Privacy and cookies
- Who we are
- What kinds of personal data do we process?
- Do we collect sensitive personal data?
- What is the source of your personal data?
- What do we use your personal data for?
- What are the legal grounds for our processing of your personal data (including when we share it with others)?
- When do we share your personal data with other organisations?
- How and when can you withdraw your consent?
- Is your personal data transferred outside the UK or the EEA?
- How we keep your personal data secure?
- What should you do if your personal data changes?
- Do you have to provide your personal data to us?
- Do we do any monitoring involving processing of your personal data?
- What about other automated decision-making?
- For how long is your personal data retained by us?
- Changes to this Privacy Notice
- Data Protection Compliance Manager
- Contact Us
The Royal Society for the Prevention of Accidents ("RoSPA", "we", "our", "us") is a not-for-profit organisation and Registered Charity (No.: 207823 in England & Wales and SC039289 in Scotland) that is actively involved in the promotion of safety and the prevention of accidents in all areas of life - at work, in the home, on the roads, in schools, at leisure and on (or near) water - by providing information, advice, resources, consultancy, assessment and training products or services and researching, raising awareness of and campaigning around the evidence-base for accident prevention. Our vision is for life, free from serious accidental injury.
This privacy notice lets you know what happens to your personal data when you give it to RoSPA. It contains important information about your privacy rights, so please read it carefully.
2. Who we are
"RoSPA", "we", "us" and "our" refers to both:
- The Royal Society for the Prevention of Accidents, a registered charity as set out above; and
- RoSPA Enterprises Limited, is a Registered Company (No.: 3021397) and a wholly owned trading subsidiary of the charity which administers the trading functions of the charity.
Each component part is a data controller of your personal data. They each have different roles, but some activities they undertake overlap and personal data may be shared internally to achieve the purposes set out in this notice.
If you would like any more information please contact us using the details below.
3. What kinds of personal data do we process?
The exact nature of the data we may process (in other words, collect and use) will depend on which aspect of our work you are connected with. Personal data that we may process in connection with our work (e.g. safety advice, guidance, assessment, training products, services, consultancy, awards research or campaigns, including case studies) could, where relevant, include:
- Personal and contact details - for example title, full name, job title, contact details.
- Your date of birth, gender and/or age (if relevant to advice, product, service or campaign).
- Family members (if relevant to the advice, campaign, product or service).
- Advice, products and services you have received from us, as well as have been interested in.
- A record of our communications with you.
- Your ethnicity (if relevant to research or campaign).
- Health data (if relevant to research or campaign).
- Your nationality (if needed for the provision of a product or service, or relevant to research or campaign).
- Analysing data about advice, campaigns, training products or services which help us to target/ tailor communications that we think are of interest or relevance to you.
- Telematics and driving/riding information about your vehicle, riding/driving style (including recommending improvements and assessing risk associated with your driving style), location and routes taken (if needed for the provision of a product or service).
- Online or practical safety-training assessments, including the feedback and analysis of your tutor(s), instructor(s) or examination bodies (if needed for the provision of a product or service).
- Video assessments, including feedback as carried out by our examination, qualifications, certification and official awards bodies (if needed for the provision of a product or service).
- Any other personal data shared with us in accordance with this notice.
4. Do we collect sensitive personal data?
Data privacy law recognises certain categories of personal data as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions.
In certain limited situations (some of which are identified in this notice), we may collect and/ or use these special categories of data. We will only process these special categories of data if there is a valid reason for doing so and where the law allows us to do so.
5. What is the source of your personal data?
We'll collect personal data from the following sources:
- From you directly.
- From your employer, for example when instructed to provide products or services to you.
- From information generated when you use our advice, research, products and services.
- From our partners (for example, emergency fire & rescue services, local authorities, training instructors, or software providers), who are a part of providing your advice, guidance, qualifications, training, products and services on behalf of RoSPA.
- From media reports in the public domain.
- When you visit our website we automatically collect technical information such as your IP address. We also collect and use your personal data via cookies – please see our Cookies Policy.
In general, we may combine your personal data from these different sources for the purposes described in this notice.
6. What do we use your personal data for?
We use your personal data for the purposes specified in this notice, including:
- Providing advice, guidance, consultancy, assessment, awards, qualifications, training, products and services.
- Updating your records.
- To make automated decisions on safety-related training services.
- To provide assessment and provide examination results for qualifications certification.
- To carry out and/or test the performance of, our products, services and internal processes.
- To improve the operation of our organisation and that of our partners.
- To follow guidance or comply with governmental and regulatory bodies.
- For management and auditing of our operations including accounting.
- To monitor and to keep records of our communications with you and our staff.
- For accident research and analysis and developing statistics.
- For raising awareness of accidents and campaigning on accident prevention.
- Assessing and profiling aspects of your vehicle, driving style (including recommending improvements), location and routes taken (if relevant to your safety product or service).
- For marketing communications to help us to offer you relevant advice, training products and services which we think you may be interest to you.
- For the purpose of an event.
- To develop or improve our advice, products and services and to review or improve current products and services.
- To process any charitable donations made to RoSPA or any other payments.
- To administer memberships, including processing membership fees and member benefits including access to the member zone and administration of accounts.
- To administer our website.
- For training and quality control.
- For the prevention of fraud or misuse of services.
- For the establishment, defence and/ or enforcement of legal claims.
7. What are the legal grounds for our processing of your personal data (including when we share it with others)?
Data privacy law requires us to rely on one or more lawful bases for the ways in which we use your personal data. We rely on the following legal bases:
- Where we have entered into a contractual arrangement with you, which may often include where it is needed to provide you with advice, guidance, consultancy, training, qualifications, awards, products and services, for example:
- Managing products and services, awards and qualifications you or your employer hold with us, or an enquiry about them.
- Updating your records.
- Sharing your personal data with partners and service providers when you or your employer requests advice, guidance, training, awards, qualifications, products or services.
- All stages and activities relevant to providing safety advice or managing products or services including enquiry, application, administration and management of accounts.
- For some of our safety-related driver profiling, automated risk assessment and other safety automated decision-making products.
- Where it is in our legitimate interests to do so, provided our use is fair, balanced and does not unduly impact on your rights. Our legitimate interests generally include operating as a charitable entity in pursuit of our missing and, depend on the activity, include for example:
- Managing your products and services, updating your records, providing advice, guidance or carrying out accident research or safety-related campaigns.
- To perform and/or test the performance of, our products, services and internal processes.
- To comply with government and regulatory bodies.
- For management and audit of our operations including accounting.
- To carry out monitoring and to keep records of our communications with you and our staff.
- For accident research and analysis and developing statistics.
- For raising awareness of accidents and campaigning on accident prevention.
- For certain marketing communications to help us to offer you relevant safety advice, products, services and training.
- To provide insight and analysis either as part of providing advice, products or services, helping us improve products or services, or to assess or to improve our operations.
- For our safety-related profiling and automated decision-making.
- Where we need to share your personal data with people or organisations in order to run our organisation.
- To comply with our legal or regulatory obligations (for example, where we are obliged to share your personal data with regulatory bodies which govern our work and services)
- With your consent (for example we may ask for consent to receive campaign material by email) or, in some cases, your explicit consent (for example to collect special category data)
- In rare cases, to protect yours or another's vital interests.
- Where there is a substantial public interest reason for us doing so, for example:
- Processing of your special categories of personal data for example about your health or ethnicity where relevant to safety research or campaigns.
8. When do we share your personal data with other organisations?
We may share information with the following third parties for the purposes listed above:
- Our partners (for example, awards judges, assessors, external verifiers, training or software providers) who are a part of providing our advice, training products and services or operating our charity
- Governmental and regulatory bodies, for example HMRC, OfQual and the Information Commissioner's Office, where we are required to disclose your personal data.
- Other organisations who provide services to us, for example data back-up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other 'back office' functions
- Charitable giving platforms such as Just Giving, in accordance with a particular platform's privacy notice. Please do review any such policies before giving your data to these platforms, to ensure that you are happy for your data to be shared in this way.
- Research partners, for example other organisations that are involved in the collection of national accident statistics.
- The RoSPA charity and its trading subsidiary may share your personal data between themselves for the purposes set out in this notice.
- In the event of a merger or reorganisation we may acquire or transfer personal data but your personal data would continue to be used for the purposes set out in this notice.
9. How and when can you withdraw your consent?
Where we're relying upon your consent to process personal data, you can withdraw that consent at any time by contacting us as detailed below.
Your privacy rights and choices
To object to marketing. The right to withdraw consent described above includes the right to opt-out of our using your data for marketing purposes generally (you can also exercise this right by clicking 'unsubscribe' at the bottom of a relevant email).
To object to profiling. You can also ask us to stop using your personal data for the profiling purposes described in this notice, unless we have compelling legitimate grounds which override your request.
You also have the following rights:
- To request from us access to (including a copy of) your personal data.
- To ask us to update your personal data (see section [x] below).
- To ask us to delete your personal data in some cases.
- To ask us to restrict processing, if there is disagreement about its accuracy or legitimate usage.
- To object to processing where we are (i) relying on the basis of legitimate interests, or (ii) using your personal information for direct marketing or (iii) using your personal information for statistical purposes.
- To transfer of your personal data in certain circumstances - where we are processing your personal information (i) on the basis of your consent, (ii) because the processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract, and the processing is carried out by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.
To exercise your rights, contact us using the details set out below. Please note that these rights are subject to exemptions and may only apply in limited circumstances. We may also ask for additional information to confirm your identity and for security purposes before we are able to comply.
10. Is your personal data transferred outside the UK or the EEA?
We're based in the UK but sometimes your personal data may be transferred outside the European Economic Area ("EEA"), for example where we use suppliers that are based outside the EEA. Some countries outside the EEA have a lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. In these cases, we'll make sure that appropriate safeguards are in place to protect your personal data, for example by using approved contract agreements. If you have any questions about this, please contact us using the details below.
11. How we keep your personal data secure?
We are committed to keeping your personal data safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your information.
Your personal data is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.
12. What should you do if your personal data changes?
You should tell us, so that we can update our records, using the details in the Contact Us section of our website. We'll then update your records if we can. You can ask us to check your records if you are unsure.
13. Do you have to provide your personal data to us?
We may be unable to provide you with some advice, guidance, awards, qualifications, consultancy, training, products or services if you do not provide certain information to us.
14. Do we do any monitoring involving processing of your personal data?
Monitoring means any: listening to, recording of, viewing of, intercepting of, or taking and keeping records (as the case may be) of calls, email, text messages, social media messages (and interactions in aggregated form), in person (face to face) meetings and other communications.
We may monitor where permitted by law and we'll do this where the law requires it, or to comply with regulatory rules, to prevent or detect crime, in the interests of protecting the security of our communications systems and procedures and for quality control and staff training purposes. This information may be shared for the purposes described above.
15. What about other automated decision-making?
We sometimes make decisions about you using only technology, where none of our employees or any other individuals have been involved. For instance, we may do this during driver or manual handling safety training and online or practical assessments e.g. using video, online or telematics data captured including in your vehicle, driving behaviour and location information. The relevant decision in these cases will be the score that you receive in the relevant training or assessment (which may have consequences from the point of view of your employer which is outside of our control). If you are unhappy with the outcome of such automated decision making you can object.
We'll only do this where it is necessary for entering into or performing the relevant contract, is authorised by laws that apply to us, or is based on your explicit consent.
16. For how long is your personal data retained by us?
We hold your personal data based on the following criteria:
- In general, only for as long as it is required in connection with the purposes for which it was collected and/ or used – this will depend on the relevant activity.
- For as long as we have reasonable organisational needs, for example managing our relationship with you and managing our charitable activities or accident research.
- For as long as we provide advice, products and/or services to you.
- Retention periods in line with legal and regulatory requirements or guidance and in some cases for as long as necessary in relation to legal disputes.
If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted communications in the future.
17. Changes to this Privacy Notice
We may change this privacy notice from time to time by updating this page in order to reflect changes in the law and/or our privacy practices. Please check this privacy notice for changes whenever you visit our website – www.rospa.com/privacy
We will notify you of significant changes by contacting you directly where reasonably possible for us to do so.
18. Data Protection Compliance Manager
We have a dedicated Data Protection Compliance Manager ("DPCM"). You can contact the DPCM using the details below.
19. Contact Us (including complaints)
If you have any questions about this privacy notice or the way in which we use your personal data, or if you wish to contact the Data Protection Compliance Manager then please email [email protected].
Alternatively, please write to:
Data Protection Compliance Manager, The Royal Society for the Prevention of Accidents (RoSPA), RoSPA House, 28 Calthorpe Road, Edgbaston, Birmingham, B15 1RP
You can complain at any time to the Information Commissioner's Office – www.ico.org.uk/global/contact-us. However, we appreciate the opportunity to resolve any complaints beforehand and are grateful if you would contact us in the first instance.
Cookies on the RoSPA website
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.
The table below explains the cookies we use and why:
This essential session cookie is used to keeps the user session ID for security reasons whilst you are using the RoSPA website. This cookie is deleted once the web browser is closed.
This persistent cookie is used to confirm the visitor's prior cookie consent status when visiting the RoSPA website. This cookie is not deleted once the web browser is closed.
This essential and persistent cookie is used by our web Content Management System (CMS) to store the visitor's preferred content culture e.g. regional language settings.
Universal Analytics (Google)
These persistent cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blogs, where visitors have come to the website from and the pages they visited.
This persistent cookie is used for security purposes and anonymised visitors statistics by our web CMS’ analytics module. This cookie is not deleted when the web browser is closed.
Further details about Cookies
Most web browsers allow some control of most cookies through the browser settings. To find out more about cookies, including how to see what cookies have been set, please visit www.allaboutcookies.org
To opt out of being tracked by Google Analytics across all websites, please visit https://tools.google.com/dlpage/gaoptout
Find out how to manage cookies on popular web browsers, visit: