Last updated: 24th July 2018
The Hospital Broadcasting Association (HBA) is the operating name of the National Association of Hospital Broadcasting Organisations.
This privacy notice explains how we use any personal information we collect about you when you contact us by phone, email, letter, attend any of our events, volunteer with us or when you use our website hbauk.com.
We take your privacy seriously and are committed to protecting your personal information. We aim to be clear and open about our data and security practices.
In this notice we tell you how we get your data and what we do with it, any data handled by us is used solely to further our charitable purpose and serve our members better in the future.
Where we ask you to provide us with any information by which you can be identified, you can be assured that it will only be used in accordance with this privacy statement, and in line with the Data Protection Act 2018, which incorporates the EU General Protection Regulation into UK law.
How do we collect information?
- We collect information about you when you fill in an online form to:
- Register for a website account or update your account details
- Sign up for email updates
- Contact us
- Place orders for free or paid services
- Apply for membership
- Complete surveys or provide feedback.
- Agreeing to volunteer with us
What information do we collect?
This information may include:
- Name, role and station
- Contact details including email address
- Demographic information such as postcode and interests
We collect material that you proactively post or contribute to our site/s and any correspondence you have with us.
We also collect information on your website usage through cookies, if your browser accepts them. Some of our websites feature tracking software – this means that if you're a logged-in user, have filled an online form or have previously clicked a link in one of our emails, we may link your website usage information (such as pages visited, IP address, browser and device used) to other information we hold about you, such as your name and station affiliation (see cookies section below).
When you contact us by email, letter or on the phone, we may also record this information on our customer relationship management system to help us process your request efficiently and to better further our charitable purpose and serve our members better in the future.
How do we use your information?
In legal terms, with the exception of when you enter into a contract with us (such as booking to attend one of our events), we are processing your personal data on the basis of our legitimate interests to do so. When you book to attend one of our events, we also process your data to enable us to fulfil our contractual obligations. We also process the personal information of the main contact of our member stations under a legal obligation to inform members about membership renewals, our trustee elections, and our general meetings We use information collected from your website visits to personalise your future visits and to improve the experience we provide to our online users. For example, information like the browser and device you are using helps us to maintain usable and accessible websites for all our audiences.
If you register for one of our events, we may share your name, organisation and role (but not contact details) with others who have registered or are attending the event. This is to enable more effective networking.
We also use your information to help us develop products and services that you need, and where we have a lawful basis and permission to contact you, we may use it to help us send you relevant and timely information about the help and support that we or others offer.
HBA Volunteers’ Information
In addition to the above, we have legal obligations to share trustees' personal information with organisations such as The Charity Commission, banks and other financial services providers, our independent examiner.
Where do we store your information?
The data that we collect from you may be transferred to and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
The forms on our website are built using a platform hosted in the UK, so the information you provide to us is initially stored there. The contract we have with this provider ensures their practices comply with the EU’s General Data Protection Regulation and we regularly delete data from this system once it is no longer needed.
In the longer term, your data is stored in our customer relationship management system, which is hosted on a secure server in the EU.
If you are a registered user of our website(s), the personal data within your account(s) is stored in secure web servers based in the EU.
You are responsible for keeping your website account password(s) confidential. We ask you not to share your password with anyone for your own security.
Security and encryption
We take great care to ensure that our websites operate at the highest security levels and that our suppliers are committed to best practice in digital security. All personal information and financial data are encrypted in transmission. However, the security of data transmission via the internet can never be 100% guaranteed, and data transmission is at your own risk.
Our email is hosted by Google. It is hosted in the USA and covered by the Privacy Shield data protection agreement between the USA and EU.
What are cookies and how do we use them?
Our cookies record things like whether you are currently logged into your website account, to ensure you’re given the right access on each page. They ensure the display settings you’ve previously selected (for example, preferred language) – or the settings associated with your account permissions – are activated correctly.
Some of the services on our websites, such as Paypal, videos on YouTube, and sharing functions from Facebook and Twitter may also place cookies on your computer. We do not take responsibility for third-party cookies.
Yes, you can use your browser settings to disable cookies. Different browsers offer different levels of control – for example, you may be able to accept certain cookies and reject others, such as third-party cookies.
You can delete the cookies stored on your computer at any time.
Here is a full list of the cookies we use and what they do:
|Session Cookie||Looks like: SESS636698fd811c0f0105518e7332ea5f41|
|A unique session ID. This expires when you stop using the site.|
|Google Analytics||Looks like: _ga, _gid|
|Google Analytics cookies track when you accessed the site, how long you spent here, what you did, how you got here, and when you left.|
|Slideshow Blocks||Looks like: fp_slideshow-block|
|Some of the dynamic blocks with slideshows set a cookie on your computer.|
How long do we keep your information?
We do not keep your information for longer than necessary. We keep financial information for seven years due to legal requirements, and we delete all other personal information from our customer relationship management system if we have had no contact with you for three years.
If you have purchased a service or attended an event of the HBA or have opted-in to hear about HBA’s services, we will send you information which may be of interest to you.
You have a right to stop us from contacting you for marketing purposes at any time. All our marketing emails contain unsubscribe links. You also have unsubscribed links in your account section of the website, You can also contact us at any time to request a change to your marketing preferences.
Do we share personal data?
HBA will not sell your information to any third party. We may share your information with third parties where we have legal duty to do so or to provide you with a service you have asked for. For example, we use secure third party partners to process financial transactions. All third party suppliers are obligated to treat our customers’ personal data in compliance with the Data Protection Act.
The list below gives third parties with whom HBA shares personal information and the reason(s) for doing so:
Stripe & PayPal are provided with personal details of those paying HBA, and with details of our Trustees, for the purposes of payment processing.
Circle Interactive has access to personal information of all HBA volunteers, hospital broadcasters registered as being affiliated with HBA member stations, and others subscribed to one of our mailing lists, as a consequence of them hosting our website.
The Charity Commission for England & Wales & Companies House is provided with details of our Trustees as a legal requirement under charity and company law.
CAF Bank, Close Brothers & Aldermore are provided with details of our Trustees as a legal requirement under anti-money laundering law to enable them to provide banking facilities to HBA.
Rothmans is provided with details of our Trustees as a legal requirement under anti-money laundering law to enable them to provide accounting and independent examination services to HBA.
Google has access to the personal information of all HBA volunteers, plus all those with whom HBA corresponds, as a consequence of HBA using Google’s G-Suite for Nonprofits service for its email, shared drives, calendar and similar collaboration tools.
If HBA merges with a third party, personal data held by HBA will be one of the transferred assets.
Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, you can email email@example.com
We will not charge you for this service unless the request is manifestly unfounded, excessive or repetitive.
Keeping your information up to date
We want to make sure that any personal information we hold about you is accurate and up to date. Please contact us to correct or remove information you think is inaccurate and you are unable to change through your website account settings.
Our website contains links to other websites not run by HBA. This privacy notice only applies to the HBA website so when you link to other websites you should read their own privacy policies.
Changes to our privacy notice
We keep our privacy notice under regular review and we will place any updates on this web page. This privacy notice was last updated on 24th July 2018.
Data protection regulations give you clear rights over how your data is used by us. You can find out more detail about your rights by visiting the Information Commissioner’s Office website’s section on individual rights.
You also have the right to report concerns or complain about our handling of your data to the Information Commissioner’s Office. Details of how to do this can be found on its website.
Who we are and how to contact us
HBA is registered in England & Wales as a charitable company limited by guarantee.
If you have any questions about our privacy notice or information we hold about you, you can email: firstname.lastname@example.org
Please do not use the registered address for correspondence relating to data issues.
Registered Name: National Association of Hospital Broadcasting Organisations
Principle Office: 19 Rowan Court, Norwich, NR5 0RT