It is the policy of the Association of Master Herbalists (AMH, hereafter referred to as ‘we’, ‘us’ and ‘our’ as well as by name) to collect, process and share your data provided to us by you in order to carry out the services requested by you and any contact in relation to those services only. Your data will not be used for any other purposes other than those explicitly stated in this policy or requested by you in your dealings with us.
1. The identity of the controller.
You are hereby informed that the data that you provide is collected, used, protected, processed and shared by the Association of Master Herbalists; more specifically, the relevant members of the AMH Council, namely the General Secretary and Treasurer.
2. Collection of data
We collect data about our members and applicants. Your data are collected when you contact us via email, phone or in person or through the “Contact Us” page of our website.
Data we collect fall into the following categories:
- Identification information (Name)
- Contact information (Email address, telephone number if provided)
Other data is gathered directly from you when you use the:
- online membership joining form
- the paper version of the membership joining form
- membership renewals form
- direct communication with us
2.1. Information you provide to us
We process data you provide directly to us when you apply to join the AMH or renew your membership, via forms available from our website or obtained directly from us either by email or postal service.
The data we require our Members to provide either when joining us or renewing their AMH membership include:
- Date of Birth
- Phone numbers
- Email address(es)
- Website address(es)
- Professional qualifications
- Professional indemnity insurance details
- Emergency First Aid at Work certification
- Curriculum vitae
- Professional or personal references
- Current photographs of yourself
- Educational qualifications
- Other qualifications, i.e. other non-CAM qualifications or awards not previously detailed
- Length of time in herbal practise
- Name and address of mentor, if relevant
- Continuing Professional Development (CPD) information
- Other complementary or alternative medicine skills
- Membership of professional associations in UK or overseas
- Other occupations in which you are currently employed
2.2. Data we collect automatically when you use our online services
We do not automatically collect personal information about you when you visit our website unless you choose to provide that information to us, for instance the membership application form. When you access or use our online services, we automatically collect the following non-personal information about you:
Log Information: We log information about your use of the Services, including the type of browser you use, access times, pages viewed, your IP address and the page you visited before navigating to Our Services.
2.3. Information we collect automatically through Cookies and other tracking technology
We may use session cookies, and other similar technologies on our online Services for the exclusive purpose of enabling or facilitating communication or are strictly necessary for the provision of our online services. Session cookies are usually deleted when you close your browser. We do not use tracking cookies or persistent cookies which record or analyse user behaviour.
You have the ability to decline cookies by changing the settings on your browser but this might prevent you from benefiting from some elements of our online services. You can also consult or destroy permanent/persistent cookies if you wish, since they are stored on your hard disk.
2.4. Third Party Cookies
For example, a cookie set by Facebook -when you’re using facebook.com- is a first-person cookie, but if you are on a different website which has a Facebook Like! button; that button will access the same cookie; but in this context it would be considered a third-party cookie.
We inform you that we have no access and cannot exercise any control over third party cookies. However we do not allow internet marketers to buy advertising rights on our website which is a common source of third-party cookies though not the only one. There is always the possibility that third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications.
If concerned you may choose to disable third party cookies in your browser privacy settings to help prevent your data and browsing history being tracked.
3. How we use the data
We may use information about you for the following purposes:
- Provide, maintain and improve our services
- Provide and deliver the service you request, process transactions and send you related information including membership certificates, fee receipts and mentoring scheme information, if relevant
- Send you emails informing you of forthcoming courses and events of interest, particularly those carrying CPD points
- Interact with you regarding the future direction of the AMH, occasionally offering the chance to vote for a particular course of action
- Update you as to important legal and regulatory developments affecting herbal medicine practise in the UK and Eire
- Respond to your comments, questions, requests and provide customer service
- Monitor and analyse trends, usage and activities in connection with our services
- Personalize and improve the services we provide
4. How we share your data
In response to a request for information if we are required by, or believe disclosure is required by, any applicable law, regulation or legal process, including in connection with lawful requests by law enforcement, national security, or other public authorities.
5. The period of data retention
The General Data Protection Regulations 2018 (GDPR) states that we must hold data for no longer than is required for the purposes for which it is being processed: https://www.dpnetwork.org.uk/gdpr-data-retention-guide/. We will hold onto information if we feel it is necessary to do so – for example in the event of an ongoing insurance claim/complaint against you. However this will not exceed 7 years.
6. Data access
Upon receiving a written request from you seeking access to your data, we will provide either hard or electronic copy of the data that we hold on you, to be sent by registered post or email, respectively. This will include exports of the information held about you on the AMH database and website. We will provide your data to you within a period of 28 days from the date that we receive your request.
7. Data amendments
Upon receiving a request from you to update, correct or amend your personal data held by us, we will make the amendments within a period of 7 days from the date that we receive your request.
We are committed to taking appropriate measures designed to keep your data secure. Our technical, administrative and physical procedures are designed to protect data from loss, theft, misuse and accidental, unlawful or unauthorized access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.
9. Your rights
Under the General Data Protection Regulations 2018 (GDPR), individuals have the significantly strengthened rights to:
- Obtain details about how their data is processed by an organisation or business;
- Obtain copies of personal data that an organisation holds on them;
- Have incorrect or incomplete data corrected;
- Have their data erased by an organisation, where, for example, the organisation has no legitimate reason for retaining the data;
- Obtain their data from an organisation and to have that data transmitted to another organisation (data Portability);
- Object to the processing of their data by an organisation in certain circumstances;
- Not to be subject to (with some exceptions) automated decision making, including profiling.
10. In the event of a data breach
Every precaution will be taken to avoid a breach of your data. However, if such a breach should occur, it will be documented, assessed as to its severity and appropriate action taken. The Information Commissioner’s Office (ICO) will be informed and you will be contacted to assist you in taking steps to mitigate the risks to yourself if it the breach is deemed sufficiently severe to put you or your identity at risk.