The CSP and data
The Chartered Society of Physiotherapy (CSP) is a membership organisation, trade union and professional body operating in the United Kingdom. We are incorporated by Royal Charter, which means we are a private company and do not have shareholders.
The CSP is the data controller of any personal information that we collect about you. We are committed to protecting your privacy and keeping your data safe. If you have any questions about this policy, or about the CSP’s use of your personal information, please email firstname.lastname@example.org.
How we collect personal information
If you are a member of the CSP or apply to become a member
If you are member of the CSP, or if you apply to become a member, we will collect from you and hold information including your name, gender, date of birth, nationality, the date you qualified, your programme of study (student members), your HCPC number (registered members), your home address, telephone number, email address, bank account details, employer, place of work or study, job title, working hours, job grade, contract type, sphere of practice and professional qualifications.
We will use the personal information that we collect about you to:
- assess your eligibility to become a member of the CSP
- verify your identity and qualifications
- administer your membership, including by collecting membership payments from you
- provide the benefits of membership and trade union services to you
- administer the CSP and fulfil its aims, for example by lobbying on initiatives or running internal elections, assessing and developing services which may be of interest to members
- provide you with services and advice that you request, for example providing advice on employment and professional issues and providing branded material for events and campaigns you may be organising and supporting
- comply with our legal obligations, protect and defend our rights and to pursue our legitimate business interests
- prevent and detect financial and /or identity fraud
- keep you up to date with news about the CSP’s activities, according to your communication preferences.
We may also ask you to provide us with sensitive or ‘special category’ personal information such as your ethnic origin, details of any disabilities you have, your religion or belief and your sexual orientation. You do not have to provide us with this information, however if you do choose to do so, we will use it to ensure that services are delivered in an equitable and non-discriminatory way. We will also anonymise sensitive or ‘special category’ personal information in order to gather statistics and assess the demographics of our membership.
In the process of providing member services and pursuing our legitimate interests, we may also process your data in the following ways:
- record details of your interactions with us
- record telephone conversations with our enquiries team
- record details of information you have given us and advice we have provided to you in your membership record
- analyse anonymised details of your visits to our website.
If you apply for a job with us we collect your name, address, email address, phone numbers, employment history, and qualifications/education.
If you register for an account on the CSP website
If you register for an account on the CSP website, we will collect information about you including your surname, CSP number and email address. We will use this information to:
- verify that you are eligible to create an account
- allow you to log in to your account, once it has been created
- administer access to your account and ensure its security
- keep our systems secure
- contact you about your account where required.
If you contact us, including in person, by post, telephone, emails or through forms available on the CSP website
You can contact us in various ways, including by emailing us, sending us mail or by telephone. If you contact us in any of these ways, we will collect the information that you choose to provide and will use it:
- to investigate any query that you raise with us
- to provide any advice or assistance that you request from us
- keep you up to date with news about the CSP’s activities by email and by post, according to your communication preferences.
If you are not a CSP member
If you are not a CSP member but interact with our organisation, we may collect and hold information about you if you:
- contact us by any means with an enquiry
- visit our website
- make an online purchase
- book an event with us
- purchase a product or service by phone
- engage with us on our social media platforms
- access the CSP business premises at any of our sites (CCTV)
- join and/or renew a professional network membership using our website, or fill in any forms
If you apply for a job with us we collect your name, address, email address phone numbers, employment history, qualifications/education.
Analysing how people use our website (cookies)
- analyse how the site is being used (from data held in aggregated, anonymous form)
- enable site functionality, including logging in, personalised information, account management and messaging
- allow third-party functionality, for example when we embed videos from sites like YouTube.
You can block cookies by selecting the appropriate settings on your browser. However, please remember that our website might not work as well as it should if you do this. For more details, please see our cookies notice at www.csp.org.uk/cookies.
Some areas of our premises are equipped with CCTV. Where in use, CCTV cameras are there for the protection of employees and third parties, and to protect against theft, vandalism and damage to the CSP goods and property. Generally, recorded images are routinely destroyed and not shared with third parties unless there is suspicion of a crime, in which case they may be turned over to the police or other appropriate government agency or authority.
We have the capability to monitor all employees' computer and e-mail use in accordance with our IT policy and make no offer of privacy when using CSP equipment.
The legal conditions we rely on to process personal information
The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:
Entering into and performing a contract with you: we process personal information as is necessary to perform the membership agreement, as appropriate to your level of membership.
Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business as a membership organisation, trade union and professional body, and which does not materially impact your rights, freedom or interests.
Legal compliance: if the law requires us to, we may need to collect and process your data.
Consent: in specific situations, we can collect and process your data with your permission.
We will not collect any personal data from you that we do not need. You have several rights regarding the use of your personal data, this is summarised in the ‘your rights ‘section below.
How we protect your personal data
We’re committed to keeping any data you provide to us safe and secure. All of our staff therefore undergo comprehensive data protection training when they first start working for us and then updated every two years.
All of our online forms are encrypted which means that the details on them can’t be accessed while the information is transferred to us. Our computer network is protected by anti-virus software and other security measures and is routinely monitored by ICT to prevent security breaches.
How we may share your personal information
We will disclose personal information that we holdabout you to:
- your employer, where you consent to us doing so or where this is necessary for us to provide a service or advice that you have requested from us;
- our service providers, such as IT hosting companies
- third parties involved in the publishing of our magazine
- entities providing fulfilment services on our behalf, such as sending you membership joining packs
- mailing houses, where we contract them to deliver products to you on our behalf
- travel companies, hotels and venues used for CSP conferences, meetings and events
- banks and financial institutions that process payments on our behalf
- professional advisors such as lawyers, insurers, accountants, auditors, and financial advisors
- regulatory authorities including tax authorities
- law enforcement agencies, courts and other tribunals
- if you join any of the CSP’s networks, working forums or electronic groups (including email, social media and messaging apps), your contact information will be used and shared within that group so that relevant information can be shared with you.
Where your personal data may be processed
We use Mailchimp, Survey Monkey and Google Analytics to support our web-based activities. (all based in the USA). These companies are certified with the Privacy Shield which requires registered US companies to:
- better safeguard EU citizens’ data
- provide clear privacy information
- limit the collection and use of data.
The Privacy Shield also allows for more robust monitoring and enforcement by the US Department of Commerce and Federal Trade Commission (FTC) which includes increased co-operation with the European and Swiss Data Protection Authorities.
We send members several different types of email:
- Administration, governance and legal matters, for example subscription renewals notices, annual general meeting notifications and trade union ballots. We use our legitimate interest as the legal basis for sending these.
- Delivery of the membership package, for example the weekly Physiotherapy News email. This is part of our subscription agreement with members, so we use our contractual legal basis.
- Promotion of member benefits, information services and opportunities to get involved. We send these only where we have members’ consent to do so.
You can choose which emails you want to receive at any time through the ‘email preferences’ section of your website account area. You can also unsubscribe from mailings from the link at the bottom of our emails.
You have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn.
You may also have the right, in some circumstances to obtain a copy of the personal information in machine readable format. Any such request should be submitted in writing to email@example.com. You also have the right to complain about the use of your personal information to the Information Commissioner’s Office (www.ico.org.uk).
Identity and contact details of controller and data protection officer
The Chartered Society of Physiotherapy is the controller and processor of data for the purposes of the GDPR 2018.
If you have any concerns as to how your data is processed, please contact Jo Hampton, CSP Data Protection Officer and Head of Governance: firstname.lastname@example.org.
If you live outside the UK
For all non-UK contacts (International Advice Service).
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this privacy notice.
We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
Changes to this notice