Privacy Statement 13th February 2024.
This privacy statement is relevant to all users of www.PASCOM-10.com and also to patients or members of the public who agree to participate in the podiatric audit of surgery and clinical outcome measurement (PASCOM).
This policy together with any other documents referred to in it sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Use of this website by you constitutes acceptance by you of this privacy policy ("Privacy Policy"). If you do not wish to accept this Privacy Policy, please leave this website immediately.
Purpose
The purpose of this Privacy Policy is:
This Privacy Policy governs this www.PASCOM-10.com (referred to in this Privacy Policy as the "Website"). Other sites to which the Website may be linked are not covered by this Privacy Policy.
This Privacy Policy covers only information which is collected by the Royal College of Podiatry from the Website. It does not cover information which the College holds about members.
We are registered as a data controller with the UK Information Commissioner’s Office as the Royal College of Podiatry, registration number Z6708066.
Data protection
The College complies with the Data Protection Act 2018 (the "Act"). For the purposes of the Act, The College is the data controller and sole owner of the personal data collected on the Website.
The Society does not sell, share or transfer this information except as set out in this Privacy Policy.
We use up-to-date industry procedures to keep personal data as safe and secure as possible and to protect against loss, unauthorised disclosure or access. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access. Further details of website security can be found below.
The Act gives you the right to access details that we hold about you. Your right of access can be exercised in accordance with the Act.
For more information, please refer to our Data Protection Policy.
Information we may collect from you
It is not necessary for you to register with us in order to access the Website. However full access to the website will require registration. The basic personal information about you which we may collect and process is:
Depending on what you are registering for, additional information may be collected from you.
We may also collect and process information provided by you at the time of posting material to the Website, as well as details of your visit to the Website (including, but not limited to, traffic data, location data, weblogs and other communication data), and the resources that you use. Further, if you contact us, we may also keep a record of that correspondence.
Uses made of the information
We may use information held about you in the following ways:
Information we may collect about patients and members of the public
The primary purpose of the website is to collect auditable data about podiatry treatment and clinical outcomes. To enable such data collection, the basic personal information about patients or the public which we may collect and process is:
Most users of the website will only collect anonymous or pseudo anonymous data. However, with agreement the website does allow for collection of identifiable personal data. This may include:
Uses made of the information
We may use information held about you in the following ways:
Changing the information we hold about you
If you would like to change any information we hold about you that has been collected via use of this Website or want to it to be removed from our database, you should contact us at membership@rcpod.org.uk
Third Parties
We may forward the information collected about you to selected third parties who may use it for marketing purposes, and for providing the services you order from them. You can exercise your right to prevent us sharing your data with these third parties at any time by changing your mailing preferences by contacting us at membership@rcpod.org.uk. We may also disclose information we have collected about you to third parties where required to do so by law or in order to enforce or apply our Conditions of use.
Our legal basis for processing personal information
Our lawful basis for the purposes that we process personal information is consent
By using the Website, you consent to the collection and use of your personal information in the manner set out above.
The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
How long we keep personal information
We will only keep personal information for as long as we have a valid reason for keeping it. After that we delete or dispose of the information securely.
We keep personal information on PASCOM for up to 25 years to allow research findings to be looked at over a significant period of time
Your rights
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to process your personal data for direct marketing purposes unrelated to your membership.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact us using the address below.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
Changes to this policy
We may change this Privacy Policy from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website or by contacting you directly.
Contact
Please feel free to contact us with any questions, comments or queries regarding this Privacy Policy. All questions should be directed to the Data Protection Officer at The Royal College of Podiatry at 207 Providence Square, Mill Street, London SE1 2EW, frederick.moore@rcpod.org.uk
Website security statement
PASCOM-10 Database Security
The PASCOM-10 website and database are hosted on secure cloud severs held in Microsoft Azure data centres (https://azure.microsoft.com/en-gb/). This link includes a summary of accreditations that the data centres hold including ISO/IEC 27018 and UK G-Cloud (https://azure.microsoft.com/en-gb/overview/trusted-cloud/). The database is backed up to multiple geographically redundant and encrypted backups within the Microsoft Azure network of data centres on at least a daily basis.
Remote access security
There is no direct remote desktop access available to the webserver as it is running on a Platform As A Service (PAAS) hosting environment. Only website updates can be uploaded, these is no facility for anyone outside of Microsoft to change non-website related server settings or install other software on the server.
Access to upload website or database changes is controlled by Microsoft Account sign-on security. In addition access to the database is only possible from specific whitelisted IP addresses which are set to the developers office. The website developers, Webfuel (https://www.webfuel.com), use password protected PCs to access the website. Webfuel is based in Loughborough, UK.
Website Security
The application (PASCOM-10) is protected using industry standard ASP.net authentication which is a Microsoft standard security system. The website can only be accessed via secure HTTPS connection.
Password Security
Access to the website is granted via username and password, passwords are held securely hashed (not plain text). Passwords are alpha-numeric, at least 8 characters long and must contain at least one lower case character and at least one upper case character. Users are advised that passwords should be changed regularly and users are not be able to reuse any of their 3 previous passwords. Any IP address making 5 failed password attempts within 5 minutes will be temporarily blocked from trying further passwords to prevent brute force attacks. The website will auto-time out following a period of inactivity. Passwords and usernames must not be shared with colleagues or other users of the system. All users are advised to access the website through password protected PCs.
Thanks
