RCN Privacy Charter
The Royal College of Nursing of the United Kingdom, RCN Publishing Company Ltd, and their affiliates (together "RCN") are the data controllers of your information under the Data Protection Act 1998 ("the DPA").
- All RCN employees and representatives, whether permanent or temporary, must be aware of the requirements of the Data Protection Act when they collect or handle data about an individual.
- They must not disclose data except where the disclosure complies with the requirements of the DPA, or, where relevant, statutory guidance issued by the Information Commissioner's Office ("the ICO"). Data sent to outside agencies to process on RCN's behalf must always be protected by a written contract.
- The RCN will only collect personal data that is relevant to the carrying out of the legitimate purposes and function of the RCN.
- Members have the opportunity of opting out of marketing material from the RCN and of either opting into or out of (depending on the circumstances) receiving offers and other information from other organisations with whom the RCN have negotiated favourable member rates. This may be done by using the provided tick box option. These third party operated services may generate income, and other benefits, for the RCN in pursuit of our aims to improve the quality and delivery of services to Members.
- Mobile telephone numbers are never passed onto third parties for marketing purposes.
- We will strive to ensure that data collected is as accurate as possible. Individuals about whom data is held have the right to the amendment or deletion of incorrect entries within a reasonable time.
- Appropriate technical and organisational measures will be adopted to protect the security of all personal data held by RCN, including sensitive personal data.
- Information will be held in an environment as secure as possible. RCN employees and representatives will be responsible for ensuring that all regular data care procedures are fully and conscientiously followed.
- All ordered manual files and databases will be kept up-to-date and will have an agreed archiving policy.
- Data no longer required for the legitimate purposes of RCN will be regularly purged. A clear rationale will be supplied for personal data to be kept beyond six years.
- Where data is passed to a third party for processing, the RCN will ensure that a written contract is in place that states that the agent will:
- process the data transferred only on the express instructions of RCN;
- ensure data is used in full compliance with the DPA; and
- implement appropriate security measures to protect the information transferred.
- Any request for data based on a legal requirement e.g. from police or other bodies, must, where possible, be put in writing and will be checked against the advice of the RCN's Data Protection Officer, before data is disclosed.
- All employees and representatives have a duty to protect individuals' data from accidental disclosure and are required to comply with the following obligations:
- not to give our passwords to other people, who will then have access to the data you are entitled to view;
- not to recycle reports that contain personal data;
- to take due care to ensure that data is not left about on laptops or in files either in or out of the office, where they can be accessed by unauthorised personnel.
- The RCN will provide data subjects access to their personal information on request, accompanied by a maximum fee of £10. The data will be provided within 40 days of receipt of written request unless it does not need to be disclosed under the DPA.
- We may make changes to this privacy charter from time to time. If we do make any such changes, we will post the changes on this page. Please revisit this charter each time you consider giving RCN personal information.
Last review: June 2012