Privacy Policy

The British Dietetic Association is a company registered in England and Wales (company number 00435492) with a registered address of 3rd Floor Interchange Place, 151-165 Edmund Street, Birmingham, England, B3 2TA (‘the BDA’, ‘we’, ‘us’, ‘our’ in this Privacy Statement). We are registered as a Data Controller with the Information Commissioner’s Office, Registration Number Z8245571.

Please read the whole of this statement carefully as it sets out what information we may collect from you, how me may use it and your rights in respect of such use and the key details of our privacy policy.

The BDA is committed to collecting information about people only when we need to, and to being honest and open about what information we collect, how we use it and who we might share it with. If you have any questions or worries about what information we are collecting or storing, please contact us at [email protected].  

You have the right to ask us to review and tell you about what personal information we have recorded about you, and you can make a request for it to be deleted at any time. In certain circumstances we might not be able to fully delete personal information about you, but if this is the case we will always tell you why (for more information about your right to erasure, or any other details about your rights to control the use of your personal data, please refer to the Information Commissioner’s Office (https://ico.org.uk/).

Data processing principles

Our Privacy Statement outlines our approach to any kind of data processing where we are acting as a data controller or co-controller (including collection, use, transfer, storage and deletion) of personally identifiable information (any information that may be used to identify a physical person, and any other information associated therewith) about natural persons. This statement applies to our processing of data collected through any means, actively as well as passively, from persons located anywhere in the world.

We are guided by the following principles when processing data:

  1. We will only collect data for specific and specified purposes;
  2. We will not collect data beyond what is necessary to accomplish those purposes; we will minimise the amount of information we collect from you to what we need to deliver the services required;
  3. We will collect and use your personal information only if we have sensible business reasons for doing so, such as making available to you our services and products;
  4. We will not use your data for purposes other than those for which it was collected, accepted as stated within our policy, or with your prior consent;
  5. We will seek to verify and/or update your data periodically and we will accept requests from you for amendment of the data held;
  6. We will apply high technical standards to make our processing of data secure;
  7. Except otherwise stated, we will not store data in identifiable form longer than is necessary to accomplish its purpose or as required by law.

Legal basis for processing your data

The General Data Protection Regulation (GDPR) provides that processing of your data shall only be lawful if and to the extent that at least one of the following applies:

  1. You have consented
  2. For the performance of a contract
  3. For compliance with a legal obligation which we must perform
  4. To protect vital interests of your or another person
  5. It is in the public interest
  6. It is in the legitimate interests pursued by us or a third party

We collect data for the purposes set out above. Data is managed to ensure that it is either erased from our system when it is no longer required for the purpose for which it was collected, retained for legal reasons or minimised and retained.

Any health or other special category data collected from you has special protection and is limited to that permissible by law. In all instances where special category data is collected we will obtain your express consent.

Your legal rights as a data subject

You have a number of legal rights in relation to the personal data that we hold about you and you can exercise your rights by contacting us using the details at the end of this statement. These rights include:

  1. the right to obtain information regarding the processing of your personal data and access to the personal data which we hold about you. If you wish to access your personal data please email us at the address provided in this statement;
  2. the right to withdraw your consent to our processing of your personal data at any time. Please note, however, that we may still be entitled to process your personal data if we have another legitimate reason (other than consent) to do so;
  3. in some circumstances, the right to receive some personal data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to personal data that you have provided to us;
  4. the right to request that we correct your personal data if it is inaccurate or incomplete;
  5. the right to request that we erase your personal data in certain circumstances. Please note that there may be circumstances where you ask us to erase your personal data but we must retain it;
  6. the right to request that we restrict our processing of your personal data in certain circumstances. Again, there may be circumstances where you ask us to restrict our processing of your personal data but we must refuse that request;
  7. the right to lodge a complaint with the applicable data protection regulator, in the UK this is the Information Commissioner’s Office (ICO).

When we are processing on the grounds of legitimate interest, you have the right to object to the processing and we must stop unless we have an overriding reason which will be communicated to you.

Storing your data

‍We have in place appropriate technical and organisational measures to ensure the security, confidentiality, integrity and availability of personal data we control. Your information is securely stored on our company systems which are not publicly accessible or stored in any public domain – it is accessible to our employees only and is password protected.

‍We may store or process your data on cloud based platforms or service providers whose servers are based outside of the UK/EEA which may constitute a transfer of data under GDPR. We will only use such third party service providers where we are confident that appropriate safeguards are in place to ensure that any personal data transferred outside of the UK/EEA is subject to an equivalent level of security and protection as required under UK Data Protection Legislation, such as the UK Extension to the EU-U.S. Data Privacy Framework. To learn more about the EU-U.S. Data Privacy Framework, visit the U.S Department of Commerce’s website at: www.dataprivacyframework.gov/s/.

We also have in place appropriate procedures to handle any potential Personal Data Breaches, in accordance with Data Protection Legislation. Any such breaches will be reported to the relevant supervisory authority and notified to the affected data subjects where we are legally required to do so.

We will only keep your personal data for as long as is necessary to meet the requirements for which it was collected. This will vary depending on the nature of the requirements and the processing, but apart from in exceptional circumstances where longer retention is necessary we will only retain your personal data for six years. After this period of time we will delete your personal data unless there is a legitimate business reason to retain all or parts of the data we hold.

Sharing data with third parties

We will not sell or lend your personal data to third parties, or share your personal data for marketing purposes without your express consent. We will only share your personal data with third party service providers where it is necessary for the delivery of our products or services, and only where we are confident that and such third party service providers have appropriate data protection systems and measures in place that are compliant with UK Data Protection Legislation.

We will not give consent to third party service providers or platforms to use your information, including audio and video recordings, for purposes other than those for which the information was collected and which are necessary for the delivery of our products and services. We will not give consent for your information to be used by third party service providers for the training and development of AI modelling software, or similar purposes.

Information about who uses our website

We collect a certain amount of data about the people visiting our website. This is anonymous, and is used only to make sure that we are providing content that people are using and finding useful.

Our webserver and analytics platforms such as Google Analytics and Hotjar may collect certain information such as:

  • IP addresses;
  • host names;
  • domain name;
  • the time and date information is requested;
  • the browser version and platform when information is requested;
  • country;
  • browsing behaviour

We use this information to produce aggregate visitor statistics in relation to which pages are being accessed. We may also use it to monitor usage patterns on this website in order to improve navigation and design features to help you get information more easily. This information is collated and provided to us as daily log files. These statistics will not include information that can be used to identify any individual.

We use Hotjar in order to better understand our users’ needs and to optimize this service and experience. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our service with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behaviour and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.

Cookies

A cookie is a piece of data stored on a user's hard drive while they are visiting a particular website and it contains simple information about the user's identity but no personal information. We may use cookies on our website to store passwords, so that it is not necessary to provide a password for every visit to our website. We may also use cookies to track the interests of our users so that we can subsequently enhance their experience on our website.

IP addresses

We use IP addresses to analyse trends, administer the website, track users' movements, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Information about people who contact us

The BDA has a legitimate interest in monitoring our contact with members of the public, professionals and potential leads in related businesses and other potential contacts. We may use these contacts to inform interested parties about our campaigns, events, research or other work where we believe that the person or organisation being contacted has a clear and valid connection or interest to what we are doing.

If you contact the BDA by telephone, email or post, we may keep a record. This will tell us your name, what you contacted us about, what action we took (if needed) and your contact details in case we need to get in touch with you in future. Extra information might be recorded if it is relevant – for example, if you are someone who might be interested in working with us on future projects, or if you have asked to be kept informed about our work.

If we have made contact with you at an event or in another professional capacity, or have been passed your contact details by another organisation or person, we will only store your information if we believe that you would be interested in working with us in future. If you have any questions about where we gathered your contact details, we will happily answer them.

Social media

We are a user of X (formerly Twitter), Facebook, Instagram, LinkedIn, YouTube and TikTok and interact with other users by:

  • creating a public profile which includes information on our current activities;
  • sharing photos, videos and written content;
  • sharing links to content on the BDA website such as events, member benefits, articles and news;
  • sharing links to content you are interested in which has been produced by third parties (such as sharing a news article);

Messages posted on our social media pages are publicly available. If you post on our social media pages or send us a private or direct message via social media, we will assume you give permission for us to respond. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to answer or communicate with you.

We will respond to publicly available social media posts relevant to our services/functions and/or associated issues where appropriate and within the permissions of the social media providers.

We do not interact with third-party applications. We do not micro-target ie: track your browsing habits, likes and social interactions across our social media pages in order to build up a profile about you. We are not responsible for micro-targeting by social media providers and third parties operating on social media.

You must take your own precautions to protect your personal data whilst using social media. We have no control and/or responsibility over the processing of your personal data by social media providers and/or any promotional advertisements you may see when browsing the BDA's profiles on these channels. When signing up for and using social media, you should carefully consider the personal data you share on social media and with social media providers as well as reviewing the privacy policy, the terms of use of that social media service and information provided about cookies. In particular, the privacy policy and cookies information available on the service should inform you how that social media service is using your personal data and for what purpose(s).

The BDA uses Meltwater which provides a single platform for our social media publishing, analytics, and engagement. Meltwater may collect information about you from your social media interactions with us, such as your social media handle, username, profile, postings, and messages you exchange with us.

Meltwater complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) (together, “DPF”) as set forth by the U.S. Department of Commerce. Meltwater has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to its processing of personal information from European Union member countries, the United Kingdom, and Switzerland in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF respectively. If there is any conflict between the statements in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

Information about our members

The BDA has a legitimate interest in gathering, processing and storing personal information about our members. We do this so that we can: understand and predict the needs and wants of the people who have chosen to join our association; keep members informed about the products, services, support, events and campaigns available to them via regular email and postal communications; carry out our core function of promoting the dietetic profession; carry out our core function of representing the interests of our members.

When you join the BDA we will ask you to complete a member profile. There are some mandatory fields, which is the bare minimum we need to support you and provide you with the membership benefits you have signed up for. The other bits of information we ask about are not essential, but we really appreciate it if our members do fill them in. They help us understand and support you even more, and mean that we are able to develop and promote the profession with far more accuracy. It is your responsibility to regularly check that your information is up to date so that you don’t miss out on important information and membership benefits. The BDA cannot be held responsible for anything that you do miss if you haven’t updated your details, or for any inaccuracies in the information that you have provided to us.

We use the information we hold about our members to design our services and communications to best suit you. Core member communications (e.g. digital e-communications such as Members Monthly and hard copy/digital communications such as Dietetics Today magazine etc) will be sent to all relevant members. You can opt out of these digital communications when you first sign up, or at any time by going to your My BDA account or following the unsubscribe link which is in the footer of all our emails.

You can also change the medium in which you receive some of our content by going to your My BDA Account at any time. Some of our communications, e.g. third party emails, will only be sent to you if you have given clear explicit consent and you can change this at any time through the same methods.  

If you choose to join one or more specialist groups you will also receive regular updates from that group, and some information about you will be shared with the specialist group committee to make sure that you can access all the benefits that they offer you.

Changes to our policy & future processing

This Privacy Statement was last updated in October 2024 and is reviewed every six months, or upon changes to relevant Data Protection Legislation being published, whichever is sooner.

We do not intend to process your personal information except for the reasons stated within this Privacy Statement. We reserve the right to update this Privacy Statement from time to time. Where appropriate, we shall contact you to notify you of any material changes to the Privacy Statement. You should also refer to our website periodically so that you may access and view our updated Privacy Statement. This will ensure that you understand how we are using your personal data and your legal rights around our usage of such personal data.

If you have any questions or concerns regarding our data protection or privacy policies, please contact us at [email protected]  and we will be happy to respond to any concerns.

Should you still have concerns about the way in which we manage your personal data then you should contact the relevant supervisory authority, which in the UK is the Information Commissioner’s Office: ico.org.uk/global/contact-us/