Your Persona l Data is data which by itself or with other data available to GTO UK) can be used to identify you as an individual.  GTO UK is the data controller. This privacy notice sets out how GTO UK will use your personal data.

The types of personal data we collect and use 

We will use your personal data for the reasons set out below.  We will collect most of this directly during the registration and/or admission process but there may be sources of personal data collected indirectly as set out later in this Policy. The persona l data we use may include:

  • your name, address and contact details, including email address and home and mobile telephone numbers,
  • Information about how you use our website.

This data may also include visual images, personal appearance and behavior

GTO UK UK may collect this information in a variety of ways. For example, data might be collected through Registration and Admin forms; obtained from your passport or other identity documents such as your driving licence; from admin forms, online web forms completed by you at the start of your membership; from correspondence with you; through the Admission and Registration process or through interviews, meetings.

In some cases, the organisation may collect personal data about you from third parties, such as insurer providers, referral agencies, sponsors, checks permitted by law.

Providing your personal data 

We will tell you if providing some personal data is optional, including if we ask for your consent to process it. In all other cases, we need you to provide your personal data so we can provide Membership and receive payment for these services. 

Monitoring of communications

Subject to applicable laws, we may monitor and record calls, emails, text messages, social media messages and other communications in relation to our dealings with you.  We will do this to ensure an appropriate standard of membership, for regulatory compliance, self-regulatory practices, crime prevention and detection, to protect the security of our communications networks and systems, to check for unlawful content, obscene or profane content, for quality control and membership training, and when we need to see a record of what has been said. We may also monitor activities on our network and systems where necessary for these reasons and this is for our legitimate interests or other legal obligations.

Using your personal data and the legal basis for processing

We will process your personal data under Article 6 (1); Article 9 (2) of the General Data Protection Regulations:

  • To support the provision of your membership of GTO UK;
  • As necessary to support the GTO UK re contract with you and to allow us to
  • To keep your records up to date;

We will process your personal data under Article 6 (1) f  of the General Data Protection Regulations:

  • As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
  • For good governance, accounting, and managing and auditing our club and business operations;
  • To monitor emails, chatrooms, other communications, and activities on GTO UK networks and systems;

As necessary to comply with a legal obligation:

  • When you exercise your rights under data protection law and make requests;
  • For compliance with legal and regulatory requirements and related disclosures;
  • For establishment and defence of legal rights;
  • For activities relating to the prevention, detection and investigation of crime;
  • To verify your identity, make credit fraud prevention and anti-money laundering checks; and
  • To investigate complaints, legal claims and data protection or clinical incidents.

Based on your consent:

  • When we process any special categories of personal data about you at your request (e.g. my racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data.

You are free at any time to change your mind and withdraw your consent. The consequence might be that we cannot continue to provide full membership of GTO UK services to you.

Sharing of your personal data

Subject to applicable data protection laws we may share your personal data with:

  • The GTO UK group of companies and associated companies including entities in the United States;
  • Sub-contractors and other persons who help us to provide GTO UK products and services to you;
  • Companies and other persons providing services to you as part of your membership
  • Our legal and other professional advisors, including our auditors;
  • Fraud prevention agencies, credit reference agencies, and debt collection agencies;
  • Government bodies and agencies in the UK and overseas (e.g. HMRC who may in turn share it with relevant overseas tax authorities and with regulators, the Information Commissioner’s Office;
  • Courts, to comply with legal requirements, and for the administration of justice;
  • In an emergency or to otherwise protect your vital interests;
  • To protect the security or integrity of our club business operations and other patients;
  • W hen we restructure or sell our business or its assets or have a merger or re-organisation;
  • Payment systems and providers; and

Anyone  else where we have your consent or as required by law

Sharing of your personal data to contribute to the review and publishing of information about the quality and cost of privately funded GTO UK

If you subsequently change your mind please contact a Committee member Contact details are available on this website.

Sharing of your personal data for research purposes

Subject to applicable data protection laws and your explicit written consent we may share your personal data for the purpose of scientific research.

Sharing of your personal data for marketing purposes

Subject to obtaining your written consent and communications preferences we may use your contact details to send you newsletters and other information on new Facilities, services and treatments which we think may be of interest to you.  We will not sell your personal data to a third party without your written consent.

You are free at any time to change your mind and withdraw your consent. Please contact [email protected].  This will not affect the GTO UK services we provide to you.

International transfers

Your personal data may be transferred outside the UK and the European Economic Area.  While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it.  These include imposing contractual

How long do we keep your data?

Information will be kept in in accordance with the retention periods outlined in the Information Governance Alliance (IGA)

  • Retention in case of We will retain your personal data as long as necessary to deal with any queries you may have;
  • Retention in case of We will retain your personal data for as long as you might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements. We will retain your persona l data after you have received GTO UK services or membership based on our legal and regulatory requirements.

Your rights under applicable data protection law

Your rights are as follows (noting that these rights do not apply in all circumstances):

  • The right to be informed about processing of your personal data;
  • The right to have your personal data corrected if it is inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your persona l data
  • The right to restrict processing of your personal data
  • The right to have your personal data erased (the “right to be forgotten”)
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”) ; and
  • Rights in relation to automated decision making including profiling

You may exercise these rights by contacting us via the forum

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law