The Health Care Supply Association (“HCSA”) is a registered charity (Registered CIO in the UK: 1170161), and is committed to protect and respect your privacy.
This Privacy Notice applies to http://www.nhsprocurement.org.uk which is owned and operated by:
Health Care Supply Association (HCSA) Office
The Fragrance House,
The ICO is the UK’s independent body set up to uphold information rights. The ICO’s details are:
Information Commissioner’s Office,
Cheshire, SK9 5AF.
Phone: 0303 123 1113
If you have any further queries, please don’t hesitate to contact our Data protection Lead on: firstname.lastname@example.org, by writing to HCSA’s address above, or by calling +44 1489 779 189.
Changes to this policy
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
The HCSA as a data controller for all personal data which our members and site visitors input. For the personal data which the members fill out when they post to our forums, the HCSA acts as a data processor, processing only in accordance to our member’s instructions; the member in such circumstances is the data controller.
The data we collect from you
We collect the following data from you:
- Membership Information: this is the information you put on when joining as a member, including your name, username, email address etc. Where you pay for courses or services, we will also collect information regarding the payment method you have selected (including invoice address, card number, expiry date etc).
- Feedback following events
- Account Settings
- Contact Details: including any email address, telephone number and names you put in.
- Any other information you share with us including support emails, queries and testimonials.
The legal basis for us collecting the above data is that it is necessary for us to provide you the membership services you have requested by joining the association. For feedback surveys and comments, we act as data processor, in this regard we follow your instructions regarding how you want to process that data.
What we do with the information we collect
We use the information we collect to provide our services to you. This includes:
- Providing you customer support and help about our courses, events and services when you contact us.
- For trouble shooting and testing of our services to ensure that it is secure, reliable and of high standard.
- Maintain and improve our web services.
- To prohibit illegal activity using our services.
- To respond to legal requests, court orders or lawful requests from government agencies.
- For providing our services to you as per your request when you joined.
Marketing and promotional emails
Where you have consented, we will contact you regarding promotional activities and marketing in order to inform you about offers and helpful tips about our service, you have a right to withdraw that consent at any time by following the simple instruction on the email or emailing email@example.com telling us you no longer wish to receive promotional emails. Please also see your rights below.
Sharing & Disclosure of your data
All membership data is securely stored in the UK. We use secure processors for purposes of check off when organising events or membership administration. All our processors have robust security features to ensure that they have the appropriate technical and organisation measures to keep personal data secure, furthermore, they are contractually bound to not access, modify, disclose or erase the data without our instructions. You agree and specifically consent to our use of the following third party processors:
- NHS South of England Procurement Services (Business & Administration Support)
- BIP Solutions Ltd (Conference Partner)
In circumstances where you require additional services, we may also use third party service providers, in such circumstances you will be informed of the third party provider so that you can consent. All third party provider we use have the appropriate technical and organisation measures to keep personal data secure, furthermore, they are contractually bound to not access, modify, disclose or erase the data without our instructions.
We may disclose membership details to your organisation, where the registered account belongs to the organisation itself.
We may disclose account or invoice details if required by law or to comply with a court order or legal process.
The HCSA is fully focused on the privacy of your data, it will not share your data without first obtaining your direct consent and agreement.
Your data outside of the UK
We do not transfer your data to countries outside of the UK. Any data (unless you consent otherwise) is stored in the UK at all times. You may withdraw that consent at any time by contacting us at firstname.lastname@example.org .
All membership data we hold is backed up in a separate physical premise with technical and organisational measures equal to the security where the original data is held. This is to ensure that your data is not lost or destroyed should the original be destroyed without your instructions.
Rights to your data
If you are an HCSA member, you have the following rights to your data (please see below under the Heading “General Statement” for more information):
Right to access: You have the right to access the data we hold about you by logging in to your profile page. From your profile you can access all of your membership data .
We may additionally store other information about you such as support questions and membership queries you have submitted to us, therefore, if you would like all of the information we hold about you, please contact our Business & Admin team on: email@example.com.
You also have the right to access any information we hold about you and your membership in a common machine readable format for free of charge, unless your request is excessive or repetitive.
We will process your request without undue delay and at the latest within 14 days, unless, your request is complex or numerous in which case we may take up to 1 month, but we will inform you within 7 days if this is the case.
Right to rectify: when you log on to your membership profile, you can also rectify or update any information on your account. If you are not able to do so, please contact us at firstname.lastname@example.org
Right to erase: when you log on to your membership profile, you may also erase any data on your account with the exception of data that is required for you to keep your account open (such as your email address, name etc). You also have the right erase any other data which we hold about you including raising any questions or support tickets, if you would like to do so please contact us at email@example.com
When you terminate your account, all of your data will be erased.
When you delete your data or terminate your account, it may still be stored with us for up to an additional 3 weeks due to the backups we have.
Right to object: You have the right to object to us using your data for marketing purposes. If you would like to do so please contact us at firstname.lastname@example.org. This will be done free of charge and without undue delay.
Communication from the site
We send all new members a welcoming email to verify their registration.
Members may occasionally receive information on general service announcements, and a monthly newsletter. Out of respect for the privacy of our users we present the option to not receive these types of communications. Please see the Opt-in sections in your profile on your account or the link provided at the bottom of emails to opt out.
On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications; however, these communications are not promotional in nature.
We communicate with users on a regular basis to provide requested services and in regards to issues relating to their membership we reply via email, in accordance with the member’s wishes.
We will retain your data for as long as you hold membership. If you wish to cancel your membership, you may do so from your profile settings. Alternatively, you may request that we no longer use your information to provide you our services then please contact us at: email@example.com.
Where you send us questions, queries or support tickets, we will retain that data for up to 6 months or if you tell us to delete it immediately, whichever comes first, unless enquiry is required for trouble shooting or for improving services, in which cases we will delete the personal data and store the enquiry or support.
Privacy of All Site Visitors (non-members)
A “Site Visitor” is anyone who visits our site and is not an active member.
Some of the cookies are required for the website to function normally for users. Other cookies are required for allowing HCSA members and associates to login to the members area, and stay logged in if the “remember details” option is selected.
We also use traffic log cookies to identify which pages are being used. This helps us analyse data about webpage traffic and improve our website in order to tailor it to customer needs. We only use this information for website traffic analysis purposes. It is completely anonymous and we do not collect any personally identifiable information from this data.
We use both session ID cookies and persistent cookies. For the session ID cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file stored on the Site Visitor’s hard drive for an extended period of time. Persistent cookies can be removed by following Internet browser help file directions. With session cookies we are able to ensure that only people who have entered in correct login details (members) are able to use password-protected areas, and only areas that they are authorised to use. Persistent cookies enable us to track and target the interests of our members to enhance the experience on our site.
- Distinguish you from other members of our website.
- Helps us to improve our website’s performance and your experience of using our website.
- Make it easier and more convenient for you to log in to our site, by storing the username and password on your device.
- For ensuring secure login.
- To measure your usage of our web services.
|_utma||Checks if the user has visited the website before, and records the total number of visits.||Never|
|_utmz||Tracks the user’s browsing path and the way they found the HCSA website.||6 Months|
Third Party cookies:
Third parties we work with also place cookies on your device when you visit our website to provide you with marketing content which is tailored according to you. The HCSA does not use any third party cookies with the exception of those defined above.