Membership privacy notice

All the personal information that we collect and use is handled in accordance with Data Protection principles. These state that personal data processing must be:

• Lawful and fair
• Specified, explicit, and legitimate
• Adequate, relevant, and not excessive
• Accurate and kept up to date
• Kept for no longer than necessary
• Held securely

Our lawful basis for processing the personal data you supply for membership purposes is that we are carrying out a task in the public interest.

Where you choose to provide sensitive data (special category), as requested in our application form, this is processed with your explicit consent and is not required to become a member.

We are processing this information at your request to be a public member of the Royal Devon.

Your data will be collected in our sign-up form and in any future communications you share with us asking us to update your personal information. This will be in accordance with UK data protection legislation.

Personal information identifies a living individual, so refers to any of your personal information that can be attributed to you personally in both electronic and paper records.

Organisations that use personal information must do so in line with the provisions of the UK GDPR and Data Protection Act 2018.

When you sign up to be a member of the Royal Devon, we may collect and process the following types of personal data:

• Personal details - such as full name, date of birth
• Contact information - such as address and email addresses
• Sex
• Gender
• Whether you are a carer
• Whether you belong to any community groups

Special categories of personal data we may process, if you choose to provide these, include:

• Health
• Race or ethnicity

These are not mandatory and you are under no obligation to provide this information.

We collect and process your personal data for the following purposes:

• Assessing your eligibility to be a public member
• Assigning you to one of our public constituencies, as outlined in our Constitution, which relates to voting in our Governor elections, or standing as a Governor
• Understanding the demographic representation of our membership, so that we can compare to our local population and therefore understand how representative our membership is
• Communicating with you about membership, which can include communications about:
  • Details of your membership
  • News about the work of the Trust
  • Governor elections
  • Opportunities to get involved

We do not share personal data outside of the Trust without your express permission.

In the Royal Devon’s Constitution, the Trust states that it will have a register of public members that can be made available for inspection by members of the public. This would contain members’ names and the constituency to which they belong (Eastern, Northern or Southern). This means that if the Trust was asked to provide a list of members, your name and the constituency you are part of would be shared with the person requesting the information. In our sign-up form, we ask if you consent to have your details available as part of the Trust’s register of public members. You do not need to consent to this in order to become a member.

We take the security of your personal information very seriously and have appropriate physical, technical and administrative procedures in place to help protect your personal information from unauthorised access, use or disclosure as required by law in England.

Civica Engagement Services is mandated by the Trust to manage our membership details and membership communication. They are fully compliant with GDPR legislation, are ISO 9001 and ISO 27001 compliant, and are a Data Security and Protection Toolkit (DSPT) accredited supplier.

When you sign up to be a public member of the Trust, you will continue to be a member and we will continue to hold your membership data until you inform us that you do not wish to be a member, or your membership is cancelled as part of a data cleanse process. We will annually ask you to let us know if you no longer wish to be a member.

Civica undertakes a monthly data cleanse process to remove deceased members from our membership records, checking various databases they have available to them. When we send a letter in the post and we receive a return notice that the letter was undeliverable, we will cancel the membership linked to that address.

For all cancelled memberships, a basic record is retained for reporting purposes which does not contain any identifiable information.

You can request to unsubscribe from our email newsletters and this does not affect your membership – we will no longer send you the newsletter emails, but you will continue to be a member and continue to receive Governor election information, unless you tell us otherwise.

We rely on you to let the Trust know if your contact details change and will annually ask you to let us know if your details have changed.

You may request that your membership is cancelled, which will result in your information being removed from our database. To cancel your membership you can:

Email: rduh.royaldevonmembers@nhs.net

Tel: 01392 403977

Write to us:

Royal Devon Membership
Room 422, Noy Scott House
Royal Devon and Exeter Hospital (Wonford)
Barrack Road
Exeter
EX2 5DW

The information you provided will be managed as required by Data Protection law.

You have the following rights:

• The right of access – You have the right to Request access to the personal data we hold about you and/or copies of your personal information.
• The right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
• The right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
• The right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
• The right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
• The right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

Our contact details:

Royal Devon Membership
Room 422, Noy Scott House
Royal Devon and Exeter Hospital (Wonford)
Barrack Road
Exeter
EX2 5DW

Email: rduh.royaldevonmembers@nhs.net

Tel: 01392 403977

If you have any questions or concerns about how we manage your information, then please contact the Data Protection Officer for our Trust:

Data Protection Officer – Rhiannon Platt
Royal Devon University Healthcare NHS Foundation Trust
Information Governance Office
Royal Devon and Exeter Hospital (Wonford)
Barrack Road,
Exeter
EX2 5DW

Email: rduh.dpo@nhs.net

The Information Commissioner’s Office (ICO) is the body that regulates Data Protection and Freedom of Information https://ico.org.uk/

If you are not satisfied with our DPO response or believe we are not processing your personal data in accordance with the law, you can complain to the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Tel: 0303 123 1113

Web: https://ico.org.uk/concerns/

This privacy notice may be updated to reflect changes in our data processing practices. Any updates will be communicated through our website or other appropriate channels and have the updated effective date.

This privacy notice was last updated on 26 February 2024 and is available on the Trust website.