NCHA Privacy Notice


NCHA is committed to protecting and respecting your privacy. We take your privacy very seriously and we ask that you read this Privacy Notice carefully as it contains important information on:

  • the personal data we collect about you;
  • how we look after your personal data including when you visit our website (regardless of where you visit from);
  • with whom your personal data might be shared; and
  • your privacy rights and how the law protects you.


NCHA (National Clinical Homecare Association) is a private company, limited by guarantee, incorporated and registered in England and Wales with company number 6642621 and whose registered office is at St James House, Vicar Lane, Sheffield S1 2EX

This Privacy Notice is issued on behalf of the NCHA so when we mention “NCHA”, “we”, “us” or “our” in this Privacy Notice, we are referring to the NCHA who is responsible for processing your personal data. NCHA is the controller and responsible for personal information obtained through our website –, by phone, email, in letters and other correspondence or in person.


Personal data provided by you

We collect personal data about you when you:

  • Register as a Member;
  • Renew your membership;
  • Register for an Event/workshop;
  • Purchase or make payments for any products and services;
  • Contact us through our website or via email;
  • Sign up to receive our updates;
  • Complete feedback or surveys; or
  • Participate in competitions or prize draws
  • Request a copy of a report / document from NCHA

The personal data collected in the above manner may include, but is not limited to:

  • full name;
  • organisation; 
  • postal address;
  • email address;
  • telephone number;
  • payment details;
  • reservation and/or booking details;
  • image and/or voice captured through photography, filming, videotaping and/or audio recording.

Special categories of personal data

The only special category personal data which we collect from you from time to time via our website is health information. For example, you may ask you to provide us with allergen information so that we can cater appropriately for you and/or access requirements so that we can facilitate appropriate access to the premises where we are operating. We will only collect that special category personal data with your explicit consent and only in relation to the specific event/workshop you are booking to attend. It will not be kept on file against your permanent profile.


We will only use your personal data when the law allows us to. See section below – Legal basis we use for processing your information.


We collect information about you so that we can:

  • Identify you and manage your membership;
  • Manage your event/workshop bookings and ensure that we can provide you with a personalised and memorable experience with us;
  • Process any orders for Products and Services you make with us;
  • Assist you with your queries in relation to our organisation;
  • Review any papers, submissions, competition or prize draw entries;
  • Conduct research, statistical analysis and behavioural analysis;
  • Carry out customer profiling and analyse your preferences to tailor marketing communications
  • Detect and prevent fraud;
  • Notify you of any changes to our website or to our services that may affect you;
  • We may periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided
  • From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail. We may also use the information to customise the website according to your interest
  • To improve our services.

    We may directly collect analytics data, or use third-party analytics tools and services, to help us measure traffic and usage trends for the website service generally.


    We will only send you marketing messages when you have actively selected to receive email communications, when you provide us with your personal data. If you have consented to receiving marketing from us, you can opt out at any time by using the unsubscribe function on each of our emails or by contacting us directly through the “Contact Us” section of our website.


    We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

    If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

    Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.


    We do not, and will not, sell any of your personal data to any third party – including your name, address, email address or payment card information. We want to earn and maintain your trust, and we believe this is essential in order do that.

    As an essential part of being able to provide our services to you, we do share your data with the following categories of third parties:

    • service providers that help us to get any purchases which you make through our website to you, such as payment service providers, delivery companies;
    • service providers that help us to run our business such as marketing/design agencies, website hosting providers, website developers and email management system;
    • professional advisers including lawyers, bankers, auditors and insurers who provide advice to us when we require it;
    • law enforcement agencies in connection with any investigation to help prevent unlawful activity; and

    We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions. If you would like any more information about the third parties which we work with to provide our services to you, please contact us on the contact details provided later in this Privacy Notice.

    In addition when attending NCHA events / workshops attendees names and company name will be shared with delegates and speakers unless you explicitly request otherwise.


    The GDPR requires us to rely on one or more lawful bases to use your personal information. We consider the bases listed below to be relevant:

    • necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract – eg. Membership – Paid Members including Full, Probationary and Associate and all individuals linked to these membership categories.
    • Consent – where individuals positively opt in and consent has been freely given to hold personal information eg. Individuals who actively register on the website to receive NCHA latest news or those who select to opt in during event registration.
    • Legitimate Interest – where individuals register or are invited to attend / speak at an event or workshop or lapsed member contacts.


    To protect your information we have policies and procedures in place to make sure that only authorised personnel can access the information, that information is handled and stored in a secure and sensible manner, and all systems that can access the information have the necessary security measures in place.

    All employees, contractors and sub-contractors receive the necessary training and resources to ensure they understand their responsibilities in relation to all of our policies and procedures.

    In additional to these operational measures we also use a range of technologies and security systems to reinforce the policies and procedures, including ensuring that:

    • access to personal data is strictly restricted to those employees who need to access this information as part of their role;
    • we store your personal data on secure servers and unauthorised external access to personal data is prevented through the use of a firewall;
    • information used for reporting and/or customer profiling purposes is anonymised (so that it does not identify you);
    • we store your personal data on secure servers;

      To make sure that these measures are suitable, we run vulnerability tests regularly.

      Audits to identify areas of weakness and non-compliance are routinely scheduled.


      We shall only retain your information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, accounting, tax or reporting requirements.

      We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

      To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

      Where data is collected as part of registering to attend an event NCHA will hold your data in Mailchimp up to 30 days after the event.

      If you would like more information about how long we retain specific types of your information, please contact us on the contact details provided later in this Privacy Notice.


      Most information you provide via our website is stored on our secure servers within the European Economic Area (“EEA”). If any data that we collect from you is transferred to, or stored at, a destination outside the EEA at any time, this will be on the basis that there is a level of data protection that is equivalent to that in the EU, or where safeguards have been put in place e.g. EU model clauses.


      The right to access information we hold about you

      At any point you can contact us to request the information we hold about you as well as why we have that information, who has access to the information and where we got the information. Once we have received your request we will respond within a month. You can access your information through the website by logging in to “Your Account”, where you can update information provided and change your mailing preferences.

      The right to correct and update the information we hold about you

      If the information we hold about you is out of date, incomplete or incorrect, you can inform us and we will ensure that it is updated or you can log into the members area and update your details and preferences.

      The right to have your information erased

      If you feel that we should no longer be using your information or that we are illegally using your information, you can request that we erase the information we hold. When we receive your request, we will confirm whether the information has been deleted or tell you the reason why it cannot be deleted.

      The right to object to processing of your information

      You have the right to request that we stop processing your information. Upon receiving the request, we will contact you to tell you if we are able to comply or if we have legitimate grounds to continue. If data is no longer processed, we may continue to hold your information to comply with your other rights.

      The right to ask us to stop contacting you with direct marketing

      You have the right to request that we stop contacting you with direct marketing that is outside what is considered reasonable for a membership body to offer member benefits and to ensure good governance of the membership body.

      The right to data portability

      You have the right to request that we transfer your information to another controller. Once we have received your request, we will comply where it is feasible to do so. For your security we may need to verify your identity before we process your instructions above.


      If you have any queries about this Privacy Notice, need further information about how NCHA uses your personal data or wish to make a complaint, please contact us by any of the following means:

      It is important that the personal data we hold about you is accurate and current.

      Please keep us informed if your personal data changes during your relationship with us.

      You also have the right to make a complaint at any time with the Information Commissioner’s Office directly. Further information, including contact details, is available at We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.


      We may change this Privacy Notice from time to time. You should check this Privacy Notice occasionally to ensure that you are aware of the most recent version that will apply each time you access the website.

      Where we have made any changes to this Privacy Notice which affects the manner in which we use your personal data, we will contact you by email to inform you of this change.

      This Privacy Notice was last updated on 5th March 2024