Two Autonomous Controllers
The limited company, Practitioner Health Matters Programme CLG (CRO Number: 529820), which oversees the Programme and secures the resources to ensure that it can continue, processes a limited range of personal data which is explained later and is the Data Controller for such data. If you have an interest in this data as opposed to the clinical data described in the next paragraph, you should contact the Honorary Secretary as

The clinical data (e.g. patient data, their specific concerns and any treatment applied under the Programme) is under the control of the Medical Director who is a separate Data Controller. There is a separate ‘Privacy Notice’ for this data which is available via this link.

What data does PHMP CLG collect and how is it used?
The company processes the personal data of its Directors (usually referred to as “Trustees” given its charitable status; it is registered with the Charities Regulator with number 20200787) as a legal obligation to maintain its records at the CRO. Such data consists of names and addresses. PHMP’s records of this data will be deleted with six months of being registered with the CRO.

Contact data in donor organisations is also be maintained and processed as part of fund-raising activity. This consists of email addresses and telephone numbers and will be deleted within seven years of the last donation from any individual donor. Personal data may also of necessity be recorded in minutes of Board meetings but would ordinarily consist of Directors’ names against actions or other matters being recorded. Minutes will be deleted after seven years in case of any possible litigation. The legal basis for the processing of these types of data is the Legitimate Interests of the company.

Recipients/transfers of the data and your data protection rights
None of the data described above is shared with any other entities or transferred outside the European Economic Area. The company will observe any requests for access to personal data and consider those for rectification, erasure, restriction, objection or data portability. Data subjects also have the right to complain to the Data Protection Commission as the relevant Supervisory Authority (this can be done by using the following form on their website: