Protecting your data: The NHS Confederation privacy statement

Last updated: 18th May 2022

Protecting your privacy is very important to us. So that you can feel in control of your personal information, we want to be clear with you about the information we collect and how it is used.

In order to provide you with our full range of services and benefits, we sometimes need to collect information about you.

Who we are

The NHS Confederation is a charity and membership organisation, which includes NHS Employers, NHS Clinical Commissioners, the Mental Health Network, the Welsh NHS Confederation and Northern Ireland Confederation. We operate a trading subsidiary, The NHS Confederation (Services) Company Limited, together they form the NHS Confederation group. Hereafter, the term NHS Confederation is used to describe all the different elements of the group listed above.

This privacy policy explains how we use any personal information we collect about you when you contact us by phone, email, letter, complete online forms, attend any of our events or when you use any of our websites listed below:

  • NHS Confederation
  • NHS Employers
  • Social Partnership Forum
  • Step Into Health
  • NHS Confed Conference (Confed Expo)
  • Horizon
  • Race and Health Observatory

The NHS Confederation’s registered office is: 2nd Floor, 18 Smith Square, London, SW1P 3HZ  and we are a Registered Charity in England and Wales under number 1090329 and company number 04358614. We are registered on the Information Commissioner's Office and act as the data controller. Our designated Data Protection Lead can be contacted via the following methods:

Email us

Tel:  0207 799 6666

Fax: 0844 774 4319

What data we collect

We collect the personal data you provide to us when signing up for membership, newsletters, updates or events, to receive information from us. This personal data includes your name, email address, job title, organisation address, land and mobile phone numbers and other contact details.

We may also combine this personal data with other personal data we hold about you across the NHS Confederation group for example attendance at our events and the different channels you use to interact with us.

As part of the services, we supply we may ask you to participate in consultations, surveys etc. and we may keep copies of any communications between you and the NHS Confederation.

How we use your personal data

We will process your personal data for several reasons:

  • processing is necessary for our legitimate business interests, we have legitimate business interests in:
    • delivering communications
    • attracting new members
    • collecting opinions
    • managing events
  • you have given us consent. All electronic marketing communications (such as newsletters) include the option to directly unsubscribe or you can email us to ask for your preferences to be updated;
  • is necessary to deliver a contract or service. 
Transfer data outside the EEA

In some cases, we may process your personal data outside the European Economic Area (EEA) where countries may not have laws which protect your personal data to the same extent as in EEA. We will ensure that your personal data is processed securely and is protected against unauthorised access, loss or destruction, unlawful processing and any processing which is inconsistent with the purposes set out in this privacy notice.

How long will we keep your data

We will keep your personal data for as long as you continue to be a member and as long as is reasonably necessary afterwards to fulfil any legal requirements.

How we protect your data

We take the security of your personal information seriously. In order to prevent unauthorised access or disclosure and unlawful or unauthorised processing and accidental loss, destruction or damage, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect. For example, we have adopted internal data protection procedures and trained our staff on them with a view to preventing breaches of security.

We take all reasonable steps to protect any personal information you submit via the website. However, as our website is grouped to the internet, which is inherently insecure, we cannot guarantee the information you supply will not be intercepted while being transmitted over the internet. Accordingly, we have no responsibility or liability for the security of personal information transmitted via our website.

Our website may, from time to time, contain links to third party websites. If you follow a link to any of these websites, please note that these websites will have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

Use of third-party software for meetings

From time to time we use software, such as online meeting software (for example Microsoft Teams or Zoom) for members to join in with virtual meetings. The features of this software do mean that, if you opt in to join a meeting, your data may be visible to other participants. It is a feature of the software and something we are able to change. Please see our supplementary privacy statement concerning the use of these.

Recording of online meetings

If a recording is going to take place on the day you are in attendance, you will be informed in the invitation to attend and on the day of recording the session (normally verbally) prior to any recording taking place. You will be told of the purpose of the recording and where it might be shared (usually with other delegates or members of the organisation). It is likely if you ask a question this will be recorded.  By joining the event you will be consenting to have your data (name, image and email being captured).  These can be anonymised by you, and the camera is turned off, should you wish. 

You are under no statutory obligation to agree to attend training/briefing/events that are being recorded and therefore can withdraw your consent and not attend or withdraw from the meeting.

Please ensure you are aware that anything else that may be in the background could be recorded. You can, on both  Microsoft Teams and Zoom, put up a background to stop any additional pictures of your home being recorded.  You can also turn off your camera and anonymise your name through the software, should you wish to. 

All recordings will be deleted within 30 days unless otherwise specified. 

For further information on our use of MS Teams and Zoom please visit our MS Teams and Zoom privacy statement. 

On rare occasions, members may wish to establish a personal WhatsApp group for communicating with fellow members.  WhatsApp has its own privacy policy and members use WhatsApp at their own risk.  WhatsApp is designed for personal use only.  We do not take any responsibility or liability for any losses from such activity.  All participants in WhatsApp groups must give their explicit consent to join the group and adhere to Corporate Policies with regard to content at all times.

Cyber Essentials Plus
We are accredited with the Cyber Essentials Plus certification, a government-backed scheme which ensures our IT infrastructure is protected against common online security threats. We undertake Cyber Essentials audits annually to continue to keep our certification up to date and ensure that our new systems, policies and ways of working have been implemented to comply with the guidelines.

Who we share your personal data with

The NHS Confederation will not sell your information to any third party.

We may share your information with third parties where we have a legal duty to do so or to provide you with a service you have asked for. We may share your personal data within our group as detailed in “who we are”.

Your Rights

As an individual you have explicit rights under general data protection regulations:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (also known as the ‘right to be forgotten')
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights with respect to automated decision-making and profiling
  • The right to withdraw your consent to the collection, holding and processing of your personal data at any time. 
Accessing your data

We are legally required to act on requests and provide information free of charge with the exception of requests that are manifestly unfounded, excessive or repetitive. If we determine this to be the case we may charge a reasonable fee or refuse to act on the request. We will respond to acknowledge your request and provide the information within one month of receiving your request. Please email your request to us with the subject access request in the subject line.

Lodging a Complaint

If you are not satisfied with our response or believe we are processing your personal information in a way that is not in accordance with the law, you have the right to lodge a complaint with the supervisory authority in the UK responsible for the implementation and enforcement data protection law: the Information Commissioner’s Office (the “ICO”). You can contact the ICO via their website - or by calling their helpline – 0303 123 1113.

Changes to The NHS Confederation’s Privacy

Our privacy and cookies policies may be updated from time to time so you may wish to check them each time you submit personal information to us. The date of the most recent revisions will appear on this page. If you do not agree to these changes, please do not continue to use The NHS Confederation’s websites to submit personal information to us.