Who we are
In this Privacy Statement, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘National Academy for Social Prescribing’ it refers to the National Academy for Social Prescribing whose registered address is Southbank Centre, Belvedere Road, London SE1 8XX.
Our Privacy Statement
Your privacy is extremely important to us. This Privacy Statement, which we are required by law to provide, explains what personal data we collect about you, how and why we use it, and explains your rights in relation to your personal data. Your personal data means any information which identifies and relates to you (or from which you can be identified), for example your name and contact details.
We may amend this Privacy Statement from time to time.
What personal data do we collect?
We will only collect the personal data we need and most of the personal data we collect is provided directly by you. The personal data (including any special category data) we may collect could include:
- Information you provide when filling in forms on our website www.socialprescribingacademy.org.uk. This includes information provided when completing our enquiry forms or submitting feedback. This may include your name, your organisation’s name, your position, emails address, business address and telephone number. We may also ask you for information when you report a problem with our website.
- Details you include in your correspondence with us, and our responses
- Your experience of social prescribing
- Details you submit which could include your name, contact information, details about the social prescribing project you have been involved in, and your experiences of social prescribing
- Your responses to our research surveys, if you choose to participate
- Your name, email address and any other information you provide when applying for funding or grants
- Details of your visits to our site including (but not limited to) web server statistics, traffic data, location data and details of the web pages and resources that you access. We may collect information about the device you use to view the site, its operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify you individually.
- In some cases, we may collect information about you from other organisations that we partner with for specific purposes, for example, this might be in relation to funding or grant applications.
Some of the data we collect about you might include special category data, which is data relating to:
- Physical or mental health
- Racial or ethnic origin
- Political opinions
- Religious or philosophical beliefs
- Trade union membership
- Genetic data
- Biometric data
- Sexual orientation and sex life
We will only collect special category data where we have a basis in law to do so. For more information, see Our lawful basis for using your personal data.
How we use your personal data
We use your personal data in the following ways:
- To provide you with information or services that you request from us
- To promote our activities and raise awareness of social prescribing
- To administer online and in person events
- To carry out our obligations arising from any contracts entered into between you and us
- Where you have provided consent, to send you marketing communications about items we think may be of interest to you
- For feedback and understanding of individual experiences of social prescribing, including audio, video, photographs and written personal stories
- To assess applications for, and to administer, funding and grants
Our lawful basis for using your personal data
When we process your personal data for the purposes outlined in this Privacy Statement, we must have a lawful basis for doing so. Our lawful basis will vary depending on the purpose, but the lawful bases we generally rely on are:
- Performance of a contract – to carry out our obligations arising from any contracts entered into between you and us
- Consent – where we have obtained your consent to collect or use your personal data for a particular purpose e.g. marketing
- Legitimate interests – where we have a legitimate interest to process your personal data (for example, for purposes related to the advancement of social prescribing through promotion, collaboration and innovation, to help us improve, to listen to feedback), provided we are satisfied that this does not unduly interfere with your rights.
- Legal obligation – in some circumstances we may need to process your personal data to comply with a common law or statutory legal obligation
Where we process special category data, such as health data, as well as one of the above lawful bases, we must also have an additional lawful basis. The additional lawful bases that we most commonly use for processing special category data are:
- Not-for-profit bodies
- Explicit consent
- Information has been clearly or obviously made public by you – e.g. if you have posted data about yourself including your physical or mental health on a blog
- Legal claims
How we share your data
We may share your personal data with companies that provide services on our behalf. If that is the case, we ensure that we have contracts in place with our suppliers, and that the contract includes the required data protection provisions. For example, we will share data with suppliers who:
- operate our IT and back office systems
- help us to administer webinars or send marketing material
- make payments on our behalf.
Sometimes we partner with other organisations where it is necessary for a particular purpose e.g. in relation to funding or grant applications.
We may also share data where required with legal advisors, accountants, auditors and professional service firms who act on our behalf.
Where required, we may also share your data with other organisations where this is necessary to prevent and detect crime, including fraud, or where we are legally required to share your data.
We do not sell your personal data for other organisations to use.
How long we retain your personal data
We will only hold your personal data for as long as it’s needed for the purpose we collected it for. The precise period of time will depend upon the particular information, what we are using it for and any legal or statutory requirements. We maintain a Data Retention Policy which includes our agreed retention periods for specific types of information. We have set out below the retention periods that are most relevant to you, but if you would like more information about our data retention practices, please contact us by emailing email@example.com
Description of information
Consent for the processing of personal and special category data
For as long as the data is processed and held in respect of the individual, or until consent is withdrawn
Consent to direct marketing
Until consent is withdrawn or preferences changed
Correspondence regarding donations
6 years from the financial year end
Event attendance details
Within 2 business data of the event where the attendee’s details have been provided to us by a third party; 2 years after the event in all other cases
Image consent forms
2 years after the consent is no longer needed
8 years after last transaction
Ticket purchaser records
8 years after last transaction
International Data Transfers
Sometimes we, or third parties working on our behalf, may need to transfer personal data outside of the UK. If that is the case, we will take the necessary steps to ensure that appropriate safeguards are in place. Some transfers may be to countries that are considered to have adequate levels of protection, such as those in the European Economic Area. For transfers to other countries, we may put contracts in place with the party to whom we are sending information.
How we protect your personal data
We take the security of your personal data seriously and use technical, organisational and physical security measures to protect your personal data. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk.
We also provide appropriate training to our employees to help us comply with our data protection obligations
If you have signed up to receive marketing from us, we may send you our Newsletter and other information that we think may be of interest to you, such as invitations to webinars we are hosting. We send this information by email.
Your Data Subject Rights
You have a number of legal rights under data protection laws including:
- Access to your personal data – you can ask us to provide a copy of your information together with specified details about how we use your personal data
- Rectification – If you believe that your personal data is inaccurate, incomplete or out of date, you may ask us to rectify it
- Erasure – in certain circumstances, you may have a right to request erasure of your personal data but this is not an absolute right
- Restricting processing – you may ask us to restrict or suppress the processing of your personal data in certain circumstances
- Data portability – in some cases, you have a right to move, copy or transfer certain personal data that have been provided by you to another organisation
- Objection – you can object at any time if you want us to stop sending you direct marketing. You can also object for some other types of processing in certain circumstances.
- Automated decision making and profiling – if we undertake any automated decision making or profiling using your personal data, you have the right to challenge and request a review of any automated decision we make.
- Withdrawal of consent – if our legal basis for processing your personal data is consent, you may withdraw your consent at any time.
Many of these rights are not absolute or may be subject to exemptions in certain circumstances.
You may also find further information about your rights using the Information Commissioner’s Officer (ICO) website: https://ico.org.uk/your-data-matters/
Recruitment and Employment
If you work for us, are engaged as a contractor or freelancer, or apply for a job, we will process your personal data, including special category data, in order to comply with our contractual, statutory and management responsibilities and obligations. If you are an existing employee, contractor or freelancer, please contact HR, or otherwise please contact firstname.lastname@example.org for further details concerning how your personal data is used for recruitment, employment and related purposes.
This Privacy Statement is updated from time to time, for example if a change is needed due to legal requirements or a change in processing activities. Please check this page from time to time to see the current version.