Privacy Policy
Please read the following information carefully. This privacy notice contains information about what data we collect and store about you and why. It also tells you who we share this information with, the security mechanisms we have put in place to protect your data and how to contact us if you have a complaint.
Who are we?
Plastic, Reconstructive and Aesthetic Indemnity Scheme Limited (PRASIS) is a membership organisation and provides services to its members and also interacts with plastic surgeons who may become members of PRASIS at some point in the future. PRASIS collects, uses and is responsible for personal information about you. When we do this, we are the 'controller' of this information for the purposes of the General Data Protection Regulation and other applicable data protection laws.
Information collected by us
Personal data, or personal information, means any information about an individual from which a person can be identified. We may collect, use, store and transfer the following different kinds of personal data about you:
- Name
- Address
- Telephone number
- Email address
- Position
- Registration Number
- Marketing preferences and interests
- other information relevant to customer surveys and/or offers
How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions
You may give us your personal information by filling in forms and/or surveys or by corresponding with us by post, phone, email or otherwise.
- Publicly available sources
We may receive information about you from publicly available sources such as Companies House, professional registers and conference/seminar registers.
How do we use your Personal Data?
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override these interests.
- Where we need to comply with a legal obligation.
Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending direct marketing communication to you via email. You have the right to withdraw such consent to marketing at any time by contacting us.
We have set out below, in a table format, a description of the ways we plan to use your personal data, and which legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Purpose/Activity |
Lawful basis for processing (including basis of legitimate interest) |
Registering you as a member |
Necessary to perform the membership contract we have or will create with you |
To manage your membership |
Necessary to perform the membership contract we have or will create with you |
To manage our relationship with you, which may involve updating you on membership issues, notifying you of changes to policies such as this one, asking you for feedback on our services |
Because we have a legitimate interest in running the organisation, managing administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation |
To administer and protect the business of PRASIS, to include the management of the website (which may include troubleshooting, testing, system maintenance, reporting and hosting data) |
Because we have a legitimate interest in running the organisation, managing administration and IT services, network security and to prevent fraud |
To deliver relevant website content and advertisements to you and to measure or understand the effectiveness of the advertising we use on the website |
Because we have a legitimate interest in supporting and informing our membership and developing the organisation |
To use our data analytics to improve our website, membership services, marketing, membership relations and experiences |
Because we have a legitimate interest in running the organisation, managing administration and IT services, network security and to prevent fraud |
To deliver and provide access to educational courses, webinars and other content to you and also to non--members |
Because we have a legitimate interest in ensuring best practice across our membership and within plastic surgery community generally |
To make suggestions and recommendations to you about member services which may be of interest to you |
Because we have a legitimate interest in running the organisation and managing administration |
Your marketing preferences
PRASIS always acts upon your choices around what type of communications you want to receive and how you want to receive them. However, there are some communications that need to happen regardless of your marketing preferences. These are what we would describe as essential communications to fulfil our promises to you as a member or potential member of PRASIS. We may therefore use your data for the following:
- Membership-related mailings, such as your renewal reminders, shareholder resolutions and AGM notices;
- Transaction notification messaging, such as payment confirmation or Direct Debit collection notifications;
- Communications about events and courses you might be interested in and/or have registered to attend, etc.
We will ask for your express opt-in consent before we share your personal data with any company or charity outside of PRASIS for marketing purposes.
You can ask us or third parties to stop sending you marketing messages at any time by contacting us. When you opt out in this way, this will not apply to personal data provided to us as a result of your membership with PRASIS.
Who will we share your personal information with?
We will not share your personal data with any third party for marketing purposes.
We have relationships with a number of third parties with whom we may share your personal data. These include our brokers, Medical Insurance Consultants Ltd. We may also share your data with the following group for the purposes set out in the table above:
- PRASIS Board members and employees
- Event participants and/or exhibitors at our education courses or scientific meetings
- Organisers of other relevant events we feel might be of interest to you.
- Service providers acting as processors who provide IT and system administration services.
- Professional advisers acting as processors or joint controllers including lawyers, bakers, auditors and insurers based in the UK who provide consultancy, banking, legal, insurance and accounting services.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions
Links to third party websites
This privacy policy applies solely to the personal data collect by PRASIS and does not apply to third party websites and services that are not under our control.
We cannot be held responsible for the privacy policies of third party websites and we advise users to read the privacy policies of other websites before registering any personal data.
Cookies
Please refer to our Cookie policy.
Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or access in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place appropriate procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you require further information about how we protect your data, please contact us (see "Get in touch" below).
How long will be store your personal data
We will only retain your personal data for as long as reasonably necessary to fulfil the purpose we collected it for, including for the purpose of satisfying any legal or regulatory requirements. In some circumstances you can ask us to delete your personal data (see "Your rights" below).
Your rights
Under the General Data Protection Regulation, you have a number of important rights that you can exercise free of charge. In summary, these rights are:
- Transparency over how we use your personal data and fair processing of your information;
- Access to your personal information and other supplementary information;
- Require us to correct any mistakes or complete missing information we hold on you;
- Require us to erase your personal information in certain circumstances;
- Receive a copy of the personal information you have provided to us or have this information be sent to a third party, this will be provided to you or the third party in a structured, commonly used and machine readable format;
- Object at any time to processing of your personal information for direct marketing;
- Object in certain other situations to the continued processing of your personal information;
- Restrict our processing of your personal information in certain circumstances;
- Request not to be subject to automated decision making which produce legal effects that concern you or affect you in a significantly similar way.
If you want to exercise any of these rights, please:
- contact us (see “Get in touch” below);
- Provide other information so that we can identify you. We may need to contact you to request further information to verify your identity;
- Let us have proof of your identity and address; Privacy Notice v1 SH 2 7 2021:515843_1 6
- State the right or rights that you wish to exercise.
We will respond to you within one month from when we receive your request.
How to make a complaint
Please get in touch if you have any issues or complaints (see "Get in touch" below).
Future processing
We do not intend to process your personal information for any reason other than stated within this privacy notice. If this changes we will inform you.
Changes to this privacy notice
This privacy notice was published in October 2021.
We constantly review our internal privacy practices and may change this policy from time to time. When we do we will inform you.
Get in touch
To ensure that we process your personal data properly, we have appointed a data privacy manager.
If, at any time, you wish to update or amend your personal data or preferences, or exercise your legal rights concerning personal data or if you have concerns as to how your data is processed, please write to:
The Data Privacy Manager at data@prasis.org .
Address: PRASIS, The Royal College of surgeons of England, 35-43 Lincoln’s Inn Fields, London WC2A 3PE.
You also have the right to ask us, in writing, for a copy of all personal data held about you (this is known as a “subject access request”). A copy will be sent to you as soon as possible and no later than 30 days after your request.
If you wish to raise any complaints on how we have handled your personal data, please contact us, and we will investigate the matter and notify you of our findings and any remedial action taken. If you are not satisfied with our response or believe that we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).