Home About EMDR Association UK
Policies & Position Statements
Privacy Policy 2024
Privacy Policy 2024
Purpose of this policy
At EMDR Association UK we take your privacy seriously. We promise to ensure that your personal information is stored securely and privately, and that it will be handled and used in accordance with the consent that you have given us when providing us with your information.
The policy exists to provide transparency on the information we hold about you, and how we use it. This policy details:
- The information we collect about you
- How we use that information
- When we share your information with third parties
- How we keep your information secure
- Your right to access the information we hold about you
Contact details
If you have any questions about this policy, you can contact us as admin@emdrassociation.org.uk.
Who are we?
EMDR Association (UK) is a charity and a private limited company by guarantee registered in England and Wales (charity no. 1140865; company no. 07428145). Our registered address is Brabners C/O Charities Department, Horton House, Exchange Flags, Liverpool L2 3YL.
In this privacy policy ‘we’, ‘us’ and ‘our’ means EMDR Association (UK).
It is important to us that we keep your data as secure as possible. On most occasions we will be the Data Controller responsible for storing and handling your data.
What information we collect, use, and why?
We collect or use the following information to provide you with our membership services:
- Names and contact details
- Addresses
- Account information, including registration details
- Event booking and attendance information
- Marketing preferences
- Professional registration and verification information
- Purchase or account history
- Payment details (including card or bank information for transfers and
direct debits) - Website user information (including user journeys and cookie tracking)
We collect or use the following information to provide you with our accreditation services:
- Name and contact details
- Addresses
- Professional registration and verification information
- Purchase or account history
- Payment details (including card or bank information for transfers and
direct debits) - Website user information (including user journeys and cookie tracking)
We collect or use the following information to provide you with our event services:
- Names and contact details
- Addresses
- Purchase or account history
- Website user information (including user journeys and cookie tracking)
- Information relating to compliments or complaints
We may use the information collected above to communicate with you about news, events and updates, and other commercial advertising. You can opt out of these when you sign up for a membership; or by unsubscribing on any marketing email sent to you; or my emailing us as the address at the top of this policy.
Cookies
We use cookies on our website to identify how the website is being used and what improvements we can make. They allow us to recognise and count the number of visitors, see how you move around the site when you are using it and identify the regions that you are visiting from. We do not use cookies to collect personally identifiable information.
We may also use third party analytics services such as Google Analytics and other providers. These service providers help us analyse how people use our website and to identify user patterns. Authentication and tracking logs will be used to compile user statistics.
Lawful bases
Our lawful bases for collecting or using your personal information are that we enter into a contract to provide services to you. We may also, from time to time, collect and process your personal data for reasons that are in our legitimate organisational interests, provided there is no overriding prejudice to you by doing so.
You can find out more about these lawful bases here: https://ico.org.uk/fororganisations/uk-gdpr-guidance-and-resources/lawful-basis/a-guide-tolawful-basis/
How long we keep information
When you become one of our members, we will hold your personal data, including the payments you have made to us and the events you have attended, for as long as your membership remains active. After termination of membership, we retain membership data for 6 years to comply with legal obligations and to enable resolution of any disputes.
We retain accreditation application data for 6 years from the date of accreditation for verification and quality assurance purposes. We retain guest event participant data for 6 years after the conclusion of the activity to allow for follow-up and future engagement opportunities.
Who we share information with
We provide data to our trusted partners to be able to process the services you request.
Examples include: sharing your information with an outsourced administration provider to deliver our services and products; storing your data securely in a cloud-based (internet-hosted) database; using a financial services company to complete transactions.
In each case, we select these trusted partners because they have a robust privacy policy and are able to provide secure services which we are unable to deliver within our own resources.
If you would like more information about which of our partners are involved in processing your data, see the section ‘Who are our data processors?’ below.
Who are our data processors?
Best City Services
This data processor undertakes the following activities for us: Bookkeeping; conference and event management; marketing; IT services (including a secure cloud-based environment for personal data storage); website support.
Long White Digital
This data processor undertakes the following activities for us: website development and maintenance, including our digital accreditation platform.
Syntax IT Services
This data processor undertakes the following activities for us: develops and maintains our online membership system.
Others we share information with
In order to process payments and manage financial information we utilise other third-party providers, who are data controllers in their own rights. These providers are QuickBooks, PayPal and GoCardless.
From time to time, we may also need to share your information with others in order for us to fulfil certain obligations, for example:
- Organisations we need to share information with for safeguarding reasons
- Professional or legal advisors
- Organisations we’re legally obliged to share personal information with
Security of your personal information
We put in place safeguards to keep your personal data as secure as possible, both in terms of our internal processes and the technology we use. We ensure that the third parties we use for processing your information commit to the same.
Sharing information outside the UK
Where necessary, we may transfer personal information outside of the UK. When doing so, we comply with the UK GDPR, making sure appropriate safeguards are
in place. Please contact us for more information.
Where necessary, our data processors may share personal information outside of the UK. When doing so, they comply with the UK GDPR, making sure appropriate safeguards are in place. Please contact us for more information.
Variation
We reserve the right to make reasonable changes to this Privacy Policy. Changes will be notified to members in writing and will take effect from the date of the notice or another date as specified.
Your data protection rights
Under UK GDPR and data protection law, you have rights which include:
- Your right of access – You have the right to ask us for copies of your personal data.
- Your right to rectification – You have the right to ask us to rectify personal data you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Your right to erasure – You have the right to ask us to erase your personal data in certain circumstances.
- Your right to restriction of processing – You have the right to ask us to restrict the processing of your personal data in certain circumstances.
- Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
- Your right to data portability – You have the right to ask that we transfer the personal data you gave us to another organisation, or to you, in certain circumstances.
- Your right to withdraw consent – When we use consent as our lawful basis you have the right to withdraw your consent.
You don’t usually need to pay a fee to exercise your rights. If you make a request, we have one calendar month to respond to you. To make a data protection rights request, please contact us using the contact details at the top of this privacy notice.
How to complain
If you have any concerns about our use of your personal data, you can make a complaint to us using the contact details at the top of this privacy notice.
If you remain unhappy with how we’ve used your data after raising a complaint with us, you can also complain to the ICO.
The ICO’s address:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number: 0303 123 1113
Website: https://www.ico.org.uk/make-a-complaint
Last Updated
September 2024