Infomed Research & Training
Last updated: 11 October 2018
- We only ever ask for what we really need to know.
- We collect and use the personal data that you share with us transparently, honestly and fairly.
- We always respect your choices around the data that you share with us and the communication channels that you ask us to use.
- We put appropriate security measures in place to protect the personal data that you share.
- We never sell your data.
Who are we?
Infomed Research and Training Limited
Registered in England No. 5200146
Registered Offices: Brooklands House, 4a Guildford Road, Woking GU22 7PX
Company Secretary: ARM Secretaries Limited
VAT No. 887 8570 48
Infomed Research and Training Limited [Infomed] are a market leader in post graduate medical education. Since 2004, we have provided courses for Consultants and Doctors in training in several different specialities.
We may change this Policy from time to time, so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
The provision of your personal data to us is voluntary. However, without providing us with some personal data, you may be unable to (as appropriate) apply for help as a service user.
1. How we use the information
We may use your information to:
- process your booking or subscription (including, for example, sending you confirmation of your booking and receipt);
- carry out our obligations arising from transactions or agreements entered into by you and us (for example, sending you information on how to access your course materials online);
- keep track of your queries or requests;
- contact you –by phone/text as well as email– in exceptional circumstances (for example: if you are on a waiting list for a course and a place has become available; or if you have expressed an interest in attending or an intention to attend a course but places on said course are about to run out);
- send you information that may be of interest to you, such as information about courses for that you have enquired about or that we believe may be of interest to you);
- tailor our educational activities to your needs (for example, when attending skills stations or workshops, to group you with others of similar experience, where appropriate and feasible);
- conduct research into the impact of our educational activities (for example, analysis of feedback form returns by speciality, by grade, by regional provenance, etc.);
- conduct research into the CPD needs (for example, we may contact you, especially if you know us well, to ask your views about proposed course programmes);
- conduct research into the impact of our marketing activities (for example, when you book on a course, we routinely ask where/how you first heard about the course, with a view to identifying effective promotional channels);
- notify you of important changes to our organisation.
2. What information do we collect?
The type and amount of information we collect depends on why you are providing it.
For course bookings we will usually ask you for your name, email address, job title, work affiliation (name of organisation), contact number, and whether you have any special needs or requirements, and where/how you first heard about the course. We may, should you require or prefer our invoice or your receipt to include a postal address, ask for your most appropriate postal address, be this a work address or a home address.
For some courses, we may also ask you about:
- your previous relevant experience (for example, for some ultrasound courses, we may ask you whether you are an absolute beginner in ultrasound or have already some practical ultrasound experience)
We keep information about your course history with us, meaning courses that you have attended or will attend, including courses that you booked on but were unable to attend.
For payments over the phone (as opposed to online payments) we will usually ask you for your credit or debit card details. Please note that: payments over the phone are processed on the spot and Infomed does not keep or store credit or debit card details.
For payments online we use secure third-party payments services (e.g. PayPal). Infomed does not keep or store credit or debit card details.
Do we process sensitive personal information?
Applicable law recognises certain categories of personal information as sensitive and therefore requiring more protection, including health information, ethnicity and political opinions. In limited cases, we may collect sensitive personal data about you. We would only collect sensitive personal data if there is a clear reason for doing so; and will only do so with your explicit consent.
3. Communications and marketing
Where you have provided us with your email address, we may contact you electronically to let you know about our events and/or activities that we consider may be of particular interest to you.
In every communication you are reminded that you can very easily ask to be removed from any such future communications. We are almost always able to remove you from our e-mailing list or lists within 24 working hours.
4. Other disclosures
We will disclose your Personal Information where required to do so by law or in accordance with an order of a court of competent jurisdiction, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.
We will disclose, not your Personal Information, but information on whether you attended or did not attend a course, if asked to do so by the relevant Royal College or association, as happens for example when such Royal College or association is undertaking an audit of a doctor’s CPD activities.
For courses organised by Infomed, including courses organised in partnership or in collaboration with third parties, such as NHS Trusts or medical Colleges or medical association, we do not share your Information, except:
- where the partner is a medical association and course attendance entitles you to membership of said association, in which case your name, job title, affiliation and email address are shared with said association for its membership records;
- with course directors, who have access to the list of attendees for the course or courses that they direct, such lists including only your name, job title and affiliation and no other information.
If you are located outside the United Kingdom and choose to provide information to us, please note that we transfer the information, including Personal Information, to the United Kingdom and process it there.
5. Security of and access to your personal data
We endeavour to ensure that there are appropriate and proportionate technical and organisational measures to prevent the loss, destruction, misuse, alteration, unauthorised disclosure or of access to your personal information.
Your information is only accessible by appropriately trained staff.
The security of your Personal Information is important to us but please be advised that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security. As such we make no warranties as to the level of security afforded to your data, except that we will always act in accordance with the relevant UK and EU legislation.
6. Your rights and how consent works
You have a choice about whether or not you wish to receive information from us. If you do not want to receive communications from us about our events and services, then you can select your choices by ticking the relevant boxes situated on the website forms on which we collect your information or express these preferences by contacting us by email or telephone.
Where we rely on your consent to use your personal information, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using your personal information for direct marketing purposes or to be unsubscribed from our emailing list at any time. You also have the following rights:
(1) Right to be informed – you have the right to be informed of how your personal information will be used. This Policy is intended to provide you with a clear and transparent description of how your personal information may be used.
(2) Right of access – you can write to us to ask for confirmation of what information we hold on you and to request a copy of that information. Provided we are satisfied that you are entitled to see the information requested and we have successfully confirmed your identity, as from 25 May 2018, we will have 30 days to comply.
(3) Right of erasure – as from 25 May 2018, you can ask us for your personal information to be deleted from our records. In many cases we would propose to cease and suppress further communications with you, rather than delete it.
(4) Right of rectification – if you believe our records of your personal information are inaccurate, you have the right to ask for those records to be amended and updated.
(5) Right to restrict processing – you have the right to ask for processing of your personal data to be restricted if there is disagreement about its accuracy or legitimate usage.
(6) Right to data portability – to the extent required by the General Data Protection Regulations (“GDPR”) where we are processing your personal information (i) under your consent, (ii) because such processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contact or (iii) by automated means, you may ask us to provide it to you – or another service provider – in a machine-readable format.
To exercise these rights, please send a description of the personal information in question using the contact details in section 14 below.
Where we consider that the information with which you have provided us does not enable us to identify the personal information in question, we may ask you for (i) personal identification and/or (ii) further information.
Please note that some of these rights only apply in limited circumstances. For more information, we suggest that you consult guidance provided by the Information Commissioner’s Office (ICO), including https://ico.org.uk/your-data-matters/. You are further entitled to make a complaint about us or the way we have processed your data to the ICO: see Make a complaint.
7. Lawful processing
We are required to have one or more lawful grounds to process your personal information. Only four of these are relevant to us:
We will ask for your consent to use your information to send you electronic communications such as newsletters and marketing for targeted advertising, and if you ever share sensitive personal information with us.
(2) Contractual relationships
Most of our interactions with subscribers and website users are voluntary and not contractual. However, sometimes it will be necessary to process personal information so that we can enter contractual relationships with people. For example, if you apply for employment.
(3) Legal obligations
Sometimes we will be obliged to process your personal information due to legal obligations which are binding on us. We will only ever do so when strictly necessary.
(4) Legitimate interests
Applicable law allows personal information to be collected and used if it is reasonably necessary for our legitimate activities (as long as its use is fair, balanced and does not unduly impact individuals’ rights).
We rely on grounds, (4) Legitimate interests, to process your personal data when it is not practical or appropriate to ask for consent.
When we use your personal information, we will consider if it is fair and balanced to do so and if it is within your reasonable expectations. We endevour to balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair in other ways.
8. Data retention
In general, unless still required in connection with the purpose(s) for which it was collected and/or is processed, we remove your personal information from our records five years after the date it was collected. However, if before that date (i) your personal information is no longer required in connection with such purpose(s), (ii) we are no longer lawfully entitled to process it or (iii) you ask us to delete it we will remove it from our records at the relevant time.
In the event that you ask us to stop sending you direct marketing/other electronic communications, we will keep your name on our internal suppression list to ensure that you are not contacted again.
We review our retention periods for personal information on a regular basis (see item 11 of this Privacy Statement). We are legally required to hold some types of information to fulfil our statutory obligations (for example our accountancy processes. You can request to remove your personal information at any time by emailing firstname.lastname@example.org.
9. Policy amendments
10. Third party websites
11. Updating information
You can check the personal data we hold about you, and ask us to update it where necessary, by emailing us at email@example.com.
We are not required by law to have a “Data Protection Officer” – however we have a Data Protection Manager.
Please let us know if you have any queries or concerns whatsoever about the way in which your data is being processed by either emailing the Data Protection Manager at firstname.lastname@example.org, or by writing to us at the following address:
Infomed Research and Training Limited
Suite 2, Langford House
7-7A High Street