This document provides as much information as possible to explain how we may collect, use, store and share your personal data. We have split this information into sections allowing you to find the information most relevant to you, quickly and easily.
1. Purpose Statement
The purpose of this document is to help you to understand why we collect and store your personal data, and to explain the circumstances in which we may use and share it.
Newson Health Research and Education Ltd (trading as Newson Health Menopause Society) is committed to protecting and respecting your privacy. Please read this Policy document carefully as it contains important information.
This document is intended for Associates of the Newson Health Menopause Society (NHMS) and research participants.
3. Definitions and Abbreviations
Newson Health Menopause Society is a trading name of Newson Health Research and Education Ltd, a company registered with Companies House in the UK, registration number 12098873. The registered office of Newson Health Research and Education Ltd is at Winton House, Church Street, Stratford-upon-Avon, Warwickshire, CV37 6HB.
|NHRE||Newson Health Research & Education Ltd|
|NHMS||Newson Health Menopause Society|
|Personal Data||Information that relates to a living individual, and which can identify or be identified with, that individual.|
4. How to contact us
If you have any questions about this document or how we manage your personal data, please contact us. You can email us at [email protected] or you can write to us at: Newson Health Research and Education Ltd, Winton House, Church Street, Stratford-Upon-Avon, Warwickshire CV37 6HB
5. How do we use your personal data?
These are some of the reasons why may we collect, use and share your personal data:
- to register you as an Associate of the Newson Health Menopause society, to secure your subscription status and to fulfil your subscription benefits;
- to provide you with education and research opportunities in connection with hormone health, in particular the perimenopause and menopause;
- to allow you to participate in various research surveys related to hormone health;
- to generate anonymised statistics to share with others for the purposes of research;
- to send you information about the Newson Health Menopause Society, our company and the development of education and research in this field of expertise;
- to administer the provision of services to you;
- to manage our relationship with you;
- to improve the level of services we offer to you; and
- for other legitimate and lawful business purposes.
We adhere strictly to data protection protocols as defined under GDPR and are compliant with all current legislation. Under data protection law, we may only use your personal data if we have a proper reason, e.g:
- where you have given consent;
- to comply with legal and regulatory obligations;
- for the performance of a contract with your or to take steps at your request before entering into a contract;
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use your information, so long as this is not overridden by your own rights and interests. We will carry out an assessment when relying on legitimate interests, to balance our interests against our own.
We will use your personal data to register you as a subscriber to the Newson Health Menopause Society, administer the provision of services to you, manage our relationship with you and to improve the level of services that we offer.
6. How we collect your personal data
We may collect data provided directly and voluntarily by you, or it may be collected automatically.
6.1 Data provided voluntarily
This data may be collected from you:
- in person;
- via our website;
- through other platforms used in connection with the services we provide;
- by telephone, email, text message, letter, or other methods of communication;
- via surveys and/or questionnaires.
6.2 Data collected automatically
This data may be collected via:
- a third party with your consent, e.g., Fourteen Fish (host of the Confidence in the Menopause course and content for associates of NHMS);
- a research partner;
- Automated Information; your web browser or mobile device automatically provides information when you visit the site, including, but not limited to, your Internet Protocol (IP) address or unique device identifier.
- Log Files; these files store information such as a user’s IP address, browser type, Internet Service Provider (ISP), referring/exit pages, platform type, date/time stamp, and number of clicks. Like most websites, the site uses log files to analyse trends, administer the site, and to track users’ movement on the site;
- our IT systems.
7. What personal data do we collect from you?
7.1 Personal Data
This may include but is not limited to:
- your name;
- your profession and/or job title
- mailing address(es);
- email address(es);
- telephone number(s);
- billing information, including payment card information; transactions are processed securely, and we only use your card information to process your transaction and this is not stored;
- your contact history with us;
- information about how you use our website, IT, communication and other systems.
7.2 Special Category data
In providing our services to you we may collect more sensitive data from you to which additional protections apply under data protection law. This may include but is not limited to:
- your date of birth;
- your gender;
- your biography;
- job functions and job history;
- honours and awards;
- social media handles;
- information relating to your health, including details of medical conditions, medication, weight and lifestyle;
- information revealing your racial or ethnic origin; and
- information on your sex life or sexual orientation or religious or philosophical belief that may be relevant to your health.
The legal basis for us processing such special category personal data is for the purposes of conducting health-based research. Our legal basis for processing this data is your consent, which you can withdraw at any time by notifying us – see section on ‘How to contact us’.
As the data involved relates to your health, we shall ensure that any such consent obtained is explicit consent. Please note that without your consent to do this, we will be unable to involve you in health-based research studies. This is because your health data is necessary for us to conduct the necessary research.
You may decline to share your personal information with us, and you may withdraw your consent for us to use it, at any time. This may limit your access to certain aspects of our services.
9. Sharing your data
Internally, we only grant access to personal data (including special category data) to those people that need access to that data to carry out their role.
Externally, we may share from time-to-time personal data (including special category data) with our service providers, but subject always to due respect for your privacy and adherence to legislation:
- the companies that manage our IT infrastructure;
- companies that provide us with cloud-based IT systems;
- third parties involved in health research using only anonymised data;
- our external advisors, for instance IT consultants, accountants and lawyers;
- healthcare professionals, academics and individuals involved in health research, only where we have been given express permission to do so;
- our regulators, law enforcement, intelligence services and other government authorities where they require us to do so;
- potential buyers of or investors in our business where necessary in connection with a due diligence exercise.
Where we share personal data (including special category personal data) externally we will always ensure that the recipient is committed contractually to only use personal data in compliance with our instructions and data protection law.
10. How long we will keep your data?
We will keep your personal data while we are providing services to you. Thereafter, we will keep your personal data for as long as is necessary:
- to respond to any questions, resolve complaints or claims made by you or on your behalf;
- to show that we treated you fairly;
- to keep records required by law;
- to maintain records of articles published in our journals; and
- to comply with regulatory reporting regulations.
We will not keep your personal data for longer than necessary. Different retention periods apply to different types of personal data, for example we are obliged to keep health data for a period of 8 (eight) years after the date on which we stop providing services to you.
When it is no longer necessary to keep your personal data, we will delete or anonymise it.
11. Transfers of personal data outside of the European Economic Area (EEA)
The EEA is a group of countries that share the same basic data protection law, and therefore the law assumes that where your personal data is transferred between these countries it enjoys a similar level of protection.
We will provide more information on the non-EEA countries to which we transfer your personal data on request.
12. How we keep your data secure
We have appropriate security measures to prevent personal data from being accidentally lost, used or accessed unlawfully. We limit access to your personal data to those who have a genuine business need to access it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. We continually test our systems and follow ISO 27001 good practice principles, which means we strive to follow top industry standards for information security.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
13. Your rights and how to exercise them
The law gives you certain rights in respect of the personal data that we hold about you, and the following is a short overview of those rights (for more information about the rights you have in respect of your personal data please visit the Information Commissioner’s Office website: www.ico.org.uk).
With some exceptions designed to protect the rights of others, you have the right to a copy of the personal data that we hold about you. You do not have any right to request a copy of the personal data that we hold about anyone other than yourself.
Access to the personal data records we hold is free of charge however, we may make a reasonable charge for additional copies of that data beyond the first copy, based on our administrative costs.
Where you have given us your personal data (i.e., you have completed a research survey), you may have the right to receive your copy of this data in a common electronic format. With your consent, we can provide copies of this data to other people, if it is technically feasible to do so.
You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion.
In some limited circumstances, you have the right to have personal data that we hold about you erased (‘the right to be forgotten’). This right is not generally available where we still have a valid legal reason to keep the data (for example, in connection with a legal claim or because we are obliged by law to do so).
You have the right to object to our processing of your personal data where we rely on ‘legitimate interests’ as our legal basis for processing, but we may be able to continue processing if our interest outweighs your objection.
13.5 Opting out of marketing
You have the right to require us to stop using your personal data to send you marketing information. If you want us to stop sending you marketing information, the quickest and most efficient way is to use the ‘unsubscribe’ link in our communications (although if you prefer, you may contact us directly to request this).
13.6 Temporary Restriction
You also have the right in some circumstances to request that temporary restrictions are placed on how we process your personal data, for example if you contest its accuracy or where we are processing it on the basis of our legitimate interest, and you contest our assessment that our interest overrides your rights.
13.7 Withdrawing Consent
If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop processing your data unless we have another legal basis on which to continue.
Please be advised that in certain circumstances withdrawal of consent to continue processing your personal data may have further impact on your future access to, or benefit from, the service or part of the service.
13.8 How to exercise your rights regarding your data
- email us on [email protected]; or
- write to us at Winton House, Church Street, Stratford-Upon-Avon, Warwickshire CV37 6HB.
Please note that to protect your privacy, we may ask you to prove your identity before we take any steps in response to a request you have made.
We treat the protection of your personal data with the utmost respect but if you have cause to complain, we will always ask that you contact us first so we can attempt to resolve the matter for you. However, you also have the right to lodge a complaint about our handling of your personal data with the Information Commissioner’s Office. You can contact them on 0303 123 1113 or via their website www.ico.org.uk/make-a-complaint
14. Changes to this policy
15. Data Use Summary
This table explains how we may use your personal data:
|What we use your personal data for||The legal basis for using your data|
|Providing our services to you||To perform our contract with you or to take steps at your request before entering into a contract.|
|Operational reasons, such as improving efficiency, training and quality control||For our legitimate interests or those of a third party e.g., to be as efficient as we can so we can deliver the best service to you at the best price.|
|Updating and enhancing customer records||To perform our contract with you or to take steps at your request before entering into a contract.|
|Retaining evidence of your subscription or your involvement in a research study||To comply with our obligations to maintain accurate and safe records.|
|Providing marketing information to you on other services we offer||By consent to keep in touch with our subscribers and research participants about the services we offer or other research opportunities that you may be interested in.|
|Gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies||To comply with our legal and regulatory obligations.|
|Providing information required by external medical practitioners and healthcare personnel involved in the Newson Health Menopause Society or research and education||To perform our contract with you or to take steps at your request before entering into a contract. To comply with our legal and regulatory obligations.|
|Generating anonymous statistics that may then be used by us and shared with third party for research purposes||For our legitimate interests or those of a third party i.e., to develop new practices and improve the services available to you.|