This membership privacy notice covers data processing by Lancashire and South Cumbria NHS Foundation Trust for the specific purpose of membership activities.
For more information in relation to our Trust’s processing of the public’s data for other purposes, please visit our Trust’s general Public Privacy Notice.
As part of our Trust’s regular activities in relation to membership, LSCft processes the personal information of all of its public and staff members. This data processing involves the collection, storage, maintenance and eventual archiving and destruction of personal information records relating to current and former Trust members.
LSCft is the data controller of information provided by Trust members, who are the data subjects. Our organisation is registered with the Information Commissioner’s Officer (ICO) and our ICO registration number is Z6710592. Whenever membership data is processed in the Trust, we strive to ensure that the confidentiality of our data subjects is upheld and that their records are handled by members of staff in the Company Secretary Team on a need-to-know basis and in line with current corporate records management regulations and UK data protection laws, including the UK GDPR and Data Protection Act 2018.
When a member of the public fills in our online application form, we secure their consent to become a public member and to publish their information in a Public Register of Members (which sets out the name and constituency of all public members in the Trust). We ensure that anyone who fills in the online application form, but does not provide their consent to have their information published, will not have their details included on our Public Register of Members. Once members of the public have filled in our online application form, their data will be stored on our engage membership system when they have given their consent to become a public member.
Please note that the Trust will ensure, to the best of our ability, that the information of our public members is accurate and up-to-date. Nevertheless, if your details change as a public member following your completion of our online application form (for example if you move house or get a new e-mail address), it is your responsibility to let us know by emailing FoundationTrust.Membership@lscft.nhs.uk with any changes.
For Membership purposes, what types of personal data does the Trust handle?
In order to carry out our activities and obligations as an employer, the Trust handles data in relation to:
- Personal demographics (including gender, race, ethnicity, sexual orientation, religion)
- Contact details (including name, address, email address and telephone numbers)
- Records of engagement and contact as members of the Trust (including responses to membership emails and surveys, and the acceptance of event invitations)
As a Foundation Trust, the Trust is required to establish a membership base from whom public and staff governors can be elected under the NHS Act 2006. The processing of membership information is therefore necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
In order to report on the Trust’s progress to achieve its objective of securing a membership base that is representative of the communities we serve, information is reported in anonymous form on an annual basis in the Trust’s Annual Report and Accounts and on a quarterly basis to the Council of Governors’ Membership and Engagement Committee. The metrics reported on include anonymous figures around membership numbers and the age, gender and ethnicity of the individuals who make up our Trust membership.
Further information in relation to the Trust’s goals in relation to membership over the coming months and years will be set out in the Trust’s reviewed Membership Engagement Strategy. This document will be made available for public viewing on the become a member page.
What is our legal basis for processing Membership information?
Under the UK GDPR, the Trust is obliged to have a valid lawful basis when undertaking the processing of any personal data. In the case of the processing of membership data, the legal basis that we apply is explicit consent, i.e. that all Trust members have given clear consent for LSCft to process their personal data for a specific purpose as members.
In the case of public members, this consent is obtained when a member of the public completes our membership application form. In the case of staff members, consent for the processing of membership data is obtained when a staff member signs their contract of employment with the Trust. LSCft staff are automatically enrolled as staff members upon commencement of employment and are advised of how to opt-out of Trust membership if they want to do so.
Further to the consent which we obtain, it is the Trust’s responsibility to set out in clear and understandable terms the purposes for which membership data is processed. In the case of public members, this page serves that purpose. In the case of staff members, further detail around data processing is available on the Staff Privacy Notice on our intranet page.
You can change your mind about being a member of LSCft at any time. Should you want to become a member or to remove yourself from our membership, then please e-mail the Company Secretary Team at FoundationTrust.Membership@lscft.nhs.uk and we will advise further.