Skip to content

Website cookies

This website uses cookies to help us understand the way visitors use our website. We can't identify you with them and we don't share the data with anyone else. If you click Reject we will set a single cookie to remember your preference. Find out more in our privacy policy.


This Privacy Notice explains how The Point of Care Foundation collects, stores, manages and protects your personal data. It outlines the types of data we hold and how we use them. The Point of Care Foundation takes its responsibilities around the correct collection, use and destruction of the personal data of all of its audiences and stakeholders very seriously and is committed to the openness and fairness in the handling of personal data.

1. Who are we?

The Point of Care Foundation is the data controller (contact details below). This means it decides how your personal data (“information”) is processed (“used”) and for what purposes.

2. Our purpose

Our mission is to humanise healthcare. We achieve this by working to improve patients’ experience of care and increase support for the staff who work with them. To achieve this aim we have set ourselves the following goals:

  • To strengthen leadership in professions and organisations for patient centred care by supporting local leaders to prioritise and sustain their focus on good experiences and relationships.
  • To empower more patients and more staff to lead bottom-up change by offering training in tools and methods that enable patients and staff to collaborate and make change together.
  • To help more staff access forums for reflective practice by assisting organisations establish Schwartz Rounds to provide the practical and emotional support that staff need.

3. Your personal data – what are they?

Personal data means any information from which an individual can be identified. Identification can be by the information alone or in conjunction with any other information in the data controller possesses or likely to possess. The processing of personal data is governed by the General Data Protection Regulation 2016/679 (the “GDPR”). The Point of Care Foundation collects and processes personal data to support all of the aims of the organisation.

To provide services and support under agreements, contracts or membership we may collect and process all or some of the following data: 

  • Name and title
  • Contact details including postal address(es), personal e-mail, work e-mail, phone number(s), and links to social media accounts
  • Job title and occupation
  • Records of communications sent to you by us and received by us from you
  • Personal photos and video of events in which you appear

For managing events, sending out our newsletters, marketing and promoting the work of The Point of Care Foundation we may collect and process the following data:

  • Name and title
  • Contact details including postal address(es), personal e-mail, work e-mail, phone number(s), and links to social media accounts
  • Personal photos and video of events in which you may appear

4. How do we collect your information?

The majority of information about you that we use is obtained directly from you and organisations you work for. You may subscribe to our mailing list to receive updates from us. We may request your email address in exchange for access to restricted content on our website. We may also collect information from publicly available sources to keep your information up to date. We may also obtain your information through the use of social media such as Facebook, Twitter or LinkedIn depending on your settings or the privacy policies of these social media and messaging services.

5. How do we use your information?

The Point of Care Foundation complies with its obligations under the GDPR by keeping your information up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting information from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect it.

We use your information for the following purposes: –

  • To meet our responsibilities under contracts and agreements with you and/or your organisation/employer;
  • To inform you of news, events, activities and other services run for our networks or communities;
  • To administer membership records of the communities and networks;
  • To conduct surveys of community and network members and process your responses;
  • To otherwise communicate with you regarding our aims and activities that are likely to be of interest;
  • For internal record keeping so as to keep a record of your relationship with us;
  • To keep you information up to date; and
  • To implement any instructions you give us with regard to withdrawing any or all of your consent.

6. What is the legal basis for using your information?

We will be processing your personal data only with your explicit consent and for the purpose of meeting our responsibilities under agreements and contracts where applicable.

7. Sharing your personal data

Your personal data will be treated as strictly confidential, and we will only share your data with third parties with your consent unless we have a legal obligation to do so.

8. How long do we keep your personal data?

We will keep your data as long as you are a member of our communities or networks or any other The Point of Care Foundation programme for which we will be gaining separate consent. However we will contact you at the end of every two year period after this consent to renew the consent.

Financial records will be retained in line with financial law and regulation for at least seven years.

9. Where do we keep your data?

The Point of Care foundation maintains all of your data within the EU.

Data is only processed by third parties outside of the EU for the provision of services such as:

  • Managing events
  • Sending our newsletters
  • Undertaking surveys

Where data is processed outside the EU The Point of Care Foundation has verified that the appropriate safeguards are in place including:

  • Complying with all data protection principles
  • Where possible trying to ensure data is processed in a country that is on the list of countries approved as adequate by the EU
  • If the transfer is to an organisation in the United States of America ensuring that the organisation participates under the auspices of Privacy Shield
  • Ensuring that in all other instances adequate contractual provisions are in place to ensure the protection of the data

10. How do we protect your data?

We ensure that there are appropriate and operational measures in place to protect your personal data. We have appropriate technical controls in place to protect your personal data:

  • Our network is protected behind firewalls
  • Anti-virus software is deployed
  • All systems are password protected
  • Where we use external companies to process personal data on our behalf we check how they manage the personal data and who has access to it.

11. Your rights and your personal data

Under the GDPR, you have the following rights with respect to your personal data:

    • The right of access – you can ask for a copy of your personal data which The Point of Care Foundation holds about you (this is primarily contact data) and confirmation of the reason for its use;
    • The right to rectification – you can ask that The Point of Care Foundation corrects any personal data if it is found to be inaccurate or out of date;
    • The right to erasure – you can ask for your personal data to be erased where it is no longer necessary for The Point of Care Foundation to retain such data;
    • The right to restrict processing – you can ask for a restriction to be made on further processing of your data if there is a dispute over its accuracy or processing;
    • The right to data portability – you can request that we provide you with your personal data and where possible, transmit that data directly to another data controller;
    • The right to object to the processing of your personal data for the purpose of direct marketing, for research (when you will need grounds relating to your particular situation); and
    • Rights related to automated decision making and profiling this means that where there is an automated decision made in the processing of your data and you have not given explicit consent.

You have the overall right to complain to the regulator and/or seek judicial remedy if your information has not been treated in accordance with the law.

12. Further processing

If we wish to use your personal data for a new purpose, not covered by this Privacy Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.

13. Contact Details

To exercise all relevant rights, queries or complaints please contact the Data Protection Officer at The Point of Care Foundation:


0203 841 5573

You can contact the Information Commissioner’s Office on 0303 123 1113 or via email or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.