Privacy Policy
The privacy and security of your personal information is extremely important to us. This privacy policy explains how and why we use your personal data, to make sure you stay informed and can be confident about giving us your information.
We’ll keep this page updated to show you all the things we do with your personal data. This policy applies if you’re an ACMAC member or employee or use any of our services, visit our website, email, call or write to us.
We’ll never sell your personal data and will only share it with organisations we work with when it is necessary and the privacy and security of your data is assured.
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, ‘ACMAC’ it refers to The Association of Community and Mulltibed Acupuncture Clinics. (Our ICO registration number is .............).
The Association of Community and Multibed Acupuncture Clinics (ACMAC) is formed of practitioners who wish to make acupuncture accessible to as many people as possible. We support the provision of affordable acupuncture treatment in multibed clinics, where costs are kept low by treating several people at the same time.
If you have any questions in relation to this privacy policy or how we use your personal data they should be sent to info@acmac.net or addressed to the Data Controller, ACMAC, 103 Tower Ride, Uckfield, Sussex, TN22 1NS.
Unless subject to an exemption under the GDPR, you have certain rights with respect to your personal data as set out below.
- The right to request a copy of your personal data which we hold about you.
- The right to request that we correct any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for us to retain such data.
- The right to withdraw your consent to the processing of your data at any time. This right does not apply where we are processing information using a lawful purpose other than consent.
- The right to request that we provide you with your personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability), (where applicable) [This right only applies where the processing is based on consent or is necessary for the performance of a contract with you and in either case the we are processing the data by automated means].
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request that a restriction is placed on further processing.
- The right to object to the processing of personal data, (where applicable) [This right only applies where processing is based on legitimate interests (or the performance of a task in the public interest/exercise of official authority); direct marketing and processing for the purposes of scientific/historical research and statistics].
- The right to be informed if your data is lost. We shall also inform the Information Commissioner’s Office in accordance with the time limits in the GDPR.
- The right to lodge a complaint with the Information Commissioner’s Office.
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
We collect personal data in connection with specific activities such as registration or membership requests, enrolling on training courses and conferences, volunteering, conducting research, employment etc.
You can give us your personal data by filling in forms on our website, by registering to use our website, subscribing to take part in research on our website or other social media functions on our website, entering a competition, promotion or survey or by corresponding with us (by phone, email or by joining as a member).
This personal data you give us may include name, title, address, email address, telephone numbers, photographs, clinic details, clinic logos, website details, paypal details, bank details.
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us deliver our activities, help us raise funds, or complete a request on your behalf. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like. We may also show you relevant content online.
We’ll only send these to you if you agree to receive them and we will never share your information with companies outside of ACMAC for inclusion in their marketing.
If you agree to receive marketing information from us you can change your mind at a later date.
However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.
We use the personal data you provide as a member provide to service your membership. This includes sending renewal information to members by email and information about our Annual General Meeting.
We maintain and use records of subscribers to our newsletters, only with their consent, for marketing purposes.
We use a third party provider, Mailchimp, to deliver our e-newsletters. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For information, please see Mailchimp’s privacy notice at: https://mailchimp.com/legal/privacy/
When someone visits our website we use a third party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Google to make, any attempt to find out the identities of those visiting our website.
We use a third party service, WordPress.com, to host our website. This site is hosted at www.wordpress.com. We use standard Wordpress analytics to collect anonymous information about users' activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Wordpress requires visitors that want to post a comment to enter a name and email address. For more information about how Wordpress processes data, please see https://en-gb.wordpress.com/tos/
We'd love to stay in touch, but we don't want to out-stay our welcome. You can sign up to our newsletter via our website at www.acmac.net
We store personal name and email address data in Mailchimp.
You can adjust your settings via mailchimp, the third party that hosts our mailing list here:
https://acmac.us2.list-manage.com/profile?u=621a1efe478d344fb1d517ca6&id=8574246722&e=a90cec461f
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send. These are essential to fulfil our promises to you as a member. For example we will continue to send membership-related mailings such as renewal reminders and notice of our Annual General Meeting
We may carry out research with our members, supporters, employees and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part. For some of our research we may ask you to provide sensitive personal data (e.g. ethnicity). You don’t have to provide this data and we also provide a ‘prefer not to say’ option. We only use it at an aggregate level for reporting (e.g. equal opportunities monitoring).
We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. This could include: contacting you about a role you’ve applied for or we think you might be interested in, expense claims you’ve made and to recognise your contribution.
We may also share this with members to help them monitor how their funding is making a difference.
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs and Companies House.
Your personal data will be treated as strictly confidential, and will only be shared:
- with named third parties with your explicit consent
- with the relevant authority such as the police or a court, if necessary for compliance with a legal obligation to which we are subject e.g. a court order
- Balance Healthcare – we provide them with your clinic name and ACMAC membership number so that you may receive discounts when ordering supplies from them. We provide them with a list of members at the start of each new membership year. Please see https://www.jcm.co.uk/acupuncture-shop.html for their privacy policy
- The British Acupuncture Council – we may seek out advice and support from the BAcC with a query or complaint. Please see https://www.acupuncture.org.uk/ for their privacy policy
For further details about the situations when information about you might be shared please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/personal-information/sharing-my-info/
We retain your personal data for as long as you are signed up as a member/employed by ACMAC/signed up to our newsletter.
For members we keep your membership data beyond that date for the purposes of monitoring our membership levels.
If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that.
However, it may not be possible to handle a complaint on an anonymous basis. We may need to provide personal information collected and processed in relation to complaints to the British Acupuncture Council.
We will keep personal information contained in an electronic complaint files in line with our retention policy. This means that information relating to a complaint will be retained for two years from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle
Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.
For further details about these rights please see the Information Commissioner’s website at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/
To exercise all relevant rights, queries of complaints please in the first instance contact the Data Controller at ACMAC, 103 Tower Ride, Uckfield, Sussex, TN22 1NS.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
