The British Orthopaedic Association (BOA) is the Surgical Specialty Association for Trauma and Orthopaedics in the UK.
We provide national leadership, a unifying focus, and charitable endeavour by Caring for Patients, Supporting Surgeons, and Transforming Lives.
As a membership organisation we care for patients and support surgeons by focusing on excellence three core areas of Professional Practice, Training and Education, and Research.
The BOA takes the security and privacy of your data seriously. We may need to gather and use information or ‘data’ about you as part of our business and to manage our relationship with you. In doing so we will take all reasonable steps to ensure that your personal data is kept secure against unauthorised access, loss, disclosure or destruction.
We intend to comply with our legal obligations under the Data Protection Act 2018 (the ‘2018 Act’) and the EU General Data Protection Regulation (‘GDPR’) in respect of data privacy and security.
This notice explains what personal data (information) is collected, how we collect it, and how we may use and share information about you.
Please ensure that you read this notice and any other similar notice we may provide to you when we collect or process personal information about you.
This notice is effective from 25 May 2018. We may update our privacy notice from time to time by updating this page. Please ensure that you check this page when you are on the site to ensure you are up to date with any changes.
Who collects the information
The BOA is a ‘data controller’ and to further our aims we may collect and process information and personal data about you and retain control over how it is used.
About the information we collect and hold
Why we collect the information and how we use it
As a membership organisation we will typically collect and use this information for the following purposes
- to enable us to administer memberships
- offer services and products to current and future members and other interested parties
- for compliance with a legal or regulatory obligation and
- for the purposes of our legitimate interests or those of a third party , but only if these are not overridden by your interests, rights or freedoms.
We seek to ensure that our information collection and processing is always proportionate. We will notify you of any material changes to information we collect or to the purposes for which we collect and process it.
We do not collect special categories of personal data as follows:
- your political opinions;
- your trade union membership;
- your genetic or biometric data;
- your health;
- any criminal convictions and offences.
We may collect information about ethnicity, diversity and disabilities for the purpose of ensuring we treat everyone equally but we will only ever do this with explicit and informed consent.
What information we collect
As a membership organisation we may collect, share and use the following information:
- Your full name and contact details (including home and work address and telephone numbers, mobile phone numbers, email address)
- Other data which identifies you including date of birth, martial status, gender, membership numbers, donor number, General Medical Council registration number, photographs of you
- Profile data including username and password, purchases and orders, your interests, and feedback and survey responses,
- Marketing and communication preferences including preferences on receiving communications from us and our third parties and publication of contact details in the online members’ directory.
- Financial data including bank accounts, direct debits, payment card details.
- Technical data associated with your use of the website including information provided by registering or by filling in forms on our site. This includes information provided at the time of subscribing to any services we offer, downloading information posted to our site, contacting us or requesting further services.
- Other information from your interaction with our website, services, content and advertising, including computer and connection information, login data, statistics on page views, traffic to and from the site, ad data, IP address and standard web log information.
- Details of your visits to our website including, but not limited to, traffic data, location data, weblogs, other communication data, and the resources that you access.
- Information on ethnicity, diversity and disability purely for research and statistical purposes. Any dissemination of this information will be anonymised.
- If you contact us, we may keep a record of that correspondence.
How we collect the information
We may collect information from you when you
- apply for membership, including your contact details and financial information.
- Sign up for services or products, including courses and events
- Sign up to receive communications from us
- Respond to a survey or providing other forms of feedback
- Donate or register an interest to donate to any of our causes or to help support funding raising for Joint Action
- interact with our website , we may automatically collect technical data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies
How we use your information
- To manage and maintain memberships and membership applications.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation.
- To ensure that content from our site is presented in the most effective manner for you and for your computer.
- To provide you with information, products or services that you request from us or which we feel may interest you, where you have consented to be contacted for such purposes.
If in the future we intend to process your personal data for a purpose other than that for which it was collected, we will provide you with information on that new purpose and any other relevant information.
How we may share the information
We may also need to share some of the above categories of personal information with other parties, such as external contractors and our professional advisers in order to provide you with the benefits of your membership. Information will be anonymised where possible. The recipient of the information will be bound by confidentiality obligations. We may also be required to share some personal information with our regulators or as required to comply with the law.
Keeping your personal information secure
The BOA takes the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by employees in the performance of their duties.
We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality. Where the BOA engages third parties to process personal data on its behalf, they do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisation measures to ensure the security of data.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
How long we keep your information
We will only keep your personally identifiable data for as long as we need to in order to fulfil our requirements (including legal, financial or reporting) or for our legitimate interests if they do not override yours.
In determining how long we keep your data for, we take into account how the type of data, the potential risks for continuing to hold it, and the purposes for which we may need to retain it and any legal requirements to do so. Please contact us if you would like to see our data retention schedule.
There is some basic information that we need to retain for tax purposes for six years after you are no longer a customer or member of the BOA. This includes contact, financial and transactional data.
We may also anonymise your data for research or statistical purposes. Once this data is anonymised and you are no longer identifiable, we may retain it for an indefinite period to help us improve our offerings to customers and members.
Use of your data
Your Contact Preferences
We send you certain types of information in order to fulfil our obligations to you of your BOA membership or for reasons you have registered your information with us, such as for any courses or events that you may have registered to attend. These include your membership renewal reminders, AGM notices, and information about courses or events you are attending, and payment confirmations. Other types of communications we send to you can be edited through the BOA members’ portal on our website.
Where we ask for your Consent
We will ask for your consent before sharing any of your personal data with third parties such as exhibitors at Congress or other third parties that wish to communicate with you for research or educational purposes. You have the option to agree to share your data with exhibitors as part of the BOA Congress registration process, and you can update the other third party consents through the BOA members’ portal. If you withdraw your consent your details will no longer be shared with these third parties.
Your rights to correct and access your information and to ask for it to be erased
Under the General Data Protection Regulation (GDPR), you have a general right to find out whether we hold or process personal data about you to access that data, and to be given supplementary information. This is known as the right of access, or the right to make a data subject access request. The purpose of the right is to you to be aware of, and verify, the lawfulness of the processing of personal data that we are undertaking
As a data subject you can:
- access and obtain a copy of your data on request;
- require the BOA to change incorrect or incomplete data;
- require the BOA to delete or stop processing your data, for example where the data is no longer necessary for the purposes of processing;
- object to the processing of your data where the BOA is relying on its legitimate interests as the legal ground for processing.
- Request restriction of processing of your personal data
- Withdraw consent at any time where we are relying on consent to process your personal data.
Please contact the Chief Operating Officer, details below if (in accordance with applicable law) you would like to correct or request access to information that we hold relating to you or if you have any questions about this notice.
Once a data subject access request is received, we will endeavour to provide the information as quickly as possible and at the latest within one month of receiving the request
Chief Operating Officer
35-43 Lincoln’s Inn Fields
How to complain
If you wish to raise a complaint on how we have handled your personal data please contact us. We hope that the Chief Operating Officer can resolve any query or concern you raise about our use of your information. If not, contact the Information Commissioner at ico.org.uk/concerns/ or telephone: 0303 123 1113 for further information about your rights and how to make a formal complaint.BOA Privacy Notice Schedule