This page explains how the RA collects and processes data for its members and those who use this website.
For information on how the RA collects and processes patient information, please see the RA’s Patient Privacy Notice.
This document explains why information is collected about you by the Renal Association (RA) and how your information may be used. This is called a Fair Processing Notice or Privacy Notice. It describes how the RA collects, uses and processes your personal data and associated information and how, in doing so, it complies with its legal obligations to members. Your privacy is important and the RA is committed to safeguarding your data privacy rights.
This notice will address the following areas:
- Key definitions
- What is the RA?
- Why the RA collects your information
- What personal information does the RA collect?
- Where does the RA collect your information from?
- How does the RA use your information?
- Who your information is shared with
- The RA’s lawful basis for collecting your information
- How the RA maintains the confidentiality of your information
- The RA and partner organisations
- How long your information will be stored
- Your individual rights
- Objections and complaints
- How to contact the RA
- Changes to this notice
Data controller – the organisation, person or persons who determine the purposes and means of processing personal data. For the purpose of this notice, the data controller is the Renal Association.
Data processor – in relation to your personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. Examples of the data processors engaged by the Renal Association can be found in the section ‘Who your information is shared with?’
Data protection officer – an existing employee or externally appointed person in place to assist in monitoring internal compliance, informing and advising on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the supervisory authority. The contact details for the RA’s data protection officer can be found at the end of this notice.
What is the Renal Association?
The Renal Association (RA) is a not for profit organisation registered with the Charity Commission as a membership organisation for professionals in the delivery of kidney care and research. Full details of their work can be found here: https://renal.org/.
Why the RA collects your information?
The RA collects your information in order to maintain records on your current and past standing as a member of the RA or user of RA services, in order to provide you with membership of the Association, information about products and services such as events, and details of RA activities.
What personal information does the RA collect?
To become a member of the RA, you will be asked to fill out an application form collecting the following categories of information about you:
- Basic details – name, date of birth, gender, job title and affiliation
- Contact details – address, email address, telephone number(s)
During your membership the RA will also keep a record of your membership of RA committees, special interest groups, sections, other RA groups, and attendance at our events.
If you sign up to one of the RA’s newsletters, the RA will collect your name and email address only.
The RA website
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Most web browsers allow you some control of most cookies through the browser settings or through free software such as Super-Antispyware or Cleaner. To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit the All About Cookies website at http://www.allaboutcookies.org.
The RA’s webserver records your visits to help the RA understand how you use the site, so it can improve the site and provide better services.
Use of links
Throughout the RA’s web pages, the organisation provides links to other sites which may contain information of interest to site visitors. The RA takes no responsibility for, and exercises no control over the organisations, their views, or accuracy of the information contained on other servers. Creating a text link from another website to the RA’s website does not require permission.
Where does the RA collect your data from?
The RA collects your information through the Renal Association website or the completion of a membership application form.
How does the RA use your information?
The RA uses the information you provide via your application form to process your membership, collect your membership fee, and to provide the benefits, services and information that come with membership.
During your membership the RA will also maintain records of your involvement across its councils, special interest groups, sections, and attendance at its events to ensure that you receive information and services suitable to your membership.
The RA will only contact you in line with your contact and marketing preferences. You can change your preferences or opt-out of communications at any time. Instructions on how to do so can be found in the ‘Your individual rights’ section below.
The information you provide when subscribing to the RA’s newsletters will be stored in a secured mailing list and used only to send you a copy of the newsletter(s) that you have subscribed to.
You can opt-out of receiving the newsletter(s) at any time. Instructions on how to do so can be found in the ‘Your individual rights’ section below.
Who your information is shared with
The RA will only share your membership information with a limited number of third parties in order to provide you with the benefits and services of membership. These include:
- The RA’s bank & payment processing services – to process your membership fee
- A marketing and communication platform – to manage mailing lists and send out communications
- Venues – to organise and run RA events
The information you give to the RA when you subscribe to its newsletters will not be shared be any third parties.
The RA’s lawful basis for collecting your information
All of the legal bases listed in this section are subject to safeguards required by the General Data Protection Regulation (GDPR) and with due consideration to your rights as an individual.
The RA processes your membership information under the following lawful bases:
- The RA has a legitimate interest in continuing its charitable purposes for example by enabling it to provide you with member benefits or services as a member (Article 6(1)(f) of the GDPR)
- The RA also relies on your consent to process your information for its purposes for example to provide you with information about its products and services. If you wish to withdraw your consent, you can do so by following the instructions in the ‘Your individual rights’ section below
The RA relies on your consent to send you its newsletter(s). If you wish to withdraw your consent, you can do so by following the instructions in the ‘Your individual rights’ section below.
How the RA maintains the confidentiality of your information
The RA is very careful with the information you provide. The RA has strict rules about how your data are used and who can use it. The RA is committed to protecting your privacy and will only use information collected lawfully in accordance with the:
- Data Protection Act (2018)
- General Data Protection Regulation (GDPR – EU) (2016/679)
- Human Rights Act (1998)
- Common Law in England and Wales, Scots Law in Scotland, and Northern Ireland Law in Northern Ireland
The RA will keep your information secure in accordance with its legal responsibilities; including taking reasonable steps to safeguard against your information being accessed unlawfully or maliciously by a third party, accidently lost, destroyed or damaged.
The RA will not disclose your information to third parties without your consent unless there are exceptional circumstances such as situations when the health and safety of others is at risk, or where the law permits information to be passed on.
All employees of the Renal Association are asked to sign a confidentiality agreement as part of their employment contract. If a sub-contractor acts as a data processor for the RA an appropriate contract will be established for the processing of your information.
The RA and partner organisations
The RA has no partner organisations.
How long your information will be stored by the RA
The RA will retain your information for the duration of your membership, and then for one further year after the end of your membership. At the end of that one year, the RA will delete your information with the exception of any financial information relating to your membership (e.g. records of membership fee payments) which will he held for six years in accordance with audit requirements.
The RA will only keep your subscription information for as long as you continue to be subscribed to the newsletter(s). When you no longer wish to be subscribed, the RA will delete your information.
Your individual rights
This next section describes how you can access, amend, erase and move your personal data, withdraw your consent and object to or complain about the data that the RA holds about you.
Right to access your data (data subject access requests)
You have the right to see or have a copy of your personal information held by the RA. If you want to receive a copy of your information, you should make a written request to the RA (see the section below on ‘How to contact the RA’). The RA will normally provide your information within one month of receiving all the information needed from you to respond to your request.
Right to rectification (right to amend your data)
You have the right to have your information amended. If you want to amend your information held by the RA, you should make a written request to the RA (see the section below on ‘How to contact the RA’). The RA will normally provide your information within one month of receiving all the information needed from you to respond to your request.
Right to withdraw consent for the RA to process your data
If you are happy for the RA to use your information you need do nothing further. You have the right to withdraw your consent for the RA to process your information at any time. Please be aware however, that without your consent for the RA to process your personal data, you will be unable to maintain membership of the RA or receive the information and services that come with membership.
Should you wish to withdraw your consent you can do so by contacting the RA in writing using the details found in the ‘How to contact the RA’ section below.
Alternatively, if you wish to unsubscribe from the RA’s newsletter(s) or other communications you can do so by clicking the ‘Unsubscribe’ link at the bottom of the communication and follow the instructions from there.
Right to have your information erased
You can request in writing to have your identifiable information erased at any time. This right does not extend to information that has been anonymised.
The RA will respond to your request within one month. Please see the section ‘How to contact the RA for our contact details.
Right of data portability (right to move your data)
You have the right to request a secure transfer of your data from the RA to another data controller. The RA will transfer your data to you or directly to a third party of your choosing in an accessible format. You should make the request in writing to the RA (see the section below on ‘How to contact the RA’). No fee will be payable and the information will be transferred within one month.
Right to object
The RA uses your information for the purposes described. If you do not agree with this you have the right to object. See the section below on ‘Objections and complaints’ that explains who to contact if you have an objection. The RA will respond to your objection within a month (although we may be allowed to extend this period in certain cases).
Objections and complaints
Should you have any concerns about how your information is managed, please submit them in writing to the data protection officer for the RA (see the section below on ‘How to contact the RA’). If you are still unhappy following a review by the data protection officer, you have a right to lodge a complaint with the Information Commissioner:
Tel: 01625 545745
How to contact the RA
If you have any questions regarding this privacy notice, how your data are used, or wish to exercise your rights, please contact the RA on the details below.
The RA’s data protection officer is: Mr Tom Gray
He can be contacted by:
Brandon House Building 20a1, Southmead Road, BRISTOL, BS34 7RR
Tel: 0117 4148 157
Alternatively, you can contact:
The senior information risk owner – Dr Retha Steenkamp
The Caldicott Guardian – Dr James Medcalf
Changes to this notice
The UKRR may amend this privacy notice from time to time. If you are dissatisfied with any aspect of this privacy notice, please contact the data protection officer.