Data Protection

The Association for Perioperative Practice (AfPP) provides a membership service to perioperative practitioners working in the NHS and the Private Sector.

AfPP provide high quality membership services that support safer surgery in the perioperative environment. To fulfil this role AfPP will collect personal membership data to allow AfPP to manage the membership requirements of each individual effectively and to ensure the members receive the full benefits of their membership.

AfPP also uses personal data to provide detail to support their invoicing and ordering processes.

• AfPP does not use any automated decision making as part of processing personal data.
• AfPP is regulated by Charity Commission and works to the Charity Commission standards, including those relating to processing personal (sensitive) data.
• AfPP does not share any personal (sensitive) data with 3rd party organisations (unless required to do so for legal or statutory purposes). Where members have given permission, AfPP may contact members on behalf of third parties to offer additional membership services or products from those third parties – the members can then decide whether they want to engage with and share their personal data with the third party concerned.
• AfPP stores any personal (sensitive) data securely within the EU and maintains the necessary governance and security safe-guards in place to minimise the risk of any data loss or breach.

AfPP is currently working towards Cyber Essentials and IASME (including GDPR) certifications as an external assurance of “best practice” for Information Governance & Security.

• Personal (sensitive) data collected as part of each membership application is usually only retained for a maximum of five years from when the membership ends.

It is only kept for longer if specifically requested by a member (e.g. to still be able to purchase products or services even if no longer a member), or if there has been an associated Incident or complaint (in these cases personal data will be retained for at least seven years from the resolution of each Incident or Complaint).

Generally, personal data is provided to AfPP directly by private individuals as part of membership registration or managing their membership. In these cases, AfPP acts as
a Data Controller and will seek and record explicit consent from each private individual for AfPP processing and sharing their personal data as described here.

The personal data collected by AfPP may vary by member and their specific membership needs. It includes:

• Member name and contact details, email, residential address, telephone numbers, work address and work role details are always collected.

• AfPP will also record any other relevant notes as part of each membership record, including lifestyle, financial details for payments.

Any private individual using AfPP’s membership services has the right to:

– make a Data Subject Request in line with their rights under Data Protection Law (see here for the UK ICO’s overview of these rights) https://ico.org.uk/for-organisations/guide-to-thegeneral-data-protection-regulationgdpr?q=best+practice

– Withdraw Consent for their personal data to be processed, although this may subsequently affect the ability of AfPP to offer or provide quality membership services to individuals that request this.

– Lodge a Complaint with a supervising authority (e.g. the ICO or Charity Commission within the UK).

Any requests, change of consent or complaints should be directed to the AfPP as the Data Controller organisation.

AfPP is a private charity and is not directly subject to the Freedom of Information Act.