BSHAA is the UK professional body which represents and promotes the interests of the audiology profession. This includes those highly trained audiologists whose practice is subject to statutory regulation by the Health and Care Professions Council, and other trained assistants working under their supervision.
BSHAA’s declared purpose is:
Full membership of BSHAA is open to any professional on the HCPC register of Hearing Aid Dispensers, with other categories of membership available to students on approved educational programmes leading towards registration, hearing care assistants and associates with a specific interest in hearing care. All members, irrespective of category, are required to comply with the principles set out in BSHAA’s code of practice, with full members required to comply with this code in all aspects of their clinical care.
Members will at all times act in such a manner to justify public trust and confidence and uphold the good standing and reputation of the hearing aid industry. BSHAA requires its members, whether they are employed or self-employed, to act ethically at all times.
BSHAA provides a range of services to members to support them to continue delivering high quality care, and to help them maintain their standing at the forefront of their profession. Services include:
Some services offered by BSHAA are available to non-members who are required to register as guests in order to access those services on a temporary basis. Such services might involve payment (e.g. access to a webinar or development event) or might provide access to proprietary documentation relevant to the profession.
In all such cases, guest information will be treated in the same way as member information, with the guest registration process conveying the necessary permission.
BSHAA needs to collect and process data from members in order to provide these services. This notice explains what data we collect, how it is used, and the steps we take to ensure that we protect your confidentiality and hold the data safely and securely.
Our use of personal data is governed by the General Data Protection Regulation (GDPR), a new piece of EU legislation that came into force on 25 May 2018. The core intent of GDPR is to give individuals more control over the use of their personal data and how data is stored. This legislation replaces the previous data privacy law. It gives more rights to you as an individual and places more obligations on organisations that hold and process your personal data.
Under these regulations, BSHAA is the registered data controller, and we hold and process your data in line with the GDPR regulations in order to fulfil our responsibilities both to the profession of audiology, and to our members.
BSHAA relies on a number of partner organisations to deliver its range of services. The GDPR regulations define these partners as Data Processors working on BSHAA’s behalf. Each of these organisations is contracted to provide specific services to BSHAA and our members. In all cases, our agreement with these partners ensures that they only have access to and process data necessary to deliver the services for which they are responsible. They will not use your data for anything other than the clearly defined purpose relating to the service they are providing. BSHAA maintains a list of all organisations processing data to provide BSHAA’s services.
It is a condition of membership that members provide a current, working email address through which they can be contacted, in order that the Society can inform members of any update or revision to professional guidance which they are expected to follow.
Much of the data we collect stems from agreement to be a member of BSHAA and under GDPR legislation provides a legitimate purpose as the (contractual) basis on which BSHAA can process member information to provide a service. Such services include:
BSHAA may contact you from time to time regarding information from related organisations which we think may be of interest. We will only process your data in this regard and contact you if we have obtained your consent to do so, and we will never provide member information to any such external organisation. The lawful reason for processing data in this case is consent and will include:
BSHAA will never share, sell or trade any information we hold to any third parties for any purpose other than providing an agreed service to BSHAA, our members, or any guests.
We make sure that all organisations acting as data processors on BSHAA’s behalf abide by this requirement and do not share information with third parties or use the information provided for any purpose of their own, outside the agreement they have with BSHAA.
We may share your data with representatives or volunteers of BSHAA for purposes including Fellowship applications, submissions for our member magazine, abstract applications for conferences and decisions on new member applications. The data shared with these individuals is limited and only to individuals who meet our standards for data security. Regular training and auditing is conducted to ensure these aims are met.
If you have asked us to obtain payment from an organisation, such as your central finance department, we may share your details to facilitate this transaction.
Types of information we collect
We only collect the information that is necessary to carry out our business and provide a particular service that you have requested, and to keep you informed. This includes:
We collect your information when you decide to interact with us, complete an application form to register for a conference, event or webinar or when applying to become a member of the Society.
We also collect information about your use of our website so that we can offer the best possible experience. Information collected includes your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths.
Your information will either be stored on our website, in a restricted secure server environment or on cloud-based software that we have verified as suitable and which meets our security requirements. Only individuals that need to will be allowed to access your data and this access is limited to the requirements of the individual’s task. We ensure that all individuals, volunteers and staff members of any third party have been trained to understand their requirements in keeping your data safe. Any hard copy paper records which may be sent to the organisation, such as application forms, are stored in a secure environment and where relevant transferred into electronic format.
We will only keep your data for as long as it is necessary. The majority of the information will be retained for seven years to coincide with financial requirements. For areas that you have withdrawn your consent, or asked for your data to be removed, it will be destroyed as soon as possible within one month. If we decide not to destroy your data, we will inform you why we have made this decision.
Certain information on sensitive matters (e.g. disciplinary matters relating to code of practise breach) will be retained for as long as deemed necessary to protect the public and the profession.
BSHAA provides a customer care scheme to support members and their clients to resolve disputes which have not been resolved at the point of care. It is necessary to collect sensitive data arising from such a complaint in order to seek resolution.
Where a complaint has been raised with BSHAA under the customer care scheme, BSHAA will always gain consent directly from the complainant, explaining how the data will be used to support the investigation. No action or investigation will take place until such consent has been received. Members subject to a complaint referred to the customer care scheme are required to co-operate and provide relevant information to support the investigation, under conditions defined in both BSHAA code of practice and HCPC standards.
The details of any data collected as part of such an investigation will not be shared beyond the investigating team. All materials will be deleted 2 years after resolution of a complaint, unless it has been referred to the regulator as a concern in which case material will be retained until the referral has been fully resolved.
Statistical data related to the management of the customer care scheme and insight arising from case studies may be used for reporting and educational purposes, but in all cases all identifiable information will be redacted or anonymised.
Where an investigation requires matters to be considered under BSHAA’s disciplinary procedure, only the investigating panel will have access to the relevant data, and the report of the final investigation will be redacted or anonymised until Council has endorsed the recommendations made by the CEO in response to the panel report, the member has been informed and the appeal process has been exhausted.
Should a member be subject to BSHAA’s disciplinary process which may bring into question Fitness to Practise (as defined by HCPC), then BSHAA may share that information with the regulator under the protection of regulatory exemption from confidentiality legislation.
Members are able to access and amend their personal information, or request that we stop contacting you by withdrawing your consent. Please log in to your account on the BSHAA website to make these changes.
You have the following rights as an individual:
The supervisory authority for data protection is the ICO. Further information on data protection regulations and laws can be found at https://ico.org.uk/for-the-public
If you have any queries or concerns regarding the use of your data and the above rights, please get in touch by calling 01543 442155 or email data@bshaa.com
or by writing to:
BSHAA
c/o Executive Business Support
City Wharf
Davidson Road
Lichfield
Staffordshire
WS14 9DZ
MAY 2018