RCCP needs to hold personal information about people with whom it deals in order to carry out its business and provide its services. Such people include, registrants, employees (present, past and prospective), suppliers and other business contacts. The information includes name, address, email address, date of birth and career and education information.
In addition, we may occasionally be required to collect and use certain types of such personal information to comply with the requirements of the law. No matter how it is collected, recorded and used (e.g. on a computer or on paper) this personal information must be dealt with properly to ensure compliance with the General Data Protection Regulation (GDPR).
The lawful and proper treatment of personal information by the RCCP is extremely important to the success of our business and in order to maintain the confidence of our service users and employees.
We ensure the RCCP treats personal information lawfully and correctly.
DATA PROTECTION PRINCIPLES
RCCP fully supports and complies with the six principles of the GDPR Regulations which are summarised below:
Lawful, fair and transparent
There has to be legitimate grounds for collecting the data and it must not have a negative effect on the person or be used in a way they would not expect.
Limited for its purpose
Data will only be collected for specified and explicit purposes and not used in a way someone would not expect.
Adequate and necessary
It must be clear why the data is being collected and what will be done with it. Unnecessary data or information without any purpose should not be collected.
Reasonable steps will be taken to keep the information up to date and to change it if it is inaccurate.
Not kept longer than needed
Data should not be kept for longer than is needed, and it must be properly destroyed or deleted when it is no longer used or goes out of date.
Integrity and confidentiality
Data should be processed in a way that ensures appropriate security, including protection against unauthorised or unlawful processing, loss, damage or destruction, and kept safe and secure.
DATA CONTROLLER (RCCP)
Any personal information that you provide on this website is controlled by the RCCP which will:
Ensure that there is always one person with overall responsibility for data protection
Ensure training is provided for all staff members who handle personal information
Provide clear lines of reporting and supervision for compliance with data protection.
Ensure that personal information is held securely.
Users of the RCCP website and participants in our activities may be asked to submit personal information (e.g. name, address and email address) in order to receive or use our services. Such services include newsletters, publications, information and advice.
When giving us your details, you are consenting to the processing of your information by RCCP and its agents in accordance with this Data Protection Policy. You may also provide personal information to us when you contact us by email, telephone or letter. Whenever you provide such personal information, we will treat that information in accordance with this policy. RCCP will, at all times, act in accordance with current legislation and aim to meet current best practice.
USES AND STORAGE OF PERSONAL INFORMATION
When any personal information about you is supplied to RCCP we have legal obligations towards you in the way we deal with that information. We must collect the information fairly, that is, we must explain how we will use it. This Data Protection Policy explains how we will use your personal information. We will use personal information provided by you or gathered by RCCP about you for the following purposes:
To process and respond to requests, enquiries and complaints received from you and others
To provide services requested by you
To prevent or detect fraud concerning your registration
To communicate with you about services provided to you but only using communication methods agreed by you
To update our records
To analyse trends and profiles
For audit purposes
To carry out customer satisfaction or other types of research
To recommend products and services that we believe will be of interest to you but only if you agree and only then using communication methods agreed by you
To enable third parties to carry out any of the purposes above on our behalf
RCCP will never share, sell or trade your personal information to any third parties for marketing purposes.
RCCP currently uses other organisations to manage our activities: Fortesium
are our Website and Database IT support Providers. These organisations have access to your data in order to perform services on our behalf. We make sure anyone who provides a service for us enters into an agreement with us and meets our standards for data security. They will not use your data for anything other than the clearly defined purpose relating to the service that they are providing.
RCCP may contact you for a number of purposes related to the service you have signed up for. For example, we may wish to provide you with password reminders or notify you that the particular service has been suspended or changed. We will hold your personal information on our systems only for as long as is necessary to meet our legal obligations and for the purposes set out above and we will remove it when the purposes have been met and in any event within 30 days of you requesting your personal information is deleted.
We will offer you the option to choose if you receive information from RCCP and how that information will be provided to you. You should be aware that if you choose not to receive information from RCCP about your registration then your registration may lapse if we cannot communicate with you about it. SHARING OF YOUR PERSONAL INFORMATION
RCCP may share your personal information with third parties only if you have given explicit consent to do so and only in the following ways:
We sometimes use agents and service providers to process personal information on our behalf. For example, we use third parties to perform administrative services and to maintain our IT systems. Where we use personal information, we will ensure that they have adequate security measures in place and are governed by our privacy policies in respect to the use of your personal information.
We will release your personal information when we are required to do so by law.
We will release your personal information to others when you have given your consent to that release. ACCESS TO YOUR PERSONAL INFORMATION
You have the right to request a copy of the personal information RCCP holds about you. We want any information that we hold to be accurate so you can ask to have any inaccuracies corrected. We will ask for confirmation of identity before we disclose any personal information and may charge an administration fee to process the request, but only if the request that you make is excessive. We will respond to any request for information within 30 days of receipt of such a request. Please address requests to RCCP.
These terms and conditions shall be governed by and construed in accordance with the laws of England and Wales. Visit the Information Commissioner’s website (www.ico.org.uk) for more information on GDPR.
RCCP COUNCIL MEMBER RESPONSIBILITIES
All Board members and employees of RCCP are covered by the scope of this document. It also includes
contractors, temporary staff, secondees, interns and all permanent employees. All staff will,
through appropriate training and responsible management:
Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information
Understand fully the purposes for which RCCP uses personal information