In this Privacy Policy, "We", "Us" and "Our" mean the Society of Radiographers Limited, registered in England and Wales, company number 00169483 and the College of Radiographers, registered in England Wales, company number 01287383. Our registered office is 207 Providence Square, Mill Street, London SE1 2EW.
We are firmly committed to protecting your privacy. We aim to be clear and transparent when we collect your information and use it only as you would reasonably expect. We have processes and procedures in place to help us comply with the Data Protection Act 2018 and UK General Data Protection Regulation, and we undertake to process your personal information in line with this policy.
Please contact our Data Protection Officer if you have any questions about this policy dpo@sor.org.
We collect and use personal information about our members, prospective members, committee members, course and event attendees, employees and prospective employees, and beneficiaries.
We use personal information for different purposes. We will not use your personal information unless we have first told you how we will use it or it is obvious how we will use it.
Usually we will only process sensitive personal data if we have your explicit consent. In extreme situations, we may share your personal details with the emergency services if we believe it is in your or someone else’s ‘vital interests’ to do so. For example, if someone is taken ill during one of our events.
The purposes for which we collect and use personal information are:
We collect personal information from prospective members and members renewing their membership. We use this information for membership payment, renewals, providing event information, delivery of CPD, campaigning, and keeping a record of our relationship with a member. It includes name, contact details, date of birth, details of HCPC registration, place of work and job title, pay and hours worked, information about specialities and qualifications, mailing preferences,
bank or credit card details. Our legal basis for processing personal information for membership purposes is for the performance of a contract.
We also ask our members for gender, nationality, ethnicity, and if they have a disability. We make it clear that providing this information is optional. If provided, we use it for equal opportunities monitoring. Our legal basis for this processing activity is explicit consent.
We also process members’ personal information to communicate about membership services. Membership services include, but are not limited to, administering personal data, subscription fees, and trade union activity (e.g. industrial action ballots). Delivery of these services is predominantly through electronic communication such as email and text messaging (SMS) but may also include social media, phone, and post (where no other way is possible). Due to the nature of our membership service delivery, it is not possible to opt out of electronic communication about membership services. Our legal basis for processing personal information for membership services, including sending member communications, is for our legitimate interest.
We use personal information to deliver membership benefits like our publications, member communities, and events and courses. We enable members to manage our communication about these benefits inside the communications and through our membership team. Our legal basis for processing personal information for membership benefit administration purposes is for our legitimate interest.
We retain membership information indefinitely so that we can administer and prove membership. Non-core information (e.g. personal details not relevant to prove membership at any point in time) about a member is destroyed ten years after membership has lapsed. CPD records are deleted if membership is not renewed.
The Benevolent Fund (ICO registration number Z9185794) exists to help members, former members and their dependants. If a person applies for support from the Benevolent Fund in the form of advice or financial assistance, they will be asked to provide financial and possibly medical information. We keep Benevolent Fund applications for five years after applications are made so that we can identify repeat applications to the Fund.
If a person kindly makes a donation to the Benevolent Fund, we will collect financial records and information from them as well as their name and contact details.
Our legal basis for processing personal information for both of these purposes is consent.
If a person registers to participate in one of our courses or events, as well as their name and contact details, we may ask them for information about their qualifications and employment. Our legal basis for processing personal information for this purpose is for the performance of a contract. We keep event application, registration and administration information for 2 years until after the event has taken place.
We also ask event participants for dietary requirements and medical information such any disabilities relevant to accommodating event attendance. Our legal basis for collecting and using this information is explicit consent.
If a non-member gives their consent, we will collect and use their name and contact details to inform them about our events. Our legal basis for this processing activity is legitimate interest. If a non-
member chooses to opt in to our communications we will send them information about our events, in accordance with the Privacy and Electronic Communications Regulation. They can opt-out out of receiving these communications at any time. Members will receive communications about relevant events as part of their membership unless they choose to opt out.
We collect personal information directly from a person if they apply to work for us. Personal information collected is likely to include:
· Contact details such as name, title, addresses, telephone numbers, and personal email addresses
· Copies of driving licence, passport, birth certificates and proof of current address, such as bank statements and council tax bills
· Evidence of how a person meets the requirements of the job, including CVs and references
· Diversity and equal opportunities monitoring information – this can include information about race or ethnicity, religious beliefs, sexual orientation, disability and other ‘special category data’
· Health information, including any medical needs or conditions
· Information about criminal records and proceedings
Our legal basis for processing this personal information is for the performance of a contract and to meet our legal obligations as an employer.
We ask job applicants to provide diversity and equal opportunities monitoring information, which is special category personal data. However, providing this information is optional. Our legal basis for this processing is explicit consent.
A job applicant’s personal information will be shared internally for the purposes of the recruitment exercise.
We will also collect personal information about a successful applicant from a referee named by them.
We will not share your data with third parties, unless your application for employment is successful and we make you an offer of employment. We are required to check eligibility to work in the UK before employment starts. We are entitled to carry out a criminal records check in order to satisfy ourselves that there is nothing in a job applicant’s criminal convictions history which makes them unsuitable for the role. We will share and obtain data with former employers and referees named by an applicant and with our employment background check provider to undertake a criminal record check.
We keep information about unsuccessful job applicants for six months after the end of the interview process. We maintain a reserve list of candidates who met our requirements but were not successful in securing the specific post they applied for. We ask a person’s consent to be added to this list. We will refer to the list when other roles are advertised and will contact a person if they match the role.
We will keep personal information about successful job applicants within our personnel files for six years after their employment ceases in accordance with the law. We share employee personal information as needed with third parties such as HMRC and our pension providers.
Our legal basis for processing the personal information of our employees is for the performance of a contract and to meet our legal obligations as an employer.
We collect most personal information from our members, prospective members, committee members, course and event attendees, employees and prospective employees, and beneficiaries directly through our website, through surveys and sometimes paper forms.
We may collect information about the software on your computer (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with the Website and for our records. This may happen automatically without your being aware of it.
We may use cookies (small text files which we and other website operators store on your computer when you visit our websites) to deliver a better and more personalised interaction. They enable us to recognise you when you return to the Website, store information about your preferences, and improve the way your searches are processed. They also enable us to generate statistics about the number of visitors we have and how they use the Website and the internet. You can set your browser to reject our cookies if you wish (you should consult your browser help section for details), but this might restrict your use of the website and other websites. For more information about cookies, please see our cookies statement.
We may share some personal information with organisations that carry out processing operations on our behalf, such as web services companies and mailing organisations. We carry out checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.
We do not sell or share personal information to third parties for the purposes of marketing.
If we run an event in partnership with another named organisation we may need to share participants’ details with them. We will be very clear what will happen to your personal information if you register for such an event.
We may share some personal information with the Electoral Reform Society in the event of an election or a ballot.
Members' contact details, including email addresses, may be shared with SoR volunteers such as accredited representatives and committee members to aid communication between members and interest groups.
We may need to disclose your details if required to the police, regulatory bodies or legal advisors.
We may need to make our list of membership available for the Personal Indemnity Insurance.
We may share some personal information with third-party market researchers to help us understand member views and improve our services. However, this information would normally be aggregated and it is never possible to identify individuals from the data. Your participation is always gratefully received but not mandated and you are welcome to decline taking part. We will not share your personal information directly with academic researchers but you may see invitations to participate in existing SoR communications channels. Again participation is always gratefully received but is not mandated.
We may need to share your personal information with your employer and their appointed third-parties (e.g. solicitors) in accordance with accepted practices in trade union representation.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
It may sometimes be necessary to transfer personal information overseas. Any transfers made will be in compliance with data protection regulation. UK data protection law allows the transfer of personal information to countries within the European Economic Area.
If it is necessary for us to transfer personal information outside of the European Economic Area or to a country which is not considered to have adequate data protection in place, we will make a restricted transfer with an appropriate contract in place to protect the personal information that is transferred.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors.
We provide guidance and regular data protection training to our staff.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our computer network and servers are protected and routinely monitored.
We store all personal information that you supply us with on secured servers or in secure paper files. For your protection, any payment details that you provide us with will be encrypted using SSL (Secure Sockets Layers) technology.
Unfortunately, the transmission of information over the internet is not completely secure. Although we will do our best to ensure that your personal information is protected, we cannot guarantee the security of your data transmitted to the website. Any transmission of your personal information by you is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to process your personal data for direct marketing purposes unrelated to SoR membership.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact us using the address below.
If you are unhappy with how we have dealt with your request or used your data please tell us so that we can sort it out. However, if you are still unhappy you have the right to complain to the Information Commissioner’s Office (ICO). Please visit https://ico.org.uk/concerns or call the ICO helpline on 0303 123 1113 for further information.
We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.
Please feel free to contact us with any questions, comments or queries regarding this Privacy Policy. All questions should be directed to the Data Protection Officer at the Society and College of Radiographers at 207 Providence Square, Mill Street, London SE1 2EW, dpo@sor.org.