Data Protection Policy

Data protection policy

To carry out its administrative functions the Association of NMH Providers processes the personal information of our members (data subjects). We recognise the right to privacy and security of personal information and therefore take all reasonable steps to comply with the principles of the Data Protection Act 2018, General Data Protection Regulation (GDPR) 2018 and Human Rights Act 1998 (article 8).

The Association of NMH Providers respects the privacy of its members and is committed to protecting their personal data.

We may amend this information from time to time. Please visit this page if you want to stay up to date, as we will post any changes here.

This policy applies to all personal data processed by the Association of NMH Providers.

Data protection principles

The Association of NMH Providers complies with the data protection principles set out below. When processing personal data, it ensures that:

• it is processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’)

• it is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (‘purpose limitation’)

• it is all adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’)

• it is all accurate and, where necessary, kept up to date and that reasonable steps will be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’)

• it is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (‘storage limitation’)

• it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’)

Further information about our processing activities and the rights of the data subject is contained in our Data Privacy Notice.

Updated November 2019.