This privacy notice sets out details about how the CSP will use any personal information that it collects about you. We encourage you to read this notice as it explains the CSP’s practices involving the use of personal information and sets out information about rights that you may have under applicable laws.
The CSP and data
The Chartered Society of Physiotherapy (CSP) is a membership organisation, trade union and professional body operating in the United Kingdom. We are incorporated by Royal Charter, which means we are a private company and do not have shareholders.
The CSP is the data controller of any personal information that we collect about you. We are committed to protecting your privacy and keeping your data safe. If you have any questions about this policy, or about the CSP’s use of your personal information, please email email@example.com.
How we collect personal information
If you are a member of the CSP or apply to become a member
If you are member of the CSP, or if you apply to become a member, we will collect from you and hold information including: membership number; name; date of birth; nationality; address; email; telephone number; any trade union membership; your university and programme of study; course start date/year qualified; qualification type; country qualified in; evidence relating to any name change; HCPC number (registered members); bank account details; employer, place of work, job title, working hours, job grade, contract type, sphere of practice and professional qualifications.
We may also ask you to provide us with the following ‘special category’ personal information: ethnicity, disability or long-term health condition, sexual orientation, gender identity and religion. You do not have to provide us with this information, however if you do choose to do so, we will use it to ensure that services are delivered in an equitable and non-discriminatory way. We will also analyse anonymised ‘special category’ personal information to provide information on the demographics of our membership.
We will use the personal information that we collect about you to:
- assess your eligibility to become a member of the CSP or to receive membership benefits
- verify your identity and qualifications [, including for access to third party services such as discovery and OCLC]
- administer your membership, including by collecting membership payments from you
- provide the benefits of membership and trade union services to you – including personalising our delivery of services to you based on your personal information
- allow CSP volunteers to use the information gathered to carry out their duties and to provide you with services and advice that you request, for example providing advice on employment and professional issues and providing branded material for events and campaigns you may be organising and supporting
- keep you up to date with news about the CSP’s activities, according to your communication preferences.
- invite you to take part in surveys or in other ways contribute to our insight/ intelligence gathering to help us support you or our campaigns
- invite you to take part in CSP campaigns and activities
In the process of providing member services and pursuing our legitimate interests, we may also process your data in the following ways:
- record details of your interactions with us
- record telephone conversations with our enquiries team
- record details of information you have given us and advice we have provided to you in your membership record
- analyse anonymised details of your visits to our website, engagement with electronic communications and social media
- detect and prevent financial and /or identity fraud
- manage CSP budgets for business and auditing purposes
- administer the CSP and fulfil its aims, for example by lobbying on initiatives or running internal elections, assessing and developing services which may be of interest to members
- comply with our legal obligations, protect and defend our rights and to pursue our other legitimate business interests
If you register for an account on the CSP website
If you register for an account on the CSP website, we will collect information about you including your surname, CSP number and email address. We will use this information to:
- verify that you are eligible to create an account
- allow you to log in to your account, once it has been created
- administer access to your account and ensure its security
- keep our systems secure
- contact you about your account where required.
If you contact us, including in person, by post, telephone, emails or through forms available on the CSP website
You can contact us in various ways, including by emailing us, sending us mail or by telephone. If you contact us in any of these ways, we will collect the information that you choose to provide and will use it:
- to investigate any query that you raise with us
- to provide any advice or assistance that you request from us
- to keep you up to date with news about the CSP’s activities by email and by post, according to your communication preferences.
If you are not a CSP member
If you are not a CSP member but interact with our organisation, we may collect and hold information about you if you:
- contact us by any means with an enquiry
- make a complaint about the CSP or one of our members
- visit our website
- make an online purchase
- book an event with us
- purchase a product or service by phone
- engage with us on our social media platforms
- join and/or renew a professional network membership using our website, or fill in any forms
If we are able to help or provide advice and guidance we will respond through the channel that the non-members have used (telephone, email, social media), we may collect details of the enquiry (subject matter), contact name, email address and telephone number in order that we can respond. If we need to refer on to other parts of the organisation, these details will be passed to the other team. We don’t store or hold this information.
We do not store or create a contact record on CRM for non-members. If the contact is via email we will delete it once we have responded. If it is a phone call, any written notes will be disposed of appropriately.
Visit our website:
Making an online purchase:
We may collect billing and delivery address, billing and delivery name, order details (quantity, price, type of product) and method of payment and payment reference details.
Product purchase by phone/email:
If you purchase leaflets or publications we will ask for you to email us with an invoice/purchase order. This details the order, where to send and who has ordered it. This is shared with the mailing house to fulfil and dispatch the order.
Join and/or renewal of a professional network membership using our website, or fill in any forms:
We may process the following data
Billing address, Billing name, order details (quantity, price, type of product), method of payment, payment reference details, the professional network that you are joining, the joining date, the renewal date, whether you have been a member of the PN previously and whether you agree to the website’s GDPR statement.
If you live outside the UK
For all non-UK contacts (e.g. from overseas members or via the International Advice Service).
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this privacy notice.
We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.
The legal conditions we rely on to process personal information
The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:
Entering into and performing a contract with you: we process personal information as is necessary to perform the membership agreement, as appropriate to your level of membership.
Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business as a membership organisation, trade union and professional body, and which does not materially impact your rights, freedom or interests.
Legal compliance: if the law requires us to, we may need to collect and process your data.
Consent: in specific situations, we can collect and process your data with your permission.
We will not collect any personal data from you that we do not need. You have several rights regarding the use of your personal data, this is summarised in the ‘your rights ‘section below.
How we protect your personal data
We’re committed to keeping any data you provide to us safe and secure. All of our staff therefore undergo comprehensive data protection training when they first start working for us and then updated every two years.
All of our online forms are encrypted which means that the details on them can’t be accessed while the information is transferred to us. Our computer network is protected by anti-virus software and other security measures and is routinely monitored by ICT to prevent security breaches.
When we may disclose or make available your personal information
We will disclose personal information that we hold about you to:
- your employer, where you consent to us doing so or where this is necessary for us to provide a service or advice that you have requested from us;
- your contact, membership and employment information may be made available to CSP trained and accredited workplace reps - stewards, safety reps, equality reps or other volunteers in the course of their duties
- if you are a volunteer – such as a workplace rep, or Council or committee member your contact information will be used and made available within the membership so that members can get in touch and share relevant information with you
- if you join any of the CSP’s networks, working forums or electronic groups (including email, social media and messaging apps), your contact information will be used and shared within that group so that relevant information can be shared with you.
- travel companies, hotels and venues used for CSP conferences, meetings and events
- banks and financial institutions that process payments on our behalf
- professional advisors such as lawyers, insurers, accountants, auditors, and financial advisors
- regulatory authorities including tax authorities
- law enforcement agencies, courts and other tribunals
We may also share personal information that we hold about you with third party data processors who act on our behalf:
- our service providers, such as IT service companies including MailChimp, SurveyMonkey, Qualtrics
- Warners and other third parties involved in the publishing of our magazine
- entities providing fulfilment services on our behalf, such as sending you membership joining packs
- mailing houses, where we contract them to deliver products to you on our behalf
Where your personal data may be processed
The CSP processes your personal data in the UK and EEA. Where we share your data with third parties as described above, these entities are predominantly UK or EEA-based. Should we transfer your data outside of the UK we will ensure there are adequate protections in place to safeguard your data.
Keeping in Touch
We may send members several different types of email and/or SMS communications:
- Administration, governance and legal matters, for example subscription renewals notices, annual general meeting notifications and trade union ballots. We will send these either where there is a contractual obligation for us to do so or it is in our legitimate interest. Ordinarily you are not able to opt-out from receiving these service messages, as they are an important part of your membership.
- Delivery of the wider membership package, for example newsletters, information services, conference news and opportunities to get involved. In some circumstances, you will be able to refine what you want to hear about. We may rely on legitimate interest or consent to send these communications. You will always have a choice whether you wish to receive them or not and can opt-out at any time.
- Third party partners. Only where we have your explicit consent we may disclose your name and email address to third parties, such as conference sponsors and exhibitors or organisations who offer services that we think may be of interest to our members.
You can choose which marketing emails and texts you want to receive at any time through the ‘communications preferences’ section of your website account area. You can also unsubscribe from mailings from the link at the bottom of our emails/texts.
Under data protection law, your rights include:
- Right of access - you have the right to ask us for copies of your personal information.
- Right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
- Right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Right to object to processing - you have the right to object to the processing of your personal information in certain circumstances.
- Right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
If you make a request, we have one month to respond to you. In most circumstances, you will not be required to pay any charge for exercising your rights. Please contact us at firstname.lastname@example.org if you wish to make a request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at email@example.com. You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk
Identity and contact details of controller and data protection officer
The Chartered Society of Physiotherapy is the data controller of data for the purposes of data protection law.
If you have any concerns as to how your data is processed, please contact the CSP Data Protection Officer, Kirsty Semple: firstname.lastname@example.org.
For CSP member volunteers
If you're a member volunteer then download our data security and confidentiality policy below.
Changes to this notice
If we make any significant changes to the ways in which we process personal information, we will make the required changes to this Privacy Notice and will notify you in advance of any changes being put into practice so that you can raise any concerns or objections with us.
Last updated 10 August 2022