CSP Privacy Notice

The Chartered Society of Physiotherapy (CSP) is committed to protecting your privacy and ensuring that your personal data is handled fairly, lawfully, and transparently in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. We are a company incorporated by Royal Charter (England/Wales).

This privacy notice explains how we collect, use, store, and protect your personal data.

1. Who we are

The CSP is a membership organisation, trade union and professional body for physiotherapists, physiotherapy students and support workers. We represent and support our members by providing advice, guidance, collective representation, training, and other related services. We also represent and advocate for the interests of the physiotherapy profession.

The CSP is the controller in relation to the activities described below. We will also provide additional privacy information if you interact with us in different ways which are not included below.

Our contact details are:

3rd Floor South, Chancery Exchange, 10 Furnival Street, London EC4A 1AB

+44 (0)20 7306 6666

For data protection queries, please contact our data protection officer at: data.protection@csp.org.uk.

2. Information we collect and how we use it

CSP members

If you join (or apply to join) the CSP, we will collect the following types of information about you:

Personal details: name, address, date of birth, contact details, education and qualifications, employment details including workplace and sphere of practice, HCPC registration (if applicable), membership history and information used for security purposes.
Financial and purchase information: payment details and transaction information (for subscription payments, expense claims and other sales and purchases).
Casework records: correspondence, notes, and supporting documents for representation, legal support, or disputes.
Organising records: including appointments of stewards and safety reps, and workplace member lists.
Website and digital services data: login details and user information, technical data, communications/marketing preferences and usage data (including information about how you interact with and use our website, products and services).
Enquiries, complaints and other information you provide to us: details of complaints, enquiries, survey responses, feedback or other information provided by you e.g. via insight groups.
Photography and video recordings: we may take photographs and videos at our events – you will be notified in advance if this applies.
Audio recordings: we record all calls to our enquiries helpline.
Records of meetings and decisions: we record some online meetings, and we also use captioning and transcription software.
Electronic forums (including email, social media and messaging apps): if you use these services for CSP activities where the CSP is the data controller.

Failure to provide some personal or financial information will mean we are unable to provide membership or other services.

We use your information to:

Administer your CSP membership and any CSP website accounts.
Contact you during and after your membership.
Verify your identity, qualifications, or eligibility for services.
Collect and process membership subscriptions and other payments.
Provide member benefits and services (subject to eligibility requirements) including: professional advice; employment advice, support and representation; other legal assistance; professional liability; insurance; CSP Plus.
Provide information and services that you request from us.
Deliver training, events, conferences and webinars.
Investigate, respond to and record any enquiry or complaint.
Provide information, service updates, marketing and news about our activities.
Invite you to take part in surveys, campaigns or activities, or provide insight.
Conduct surveys, research or statistical analyses and report on our findings e.g. membership or workforce trends.
Pursue our legitimate interests as a trade union, for example: organising and member recruitment, and individual and collective representation.
Pursue our legitimate interests as a membership organisation and professional body, for example: lobbying on issues affecting the physiotherapy profession, and membership engagement work.
Pursue our legitimate business interests, for example to: administer and protect our business and websites; assess and improve our services, or develop new services which are of benefit to members.
Run statutory internal elections, ballots and general meetings.
Meet our legal obligations or pursue our legal rights.
Prevent, detect, investigate or prosecute crime.
Analyse anonymised details of your visits to our website, engagement with electronic communications and social media, and provide you with personalised services and communications.

Sensitive personal data (special category data) is data which requires additional protection and includes data on racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, sex life or sexual orientation. We invite members to provide information on ethnicity, religion, sexual orientation, gender identity or disability/health, which we use to monitor and promote equality of opportunity and treatment.

The CSP is a trade union, but not all CSP members are members of the union. Where data reveals membership of the CSP as a union, this is treated as special category data. We also process members’ other union affiliations.

Other uses of special category data

We process member health or diversity information where relevant e.g. for casework or representation.
We process special category information such as diversity data or trade union information if you choose to volunteer this, e.g. via a survey or during any interactions with us.

Non-members

If you are not a member, we collect and process your information, e.g. if you contact us, make a purchase, create a website account or engage with us online:

Contact details: including name, email, address and telephone number.
Financial and purchase details: payment details and transaction information (for subscription payments, expense claims and other sales and purchases).
Website and digital services data: login details and user information, technical data, communications/marketing preferences and usage data (including information about how you interact with and use our website, products and services).
Enquiries, complaints and other information you provide to us: details of complaints, enquiries, survey responses, feedback or other information provided by you e.g. via insight groups.
Photography and video recordings: we may take photographs and videos at our events – you will be notified in advance if this applies.
Audio recordings: we record all calls to our enquiries helpline.
Records of meetings and decisions: we record some online meetings, and we also use captioning and transcription software.
Electronic forums (including email, social media and messaging apps): if you use these services for CSP activities where the CSP is the data controller.

Sensitive personal data (special category data): we will not usually process special category data about non-members, unless you choose to volunteer this, e.g. diversity or trade union data provided via a survey or during any interactions with us.

We use non-member information to:

Administer any CSP website accounts.
Collect and process payments.
Deliver training, events and conferences.
Investigate, respond to, and record any enquiry or complaint.
Keep you up to date with news about our activities; or invite you to take part in surveys, campaigns or activities, according to your communication preferences.
Produce research, statistical analyses and reports relating to physiotherapy.
Pursue our legitimate interests, for example through our lobbying and influencing work on issues affecting the physiotherapy profession.
Meet our legal requirements, detect and prevent crime, or pursue our legal rights.
Analyse anonymised details of your visits to our website, engagement with electronic communications and social media.

Further information for other groups or activities

Employment advice and legal assistance

The CSP provides employment advice and legal assistance in workplace, personal injury and immigration matters to some categories of members, if they meet certain requirements.

If you request advice or assistance, your details will be shared with your employer, legal advisors, courts, tribunals and other third parties where necessary to provide the advice or service you have requested. This includes sharing information with the CSP’s legal advisors to obtain advice on the prospects of success of a claim, to determine whether the CSP will provide support.

Where relevant to your case, special category data such as details about your ethnicity, sexual orientation or health information, will also need to be shared as described above. We will ask for your consent before proceeding with your case and sharing this information.

Union services – workplace organising and representation

Contact, membership and employment information is shared with accredited workplace reps and fellow branch members for union purposes including organising. Workplace reps will also process data about workplace issues if you raise any issues with them or with us.

CSP Learning Hub, ePortfolio or mentoring platform

If you access the CSP Learning Hub, ePortfolio or the CSP mentoring platform, we will process information about you including your name, email address and membership number. You may also choose to provide additional information including your CV, location or sensitive data such as ethnicity. We will use this information to:

Verify your eligibility to access the platforms.
Administer your accounts and ensure their security.
Create personal profiles which are visible to other users (please note adjustable privacy settings).
Provide learning opportunities and record details of completed modules or tests.
Create your ePortfolio.
Facilitate mentoring relationships.
Analyse use and improve the performance of the platforms.
Monitor or promote equality of opportunity or treatment.

Your information will be shared with limited third parties to provide these services, including platform providers Catalyst and PLD. We encourage you to read the platform privacy policies as some practices will differ from those set out in this privacy notice.

CSP quarterly member surveys

Quarterly member surveys do not collect member names, but they do contain a unique identifier which means they are not completely anonymous. If you give your permission, we will use this identifier to link your response with previous responses. We would not normally seek to identify individual responders, but it is possible to do this e.g. if you ask us to delete your data.

We will use your responses to:

Understand member satisfaction, engagement and belonging.
Understand awareness of CSP services.
Improve and tailor our services for members.
Gather insight on issues affecting the profession.
Monitor or promote equality of opportunity or treatment.

We also ask for information including your area of practice, training, employment and length of service to allow us to analyse differences in responses from different groups.

CSP Plus

CSP Plus is a member-only offers programme, designed to support CSP members (except affiliate members) in both their professional and personal lives. Offers include money off gym memberships or uniforms.

CSP Plus is administered by Parliament Hill Ltd and member data is shared with them so that they can send emails on our behalf about CSP Plus, and administer the CSP Plus App. Usage data, and additional data such as geolocation data, is collected and shared with us to allow us to understand and improve engagement with CSP Plus.

Annual Education Review

The CSP has a role in the accreditation of pre-reg physiotherapy programmes. The CSP’s Annual Education Review (AER) collects data about staff and students as part of this accreditation process. The AER collects data directly from higher education institutions (HEIs) including the names and contact details for key staff. We also purchase data from Jisc and the Universities and Colleges Admissions Service (UCAS) to provide a snapshot of the student population for quality assurance and enhancement activities.

Purchased data does not include names or other direct identifiers, but does include details of student numbers, student demographics (including ethnicity, health and sexual orientation), attrition rates, course outcomes and graduate destinations. Only fully anonymised data is shared with higher education institutions or published on our website. Data is kept until the next round of accreditation (5-7 years).

Professional networks

CSP professional networks represent evidence-based areas of clinical practice, which support the CSP’s strategic aims. They are separate legal entities and are responsible for their own organisational matters, including data protection.

Where the CSP handles personal data on behalf of a professional network e.g. because it hosts a website and online joining forms, the CSP acts as data processor and the professional network is the data controller. For more information about how a professional network handles your data, please contact the network directly.

Overseas members and contacts

By using our services or providing your personal data to us, you consent to the processing of your personal data by us or on our behalf. You still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

Under 18 members and contacts

The information in this privacy notice applies to data on children and adults. We do not regularly collect information from or about children, but when we do we ensure sufficient protections are in place. If you are under 18 and have any questions about your data or this privacy notice, please contact: data.protection@csp.org.uk.

Employees and job applicants

For information on how we use your personal data if you apply for a job with us, please see our recruitment privacy notice. CSP employees should also refer to the Colleague Privacy Notice – contact data.protection@csp.org.uk to find out more.

Statistics

Information you provide may also be converted into statistical or aggregated data in such a way as to ensure you cannot be identified, and used for analytical or research purposes to support our business and aims.

3. Sharing data within the CSP

Your data is shared within the CSP as needed to carry out our activities. We also share personal data with CSP members and volunteers in the following circumstances:

CSP members – your contact, membership and employment information is shared with accredited workplace reps for union purposes including organising, and with other volunteers e.g. equality or student reps, where relevant to their duties.
CSP volunteers –e.g. workplace, student or equality reps, or council and committee members. Your contact details are shared with the wider CSP membership so that they can get in touch and share information.
Members of CSP networks and working groups – your contact information is shared within that group so that relevant information can be shared with you.
Members of CSP electronic forums – including email, social media and messaging apps. Your data will be shared with other participants and the host platforms. Please be aware that the CSP will be the controller of any CSP forums and will require access to group information and content to meet our GDPR obligations e.g. relating to data breaches or rights of access.

4. Information we collect from other sources

Social media

We use social media to promote our work, including on Facebook, YouTube, LinkedIn and X. If you engage with us on social media, details will be recorded on our social media management tool, Hootsuite. We use Hootsuite to analyse social media activity and effectiveness. If you interact with us on social media, we encourage you to check the privacy policies of these platforms.

Media footage

We sometimes reuse public domain footage in our social media content, for example footage of politicians. When we do this, we will attempt to contact the individuals concerned unless this involves disproportionate effort. Any footage will always be used in line with its original purpose.

Purchased datasets

We purchase data on individuals from the following sources:

DeHavilland Information Services Limited: stakeholder contact details for engagement and influencing work.
HSJ Information Ltd: stakeholder contact details for engagement and influencing work.
Jisc Services Limited: student and graduate outcomes data for workforce and education work.
University and Colleges Admissions Service (UCAS): undergraduate data for workforce and education work.

HCPC

We routinely review removals from the Health and Care Professions Council (HCPC) register. Where a member has been struck off for misconduct, their CSP membership will be terminated in line with our Bye-Laws.

Other sources

Technical data from analytics providers such as Google based outside the EU.
Contact, financial, credit and transaction data from providers of technical, payment and delivery services.

5. Artificial intelligence

In order to protect the privacy and confidentiality of our employees, customers and other contacts, it is our policy that no personal data (including special category data and confidential information) should be entered into AI tools or other automated services that are not formally approved by the CSP. This is necessary to ensure that sensitive information is not inadvertently exposed to algorithms or platforms that could compromise data security or be used in ways that are not fully transparent or controllable. By maintaining strict control over personal data, we uphold our commitment to safeguarding your privacy and complying with all relevant data protection regulations.

6. CCTV

The London office has CCTV which captures and records the door-well area and all areas of the office, with the exception of the meeting rooms. It is used to increase safety for visitors and colleagues, and is also intended to protect against theft and damage to CSP property.

Footage will be accessed in cases of suspected criminal activity or misconduct. It will not be shared with third parties unless there is suspicion of a crime or incident, in which case it will be turned over to the CSP’s insurers, the police or other appropriate authority if required. Footage is deleted every 30 days unless required for investigation of an incident.

The London office also has a smart doorbell which captures and records the area outside the front door. It is used to hear and speak to visitors via smartphone, and provides remote access to the building where approved.

7. Cookies

As you interact with our websites, we automatically collect technical data about your equipment and browsing actions using cookies. You can change your cookie settings in your browser at any time. Please see our Cookies Statement for further details.

8. Communications

We send members several different types of email and/or text communications:

Administration, governance and legal matters, for example, subscription renewal notices, annual general meeting notifications and trade union ballots. We will send these either where there is a contractual or legal obligation for us to do so or it is in our legitimate interest. Ordinarily you are not able to opt out from receiving these service messages, as they are an important part of your membership.
Delivery of the wider membership package, for example: newsletters, information services, conference news and opportunities to get involved. In some circumstances, you will be able to refine what you want to hear about. We rely on legitimate interest or consent to send these communications. You will always have a choice whether you wish to receive them or not and can opt out at any time.
Third-party partners. Only where we have your explicit consent will we disclose your name and email address to third parties, such as conference sponsors and exhibitors or organisations who offer services that we think will be of interest to our members.

You can choose which marketing communications you want to receive in the preferences section of your website account (see ‘Log in’ link at top right of your screen). You can also unsubscribe from mailings from the link at the bottom of emails or texts, or by contacting data.protection@csp.org.uk.

9. Our lawful basis

We must have a basis, set out in law, for using your personal data. For some processing activities, more than one lawful basis will be relevant depending on the circumstances. For more details, see our information on the lawful basis for processing your data.

Where our legal basis is consent, you have the right to withdraw this at any time. For more information or to withdraw your consent, please contact data.protection@csp.org.uk.

10. Your rights

You have the following rights under the UK GDPR:

Right of access – right to request a copy of your personal data. Read more about the right of access.
Right to rectification – right to correct or complete inaccurate data. Read more about the right to rectification.
Right to erasure – right to request deletion of your data. Read more about the right to erasure.
Right to restrict processing – right to limit how your data is used. Read more about the right to restriction of processing.
Right to data portability – right to request transfer of data you gave us to another provider. Read more about the right to data portability.
Right to object – right to object to processing. Read more about the right to object to processing.
Right to withdraw consent – when we use consent as our lawful basis you have the right to withdraw your consent at any time. Read more about the right to withdraw consent.
Rights in relation to automated decision-making and profiling – read more about automated decision-making and profiling rights.

There are limits to some of these rights depending on our purpose or legal basis for using the data, and exemptions may also apply.

To exercise your rights (or object to direct marketing), please contact us at: data.protection@csp.org.uk.

Your details can also be updated by contacting enquiries@csp.org.uk or logging in to your website account.

10. Security of your data

We are committed to keeping your data safe and secure. We implement appropriate technical and organisational measures to safeguard your personal data against loss, misuse, or unauthorised access.

11. Sharing your data

We do not sell your data to third parties and only share data for marketing where we have your explicit consent.

We do use third parties who process data on our behalf:

Providers of IT services including system administration and support services, data storage, hosting and back-up services, back-office functions and cloud service providers.
Providers of communications systems for online meetings, email and social media communications, including analytics.
Mailing houses, printers, publishers and distributors of Frontline magazine, joining packs or other products.
Providers of member benefits e.g. CSP Plus.
Consultants e.g. market research and survey providers.

See our data processor list for further details.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. These third parties will usually be data processors and will only use data in accordance with our specific instructions. Some third parties act as joint controllers or controllers in their own right.

Other circumstances where data is shared with others:

Publicly on our website, social media or other marketing and information media.
Professional or legal advisors.
Insurance companies, brokers, accountants or auditors.
Banks and financial institutions or companies that process payments on our behalf.
Travel companies, hotels and venues.
Regulatory and tax authorities.
Law enforcement agencies, courts and other tribunals.
Other financial or fraud investigation authorities.

International transfers

We primarily store and process data within the UK. Where data is transferred outside the UK (e.g. to IT service providers), we ensure appropriate safeguards are in place. For more information on where your data is processed, see our data processor list.

Where necessary, our data processors will share personal information outside of the UK. When doing so, they must comply with the UK GDPR, making sure adequate protections and appropriate safeguards are in place. These include transfers to countries or companies covered by adequacy regulations (or the UK data bridge for US transfers); or using standard contractual clauses to ensure sufficient legal protection for data subjects. For further information, please contact data.protection@csp.org.uk.

12. Data retention

We keep personal data only for as long as necessary to fulfil the purposes described above and in line with our Data Retention Schedule:

If you would like to see an accessible version of this document, please contact data.protection@csp.org.uk.

13. Complaints

If you are concerned about how we handle your personal data, a complaint can be submitted using this Data Protection Complaints Form or emailed to data.protection@csp.org.uk. You also have the right to complain to the Information Commissioner’s Office (ICO).

14. Updates to this privacy notice

If we make any significant changes to the ways in which we process your personal data, we will make the required changes to this notice and we will notify you in advance of any changes being put into practice so that you can raise any concerns with us.

Last updated: 15 April 2026