The AEP is a membership organisation providing services to its members as a professional association and trade union. We are committed to protecting your privacy in accordance with the law.
We are committed to protecting your privacy and keeping your data safe. If you have any questions about this policy, or about the AEP’s use of your personal information, please email firstname.lastname@example.org.
The AEP is the data controller of any personal information that we collect about you. We are registered as a data controller with the Information Commissioner's Office under reference Z5146621.
If you are member of the AEP, or if you apply to become a member, we will collect from you and hold information including your name, gender, date of birth, nationality, the date you qualified, your programme of study (student members), your HCPC number (registered members), your home address, telephone number, email address, details about terms and conditions, bank account details, employer and manager details, place of work or study, job title, job description, contract, working hours, job grade, contract type, length of time in post and professional qualifications.
We will use the personal information that we collect about you so that we can carry out our functions, purposes or objects as a trade union and professional association, including those set out in the Members’ Handbook, provide membership and related services and comply with certain statutory obligations. This will include but may not be limited to:
We may also ask you to provide us with sensitive or ‘special category’ personal information such as your ethnic origin, details of any disabilities you have, your religion or belief and your sexual orientation. You do not have to provide us with this information, however if you do choose to do so, we will use it to ensure that services are delivered in an equitable and non-discriminatory way. We will also anonymise sensitive or ‘special category’ personal information in order to gather statistics and assess the demographics of our membership.
In the process of providing member services and pursuing our legitimate interests, we may also process your data in the following ways:
To ensure the AEP provides accurate support and services the AEP will hold personal data about its members and registered users of its website.
If you register for an account on the AEP website, we will collect information about you including your surname, AEP number and email address. We will use this information to:
The AEP website takes every precaution to protect our members' information: when personal and sensitive information is submitted via the website it is protected. Such information between the website and our membership & management information system, is encrypted and is protected.
We may send members several different types of emails and/or SMS communications:
We use our legitimate interest, contractual legal basis or consent as the legal basis for sending these.
If you wish to opt out of receiving emails about third party services including recruitment adverts, external courses and events and general advertisements or marketing, please update your preferences via https://members.aep.org.uk/Consent-Preferences.
Where members have indicated that they do not wish to receive communications by email, SMS and phone, the AEP will revert to physical post as a means of discharging any of our statutory duties.
You are responsible for managing your personal information and keeping it up to date on the website. Periodically we will ask AEP members to check their details for any changes and to confirm that their details are up to date. This enables us to maintain accurate records and so provide effective, relevant services and support and to comply with our legal and data protection obligations as a professional association and trade union. The AEP treats your home address as your ballot address for all legal purposes. You can, however, nominate another address such as your workplace. The law requires that this be done in writing. So, if you want to nominate your workplace, or another address, please do so, in writing, to the AEP Membership Records department, email@example.com.
Online training and virtual meetings provided by the AEP or through AEP systems will be accessible by registration only. Your registration data, such as name and contact details, will be retained for the lifetime of your membership, or one month if you are not a member of the AEP. During the training/meeting, please respect each other’s privacy and do not save your own recordings or screenshots.
If the training/meeting is to be recorded by the AEP, you will be informed beforehand. Attendees will have the option to turn off their camera if they do not wish their image to be recorded. Online training recordings will be incorporated into the AEP’s learning and development programme and will be kept for at least a year or until the content is no longer relevant. If you do not wish to be identified visually or by audio, please inform the event organiser.
If you are not an AEP member but interact with our organisation, we may collect and hold information about you if you:
If you make an application for DBS check through the AEP website, we will collect information about you including your surname, AEP number and email address and identity documentation We will use this information to:
Any applicable personal data will be uploaded and sent to ARC who act as an umbrella body for the Disclosure and Barring Service, and are an independent controller of data.
This means that any information gathered, whether it is on paper or in an electronic format, will only be used in the context of processing DBS applications and retained in line with the guidance detailed below.
We do not hold any personal data longer than necessary, having considered the purposes for processing and in any event no longer than 6 months after results are issued. After this time the AEP will delete data securely.
The AEP will not disclose any of your personally identifiable information to any third party unless they are processing data on the union’s behalf, we have your permission, or under special circumstances, such as when we believe in good faith that the law requires it. Where the AEP uses the services of these organisations, they are contractually obliged to process your data on behalf of the union as data processor and in a secure and confidential manner.
The law on data protection sets out the reasons we may collect and process your personal data. We rely on the following legal conditions to process your personal data:
Entering into and performing a contract with you: we process personal information as is necessary to perform the membership agreement, as appropriate to your level of membership.
Legitimate interests: in specific situations, we require your data to undertake our legitimate business interests of running our business as a membership organisation, trade union and professional body, and which does not materially impact your rights, freedom or interests.
Legal compliance: if the law requires us to, we may need to collect and process your data.
Consent: we will not generally rely on consent as the basis for processing personal data but in certain situations, we can collect and process your data with your permission.
All information (updated as appropriate) will be kept throughout the period of membership/time as a registered user and for such reasonable period (and to the extent necessary) after membership / registration has expired as may be needed to enable the member/registered user to access any post-membership / registration benefits. We will also retain documents (including electronic documents) containing personal data:
(a) to the extent that we are required to do so by law;
(b) if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
(c) in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
Your information may be transferred and stored in countries outside the European Economic Area (EEA), including some that may not have laws that provide the same level of protection for personal information.
We use Mailchimp, Survey Monkey, TextLocal (UK) and Google Analytics to support our web-based activities (all based in the USA unless stated otherwise). These companies are certified with the Privacy Shield which requires registered US companies to:
The Privacy Shield also allows for more robust monitoring and enforcement by the US Department of Commerce and Federal Trade Commission (FTC) which includes increased co-operation with the European and Swiss Data Protection Authorities.
You have a number of rights with regard to your personal data. You have the right to request from us access to and rectification or erasure of your personal data, the right to restrict processing, object to processing as well as in certain circumstances the right to data portability.
If you have provided consent for the processing of your data, you have the right (in certain circumstances) to withdraw that consent at any time which will not affect the lawfulness of the processing before your consent was withdrawn. You also have the right to complain about the use of your personal information to the Information Commissioner’s Office (www.ico.org.uk). Requests for access to personal data, should be made in writing to the union's Data Protection Officer at firstname.lastname@example.org.
If your personal information changes or you find that any of the information that we hold about you is incorrect, please advise us of the required changes as soon as possible. This can be done in the following ways:
For all non-UK members
By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by us or on our behalf. Of course, you still have the right to ask us not to process your data in certain ways, and if you do so, we will respect your wishes.
By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.
We’ll also make sure we adequately protect the confidentiality and privacy of your personal data.