GDPR Policy
The Consultation Process
| Type of personal data held | Where held e.g. office, software, paper | What we use the data for | Where we got the data from | Do we have consent? | Who we share it with (if anyone) |
The Institute of Trichologist Members
Contact details (address, phone number, email) Clinic information (Clinic name, address, contact information, clinic website) Membership (AIT/MIT/FIT) CPD Records and Certificates Certificate of Insurance Agreement declarations to the Code of Ethics and Articles of Association Membership forms Student membership forms.
| Electronically – stored securely in a Private and confidential Dropbox | Held in order to maintain database of memberships, to update the register that is accessible to the general public and for permission to hold mailing lists for CPD etc. | Members fill forms in annually when membership payments are due, which includes collection of all the relevant data. | yes | Chairman, Vice Chairman, Registrar, Education Director. Clinic information is shared on the IOT website with members of the public via our Member Register. Member’s can choose to opt out of having their clinic information accessible to the public. |
STUDENT DATA Contact details (address, phone number, email) Emergency contact details i.e. next of kin Previous qualifications. Entry test results. Personal references. Clinical training records / Assessment feedback. Examination results. Grading and certification.
| Office and software | Data is used to enable the IOT to contact learners using the correct details. To ensure students are using the correct identification and are who they say they are. To ensure learners are placed on the correct level / programme of study. To ensure learners meet the appropriate entry levels for the course. To record and monitor student progress on the course. To ensure learners are certificated using their correct name and spelling. | Information is gathered from the candidate themselves along with two referees provided by the student. | Yes | Information held on students is shared only within the educational team as and when necessary. The educational team consists of six staff in which this information may be shared. |
PATIENT DATA: Name Contact details (address, phone number, email) Patient history eg Clinical Treatments and blood test results | Patient details for consultants / students is held in paper form. Patients who attend the IOT’s Wednesday and Saturday clinics have details stored in paper form and electronically on the PPS booking system. | All patient information is taken for clinical appointments. | All information is provided directly from the patient themselves. | Yes | Information is shared with a student and teacher who will perform a clinical consultation/treatment with the patient. |
EMPLOYEE DATA:
Contact details (address, phone number, email) Emergency contacts/next of kin Medical information CVs Job applications Training records Disciplinary records Appraisals / performance reviews | Paper form at the office and electronically | This is held for employment records. | All information relating to employment is gained from the candidate themselves. | Yes | Chairman, Education Director, Education Manager, Board of Directors if necessary, Trustees, if necessary, administration if necessary. |
FINANCIAL DATA: Suppliers Invoices Bank account details Credit/debit card details Payment history | Paper copies of invoices All other information held electronically | This is held for accounting. IOT bank account details are held in line with on-line banking plus patients/members/students are given bank account details to be able to pay by direct bank transfer. Bank account details of patients, staff, members or students are not stored and are disposed of immediately after use. | IOT | Yes | Chairman, Vice Chairman, Education Director, Accountants, Administration if necessary |
MARKETING DATA: Mailing lists (email, text, post) Social media Marketing | electronically | Held in order to email members/students with details of CPD events, AGMs etc. or newsletters regarding IOT developments | Members/students themselves from Membership forms | yes | Administration, Chairman |
General Data Protection Regulations
This privacy notice explains how The Institute of Trichologists (IOT) looks after personal information given to us by members, students, staff or by patients and the choices you can make about marketing communications you agree we may send you. This notice explains how we do this and tells you about your privacy rights and how the law protects you.
TOPICS:
● What information we collect about you
● How information about you will be used
● Marketing
● Employment
● How long your information will be kept for
● Where your information is kept
● Access to your information and correction
● Cookies
● Other websites
● Changes to our privacy notice
● How to contact us
WHAT INFORMATION DO WE COLLECT ABOUT THE IOT’S STUDENTS, PATIENTS, OUR EMPLOYEES, OR MEMBERS.
We collect information about individuals when individuals study with us, book an appointment with us for a consultation or treatment, buy a product, apply for a job, or become a member of the IOT with us whether contact is online, on paper, by email or over the phone.
The information you give us may include your name, address, email address, phone number, relevant history which may suggest that a service or treatment should not go ahead or certain products should not be used (eg allergies, pregnancy, skin conditions), payment and transaction information, IP address and CVs.
For patients under the age of 16, we will only keep and use their personal information with the consent of a parent, carer or guardian.
HOW INFORMATION ABOUT YOU WILL BE USED
In law, we are allowed to use personal information, including sharing it outside of the clinic, only if we have a proper reason to do so, for example:
● To fulfil a contract with you surrounding your education
● To fulfil a contract with you, ie to provide the service or treatment you have requested and to communicate with you about your appointments
● When it is in our legitimate interest ie there is a business or commercial reason to do so, unless this is outweighed by your rights or interests
● When you consent to it: we will always ask for your consent to hold and use health and medical information.
We may therefore share your information with
● Tutors / Assessors / staff within the educational team
● Admissions and Communications Manager
● Website company for updating information on the website
● Administration / Registration team
Students who are studying with the IOT may experience a number of different tutors and assessors during their time of study. Student information may at times be shared with other tutors and assessors based within the IOT’s educational team of staff, this is for educational and developmental purposes only.
We have rigorous data protection and security policies in place.
When student patients’ book into the IOT clinic this is done so through the Education Manager and Registrar and Communications Manager. If patients are booking into the Wednesday or Saturday IOT clinics they do so via the on-line booking system – PPS or via telephone to the clinic manager.
Student information is stored either electronically or in filing cabinets in the office and can only be accessed by authorised members of the IOT’s educational team.
Information held on our IOT members is held electronically and can only be accessed by administration.
We will not share your information with any other third party without your consent except to help prevent fraud, or if required to do so by law.
MARKETING – PATIENTS / STUDENTS / EMPLOYMENT / IOT MEMBERS
We would like to send our students, patients, employees and board members information which may be of interest to you. We will ask for your consent to receive marketing information.
If you have consented to receiving marketing, you may opt out at a later date.
You have the right at any time to stop us from contacting you for marketing purposes or giving your information to third party suppliers of products or services. If you no longer wish to be contacted for marketing purposes, please contact Lucy Johns BSc MSc at admin@trichologists.org.uk (Registrar and Communications Manager)
The information we collect about employees, the purposes it is used for and who it will be shared with is set out in our employment contracts and employee handbook.
HOW LONG YOUR INFORMATION WILL BE KEPT FOR
Patients – Unless you request otherwise, we will keep your information for seven years from the last communication we have with you. This is in accordance with the IOTs Code of Professional Practice and Ethics.
After 7 years we will delete all your personal information, including your name, relevant patient history) and financial transactions.
Students – Student information will be kept secure and held for three years in line with our awarding bodies quality process (longer if the student postpones their studies). Students will be contacted for educational purposes only. The Institute may from time to time contact students regarding developmental opportunities if it is felt this may be of benefit to them.
Institute Members – Unless you request otherwise, your information will be held on record for the duration of your membership. We shall contact you regarding relevant information such as CPD events, annual membership updates.
Employees – Refer to individual contracts of employment. Employees can at any time request not to be contacted regarding IOT events.
Information about unsuccessful job applicants will be deleted after four months.
WHERE YOUR INFORMATION IS KEPT
● Information is stored in filing cabinets in the office or electronically.
● Any payment transactions are encrypted (this is currently dealt with via our accountants).
● Sending information via the internet is not completely secure, although we will do our very best to protect your information and prevent unauthorised access.
● Google Classroom is used for educational purpose however this only contains information surrounding student names and is set up using a secure network.
ACCESS TO YOUR INFORMATION AND CORRECTION
You have the right to request a copy of the personal information that we hold about you. This will normally be free, unless we consider the request to be unfounded or excessive, in which case we may charge a fee to cover our administration costs.
If you would like a copy of some or all of your personal information, please contact
The Manager of Education, Sara Alkazraji:
educationmanager@trichologists.org.uk
We want to make sure that all personal information we hold is accurate and kept up-to-date. Please contact the IOT to correct or remove information you think is inaccurate.
You have the right to ask us to object to our use of your personal information, or to ask us to delete, remove or stop using your personal information if there is no need for us to keep it.
E-NEWSLETTERS – Sent to Institute members only.
We email newsletters from time to time to inform our members about updates, information, development opportunities and clinical changes. You have the opportunity to unsubscribe from newsletters at any time.
COOKIES –
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This is used to track visitor use of the website and to compile statistical reports on website activity. For further information visit www.aboutcookies.org or www.allaboutcookies.org
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
See our cookies policy here https://trichologists.org.uk/privacy-policy/
OTHER WEBSITES
Our website includes links to other websites. These include links to other qualified Trichologists clinic websites.
This privacy notice only applies to this website so when you link to other websites you should read their own privacy notices.
CHANGES TO OUR PRIVACY NOTICE
We keep our privacy notice under regular review and we will place any updates on this webpage. This privacy notice was last updated in May 2019.
HOW TO CONTACT US
Please contact us if you have any questions about our privacy notice or information we hold about you:
By email admin@trichologists.org.uk
Or write to us at: The Institute of Trichologists, 10 Harley Street, London, W1G 9PF.
You also have the right to complain to the Information Commissioner’s Office. Find out on their website how to report a concern:
www.ico.org.uk/concerns/handling