CSP Privacy Policy

This privacy policy sets out details about how the CSP will use any personal information that it collects about you. We encourage you to read this policy as it explains the CSP’s practices involving the use of personal information and sets out information about rights that you may have under applicable laws.

The CSP and data

The Chartered Society of Physiotherapy (CSP) is a membership organisation, trade union and professional body operating in the United Kingdom. We are incorporated by Royal Charter, which means we are a private company and do not have shareholders.

The CSP is the data controller of any personal information that we collect about you. We are committed to protecting your privacy and keeping your data safe. If you have any questions about this policy, or about the CSP’s use of your personal information, please email data.protection@csp.org.uk.

How we collect personal information

If you are a member of the CSP or apply to become a member

If you are member of the CSP, or if you apply to become a member, we will collect from you and hold information including: membership number; name; date of birth; nationality; address; email; telephone number; any trade union membership; your university and programme of study; course start date/year qualified; qualification type; country qualified in; evidence relating to any name change; HCPC number (registered members); bank account details; employer, place of work, job title, working hours, job grade, contract type, sphere of practice and professional qualifications.

We may also ask you to provide us with the following ‘special category’ personal information: ethnicity, disability or long-term health condition, sexual orientation, gender identity and religion. You do not have to provide us with this information, however if you do choose to do so, we will use it to ensure that services are delivered in an equitable and non-discriminatory way. We will also analyse anonymised ‘special category’ personal information to provide information on the demographics of our membership.

We will use the personal information that we collect about you to:

  • assess your eligibility to become a member of the CSP or to receive membership benefits
  • verify your identity and qualifications, including for access to third party services such as discovery and OCLC
  • administer your membership, including by collecting membership payments from you
  • provide the benefits of membership and trade union services to you – including personalising our delivery of services to you based on your personal information
  • allow CSP volunteers to use the information gathered to carry out their duties and to provide you with services and advice that you request, for example providing advice on employment and professional issues and providing branded material for events and campaigns you may be organising and supporting
  • keep you up to date with news about the CSP’s activities, according to your communication preferences.
  • invite you to take part in surveys or in other ways contribute to our insight/ intelligence gathering to help us support you or our campaigns
  • invite you to take part in CSP campaigns and activities

In the process of providing member services and pursuing our legitimate interests, we may also process your data in the following ways:

  • record details of your interactions with us, including any trade union data you volunteer
  • record telephone conversations with our enquiries team
  • record details of information you have given us and advice we have provided to you in your membership record
  • analyse anonymised details of your visits to our website, engagement with electronic communications and social media
  • detect and prevent financial and /or identity fraud
  • manage CSP budgets for business and auditing purposes
  • administer the CSP and fulfil its aims, for example by lobbying on initiatives or running internal elections, assessing and developing services which may be of interest to members
  • comply with our legal obligations, protect and defend our rights and to pursue our other legitimate business interests

If you register for an account on the CSP website

If you register for an account on the CSP website, we will collect information about you including your surname, CSP number and email address. We will use this information to:

  • verify that you are eligible to create an account 
  • allow you to log in to your account, once it has been created
  • administer access to your account and ensure its security
  • keep our systems secure
  • contact you about your account where required. 

If you contact us, including in person, by post, telephone, emails or through forms available on the CSP website

You can contact us in various ways, including by emailing us, sending us mail or by telephone. If you contact us in any of these ways, we will collect the information that you choose to provide and will use it:

  • to investigate any query that you raise with us
  • to provide any advice or assistance that you request from us
  • to keep you up to date with news about the CSP’s activities by email and by post, according to your communication preferences.

If you are not a CSP member

If you are not a CSP member but interact with our organisation, we may collect and hold information about you, including trade union information, if you:

  • contact us by any means with an enquiry
  • make a complaint about the CSP or one of our members
  • visit our website or our offices (CCTV)
  • make an online purchase
  • book an event with us
  • purchase a product or service by phone
  • engage with us on our social media platforms or have a relationship with us
  • join and/or renew a professional network membership using our website, or fill in any forms

Contacting us

If we are able to help or provide advice and guidance we will respond through the channel that the non-members have used (telephone, email, social media), we may collect details of the enquiry (subject matter), contact name, email address and telephone number in order that we can respond. If we need to refer on to other parts of the organisation, these details will be passed to the other team. We don’t store or hold this information.

We do not store or create a contact record on CRM for non-members. If the contact is via email we will delete it once we have responded. If it is a phone call, any written notes will be disposed of appropriately.

Visiting our offices:

The CSP uses CCTV to protect its London office premises, throughout the office and in the area immediately around the entry door (any other CCTV used in other parts of the London office building, or other offices, is not operated by the CSP). The CSP CCTV system is used for the protection of employees, and third parties, and to protect against theft, vandalism and damage to CSP property.

The video footage is not used proactively to look for non-conformance with CSP policy. Footage is routinely destroyed after 30 days and is not shared with third parties unless there is suspicion of a crime or incident, in which case it may be turned over to the CSP’s insurers, the police or other appropriate authority.

Visiting our website:

Please see our Cookies Statement for details of how we use your information if you visit our website.

Making an online purchase

We may collect billing and delivery address, billing and delivery name, order details (quantity, price, type of product) and method of payment and payment reference details.

Product purchase by phone/email:

If you purchase leaflets or publications we will ask for you to email us with an invoice/purchase order. This details the order, where to send and who has ordered it. This is shared with the mailing house to fulfil and dispatch the order.

Professional network membership:

If you join and/or renewal a professional network membership using our website, or fill in any forms we may process the following data:

Billing address, Billing name, order details (quantity, price, type of product), method of payment, payment reference details, the professional network that you are joining, the joining date, the renewal date, whether you have been a member of the PN previously and whether you agree to the website’s GDPR statement.

If you live outside the UK

For all non-UK contacts (e.g. from overseas members or via the International Advice Service).

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.

We’ll ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that’s not set out in this privacy policy. 

We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.

The legal conditions we rely on to process personal information

The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:

Entering into and performing a contract with you: we process personal information as is necessary to perform the membership agreement, as appropriate to your level of membership.

Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business as a membership organisation, trade union and professional body, and which does not materially impact your rights, freedom or interests.

Legal compliance: if the law requires us to, we may need to collect and process your data.  

Consent: in specific situations, we can collect and process your data with your permission.

We will not collect any personal data from you that we do not need. You have several rights regarding the use of your personal data, these are summarised in the ‘your rights‘ section below.

How we protect your personal data

We’re committed to keeping any data you provide to us safe and secure. All of our staff therefore undergo comprehensive data protection training when they first start working for us and then updated every two years.

All of our online forms are encrypted which means that the details on them can’t be accessed while the information is transferred to us. Our computer network is protected by anti-virus software and other security measures and is routinely monitored by ICT to prevent security breaches.

When we may disclose or make available your personal information

We will disclose personal information that we hold about you to:

  • your employer, where you consent to us doing so or where this is necessary for us to provide a service or advice that you have requested from us;
  • your contact, membership and employment information may be made available to CSP trained and accredited workplace reps - stewards, safety reps, equality reps or other volunteers in the course of their duties
  • if you are a volunteer – such as a workplace rep, or Council or committee member your contact information will be used and made available within the membership so that members can get in touch and share relevant information with you
  • if you join any of the CSP’s networks, working forums or electronic groups (including email, social media and messaging apps), your contact information will be used and shared within that group so that relevant information can be shared with you.
  • travel companies, hotels and venues used for CSP conferences, meetings and events
  • banks and financial institutions that process payments on our behalf
  • professional advisors such as lawyers, insurers, accountants, auditors, and financial advisors
  • regulatory authorities including tax authorities
  • law enforcement agencies, courts and other tribunals

We may also share personal information that we hold about you with third-party data processors who act on our behalf:

  • our service providers, such as IT service companies
  • third parties involved in the publishing and distribution of our magazine
  • entities providing fulfilment services on our behalf, such as sending you membership joining packs
  • mailing houses, where we contract them to deliver products to you on our behalf

Where your personal data may be processed

The CSP processes your personal data in the UK and EEA. Where we share your data with third parties as described above, these entities are predominantly UK or EEA-based. Should we transfer your data outside of the UK we will ensure there are adequate protections in place to safeguard your data.

Third parties who process personal data on our behalf include:

Processor Name

Address

Activities

Privacy and Sub-processor information

The Rocket Science Group LLC (Mailchimp)

675 Ponce de Leon Ave. NE
Suite 5000
Atlanta, GA 30308
USA

Email services

Mailchimp (Intuit group) Privacy Policy

SurveyMonkey Europe UC

Ella House
Suite 40.4
40 Merrion Square East
Dublin 2
D02 NP96
Ireland

Member surveys

SurveyMonkey Privacy Policy

Qualtrics LLC

333 West River Park Dr
Provo
UT 84604
USA

Annual Quality Review process

Qualtrics Privacy Policy

Qualtrics Sub-processor List

CTI Digital

Express Networks 2
3 George Leigh Street
Manchester M4 5DL
United Kingdom

Website development and support services

CTI Digital Privacy Policy

iomart Group PLC

 

6 Atlantic Quay, 55 Robertson Street, Glasgow G2 8JD
United Kingdom

Website support services

Iomart Privacy Policy

Warner’s Midlands PLC

The Maltings
Manor Lane
Bourne PE10 9PH
United Kingdom

Mailing distribution services

Warner’s Midlands Privacy Policy

James Hallam Limited

Saxon House
Duke Street
Chelmsford CM1 1HT
United Kingdom

Insurance broker

James Hallam Privacy Policy. Working with insurers MPLC

Forvis Mazars LLP

30 Old Bailey
London
EC4M 7AU
United Kingdom

Project management

Forvis Mazars LLP Privacy Statement Sub-processors include Forvis Mazars Performance SL (Spain). Forvis Mazars LLP Sub-processor List

Centrepoint Computer Services Limited

Global House
1 Ashley Avenue
Epsom KT18
United Kingdom

Membership systemsCentrepoint privacy policy

 

Keeping in touch

We may send members several different types of email and/or SMS communications:

  • Administration, governance and legal matters, for example subscription renewals notices, annual general meeting notifications and trade union ballots. We will send these either where there is a contractual obligation for us to do so or it is in our legitimate interest. Ordinarily you are not able to opt-out from receiving these service messages, as they are an important part of your membership.
  • Delivery of the wider membership package, for example newsletters, information services, conference news and opportunities to get involved. In some circumstances, you will be able to refine what you want to hear about. We may rely on legitimate interest or consent to send these communications. You will always have a choice whether you wish to receive them or not and can opt-out at any time.
  • Third party partners. Only where we have your explicit consent we may disclose your name and email address to third parties, such as conference sponsors and exhibitors or organisations who offer services that we think may be of interest to our members.

You can choose which marketing emails and texts you want to receive at any time through the ‘communications preferences’ section of your website account area. You can also unsubscribe from mailings from the link at the bottom of our emails/texts.

Your rights

Under data protection law, your rights include:

  • Right of access - you have the right to ask us for copies of your personal information.
  • Right to rectification - you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • Right to erasure - you have the right to ask us to erase your personal information in certain circumstances.
  • Right to restriction of processing - you have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • Right to object to processing - you have the right to object to the processing of your personal information in certain circumstances.
  • Right to data portability - you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

If you make a request, we have one month to respond to you. In most circumstances, you will not be required to pay any charge for exercising your rights. Please contact us at data.protection@csp.org.uk if you wish to make a request.

How to complain

If you have any concerns about our use of your personal information, you can make a complaint to us at data.protection@csp.org.uk. You can also complain to the ICO if you are unhappy with how we have used your data.

ICO address:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF

Helpline number: 0303 123 1113
ICO website:https://www.ico.org.uk

Identity and contact details of controller and data protection officer

The Chartered Society of Physiotherapy is the data controller of data for the purposes of data protection law.

If you have any concerns as to how your data is processed, please contact the CSP data protection officer, Jacqui Traynor: data.protection@csp.org.uk.

For CSP member volunteers

If you're a member volunteer then download our data security and confidentiality policy.

Changes to this policy

If we make any significant changes to the ways in which we process personal information, we will make the required changes to this privacy policy and will notify you in advance of any changes being put into practice so that you can raise any concerns or objections with us. 

Last updated: 17 October 2024