The policy applies to you if you are a member of the NAPC, a member of our primary care home programme, apply for one of our training courses, register for an event, visit our website, email, call or write to us.
We respect your privacy and strive to meet our regulatory requirements
We don’t sell your personal data to third parties.
In this policy, ‘we’ refers to both the ‘NAPC’ and ‘NAPC Services Ltd’.
The personal data we collect
We collect personal data in a number of ways
We collect the personal data you provide to us:
- as part of a membership application – this includes your name, email address, job title, organisation name and address, and phone number.
- as part of a training course application – this includes your name, email address, job role, organisation and employment details , phone number, date of birth, educational background, qualifications and learning requirements.
- As part of an application to join the primary care home programme – this includes your name, role title, telephone number and email address of a lead contact person
When you contact us with an enquiry or in response to a communication from usWe also collect any further personal data that you provide from time to time.
You can give us your personal data by emailing us, filling in forms on our website, registering to access specific areas of the website, or booking places on events or training courses.
We may also combine this personal data with other personal data we hold about you for other purposes, for example, if you attend one of our events.
How we use personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation.
We will use your personal data for the purpose or purposes outlined at the time you gave it to us. This may have been during the course of a sale for an event or training course, when signing up for membership or when visiting our website.
We use this information:
- to provide the service, product or essential information you expect from us
- where you have given us your consent to do so, to keep you informed about: our activities, membership, events, training courses and the primary care home programme.
- To ensure that the information we hold is accurate and up-to-date
- To notify you of any changes to our services.
Below are the main ways we will use your data. These all depend on the nature of our relationship with you and how you interact with and use our various services, websites and activities.
We use the personal data you provide as a member to fulfill your membership. This includes sending newsletters and member updates by email, providing information about our Annual General Meeting (AGM) and sending renewal information to annual members by email.
We process customer data in order to fulfil event bookings. Your data will be used to communicate with you throughout the process, including confirming we’ve received your registration and clarifying more detail needed to fulfil the booking, notifications of any postponement or to esolve issues that might arise with your booking.
Primary Care Home Programme
We use the personal data you provide as part of your primary care home application to fulfil your membership of the programme. This includes processing your application, sending you newsletters and updates by email, invites to events, contacting you regarding your activities in progressing the primary care home model and supporting your primary care home development.
We use the personal data you provide in order to fulfil your booking – this includes processing your application, details of the running of the course, course activities and events, module assessment.
We sometimes use legitimate interest as our legal basis for processing personal data. We use legitimate interest in some limited circumstances, in the following areas of our work: membership, primary care home programme, networks, training courses, data analysis, website and marketing.
We will never process your data where these interests are overridden by your own interests.
How long we keep personal data
We keep your personal data for as long as you continue to be an NAPC member, part of the PCH programme or a training course attendee, and as long is as reasonably necessary afterwards to fulfill any legal requirements.
Disclosing and sharing information
We do not sell your personal data to third parties.
We may share your information with selected parties including:
- Business partners, suppliers and sub-contractors for the performance of any contract we enter into with them or you
- Third party IT providers, for example who host or manage the website or provide IT support
Also, under strictly controlled conditions, we will share personal data with:
- Service providers
We may also disclose your personal information to third parties in order to comply with a legal obligation, or to enforce other agreements. This includes exchanging information with other companies and organisations to protect against fraud.
You can ask that we stop using your personal data. If you do so, we may not be able to provide you with information about our work or member benefits.
You can opt out of our newsletters and updates at any time by selecting ‘unsubscribe’ at the bottom of the email.
We will communicate with you via email, telephone and post. You can update your contact details at any time by contacting us: Sally Kitt, Data Protection Officer, email@example.com
Accessing your personal data
The law gives you the right to find out what information we store about you. You can write to us and ask for a copy of the information we hold about you. You can write to:
Sally KittData Protection OfficerNational Association of Primary Care167-169 Great Portland Street5th FloorLondonW1W 5PF
Please provide details of the information you want to access, where it is likely to be held and the date range of the information you wish to access. You will also need to provide information to confirm your identity.
Once we have all the information necessary to respond to your request, we’ll provide your information to you within one month. This timeframe may be extended by up to two months if your request is particularly complex.
Processing data outside of the European Economic Area
In some cases we may process your personal data outside the European Economic Area (EEA), where countries may not have laws which protect your personal data to the same extent as in EEA. We ensure that your personal data is processed securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this privacy notice.
Currently we use Constant Contact, part of Endurance International Group based in the US, to send some of our emails, and Eventbrite, a US company, to administrate the booking of our events. Constant Contact and Eventbrite participate in and have certified their compliance with the EU-US Privacy Shield Framework.
Data protection principles
We are committed to ensuring the lawful and correct treatment of personal information. We endorse and adhere to the principles of data protection, as set out in the General Data Protection Regulation 2018 (from 25 May 2018). In particular, these principles require that personal information is:
- used fairly and lawfully
- used for limited, specifically stated purposes
- used in a way that is adequate, relevant and not excessive
- kept for no longer than is absolutely necessary
- handled according to people’s data protection rights
- kept safe and secure
- not transferred outside the European Economic Area without adequate protection
By law you have a number of rights when it comes to your personal data:
- The right of access to a copy of the information comprised in your personal data
- The right to object to processing that is likely to cause or is causing damage or distress
- The right to prevent processing for direct marketing
- The right to object to decisions being taken by automated means
- The right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- The right to claim compensation for damages caused by a breach of law
You also have the right to lodge a complaint to the Information Commissioners’ Office if you believe that we have not complied with the requirements of the General Data Protection Regulation 2018 (from 25 May 2018) with regard to your personal data.
The NAPC website
The NAPC website does not collect or store personal information about individuals, except where you choose to give us information via application processes, or in online forms or emails you may send to us. On the website, data gathered by forms or emails is used solely for the stated purpose.
A cookie is a text file that is stored on your computer or mobile device by a website that you access. It contains anonymous information and allows a website to remember things like your preferences or what’s in your shopping basket.
Cookies make the interaction between you and the website faster and easier, letting you navigate between pages efficiently and storing your preferences.
The NAPC uses first party cookies to aid the quick loading of content and site security. It also uses third party cookies including Google Analytics, Google, Twitter and YouTube.
Links to other websites
Our website contains links to other websites not operated by the NAPC, which may or may not have similar practices in place to protect the privacy of information that you supply. We encourage you to review the privacy statements of each of the sites that are linked to or accessed from our websites.
We are not responsible for the privacy practices employed by websites that we do not operate.
If you have any queries, questions or concerns about your data, how we are handling it, wish to ask us not to process your data or wish to ask us to erase your data, please contact:
Data Protection Officer
National Association of Primary Care (NAPC)
5th Floor, 20 – 21 Cavendish Square
London W1G 0RN