Who we are

In this Privacy Statement, whenever you see the words ‘we’, ‘us’, ‘our’ or ‘National Academy for Social Prescribing’ it refers to the National Academy for Social Prescribing whose registered address is Southbank Centre, Belvedere Road, London SE1 8XX. 

If you have any queries or questions about this Privacy Statement or how we use your personal data, please get in touch by emailing datamanagement@nasp.info  

Our Privacy Statement 

Your privacy is extremely important to us. This Privacy Statement, which we are required by law to provide, explains what personal data we collect about you, how and why we use it, and explains your rights in relation to your personal data. Your personal data means any information which identifies and relates to you (or from which you can be identified) for example your name and contact details. 

We may amend this Privacy Statement from time to time. 

What personal data do we collect? 

We will only collect the personal data we need and most of the personal data we collect is provided directly by you. The personal data (including any special category data) we may collect could include: 

  • Information you provide when filling in forms on our website www.socialprescribingacademy.org.uk. This includes information provided when completing our enquiry forms or submitting feedback. This may include your name, your organisation’s name, your position, emails address, business address and telephone number. We may also ask you for information when you report a problem with our website. 
  • Details you include in your correspondence with us, and our responses
  • Your experience of social prescribing 
  • Details you submit via the Thriving Communities Ideas Hub which could include your name, contact information, details about the social prescribing project you have been involved in, and your experiences of social prescribing 
  • Details you submit to the Thriving Communities Network, including your profile page, your name, photograph, any other information you choose to post
  • Your responses to our research surveys, if you choose to participate
  • Your name, email address and any other information you provide when applying for funding or grants
  • Details of your visits to our site including (but not limited to) web server statistics, traffic data, location data and details of the web pages and resources that you access. We may collect information about the device you use to view the site, its operating system and browser type via the web server log files, for system administration and to analyse aggregate information. This is statistical data about our users’ browsing actions and patterns, and does not identify you individually.
  • In some cases, we may collect information about you from other organisations that we partner with for specific purposes, for example, this might be in relation to funding or grant applications.  

Some of the data we collect about you might include special category data, which is data relating to: 

  •  Physical or mental health 
  • Racial or ethnic origin 
  • Political opinions 
  • Religious or philosophical beliefs 
  • Trade union membership 
  • Genetic data 
  • Biometric data 
  • Sexual orientation and sex life 

 We will only collect special category data where we have a basis in law to do so. For more information, see Our lawful basis for using your personal data. 

How we use your personal data 

We use your personal data in the following ways: 

  • To provide you with information or services that you request from us 
  • To promote our activities and raise awareness of social prescribing e.g. on our Thriving Communities Network https://socialprescribingacademy.org.uk/thriving-communities/network/network-terms/ or via webinars 
  • To administer online and in person events such as Thriving Communities webinars 
  • To carry out our obligations arising from any contracts entered into between you and us 
  • Where you have provided consent, to send you marketing communications about items we think may be of interest to you www.socialprescribingacademy.org.uk   
  • For feedback and understanding of individual experiences of social prescribing, including audio, video, photographs and written personal stories  
  • To assess applications for, and to administer, funding and grants  

 

Our lawful basis for using your personal data 

When we process your personal data for the purposes outlined in this Privacy Statement, we must have a lawful basis for doing so. Our lawful basis will vary depending on the purpose, but the lawful bases we generally rely on are: 

  • Performance of a contract – to carry out our obligations arising from any contracts entered into between you and us 
  • Consent – where we have obtained your consent to collect or use your personal data for a particular purpose e.g. marketing 
  • Legitimate interests – where we have a legitimate interest to process your personal data for purposes related to the advancement of social prescribing through promotion, collaboration and innovation, to help us improve, to listen to feedback 
  • Legal obligation – in some circumstances we may need to process your personal data to comply with a common law or statutory legal obligation 

 Where we process special category data, such as health data, as well as one of the above lawful bases, we must also have an additional lawful basis. The additional lawful bases that we most commonly use for processing special category data are: 

  • Not-for-profit bodies 
  • Explicit consent 
  • Information has been clearly or obviously made public by you – e.g. if you have posted data about yourself including your physical or mental health on a blog 
  • Legal claims  

 How we share your data 

We may share your personal data with companies that provide services on our behalf. If that is the case, we ensure that we have contracts in place with our suppliers, and that the contract includes the required data protection provisions. For example, we will share data with suppliers who: 

  •  operate our IT and back office systems 
  • help us to administer webinars or send marketing material 
  • make payments on our behalf. 

Sometimes we partner with other organisations where it is necessary for a particular purpose e.g. in relation to funding or grant applications.  

We may also share data where required with legal advisors, accountants, auditors and professional service firms who act on our behalf. 

Where required, we may also share your data to other organisation for the prevention and detection of crime including fraud, or where we are legally required to share your data. 

We do not sell your personal data for other organisations to use.  

How long we retain your personal data 

 We will only hold your personal data for as long as it’s needed for the purpose we collected it for. The precise period of time will depend upon the particular information, what we are using it for and any legal or statutory requirements. We maintain a Data Retention Policy which includes our agreed retention periods for specific types of information. We have set out below the retention periods that are most relevant to you, but if you would like more information about our data retention practices, please contact us by emailing datamanagement@nasp.info 

 

Description of information  Retention Period 
Consent for the processing of personal and special category data  For as long as the data is processed and held in respect of the individual 
Consent to direct marketing  Until data preference changed 
Correspondence regarding donations  6 years from the financial year end 
Event attendance details  Within 2 business data of the event where the attendee’s details have been provided to us by a third party; 2 years after the event in all other cases 
Image consent forms  2 years after the consent is no longer needed 
Membership records  8 years after last transaction 
Survey data  2 years 
Ticket purchaser records  8 years after last transaction 

 International Data Transfers 

Sometimes we, or third parties working on our behalf, may need to transfer personal data outside of the UK. If that is the case, we will take the necessary steps to ensure that appropriate safeguards are in place. Some transfers may be to countries that are considered to have adequate levels of protection, such as those in the European Economic Area. For transfers to other countries, we may put contracts in place with the party to whom we are sending information. 

 If you would like further details regarding international transfers, please contact us by emailing datamanagement@nasp.info 

How we protect your personal data  

We take the security of your personal data seriously and use technical, organisational and physical security measures to protect your personal data. Unfortunately, the transmission of information via the internet is not completely secure.  Although we will do our best to protect your personal data, we cannot guarantee the security of data that you transmit to our site; any transmission is therefore at your own risk. 

We also provide appropriate training to our employees to help us comply with our data protection obligations 

Marketing 

If you have signed up to receive marketing from us, we may send you our Newsletter and other information that we think may be of interest to you, such as invitations to webinars we are hosting. We send this information by email. 

You can opt-out of receiving marketing from us at any time by replying to the email with ‘Unsubscribe’ in the subject line, or by contacting us by email: datamanagement@nasp.info 

Cookies 

Our website uses cookies. Please see our Cookie Policy for further details.  

 Your Data Subject Rights 

 You have a number of legal rights under data protection laws including: 

  •  Access to your personal data – you can ask us to provide a copy of your information together with specified details about how we use your personal data 
  • Rectification – If you believe that your personal data is inaccurate, incomplete or out of date, you may ask us to rectify it 
  • Erasure – in certain circumstances, you may have a right to request erasure of your personal data but this is not an absolute right 
  • Restricting processing – you may ask us to restrict or suppress the processing of your personal data in certain circumstances 
  • Data portability – in some cases, you have a right to move, copy or transfer certain personal data that have been provided by you to another organisation  
  • Objection – you can object at any time if you want us to stop sending you direct marketing. You can also object for some other types of processing in certain circumstances. 
  • Automated decision making and profiling – if we undertake any automated decision making or profiling using your personal data, you have the right to challenge and request a review of any automated decision we make. 
  • Withdrawal of consent – if our legal basis for processing your personal data is consent, you may withdraw your consent at any time 

 Many of these rights are not absolute or may be subject to exemptions in certain circumstances. 

 If you wish to exercise any of these rights, you can contact us by emailing datamanagement@nasp.info  

 You may also find further information about your rights using the Information Commissioner’s Officer (ICO) website: https://ico.org.uk/your-data-matters/ 

 If you are not happy with how we handle your personal data, please contact us by emailing datamanagement@nasp.info  You may also choose to make a complaint to the ICO 

 

Recruitment and Employment 

 If you work for us, are engaged as a contractor or freelancer, or apply for a job, we will process your personal data, including special category data (which is data of a more sensitive nature), in order to comply with our contractual, statutory and management responsibilities and obligations. If you are an existing employee, contractor or freelancer, please contact HR, or otherwise please contact datamanagement@nasp.info  for further details concerning how your personal data is used for recruitment, employment and related purposes.  

 

 Updates 

This Privacy Statement is updated from time to time, for example if a change is needed due to legal requirements or a change in processing activities. Please check this page from time to time to see the current version. 

 We last updated this Privacy Statement on 28th June 2021