GDPR and Data Protection
The General Data Protection Regulation (GDPR), became law on 25th May 2018, and is a European Parliament regulation which affects the way every organisation handles the personal data of EU residents.
One of the key aims is to strengthen your position with regard to the handling of data relating to yourself.
What do we know about you?
As you know, APM collects, stores, processes and uses personal data. We are very likely to have a record of your name and email address, plus any courses or online CPD you may have completed with us. We also have a record of any financial transactions between us, although we do NOT have a record of your credit card details – these are secured by Infusionsoft and Worldpay, who process our online transactions. We have contacted them, and they have assured us that their procedures are fully secure and GDPR-compliant.
Sex and Your City
We might have a record of your sex. We’ll have discovered this either by the devious method of looking at your name and making an educated guess, or we may have seen it on the General Council register. Why is it important? Well, if we write to you, it’s nice to address the envelope to “Mr” or “Ms”, and there’s an outside chance that we may one day want to send out information which is only really relevant to one sex or the other. No, I can’t think of anything off the top of my head either, and I also realise that some people do not want to be defined by their anatomical dangly bits (or lack thereof), but we’d only be trying to be polite, and to avoid bothering you with unwanted messages.
In any case, this sort of information, because it is freely available, isn’t affected by the GDPR.
It is possible that we may have a record of your rough whereabouts even if you haven’t given us your address. If we have, we probably obtained this by looking you up on Google or the General Council’s register. And we’ll have done it in an effort to ensure that we don’t bother you with things like details of courses that you are very unlikely to attend simply due to the geography.
What about “cookies”?
The only time we can collect personal data without you realising (things like your name or date of birth) is when you ask through Facebook Messenger for us to send you stuff. Because Messenger is connected to Facebook, it’s likely that some of that data is also available.
But please be reassured that there’s nothing devious going on. We aren’t tracking your every movement, nor are we able to switch on your webcam remotely, nor can we listen in to your conversations. And so far, all our attempts to recruit household pets as spies have failed. Despite offering them biscuits (not cookies).
We’re always happy to share our biscuits. Please do drop in next time you’re passing.
Personal data though, that’s another matter! We have to share your personal data with our cloud-based CRM (Infusionsoft), because that’s how we keep track of your membership. Your username and password will be shared with WordPress, because that’s how we can deliver information to you, through our website. Worldpay and/or Eazipay have to process your payment details if you have bought anything from us. We’ve asked, and all of them are GDPR-compliant. If you book a course, we may share your name with the venue, just for coordination purposes.
Their servers may well be outside the EU, which apparently you’ll want to know.
Anything we hold locally is on password-protected computers, apart from a small amount of non-sensitive stuff in filing cabinets, and out of hours the building is secured by locked doors and roller shutters.
And when that puppy grows up, he’s going to be one mean, slavering guard dog. A genuine son-of-a-bitch.
How long will we hang on to your data?
We’ll hang on to your data until you tell us not to, or until we become aware that you are no longer registered – in which case we will assume that you aren’t interested on CPD any longer.
However, if we haven’t heard from you for over 12 months, we will automatically remove you from any marketing lists we have.
And don’t forget – you can always do this yourself using the link which appears at the bottom of all our emails.
APM’s view on all this GDPR stuff
We think the introduction of the GDPR is a bloody good idea. We have always tried to make sure that we handle data correctly and we respect your rights
- not to be pestered by unwanted marketing
- to be confident that your personal information is safe
- to know what data we hold, and to have a system if that’s your preference.
So we have a strict policy of only sending emails to people who have asked to receive them. That said, if you have become a member of The Academy, we believe you have given consent that we can tell you about the CPD that is available to you – we think this constitutes what the GDPR calls “Legitimate Interest”. After all, you wouldn’t have paid your subscription fee if you didn’t want to get maximum benefit from your membership, would you? Even so, we try to keep communications to a minimum.
That said, there’s a very simple opt-out procedure at the foot of every email that we send, where you can opt out of some, or all, of our messages.
Now that you’re all excited about the GDPR and the Data Protection Act, you’re going to want to read even more about it. So there’s an “extended read” here. It’s boring, but it explains in detail how we process your data. Have fun.
The most important thing: If you have any queries or concerns about how we handle your personal information, please contact us. You can do this by phone or email:
E: [email protected]
T: 01933 328150
Of course, you could always send us a letter or pop in for a chat instead, if you prefer. Here’s where we hang out:
The Academy of Physical Medicine
70 Higham Road