Privacy

The Faculty of Public Health (FPH) is a registered charity in England and Wales (263894). FPH is committed to safeguarding and protecting the privacy of its members, clients and visitors.

FPH works to protect your privacy and personal data at all times in accordance with the UK General Data Protection Regulation (UK GDPR), tailored by the Data Protection Act 2018. This policy explains how FPH collects, uses and protects any personal information that you provide.

Information that we collect

We may collect and process the following data about you:

Information you give us voluntarily. This is information about you that you give us by completing forms on our website or by corresponding with us by phone, e-mail or via the members portal, including the CPD Diary. It includes information you provide when you join membership or register to attend an event,or examination, or to use any other service we supply. The information you give us may include personal data such as your name, job title, employer details, age, date of birth, postal address, and email address. It may also include sensitive personal data such as disability, ethnic origin, sexual orientation, employment information (if applying for a job at FPH) and other lifestyle information.

Information about your use of our site. With regard to each of your visits to our site we will automatically collect the following information

technical information, such as traffic data, location data and other communication data
pages viewed and the resources that you access

We do not use information gained in this manner in a way that any individual can be identified. We will use it to understand our users better, and to determine aggregate trends. We may share this kind of anonymous data with selected third parties to assist with these purposes.

Information we receive from other sources. This is information we receive about you if you use any of the other websites, we operate (e.g. ePortfolio) or the other services we provide.

Category of personal information	Examples of your personal information
Personal and Contact information	Name, title, address, email address, telephone number, Gender/sex, date of birth
Equal opportunities information	Health conditions (in some cases), sexual orientation and ethnic origin
Membership/enrolment /CCT information	Membership number, subscription/membership records, application form, curriculum vitae, qualifications, skills, experience, employment history, professional development records, copies of examination certificates, information relating to training post, current appointment information and registration type, fellow certification, copy of membership certificate, Registration Body name and number
Financial information	Bank details for the purpose of direct debit collection
Preference information	Your account settings and communication preferences
Communication information	Communications between you and us e.g. email correspondence
Website usage information	Please refer to the section on Use of Cookies
ePortfolio information	Information submitted on the ePortfolio
CPD information	Information submitted on the CPD Diary
Account information	Information held in relation to your account on the Members Portal, including log in details

What we do with your data and why do we collect and use your data

All personal information held by FPH will be held in accordance with the UK GDPR and all other relevant privacy legislation.

FPH collects data for membership applications and registration; through subscription to activities, resources, services, and examination.

FPH maintains information about members and other service users in order to provide membership benefits and educational products. Information is also retained for monitoring, research and statistical analysis.

FPH commits to using your information in accordance with your mailing preferences. Please log in to your Members Portal account to update your profile.

We are required by the Data Protection Act 2018 to always have a lawful basis for holding and processing your personal information. There are six lawful bases for processing and these are:

Consent: the individual has given clear consent for you to process their personal data for a specific purpose.
Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.
Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations).
Vital interests: the processing is necessary to protect someone’s life.
Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.
Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)

We have identified below the valid grounds for collecting the data we hold.

Lawful basis and purpose: Legitimate interests	What categories of personal information do we use
To provide you with services and member benefits e.g. eBulletin, Journal of Public Health. To share information with you about FPH activities.	Personal and Contact information
Examinations – Administration of examinations
Administration of applications to Faculty roles e.g. Examiners, AAC assessors
Administration of grant and award applications
Administration of Advisory Committee on Clinical Impact Awards (ACCIA) nominees
Administration of Honour & Distinction nominees (including the ceremony)
To provide you with any information you request
To carry out analysis about the use of our website	Website usage information
To carry out research and statistical analysis	Website usage information
Contract Processing, administering, and managing your membership records and your membership of our organisation	Personal and Contact information Membership/enrolment and CCT information Financial information CPD information
Trainee programme – administration of CCT - management and administration of training records and e-portfolio to enable trainees to progress to CCT	Contact information Personal information Membership/enrolment and CCT information
For reasons of substantial public interest - Managing and administering our equal opportunities reporting in relation to examinations, membership and the trainee programme	Sensitive personal data Equal opportunities information

We may on occasion, display and share personal and relevant details online or in print for the purposes of the Awards and Membership nominations.

What do we do with the information we have?

The personal data and sensitive personal data will be stored, processed, used, and disclosed by us in the following ways:

to carry out our obligations arising from any contracts entered into between you and us and;
to provide you with the information, products and services that you request from us;
to send you details of reports, networking and events and general information about FPH activities;
to being contacted for such purposes;

to answer your questions and enquiries;
to vote in FPH elections
to ask for your views via our membership surveys

to provide you with information about other services we offer that are similar to those that you have already attended, purchased or enquired about;
to provide you with information about services that may interest you;
to notify you about changes to our services;
to use your information on an anonymised basis to monitor compliance with our equal opportunities policy;
to ensure that content from our site is presented in the most effective manner;
to share information with appropriate third parties in order to improve public health practice, public health training and our services;
to request your involvement in our activities
to further advance the mission of FPH and its campaigns.

Disclosure of your information

We may disclose your personal information to third parties:

if we are under a duty to disclose or share your personal data in order to comply with any legal obligation
in order to enforce or apply our terms of use or terms and conditions of supply and other agreements
to protect the rights, property, or safety of FPH or others
to allow you to receive any membership services or member benefit which is provided by a third party (for example, access to the Journal of Public Health or European Public Health Association or Chartered Institute of Environmental Health membership or participation in an FPH Ballot); and/or
to administer Gift Aid
to provide any services that you ask us to carry out either through the website or otherwise (including, for example, for equivalence purposes)
disclosure may include exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction
we will not sell your details to any third parties

In addition, FPH will also

retain information for monitoring training, research and statistical analysis, in data comparisons to verify qualification and to prevent fraudulent activity.

Where does FPH store your data

We will store data given directly to us within the United Kingdom and/or the European Economic Area ("EEA"). FPH does use third parties to process data on its behalf. If any processing takes place outside the United Kingdom or, where applicable, outside the EEA, it is subject to contractual restrictions such as standard contractual clauses and appropriate safeguards to ensure compliance with UK GDPR and other relevant data protection regulations. If any processing, takes place outside the EEA, it is subject to contractual restrictions such as

the country to which the personal information is to be transferred ensures an adequate level of protection for personal information;
we have put in place appropriate safeguards to protect your personal information, such as an appropriate contract with the recipient.
the transfer is necessary for one of the reasons specified in data protection legislation, such as the performance of a contract between us and you; or
you explicitly consent to the transfer.

How does FPH protect your data

FPH is committed to protecting the privacy of your personal information. To prevent unauthorised access or disclosure we have put in place strict physical, electronic and operational procedures intended to safeguard and secure the information we collect.

If the URL of a web page starts with HTTPS or you see a locked/green padlock symbol, your data should be encrypted when it is sent from your computer to our server. However, no internet data transmission can be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us, and you do so at your own risk. Once we receive your transmission, we make our best effort to ensure its security both on our systems and while in transit between our systems and the companies who provide us with various services.

Our website does contain links to and from the websites of our partner networks for example our Jobs Board and FPH Extras. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Who we share your data with outside FPH

FPH shares information across internal departments to improve our communications and services; and with appropriate third parties* in relation to your membership or benefits of membership.

FPH will not sell information about members and other service users to third parties.

*Non-exclusive list: GMC, UKPHR, EUPHA, CIEH.

FPH discloses personal details to appropriate suppliers, in order for members and other service users to take advantage of any discounts on products and services offered by the FPHs partners.

How long we keep your data and why

FPH collects and holds data on members and other service users in a range of systems. Further information is available in the Data Retention Policy and Schedule, which can be requested from the Data Protection Officer.

Your data protection rights

The UK GDPR provides the following rights for individuals. FPH recognises and respects these rights and is committed to helping individuals exercise them appropriately.

Your Right	What it Means	Limitations or Conditions
Right to be informed	You have the right to be informed about the collection and use of your personal data. This Privacy Policy, and related notices provided to you, ensure you are aware of why and how your data is used.	Information must be concise, transparent, intelligible, and easily accessible.
Right of access	You have the right to request access to the personal data we hold about you. This is commonly known as making a "Data Subject Access Request" (DSAR).	We must verify your identity before disclosure. Your request must not adversely affect the rights of others (e.g., confidentiality obligations).
Right to rectification	You have the right to have inaccurate personal data corrected, or incomplete data completed.	We encourage you to keep your details up to date via the Members Portal where possible.
Right to erasure ("Right to be Forgotten")	You can request that we delete or remove your personal data where there is no compelling reason for its continued processing, such as if the data is no longer necessary or you withdraw consent.	This right does not apply if we are required to retain your data to comply with legal obligations or for the establishment, exercise, or defence of legal claims.
Right to restrict processing	You have the right to request the restriction or suppression of your personal data in certain circumstances, for example, if you contest the accuracy of the data or object to its use.	When processing is restricted, we are permitted to store your data but not use it.
Right to data portability	You can request a copy of your personal data in a structured, commonly used and machine-readable format and have the right to request that we transmit that data to another organisation.	This right applies only to data processed based on your consent or under a contract, and where the processing is carried out by automated means.
Right to object	You have the right to object to the processing of your personal data in certain circumstances, including processing based on legitimate interests or for direct marketing purposes.	Where you object to processing based on legitimate interests, we will assess whether we have compelling legitimate grounds to continue processing. You can object to direct marketing at any time.
Rights in relation to automated decision-making and profiling	You have rights related to automated decision-making and profiling, where decisions are made without any human involvement and can significantly affect you.	FPH does not use your data for automated decision-making or profiling that would have a legal or similarly significant effect on you.

If you wish to exercise these rights, contact the data protection officer at datacontroller@fph.org.uk.

FPH has identified below which of these rights are applicable to the data we hold and how they are met.

Your right	What does it mean?	Limitations and conditions of your right
Right to be informed	This Privacy policy protects your right to be informed about the data we hold and why and how it is held.
Right of access	Subject to certain conditions, you are entitled to have access to your personal information (this is more commonly known as submitting a “data subject access request (DSAR)”).	You must specify the type of information you would like on a data subject request form to ensure that our disclosure is meeting your expectations. We must be able to verify your identity. Your request may not impact the rights and freedoms of other people, e.g. privacy and confidentiality rights of other staff.
Rights in relation to inaccurate personal data or incomplete data	You may challenge the accuracy or completeness of your personal information and have it corrected or completed, as applicable. You have a responsibility to help us to keep your personal information accurate and up to date. We encourage you to update the Members Portal with any changes regarding your personal information as soon as they occur, including changes to your contact details and telephone number.	Please always check first whether there are any available self-help tools to correct the personal information we process about you. E.g. the Members Portal This right only applies to your own personal information.
Right to erasure	Subject to certain conditions, you are entitled to have your personal information erased (also known as the “right to be forgotten”), e.g. where your personal information is no longer needed for the purposes it was collected for, or where the relevant processing is unlawful.	We may not be in a position to erase your personal information, if for example, we need it to (i) comply with a legal or statutory obligation, or (ii) exercise or defend legal claims.
Right to object to or restrict our data processing	Subject to certain conditions, you have the right to object to or ask us to restrict the processing of your personal information. We encourage you to update the Members Portal with your mailing preferences.	This right applies where our processing of your personal information is necessary for our legitimate interests. You can also object to our processing of your personal information for direct marketing purposes.
Right to data portability	Subject to certain conditions, you are entitled to receive the personal information which you have provided to us and which is processed by us by automated means, in a structured, commonly-used machine readable format.	If you exercise this right, you should specify the type of information you would like to receive (and where we should send it) where possible to ensure that our disclosure is meeting your expectations. This right only applies if the processing is based on your consent or on our contract with you and when the processing is carried out by automated means (i.e. not for paper records). It covers only the personal information that has been provided to us by you.
Right to withdrawal of consent	Where our processing of your personal information is based on your consent you have the right to withdraw your consent at any time.	If you withdraw your consent, this will only take effect for future processing.

Where we use automated decision making and how this affects you

FPH does not use automated decision making in managing either membership or service activities.

Use of Cookies

Cookies provide information regarding the computer used by a visitor. We may use cookies where appropriate to gather information about your computer in order to assist us in improving our website.

We may gather information about your general internet use by using the cookie. Where used, these cookies are downloaded to your computer and stored on the computer's hard drive. Such information will not identify you personally; it is statistical data which does not identify any personal details whatsoever.

You can adjust the settings on your computer to decline any cookies if you wish. This can be done within the ‘settings’ section of your computer. For more information, please read the advice at AboutCookies.org.

Changes

We may make changes to this policy from time to time. If we change our privacy policy we will post the change on this page. The amended policy will apply from the date it is posted on our site. If you have any queries regarding this privacy policy, please contact: the Data Protection Officer at datacontroller@fph.org.uk

How to Complain

If you wish to make a complaint, then please contact datacontroller@fph.org.uk in the first instance.

The UK regulator for privacy law is the Information Commissioner's Office (ICO). See their website for further information on your rights. You can also complain to the ICO if you are unhappy with how we have used your data.

Policy Review and Document History

This policy will be reviewed annually or when significant changes in data protection laws occur.

Last review date	March 2025
Last modification date (approved by FPH Board)	March 2025
Next review date	March 2026

Privacy Policy