What do we know about you?
As you know, APM collects, stores, processes and uses personal data. We are very likely to have a record of your name and email address, plus any courses or online CPD you may have completed with us. We also have a record of any financial transactions between us, although we do NOT have a record of your credit card details – these are secured by Keap and Stripe, who process our online transactions. We've contacted them, and they have assured us that their procedures are fully secure and GDPR-compliant.

Sex and Your City
We might have a record of your sex. We’ll have discovered this either by the devious method of looking at your name and making an educated guess, or we may have seen it on the General Council register. Why is it important? Well, if we write to you, it’s nice to address the envelope to “Mr” or “Ms”, and there’s an outside chance that we may one day want to send out information which is only really relevant to one sex or the other. No, I can’t think of anything off the top of my head either, and I also realise that some people do not want to be defined by their anatomical dangly bits (or lack thereof), but we’d only be trying to be polite, and to avoid bothering you with unwanted messages.
In any case, this sort of information, because it is freely available, isn’t affected by the GDPR.
It is possible that we may have a record of your rough whereabouts even if you haven’t given us your address. If we have, we probably obtained this by looking you up on Google or the General Council’s register. And we’ll have done it in an effort to ensure that we don’t bother you with things like details of courses that you are very unlikely to attend simply due to the geography.

But please be reassured that there’s nothing devious going on. We aren’t tracking your every movement, nor are we able to switch on your webcam remotely, nor can we listen in to your conversations.

And so far, all our attempts to recruit household pets as spies have failed. Despite offering them biscuits (not cookies).

Sharing
We’re always happy to share our biscuits. Please do drop in next time you’re passing.
Personal data though, that’s another matter! We have to share your personal data with our cloud-based CRM (Keap), because that’s how we keep track of your membership. Your username and password will be shared with WordPress, because that’s how we can deliver information to you, through our website. We use Stripe to process your payment details if you have bought anything from us and we have another system called Accessally which ensures you get access to our content. We’ve asked, and all of them are GDPR-compliant. If you book a course, we may share your name with the venue, just for coordination purposes.
Their servers may well be outside the EU, which apparently you’ll want to know.
Anything we hold locally is on password-protected computers, apart from a small amount of non-sensitive stuff in filing cabinets, and out of hours the building is secured by an alarm, locked doors and roller shutters.
And when that puppy grows up, he’s going to be one mean, slavering guard dog. A genuine son-of-a-bitch.

How long will we hang on to your data?
We’ll hang on to your data until you tell us not to, or until we become aware that you are no longer registered – in which case we will assume that you aren’t interested in CPD any longer.

Marketing
We don't send out much in the way of true marketing by email.  Mostly we send out reminders of our CPD broadcasts.  This is important, especially if you're a paying member, because it's highly relevant medical information. But don’t forget – you can always unsubscribe from our emails using the very clear link which appears at the bottom of every single one of them.

APM’s view on all this GDPR stuff
We think the introduction of the GDPR is a bloody good idea. We have always tried to make sure that we handle data correctly and we respect your rights

• not to be pestered by unwanted marketing
• to be confident that your personal information is safe
• to know what data we hold and to know what we use it for

So we have a strict policy of only sending emails to people who have asked to receive them. That said, if you have become a member of The Academy, we believe you have given consent that we can tell you about the CPD that is available to you – we think this constitutes what the GDPR calls “Legitimate Interest”. After all, you wouldn’t have paid your subscription fee if you didn’t want to get maximum benefit from your membership, would you? Even so, we try to keep communications to a minimum.
That said, there’s a very simple opt-out procedure at the foot of every email that we send, where you can opt out of some, or all, of our messages.

The most important thing: If you have any queries or concerns about how we handle your personal information, please contact us.

Of course, you could always send us a letter or pop in for a chat instead, if you prefer.
Here’s where we hang out:

The Charles Parker Bldg
Midland Road
Higham Ferrers
Rushden
NN10 8DN

If you really want the intimate detail of our privacy notice (perhaps you're having trouble getting to sleep), there's a more formal version here: