Privacy policy
Last updated: 16 February 2021
The ‘Neurology Academy’ is committed to being transparent about the collection, usage and storage of your personal information. This Privacy Notice is designed to comply with your rights under data protection legislation.
1. Who are we?
“Neurology Academy” (referred to in this policy as “we”, “us or “our”) is a trading name of: Neurology Academy Limited
Address:
1 The Edge Hillsborough Barracks,
Langsett Road,
Sheffield
S6 2LR
ICO Registration number: ZA287495
We have a Data Protection Lead who can be contacted in the following ways should you have any questions or feedback about the way your personal data is handled:
Email: sarahgillett@neurologyacademy.org
Mail: Mrs. Sarah Gillett,
1 The Edge Hillsborough Barracks,
Langsett Road,
Sheffield
S6 2LR
2. Where we collect your personal data
We collect personal data about you in the following ways:
When you request or use the services we provide;
When you correspond with us in person, online or over the phone;
When you visit our website;
When you attend an event;
When you sign up to receive marketing; and
From third parties or publicly available sources.
3. Personal data we collect about you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
Categories of Personal Data | Description |
Identity Data | Title, First Name, Last Name |
Contact data | Telephone numbers, fax numbers, email addresses, work address. |
Financial data | Details in relation to course payment which include the amount, payment method, date of payment. |
Employment Data | Job title, place of employment, previous hospitals of employment, CCT date. |
Course Data | Whether you have completed a MasterClass Project, details concerning courses you have attended over the last five years and current course bookings. |
Marketing and Communications Data | Your preferences in receiving marketing from us and your communication preferences. |
Technical Data | Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our online channels/platforms. |
Usage Data | Information about how you use our website and services. |
Profile Data | Title, First Name, Last Name |
We will only collect personal data that is necessary for the processing activity. Failing to provide the required personal data may negatively affect our ability to carry out core business tasks that may benefit you.
4. How we use your personal data
We are only allowed to use personal data about you if we have a legal basis to do so, and we are required to tell you what that legal basis is. We have set out in the table below: the personal data which we collect from you, how we use it, and the legal ground on which we rely when we use the personal data.
In some circumstances we can use your personal data if it is in our legitimate interest to do so, provided that we have told you what that legitimate interest is. A legitimate interest is when we have a business or commercial reason to use your information which, when balanced against your rights, is justifiable. If we are relying on our legitimate interests, we have set that out in the table below.
What we use your personal data for | What personal data we process | Our legal grounds for processing: | Our legitimate Interests (If applicable) |
Course registration and administration purposes | • Identity | Performance of a Contract | N/A |
To comply with our legal or regulatory requirement | • Identity | • Legal Obligation | To ensure our company is operating in accordance with our regulatory requirements |
To send you information which we believe will be of interest to you, such as new items or information concerning upcoming courses | • Identity | Consent | N/A |
To send you promotional content from pharmaceutical companies and other life sciences organisations which we believe will be of interest to you | • Identity | Consent | N/A |
To administer and protect our website and organisation | • Identity | Legitimate Interests | To ensure our website is secure for our users and to ensure we are taking appropriate measures to protect our organisations resources and your personal data |
To host your personal data securely on our database | • Identity | Legitimate Interests | To ensure that the personal data we process is secure |
To share your personal data with the Royal College of Physicians to demonstrate CPD requirements | • Identity | Consent | N/A |
Share event attendee data with event sponsors | • Identity | Legitimate Interests | To inform our sponsors of who has partaken in our services |
Share event attendee data and possible individual guest requirements with event hosts | • Identity | Legitimate Interests | To ensure each of our guests are appropriately catered for |
To register and administer your Neurology Academy account | • Identity | Performance of a Contract | N/A |
5. Who we share your personal data with
In order to provide you with our services and meet our legal obligations, we only share your personal data with third parties in the following circumstances:
To host your personal data, we utilise a third party that provides us with a database hosting platform that ensures the privacy and security of your personal data.
To collect your personal data for the purposes of course registration and administration, we use digital form software.
To facilitate marketing, we utilise an email marketing platform.
To share our event attendee data with our event sponsors.
To share our event attendee data and possible individual guest requirements with event hosts.
If requested, we will share your personal data with authorities such as:
Professional service providers such as accountants and solicitors;
Government agencies such as HM Revenue and Customs;
Credit reference and fraud prevention agencies; and
Law enforcement agencies.
We may transfer our database, including personal data to a third party who acquires all or substantially all the assets or shares in our company whether by merger, acquisition, re-organisation or otherwise.
6. Data obtained from a third party
Occasionally we buy data from a trusted third party who provides a legally compliant data license valid for a short three-month period. We carry out appropriate due diligence checks in connection with the personal data that has been obtained to ensure that we have a legal basis for contacting you.
7. Third party links
Our website, or email communications may include links to third party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share personal data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the Privacy Notice or Policy of every website you visit.
8. Transferring your personal data outside the EEA
The EEA is the European Economic Area, which consists of the EU Member States, Iceland, Liechtenstein and Norway. If we transfer your personal data outside of the EEA, we must tell you.
Limited personal data that we collect from you may be transferred to and processed in a destination outside of the EEA. In these circumstances, your personal data will only be transferred on one of the following bases:
The country that we send the data is approved by the European Commission as providing an adequate level of protection for personal data; or
The recipient has agreed with us standard contractual clauses (SCC’s) approved by the European Commission, obliging the recipient to safeguard the personal data.
Limited situations on where your personal data may be transferred outside the EEA are as follows:
Purpose of processing | Nature of the data | 3rd Party | Location | Appropriate and Suitable Safeguard |
Hosting Provider | • Identity | DISCOUNTASP.NET To view their Privacy Policy, click here. | USA | SCCs |
Event Administration | • Identity | Google Inc – To view their Privacy Policy, click here. | USA | SCCs |
Hosting Provider | • Identity | MailChimp Inc – To view their Privacy Policy, click here. | USA | SCCs |
To find out more about how your personal data is protected when it is transferred outside of the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Lead using the details found in the beginning of this Policy. Before sharing any information with a third party, we will ensure that there is a data sharing agreement in place requiring that the third party protects personal data in accordance with the GDPR.
9. Personal data security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction, and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator (Including the ICO) of a breach where we are legally required to do so.
10. How long do we keep your personal data?
We will only retain your personal data for as long as necessary to fulfil the purposes for which it was collected. When assessing what retention period is appropriate for your personal data, we take into consideration:
The requirements of our businesses and the services provided;
Any statutory or legal obligations;
The purposes for which we originally collected the personal data;
The lawful grounds on which we based our processing;
The types of personal data we have collected;
The amount and categories of your personal data; and
Whether the purpose of the processing could reasonably be fulfilled by other means.
After the record has met its designated retention period, we will securely delete or destroy your personal data. For example, attendance data is kept for five years in order to comply with CPD regulatory requirements.
11. Your rights
Under UK data protection legislation, you have certain rights in relation to your personal data that is processed within our organisation. These are the rights that apply to your personal data held within Neurology Academy:
The right to be informed – You have the right to know what information we process about you which is why we have developed this Privacy Policy.
The right of access – You have the right to ask for a copy of your personal data.
The right to rectification – You have the right to ask for us to correct any information we hold regarding yourself which is inaccurate.
- The right of erasure – You have the right to have your personal data deleted in the following situations:
Where the personal data is no longer required for the purpose(s) for which it was originally collected or processed;
Where the processing was based on consent and you have withdrawn your consent;
When the personal data was unlawfully processed;
When the personal data must be erased in order to comply with a legal obligation.
- The right to object – You have the right to object to the processing of your personal data in the following circumstances:
The purpose of the processing activity is direct marketing;
Where the processing is based on legitimate interests; and
Processing for purposes of scientific/historical research and statistics.
- The right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain situations such as:
Where you contest the accuracy of your personal data, we will restrict the processing until you have verified the accuracy of your personal data;
When processing is unlawful, and you oppose erasure and request restriction instead;
Where we no longer need the personal data, but you require the information to establish, exercise or defend a legal claim.
If you would like to exercise any of the rights listed above, please get in contact with the Data Protection Lead whose details can be found in Section 1 of this Policy.
12. Making a complaint
Please let us know if you are unhappy with how we have used your personal data by contacting the Data Protection Lead (details can be found in Section 1 of this policy).
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioners Office (ICO). Or using the information found below. We would be grateful for the chance to deal with your concerns directly before you approach the ICO so please contact us in the first instance.
Address: Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Telephone: 0303 123 1113