Privacy Policy
Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who are we?
The Orthopaedic and Trauma Specialists Indemnity Scheme Limited (OTSIS) is a membership organisation. OTSIS collects, uses and is responsible for personal information about you. When we do this, we are the ‘controller’ of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
Information collected by us
Personal data, or personal information, means any information about an individual from which a person can be identified. We may collect, use, store and transfer the following different kinds of personal data about you:
- Name
- Address
- Telephone number
- Email address
- Position
- Registration number
- Indemnity insurance details
- Marketing preferences
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions
You may give us your personal information by filling in forms and/or surveys or by corresponding with us by post, phone, email or otherwise.
- Publicly available sources
We may receive information about you from publicly available sources such as Companies House, professional registers and conference/seminar registers.
How do we use your Personal Data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests and
- where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communication to you via email. You have the right to withdraw such consent to marketing at any time by contacting us. We have set out below, in a table format, a description of the ways we plan to use your personal data, and which legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communication to you via email. You have the right to withdraw such consent to marketing at any time by contacting us. We have set out below a description of the ways we plan to use your personal data, and which legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Registering you as a member
- Necessary to perform the membership contract we have or will create with you.
To manage your membership, including managing payments and fees and to collect and recover money owed.
- Necessary to perform the membership contract we have or will create with you, because we have a legitimate interest in recovering debts due to us.
To manage our relationship with you, which may involve updating you on membership issues, notifying you of changes to policies such as this one, asking you for feedback on our services.
- Because we have a legitimate interest in running the organisation, managing administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation.
To administer and protect the business of OTSIS, to include the management of the website (which may include troubleshooting, testing, system maintenance, reporting and hosting data).
- Because we have a legitimate interest in running the organisation, managing administration and IT services, network security and to prevent fraud.
To deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we use on the website.
- Because we have a legitimate interest in supporting and informing our membership and developing the organisation.
To use our data analytics to improve our website, membership services, marketing, membership relations and experiences.
- Because we have a legitimate interest in running the organisation, managing administration and IT services, network security and to prevent fraud.
To make suggestions and recommendations to you about member services which may be of interest to you.
- Because we have a legitimate interest in running the organisation and managing administration.
Your marketing preferences
OTSIS always acts upon your choices around what type of communications you want to receive and how you want to receive them. However, there are some communications that need to happen regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our promises to you as a member of OTSIS. We may therefore use your data for the following:
- membership-related mailings, such as your renewal reminders, shareholder resolutions and AGM notices,
- transaction notification messaging, such as payment confirmation or Direct Debit collection notifications and
- communications about events you have registered to attend, etc.
We will ask for your express opt-in consent before we share your personal data with any company or charity outside of OTSIS for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us. When you opt out in this way, this will not apply to personal data provided to us as a result of your membership with OTSIS.
Who will we share your personal information with?
These include our brokers, Medical Insurance Consultants Ltd and The Confederation of British Surgery which provide administration services on our behalf. We may also share your data with the following group for the purposes set out in the table above:
- OTSIS Board members and employees
- Event participants and/or exhibitors at our education courses or scientific meetings
- Organisers of other relevant events we feel might be of interest to you.
- Service providers acting as processors who provide IT and system administration services.
- Professional advisers acting as processors or joint controllers including lawyers, brokers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
Links to third party websites
This privacy policy applies solely to the personal data collect by OTSIS and does not apply to third party websites and services that are not under our control.
We cannot be held responsible for the privacy policies of third party websites and we advise users to read the privacy policies of other websites before registering any personal data.
Cookies
This website uses cookies to better the users experience while visiting the website. Where applicable this website uses a cookie control system allowing the user on their first visit to the website to allow or disallow the use of cookies on their computer/device. This complies with recent legislation requirements for websites to obtain explicit consent from users before leaving behind or reading files such as cookies on a user’s computer/device.
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website. Users are advised that if they wish to deny the use and saving of cookies from this website on to their computers hard drive they should take necessary steps within their web browsers security settings to block all cookies from this website and its external serving vendors.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or access in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will notify you and any applicable regulator of a breach where we are legally required to do so.
If you require further information about how we protect your data, please contact us (see “Get in touch” below).
How long will be store your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal or regulatory requirements. In some circumstances you can ask us to delete your personal data (see “Your rights” below).
Your rights
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way.
If you want to exercise any of these rights, please:
- contact us (see “Get in touch” below);
- Provide other information so that we can identify you. We may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address;
- State the right or rights that you wish to exercise.
We will respond to you within one month from when we receive your request.
How to make a complaint
Please get in touch if you have any issues or complaints (see “Get in touch” below).
Future processing
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes we will inform you.
Changes to this privacy notice
This privacy noticed was published in September 2020. We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you.
Get in touch
To ensure that we process your personal data properly, we have appointed a data privacy manager.
If, at any time, you wish to update or amend your personal data or preferences, or exercise your legal rights concerning personal data or if you have concerns as to how your data is processed, please write to:
The Data Privacy Manager at admin@otsis.co.uk
You also have the right to ask us, in writing, for a copy of all personal data held about you (this is known as a “subject access request”). A copy will be sent to you as soon as possible and no later than 30 days after your request. If you wish to raise any complaints on how we have handled your personal data, please contact us, and we will investigate the matter and notify you of our findings and any remedial action taken. If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).