The Psychological Professions Network (PPN) website is managed by PPN England on behalf of the 7 regional PPNs that make up PPN England. The website platform used to collect membership data is commissioned by PPN England. Membership data is shared with seven regional PPN’s teams and the national NHS England Psychological Professions team.
Each regional PPN and the team members are hosted and employed by an NHS Trust, an NHS Education provider and/or by an NHS England regional office. The national Psychological Professions team is employed within the NHS England Workforce, Training and Education Directorate.
Responsibility for managing membership data in accordance with UK data protection law is shared with regional PPN host organisations and their respective Data Protection Officers. Regional PPN teams extract membership data from the PPN website periodically. Regions handle, store and process membership data in accordance with host organisation policy.
PPN England, and the regional NHS Trust or NHS England regional team, are joint controllers and joint processors of this data, on behalf of the PPN that they host. Our web development partners Blue Frontier Limited act as data processors on behalf of the data controller.
In the event of a data breach involving membership data occurring at a regional level, the Data Protection Officer (DPO) for the PPN regional host organisation will manage the breach in accordance with their policy. Contact details for regional DPO’s can be provided by emailing the regional PPN directly.
What is the purpose and legal basis for processing membership data?
The Psychological Professions Network will process membership data in order to maintain membership, provide regular communications with the membership and seek views and opinions. Under the General Data Protection Regulation the lawful basis for PPN England (NHS England Psychological Professions team) and the 7 regional PPNs, including regional PPN host organisations to process this membership data falls within the following processing conditions:
- For patients and members of the public: ‘Public Task’ - Processing is in the public interest or in the exercise of official authority vested in the data controller
- For staff members: ‘Legitimate interests’ – processing is in the legitimate interest of the data controller.
Membership Forms
The purpose of our membership form is to gather the personal data required in order to sign up and become members of a regional Psychological Professions Network. These details may then be used to communicate with you about general membership matters. Special category data is also collected for certain constituency groups to ensure we have a membership that is representative of the community we serve. We also collect demographic data based on your organisation to enable the PPN to report the makeup of its membership as and when required.
How long will we keep this information?
We will only keep information for as long as it is needed for the purposes described when it was collected. The information will not be kept for longer than legislation permits. You may also request that your information is removed or forgotten, that processing is restricted or consent is withdrawn by logging in to your membership account at PPN Member Log in and editing your communication and membership preferences, including deletion of your account. If you are unable to complete the changes you require via the Member Log in, please email your regional PPN (contact details below).
Access to your details
You have the right to request personal information held and to have any inaccurate information, such as your name or contact details, corrected. You can check the personal information held by logging in to your membership account at PPN Member Log in. If you are unable to access your information via the Member Log in portal, please email your regional PPN (contact details below).
Will we share this information with outside parties?
The information provided will not be shared with third parties. Information access and usage is restricted to our partner web development agency (Blue Frontier Limited), the 7 PPN regional teams and the national NHS England psychological professions team. We will not sell information and data does not leave the UK.
What rights do I have?
In accordance with the UK General Data Protection Regulations (GDPR), data subjects (members) have the following rights:
- Right to be informed: we have explained what data is being collected, how it is used, how long it will be kept and have confirmed that it will not be shared with any third parties.
- Right of access: You have the right to request a copy of the information that we hold about you.
- Right of rectification: you have the right to correct inaccurate or incomplete data.
- Right to be forgotten: If you ask us to erase any personal data stored about you, we will do that.
- Right to restrict processing: you can request that we limit the use of your personal data.
- Right to object: you have the right to challenge how we use your data, for example if you receive communications from us that you no longer want.
What security controls are in place?
We want you to be secure when visiting our site and are committed to maintaining your privacy when doing so. Our website is protected by multiple layers of protection. The server is protected by a hardware firewall that only passes genuine traffic destined for specific services. Access to critical services are disabled and restricted as necessary.
The server is further protected by an additional software firewall. The software firewall is configured to only allow relevant network services.
All traffic to and from the website is encrypted in transit using the latest TLS encryption protocols, in line with industry best practice.
Further to this, the website is protected by a software-based Web Application Firewall to provide protection against common vulnerabilities and known exploits. We also employ intrusion detection systems on the servers that are monitored for unusual behaviour.
The website hosting company are ISO 27001 accredited and the hosting infrastructure is fully compliant with all internationally recognised security standards.
Who is the Supervisory Authority?
The Information Commissioner’s Office: https://ico.org.uk
The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 01625 545700.
If you have any further queries on the uses of your information, please contact your local PPN region:
PPN - East of England -
PPN - London -
PPN - Midlands -
PPN - North East and Yorkshire -
PPN - North West -
PPN - South East -
PPN - South West -