Privacy policy

This privacy policy explains what happens to any personal data that is provided to BSR or data that we collect from members, users of websites, people who contact us for other purposes, and/or employees.

The type of information we collect and hold about you will depend on whether or not you are a member of BSR (past or present), a registered user of our website, a clinician or patient providing patient-reported outcome measures collected on our ePROMs platform, data captured on our Quality Review Scheme (QRS) platform, simply browsing our resources, contacting us for other purposes, or a member of staff.

If for any reason you give us personal information on behalf of or about someone else, you should ensure that you have the right to provide us with that information, and direct that person to this policy to inform them how we will process their data.

What information do we collect about our members and website users?

We collect information about you when you register with us for membership, book to attend an event such as our annual conference, or register for a product or service, such as the newsletter or mentoring scheme. We may also collect information when you voluntarily complete a customer survey, provide feedback, take part in a competition, or apply for a job at BSR. Website usage information is collected using web server logs, cookies, or other website tracking tools.

We may collect and process the following data about you:
  • Information about your use of our site including details of your visits such as pages viewed and the resources that you access
  • Information provided voluntarily by you such as when you register for membership and information provided when booking onto a course
  • Information that you provide when you communicate with us by any means
  • Information that might identify individuals (such as name and address) is kept separate from other information about participants
  • Computer security is in place to block unauthorised access to computers/systems that hold personal information and individual records are password-protected
  • Approved data processors (who have appropriate security measures in place) may have access to your personal information for data processing purposes only. The data processing will only ever be for the purposes of this study and contractual agreements will be put in place for this purpose to ensure the safety of your data
  • If your information is provided as part of a larger dataset to researchers outside of the Registers study teams in a dataset, we will not include any information that could identify you
  • To help us identify you and the membership you hold with us, both for our own purposes and for approved providers who need to verify membership
  • To enable you to receive the service you have requested including contacting you about an event you have booked a place on in the lead up to it
  • If you are a member, to administer your membership record, inform you of campaigns, discounts and offers, provide services and fulfil our obligations to you as a BSR member (including billing)
  • If you are a member, we will add your details to our member directory which is searchable by all existing members
  • To communicate with you generally

  • What information do we collect about you through the ePROMs platform?
    Patients are sent an email inviting them to complete a patient consent page. The patients are asked to consent to their PROMs submission being viewed by their rheumatology team and if they consent to their submission being used for research purposes. A patient can only proceed if they consent to their team viewing their submission.
    A patient can refuse consent for their data to be used for research purposes but consent to their rheumatology service to view their submission (for full details read the ePROMs Data Protection Impact Assessment). BSR is the Data Controller for ePROMs. This means BSR determines the purposes and means of the processing of the data. BSR uses a third-party data processor called Netsolving, which holds all ePROMs data on its system.

    What information do we collect about you through QRS (Quality Review Scheme)?

    Quality Review Scheme (QRS) is a UK-wide accreditation service to drive quality improvement within UK rheumatology services.

    Applicants submit evidence for review and undergo an onsite review. During this review managers, non-managerial staff and patients are interviewed for their views on the service. (For full details read the QRS Data Protection Impact Assessment)

    What information do we collect about you through our registries?

    British Society for Rheumatology and its academic partners, the Universities of Manchester and Aberdeen, are the data controllers for the BSR patient registers and are responsible for the way in which your data is processed.

    We work together to ensure that your data is processed fairly and lawfully in accordance with the requirements of UK data protection legislation. There are a number of rigorous procedures in place to protect your personal data and keep it secure.

    A number of pharmaceutical companies who manufacture rheumatology therapies have access to your study data for further safety monitoring, but this won't contain any personal identifiable information and any study results or published reports using the data won't include your name.

    Your medical records state that you are participating in a BSR register; by signing a participant consent form, you allow rheumatology healthcare professionals or approved data processors to have access to information from your medical records, relevant to the study, for the purposes of capturing the data.

    In certain circumstances your medical records or study data may be looked at by a government drug regulatory agency such as the Medicines and Healthcare products Regulatory Agency (MHRA) or by authorised members of the Registers study team, the Ethics Committee or a hospital. This is for the purpose of checking that the data is correct or checking that the study is being carried out properly.

    How will we use the information about you?

    We use the information we collect from you during your membership application, registration as a user of the website, booking for an event or meeting, subscription to a service, or administration of an activity according to the UK General Data Protection Regulation (UK GDPR).

    We'll use your personal information for the purposes you provided us with it for and any associated purposes described at the point that information was collected.

    In addition, we may also use your information for the following purposes: to provide you with information about services or opportunities offered by BSR.