Privacy on display By Dr Andy Clempson, Senior Research Policy Manager, AMRC Published: 18 April 2018 A few weeks ago, we launched our new website with fresh content and more intuitive layout. We hope you like it. Amongst all the pizazz, you could be forgiven for not spotting that we also published our new privacy notice and we wanted to spend a little time to draw your attention to it. So buckle up for a romp through our notice to find out what’s new and how you can be in charge of the privacy of your data. Only a few weeks to go until the General Data Protection Regulation (GDPR) comes into force. And while there are still nervous sideways glances, most of us are hopefully well on the way to be ready for May 25th. AMRC is no different, and like you, we’ve had to revise many of our existing policies, develop new ones and think carefully about the data we hold and how we process it. But one document in particular deserves some special attention - our Privacy Notice. Not the most riveting read, I’ll admit, but it is one you ought to know about. What’s a privacy notice? A privacy notice is a statement that explains why an organisation collects, uses and potentially discloses your data. It’s a key part of being transparent under the outgoing Data Protection Action 1998, and under GDPR, there's an even greater emphasis on maximising your rights to tell us how you would like your data handled. This could be anything from correcting a typo in your name to deleting your information from our systems. The power is in your hands – which is where it should be. Our privacy notice explains the different types of information we hold about you, such as your name, job title, email address and the organisation you work for. As many of you work for organisations that pay to be members of AMRC, we hope you don’t mind us contacting you about our work and what we’re doing. We believe it’s our ‘legitimate interest’ to do so under GDPR. But we don’t automatically assume you want to be told about everything. For example, we have different mailing lists for different audiences such as our Member Briefing, the Research Managers Working Group, the Policy and Public Affairs Working Group or the COMMSunity. You can choose to receive all, some or none of these mailings at any time by contacting us. You can choose what you want to receive and what you prefer not to know about. Don’t worry, membership of these groups is not lifelong (unless you want it to be). You can ask us to stop sending you what we think is frankly riveting stuff by clicking ‘unsubscribe’ at the bottom of the emails you’ll receive, or, feel free to drop us a line asking to be removed. What do we do with your information? To be perfectly honest, not that much. Your information is stored on a secure database (we use a commercial product called Salesforce) and other than storing your contact preferences, the AMRC team occasionally have a look through it. We might drop you an email or give you a ring to see if you are interested in working with us on something very specific and exciting, unless you’ve told us you’d prefer we don’t contact you at all. But that’s pretty much it. We don’t share your information with individuals outside of AMRC unless you’ve asked us to or confirmed that you’re happy to contacted by someone external to your network. We sometimes run events in partnership with other organisations – like our recent Patients First conference with the ABPI. In these cases, we do share your information with our event partner to make running the event possible (e.g. sharing the attendee list with names, organisations and dietary preferences). But this shareable information is kept to the bare minimum – only what’s necessary to run the event – and shared securely. This is made clear when you book to attend these events but you can always contact us to discuss any concerns you have and if you prefer we didn’t share your information at all. If you move jobs, sometimes you tell us your new details and we update your information (thank you very much, we love to stay in touch). If we find your information is wrong (e.g. your phone stops ringing or your email bounces back), we update our records accordingly and stop contacting you. If we don’t hear from you for three years or more in some capacity or another wherever that be, we take the hint that you’ve probably moved on to pastures new outside of the sector so we delete your record permanently. Some of you are lucky enough (or perhaps unlucky from your perspective) to be your organisation’s formal representative. That means you will receive formal papers relating to our AGM, our annual report and accounts or trustee governance. This is part of the requirement for joining AMRC and we do need to contact you with this information to make sure we are governed fairly. But organisations can choose who they would like to be the formal representative – you just need to email us. So that’s it? That’s pretty much all there is to our privacy notice but do take a look through it for specific information and further detail. And a quick reminder to please tell us at any time if you would like us to: - Start contacting you more – we’d love to oblige; - Stop contacting you – we get it, sometimes too much of a good thing is bad; - Change your information, especially if it’s incorrect; - Any other change, no matter how small. If it’s in our technical prowess, we’ll aim to do it. Any other queries, please get in touch with any member of the team.