitled to make a complaint about us or the way we have processed your data to the Information Commissioner's Office (ICO).  For further information on how to exercise this right, please see the guidance at: https://ico.org.uk/for-the-public/personal-information

The contact details of the ICO can be found here: https://ico.org.uk/global/contact-us/

Third party websites

The website contains links to other websites. We are not responsible for the privacy policies or practices of third party websites.

Updating information

Please let us know if the personal information that we hold about you needs to be corrected or updated by the means mentioned under the Your rights section above.

Contact

If you have any questions about this privacy policy or our treatment of your personal data, please write to us by email to dp@the-cho.org.uk