Data Protection Policy and Privacy Notice

Introduction

This policy:

  • Applies to individuals whose personal data we collect and use.
  • Covers all personal data held by us or third parties acting on our behalf.
  • Outlines our approach to data protection compliance.
  • Is written with clarity to ensure transparency.

The Global Professional Council (GPC) is a 'Data Controller' as defined by the UK General Data Protection Regulations (UK GDPR) and Data Protection Act 2018 (DPA). This means that when we collect and use your personal and sensitive data, we must comply with the requirements outlined in these regulations.

This document also serves as a privacy notice under the UK GDPR.

Contents

  1. Our Commitment to Data Protection
  2. Why We Use Personal Data
  3. How We Use Personal Data
  4. Sharing Your Personal Data
  5. Research Purposes
  6. Data Protection Principles
  7. Your Information Rights
  8. Contact Us
  9. Complaints
  10. Definitions

1. Our Commitment to Data Protection

  • We respect your privacy and ensure responsible handling of your personal data.
  • Personal data is only used to fulfill our organizational objectives and support professional development.
  • We implement technical measures to safeguard personal data and prevent misuse.
  • We do not share personal data with third parties for marketing purposes.
  • We conduct Data Protection Impact Assessments (DPIAs) for any significant changes in data usage.
  • Personal data is processed according to the principles set out in the UK GDPR and DPA.

2. Why We Use Personal Data

GPC’s primary role is to support professional growth and uphold high industry standards. Our main purposes for processing personal data include:

  • Exercising official authority as part of our public task.
  • Compliance with legal obligations (e.g., tax requirements).
  • Fulfilling contractual obligations (e.g., processing employee payments).
  • Communicating with individuals who seek information about our services.

3. How We Use Personal Data

Our use of personal data depends on your relationship with us:

If you are a GPC Member or Applicant:

  • Processing membership applications and verifying information provided.
  • Managing your registration and sending renewal reminders.
  • Responding to public enquiries about your membership status.
  • Providing updates, guidance, and invitations to relevant professional events.

If you raise a concern about a member:

  • Processing and investigating your concern.
  • Sharing details with relevant parties if necessary for investigation.
  • Disclosing your identity to the member involved (when required for investigation purposes).

If you are a Job Applicant, Employee, or Service Partner:

  • Managing your application and verifying provided information.
  • Processing payroll and benefits through third-party providers.
  • Maintaining personnel records and responding to employment-related enquiries.

If you are a General Enquirer or Website User:

  • Responding to enquiries and providing requested information.
  • Sending communications if you have opted in.
  • Offering an opt-out option for future communications.

4. Sharing Your Personal Data

  • We do not share personal data for marketing purposes.
  • We may share data as part of public records, such as name, registration number, and registration status.
  • Information may be shared with public bodies or partners under formal agreements to support common goals.
  • Data processors handling specific tasks (e.g., legal services, IT support) have contracts in place to ensure data security and limited use.

5. Research Purposes

  • We conduct research to enhance our services and inform regulatory practices.
  • Data shared for research purposes is anonymized or pseudonymized whenever possible.
  • Third-party researchers must sign confidentiality agreements and adhere to data protection regulations.

6. Data Protection Principles

We ensure that personal data is:

  • Processed lawfully, fairly, and transparently.
  • Collected for specific, legitimate purposes.
  • Adequate, relevant, and limited to what is necessary.
  • Accurate and kept up to date.
  • Retained only for as long as necessary.
  • Secured against unauthorized access or loss.

7. Your Information Rights

Under the UK GDPR, you have the following rights:

  • Right to be informed: Receive clear information about how your data is used.
  • Right of access: Request copies of your personal data (subject access request).
  • Right to rectification: Request corrections to inaccurate or incomplete data.
  • Right to erasure: Request deletion of your data in certain circumstances.
  • Right to restrict processing: Request limitations on how your data is used while issues are being resolved.
  • Right to data portability: Request transfer of your data in a reusable format (only applicable to automated data).
  • Right to object: Object to data processing based on specific grounds.
  • Rights related to automated decision-making: Prevent decisions made solely by automated means.

Response Time: We will respond to your request within one calendar month. For complex requests, this may be extended by two months, and you will be informed accordingly.

8. Contact Us

For any queries or to exercise your information rights, please contact our Data Protection Officer:

Data Protection Officer
Global Professional Council (GPC)

9. Complaints

If you believe your data has not been handled appropriately, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):

ICO Contact Details:

  • Website: www.ico.org.uk
  • Phone: 0303 123 1113

10. Definitions

  • Data Controller: The organization responsible for determining how personal data is processed.
  • Data Processor: An entity that processes data on behalf of the Data Controller.
  • Personal Data: Information that can identify an individual.
  • Special Category Data: Sensitive personal data (e.g., health data).

This policy will be reviewed regularly to ensure compliance with regulations and best practices.