The Patient Information Forum (PIF) is an independent, not-for-profit organisation. PIF is committed to protecting your privacy in accordance with our obligations under data protection legislation. With effect from 25th May 2018, the main data protection law will be the General Data Protection Regulation (GDPR) as supplemented by the Data Protection Act 2018 and related laws.
Information we may collect from you
In order to fulfil PIF membership benefits, administer our website, provide email alert services and consult on our work, PIF occasionally captures and processes personal data in various ways.
Sometimes, we will need to collect and process your personal data as it is part of a contract or agreement which you have entered into:
- Membership of the Patient Information Forum: If you register as a member of PIF, your email address and other information given when registering will be held on our system for the purpose of providing membership services.
- Events held by the Patient Information Forum: If you book to attend an event held by PIF, your email address and other information given when booking will be held on our system for the purpose of event administration.
- Shop: If you purchase a PIF publication, your email address and other information given will be held on our system for the purpose of supplying the item to you.
- Mailing List: If you have opted-in to our mailing list or you are a PIF member, we will collect and process your personal information to provide you with information about forthcoming PIF events, publications, updates or key pieces of work etc.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years, plus the current accounting year, after you cease being customers for tax purposes.
We will never share your data with third parties, unless where it is necessary to enable us to comply with legal obligations or where permitted by law. We may also receive personal data about you from various third parties and public sources.
Third parties might include:
- Service providers who provide IT and system administration services.
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
We require all third parties to whom we transfer your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions. We have put in place appropriate security measures to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Access to information
Under General Data Protection Regulation (GDPR) you have the right to request access to your personal data and ask for it to be amended or removed. You can see more about these rights at: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
If you wish to exercise any of the rights, please email us at firstname.lastname@example.org
Last updated 01 May 2018