Who this notice is for?
This notice is for subscribers to the CSTA’s magazine, The Fulcrum, and describes ways in which the CSTA needs to process personal information for your subscription.
What this notice is about
This notice tells you what personal data we collect, how we use it, and your rights relating to our use of your information. You should make sure you understand this information, and if you have any questions, please contact us.
Who we are
The Craniosacral Therapy Association UK (CSTA) is an accreditation and regulatory professional body for craniosacral therapy in the UK. Our charity number is 1156168.
Data protection legislation applies to ‘personal data’. This means information about someone (a living individual), who can be identified as that person. Generally this will include information such as full name, address, phone number, email address. Data protection law regulates how that data is ‘processed’ ie collected, stored and used, and in the UK is currently governed by the Data Protection Act 2018 and by the Europe-wide General Data Protection Regulation 2016 (GDPR).
The CSTA is the ‘data controller’ for the information it holds about its Members, Friends and Subscribers. This means it controls what happens to that information and takes legal responsibility for this.
We are committed to ensuring that the way we process personal data is compliant with applicable data protection law, as well as best practice for a professional body. All personal information is treated in confidence within the organisation and is used only for the purpose of maintaining the records we need to meet our responsibilities as a membership organisation and professional body.
The types of personal data we may hold about you
In general most information will have been supplied by you in your application or renewals. This information may include:
• Your name, address, phone number, email address
• Your fee payment record and expected renewal date
The purposes of processing
The purposes of holding and processing personal information about you include managing your subscription – processing your initial subscription and subsequent renewals and contacting you about this where needed; maintaining a database of subscribers; responding to enquiries from you; and sending you communications relevant to your subscription.
• We will contact you in order to process and renew your subscription, and to send you ‘The Fulcrum’ journal.
• If your subscription is overdue, we may email you with reminders, to ensure subscriptions do not lapse accidentally
The legal basis for holding your information
We rely on ‘legitimate interests’ as our main ‘lawful basis’ for processing your personal data under the current data protection regulations (GDPR and 2018 Data Protection Act UK). This means that we need this information in order to manage your subscription and to function as a membership organisation, including fulfilling any legal requirements this may entail.
Retention – how long will we keep your information and why
We will not keep information for longer than is needed in order to fulfil our purposes as described above, unless we are specifically obliged to by law.
• Your information is held in an active record until your last renewal.
• If your subscription lapses, your information is kept on record for up to five years, to facilitate subscribers who may wish to re-subscribe at a later date. After this time it will be removed from use. However if you request it, we will remove your information sooner.
• General emails that you may send about your membership are deleted on a rolling approximately three-yearly basis.
Who we share your information with
CSTA communications and The Fulcrum
We may use third party services to send communications or The Fulcrum journal. These services include, but are not restricted to, Printmark and Mailchimp. Only the minimum required personal data is shared for each purpose, for example your name and contact email or postal address, and these details are not accessed or used by the service for any other reason. We have checked that each service is GDPR-compliant.
We take the security of your personal information very seriously. We regularly review both our policies and our IT systems to ensure our security measures are adequate and reflect up to date technological advances as well as the requirements to prevent unauthorised access to, destruction or loss of your information.
All CSTA Fulcrum subscription data is held on a secure and compliant cloud content management system, using GDPR-compliant hosting facilities.
Data protection and your rights
Data protection regulations say that anyone who holds and controls personal information about individuals must respect their privacy rights, and must also inform them about these rights –
Your right to refuse to give information
Under the GDPR, you should not be forced to provide your personal information to a data controller, and you have the right to be informed of any consequences of refusing to give it.
The CSTA respects the principle of ‘data minimisation’ which means we only request information which we actually need for each type of membership or subscription.
Because this information is needed to maintain your subscription, if you do not wish to give your personal information as described above, we will not be able to process a subscription for you.
Your right to object to personal data processing
If you object to us processing your personal information, you can ask us to restrict our use of it and delete any records we are not required to retain. At your request, for example, we will stop using your data to contact you – this will generally mean that your subscription will cease.
Your right to see what information we hold about you
You have the right to request access to the information we hold about you, and we must respond to your request within one month. We will need to see proof of your identity and address before we can transfer a copy of your records to you. We will also respond to any concerns or questions you may have about our use of your information.
It should be noted that we are not obliged to disclose to you all the information we hold about you, in particular where disclosure could be a risk to the privacy rights of someone else. For example, if someone has made a complaint or raised a concern about a practitioner, we are obliged to consider the risks to the privacy rights of the complainant of disclosing this information, and to weigh this up against the practitioner’s right to access the information we hold.
Your right to rectify any information we hold which is not correct
If you believe that any of the information we hold about you is inaccurate or incorrect you have the right to tell us about this and request that the information is corrected. Please do let us know if any of your details change so we can keep your records up to date.
Who to contact at the CSTA about personal data and your privacy rights
For any questions or concerns about this privacy information, or to make a request to exercise your privacy rights, please contact firstname.lastname@example.org, telephone 0844 700 2358, or write to us at CSTA, 27 Old Gloucester Street, London, WC1N 3AX.
Your right to make a complaint
You have the right to complain if you are unhappy about the way we look after your information, or feel we have not properly respected your rights – please contact email@example.com and we will do our best to answer you and work with you to resolve any concerns. If you are still unhappy you can appeal to the Information Commissioner’s Office (ICO) https://ico.org.uk/concerns/ or 0303 1231113
Changes to this privacy notice
We may modify this privacy notice at any time to reflect best practice or changes in the laws or regulatory guidelines on data protection. If we make changes to this privacy notice, we will highlight this on our website where the new documents will be available, and for significant or major changes we aim to inform current members by email.
This privacy notice was last updated on 12th June 2019