Protecting your data: The NHS Confederation privacy statement
Image of lady looking at her laptop

Last updated: 4th October 2023

Protecting your privacy is very important to us. So that you can feel in control of your personal information, we want to be clear with you about the information we collect and how it is used.

In order to provide you with our full range of services and benefits, we sometimes need to collect information about you.

Who we are

The NHS Confederation is the membership organisation that brings together, supports and speaks for the whole healthcare system in England, Wales and Northern Ireland. We operate a trading subsidiary, The NHS Confederation (Services) Company Limited, together they form the NHS Confederation group. Hereafter, the term NHS Confederation is used to describe all the different elements of the group listed above.

This privacy policy explains how we use any personal information we collect about you when you contact us by phone, email, letter, complete online forms, attend any of our events or when you use any of our websites listed below:

The NHS Confederation’s registered office is: 2nd Floor, 18 Smith Square, London, SW1P 3HZ and we are a registered Charity in England and Wales under number 1090329 and company number 04358614. We are registered on the Information Commissioner's Office and act as the data controller. Our designated Data Protection Lead can be contacted via the following methods:

Email us

Tel: 0207 799 6666

What data we collect

We collect the personal data you provide to us when signing up for membership, newsletters, updates or events, to receive information from us. This personal data includes your name, email address, job title, organisation address, land and mobile phone numbers and other contact details.

We may also combine this personal data with other personal data we hold about you across the NHS Confederation group for example attendance at our events and the different channels you use to interact with us.

As part of the services we supply we may ask you to participate in consultations, surveys etc and we may keep copies of any communications between you and the NHS Confederation.

How we use your personal data

We use the information you give us to:

  • Send you newsletters, and other information relating to your membership subscription with NHS Confederation and one or more of its networks or initiatives
  • conduct surveys and process your response to any survey you participate in for research, evaluation and statistical purposes
  • send you event invites and managing your attendance at events
  • administer any user accounts we set up for you
  • to ensure the details we contain about you are correct and up to date; to manage your preferences regarding communication from us; to implement any instructions you give us with regard to withdrawing consent to send marketing information
  • to otherwise communicate with you regarding our aims and activities or to fulfil a contract or service.

The NHS Confederation will only contact you for marketing purposes, for example to keep you up to date on our work, where we have your consent, or where there is a legitimate interest.

We will make it easy for you to tell us if you would like to receive communications from us and hear more about our work.

We will not send you marketing material or communications if you tell us that you do not wish to receive it.

Where you give us your consent to send you marketing information, you may opt out of this at any time. We review our retention periods for personal information on a regular basis, and we frequently encourage you to update your preferences, so you only receive news and opportunities you would like to hear about. You can update or withdraw your consent at any time. All electronic marketing communications (such as newsletters) include the option to directly unsubscribe or you can email us to ask for your preferences to be updated;

We may from time to time send you information on work that we are delivering in partnership with a third party – usually a partner organisation working in the same arena or a commercial sponsor of an event.  We do not pass on your data to that third party without your explicit consent.  Please see Sharing with Third Parties below.

  • you have given us consent.

Transfer data outside the EEA

In some cases we may process your personal data outside the European Economic Area (EEA) where countries may not have laws which protect your personal data to the same extent as in EEA. We will ensure that your personal data is processed securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this privacy notice.

How long will we keep your data

We will keep your personal data for as long as you continue to be a member and as long as is reasonably necessary afterwards to fulfil any legal requirements, and in accordance with our data retention schedule.

How we protect your data

We take the security of your personal information seriously. In order to prevent unauthorised access or disclosure and unlawful or unauthorised processing and accidental loss, destruction or damage, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.

We take all reasonable steps to protect any personal information you submit via the website. However, as our website is grouped to the internet, which is inherently insecure, we cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, we have no responsibility or liability for the security of personal information transmitted via our website.

Our website may, from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Use of third-party software for meetings

From time to time we use software, such as online meeting software (for example Microsoft Teams or Zoom) for members to join in with virtual meetings. The features of this software do mean that, if you opt in to join a meeting, your data may be visible to other participants. It is a feature of the software and something we are able to change.   Please see our supplementary privacy statement concerning the use of these.

Recording of online meetings

If a recording is going to take place on the day you are in attendance, you will be informed in the invitation to attend and on the day of recording the session (normally verbally) prior to any recording taking place. You will be told of the purpose of the recording and where it might be shared (usually with other delegates or members of the organisation). It is likely if you ask a question this will be recorded.  By joining the event you will be consenting to having your data (name, image and email being captured).  These can be anonymised by you, and the camera turned off, should you wish. 

You are under no statutory obligation to agree to attend training/briefing/events that are being recorded and therefore can withdraw your consent and not attend or withdraw from the meeting.

Please ensure you are aware that anything else that may be in the background could be recorded. You can, on both Microsoft Teams and Zoom, put up a background to stop any additional pictures of your home being recorded.  You can also turn off your camera and anonymise your name through the software, should you wish to. 

All recordings will be deleted within 30 days unless otherwise specified. 

For further information on our use of MS Teams and Zoom please visit our MS Teams and Zoom privacy statement.

On rare occasions, members may wish to establish personal WhatsApp group for communicating with fellow members.  WhatsApp has its own privacy policy and members use WhatsApp at their own risk.  WhatsApp is designed for personal use only.  We do not take any responsibility or liability for any losses from such activity.  All participants in WhatsApp groups must give their explicit consent to join the group and adhere to Corporate Policies with regards content at all times.

Who we share your personal data with

NHS Confederation will only use the information within the organisation for the purposes for which it was obtained. We will not, under any circumstances, share or sell your data with any third party for their own purposes, and you will not receive marketing from any other companies, charities, or organisations as a result of giving your details to us.

We may share your information with:

  • Third parties who supply services to us or process information on our behalf such as our website developer, event software systems and publishers. These “data processors” will only act under our instruction and are subject to contractual obligations containing strict data protection clauses. We do not allow these organisations to use your data for their own purposes or disclose it to other third parties without our consent and we will take all reasonable care to ensure that they keep your data secure.
  • Assessors, auditors and regulators as required by legal obligation or internal governance
  •   Event partners – from time to time we may work in partnership with another organisation on an event or conference and as such share delegate data with the partner organisation(s).  Delegates can opt-out of this happening at the time of booking onto the event.  Please see our event Terms and Conditions for further information.

We may share your information with third parties where we have a legal duty to do so or to provide you with a service you have asked for.  

We will share your information if we are required to by law (for example to law enforcement agencies for the prevention or detection of crime, subject to such bodies providing us with a relevant request in writing).

Your Rights

As an individual you have explicit rights under general data protection regulation:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (also known as the ‘right to be forgotten’)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights with respect to automated decision-making and profiling
  • The right to withdraw your consent to the collection, holding and processing of your personal data at any time. 

Accessing your data

We are legally required to act on requests and provide information free of charge with the exception of requests that are manifestly unfounded, excessive or repetitive. If we determine this to be the case we may charge a reasonable fee or refuse to act on the request. We will respond to acknowledge your request and provide the information within one month of receiving your request. Please email your request to us with subject access request in the subject line.

Lodging A Complaint

If you are not satisfied with our response or believe we are processing your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You can contact the ICO via their website - or by calling their helpline – 0303 123 1113.

Changes to The NHS Confederation’s Privacy

Our privacy and cookies Policies may be updated from time to time so you may wish to check them each time you submit personal information to us. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use The NHS Confederation’s websites to submit personal information to us.