1. WHO WE ARE

Avon Local Medical Committee Ltd (“ALMC”, “we”, “us”, “our”) is a professional organisation representing GPs and GP practices across Bristol, South Gloucestershire and North Somerset.

We are registered in England and Wales (Company No. 06576488).
Registered office: 14a High Street, Staple Hill, Bristol, BS16 5HP

For the purposes of data protection law, ALMC is the Data Controller.

We are committed to protecting your personal data and handling it transparently and securely.

2. CONTACT DETAILS

If you have any questions about this Privacy Notice or how we handle your data, please contact:

Data Protection Lead
Avon Local Medical Committee Ltd

14a High Street, Staple Hill, Bristol, BS16 5HP

Info@almc.co.uk
0117 9702755

We are not required to appoint a Data Protection Officer but have designated responsibility internally for data protection compliance.

3. WHAT INFORMATION WE COLLECT

We may collect and process the following categories of personal data:

a) Identity and contact data

• Name
• Work email address
• Telephone number
• Job role and organisation

b) Professional information

• GP practice details
• Training attendance records
• Professional registration details (where applicable)

c) Technical data

• IP address
• Website usage data (via cookies—see Cookies section)

d) Training-related data

• Attendance and participation records
• Feedback and evaluation forms
• Dietary or accessibility requirements (where voluntarily provided)

We do not routinely collect special category data unless it is necessary (e.g. accessibility requirements), and where we do, we apply additional safeguards.

4. HOW WE USE YOUR INFORMATION (PURPOSES OF PROCESSING)

We use your personal data for the following purposes:

Service delivery

• To provide support and services to GP practices
• To communicate with members and stakeholders

Training and events

• To organise, administer, and deliver training sessions
• To manage trainer engagements and scheduling
• To track attendance and issue certificates (where applicable)
• To gather feedback and improve our services
• Training sessions may be delivered online or in person. Where sessions are recorded, participants will be informed in advance

Business operations

• To manage contracts and relationships
• To administer payments and financial records

Legal and regulatory compliance

• To meet legal obligations (e.g. HMRC, safeguarding, DBS where applicable)
• To respond to lawful requests from authorities

Website and communications

• To respond to enquiries
• To improve website functionality and user experience

5. OUR LAWFUL BASIS FOR PROCESSING

Under UK GDPR, we rely on the following lawful bases:

• Contract – where processing is necessary to deliver services or training
• Legal obligation – where we must comply with the law
• Legitimate interests – to operate and improve our services, provided your rights are not overridden
• Consent – where required (e.g. optional information, marketing, or certain training data)

Where we rely on consent, you have the right to withdraw it at any time.

Where we rely on legitimate interests, we carry out a balancing test to ensure your rights and freedoms are not overridden.

6. WHO WE SHARE YOUR INFORMATION WITH

We may share your personal data with:

Service providers (data processors)

• Training providers and facilitators
• IT and system providers
• Occupational health providers
• Advisory and consultancy services

All third-party processors are required to act only on our instructions and are subject to appropriate contractual and security obligations.

Public and regulatory bodies

• NHS England
• Commissioners
• Disclosure and Barring Service (where required)

Legal and compliance

• Insurers
• Solicitors
• Law enforcement or courts (where legally required)

We only share the minimum necessary information and ensure appropriate safeguards are in place.

7. ANONYMISED DATA

We may use anonymised data for reporting, planning, or service improvement. This data cannot be used to identify you.

8. INTERNATIONAL DATA TRANSFERS

We do not routinely transfer personal data outside the UK.

If this changes, we will ensure appropriate safeguards are in place in line with UK GDPR (e.g. adequacy regulations or standard contractual clauses).

9. HOW LONG WE KEEP YOUR DATA

We retain personal data only for as long as necessary. Typical retention periods include:

• Training records: 6 years
• Financial records: 6 years (HMRC requirement)
• General correspondence: 2–3 years
• Contracts and service records: 6 years after end of relationship

Retention periods may vary depending on legal or operational requirements.

10. YOUR RIGHTS

Under UK GDPR, you have the right to:

• Access your personal data (Subject Access Request)
• Request correction of inaccurate data
• Request erasure (“right to be forgotten”)
• Restrict processing
• Object to processing
• Data portability
• Withdraw consent (where applicable)

To exercise your rights, please contact us using the details above.

We will respond within one month.

11. INFORMATION FROM THIRD PARTIES

We may receive personal data from third parties (e.g. GP practices or training organisers).

We ensure this data is handled in accordance with this Privacy Notice and applicable law.

12. CHILDREN’S DATA

Our services are not directed at children, and we do not knowingly collect personal data from individuals under 18.

13. COOKIES

Our website uses cookies to improve functionality and user experience.

For full details, including the types of cookies used, lawful basis (including consent where required), and how to manage your preferences, please see our Cookies Policy.

14. DATA SECURITY

We take appropriate technical and organisational measures to protect your data, including:

• Secure systems and access controls
• Staff training
• Regular reviews, audits, and risk assessments

15. COMPLAINTS

If you are concerned about how we handle your data, please contact us in the first instance.

You have the right to lodge a complaint with the
Information Commissioner’s Office,
the UK supervisory authority for data protection.

https://ico.org.uk

16. THIRD-PARTY LINKS

Our website may contain links to external websites. We are not responsible for their privacy practices.

17. CHANGES TO THIS PRIVACY NOTICE

We may update this Privacy Notice from time to time.

The latest version will always be available on our website and can be provided on request.