in-alt close navigate_next share search mail chevron-thin-down chevron-thin-up twitter-with-circle linkedin-with-circle facebook-with-circle
Search
  1. Introduction

We are committed to protecting and respecting your privacy. This Privacy Policy explains how Essex LMC (North & South Essex Local Medical Committees Limited) (“Essex LMC”, “we”, “us” or “our”) collects, uses, shares and safeguards personal data when you visit our website, use our services, or otherwise interact with us.

This policy is intended to meet our obligations under the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

  1. Who we are and how to contact us

Data Controller: North & South Essex Local Medical Committees Limited (trading as Essex LMC)

Registered office: Unit 5, Whitelands Business Centre, Terling Road, Hatfield Peverel, Chelmsford, CM3 2AG

Website: www.essexlmc.org.uk

General enquiries: info@essexlmc.org.uk

If you have questions about this policy or our data practices, or if you wish to exercise your data protection rights, please contact us at the email above. A Privacy Lead (not a formal DPO) oversees our compliance — see section 15.

  1. Scope: our services and portal

EssexLMC supports and represents GPs and GP practices across Essex. Our services include guidance and resources, newsletters and updates, events and training (including sponsored events), practice workforce initiatives, and an online portal through which GP practices, PCNs and practice managers can register and manage communications.

We interact with individuals via our website forms, email, newsletters, event registrations, and the portal; we may also interact occasionally offline (e.g., at events).

  1. Personal data we collect

We do not intentionally collect special category data. Please do not provide such data unless we specifically request it.

  • Identity and contact data (e.g., name, role/title, organisation/practice, postal address, email address, telephone number).
  • Account and portal data (e.g., login credentials, user ID, preferences, communications, activity logs).
  • Membership/practice liaison data (e.g., practice details, workforce initiatives, communications history).
  • Events and training data (e.g., registrations, attendance, feedback, sponsorship preferences).
  • Transaction and payment data (e.g., billing address, order details; card details are processed by our payment provider — we do not store full card numbers).
  • Technical and usage data (e.g., IP address, device identifiers, browser type, operating system, referring URLs, pages viewed, links clicked, session duration).
  • Marketing and communications data (e.g., newsletter and event email preferences).
  1. How we collect personal data

Personal data is collected in the following circumstances:

  • Direct interactions: when you join as a member, create a portal account, subscribe to our newsletter, register for events/training, complete a form, email us, or contact us at events.
  • Automated technologies: via cookies and similar technologies when you use our website and portal (see Cookies).
  • Third parties: payment providers, analytics providers, hosting/CMS providers, email delivery services, IT support, and publicly available sources.
  1. Purposes and lawful bases for processing

We only use personal data where permitted by law. Our purposes and principal lawful bases include:

  • Operating the Essex LMC and our website and portal; creating and administering user and practice accounts — performance of a contract; legitimate interests.
  • Providing LMC services and member/practice support, including guidance, representation and resources — performance of a contract; legitimate interests; legal obligation.
  • Managing events and training (including registrations, attendance, and follow-up) — performance of a contract; legitimate interests; legal obligation.
  • Processing and collecting payments for events/training where applicable — performance of a contract; legitimate interests; legal obligation.
  • Sharing attendee details with event sponsors where appropriate and clearly communicated — consent where required; legitimate interests.
  • Website/portal security, support, troubleshooting and analytics — legitimate interests; legal obligation.
  • Communications about service updates and policy changes — performance of a contract; legal obligation; legitimate interests.
  • Direct marketing by email (newsletters and relevant updates) — consent where required under PECR, or legitimate interests/‘soft opt‑in’ for existing contacts about similar services, with the ability to opt out at any time.

Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, we balance our interests against your rights and expectations.

  1. Cookies and similar technologies

We use Google Analytics 4 (GA4) with IP masking for usage analytics. We do not use advertising or retargeting cookies. We display a cookie consent banner so you can manage non‑essential cookies.

  1. Sharing your personal data

We share personal data with service providers who process data on our behalf, including: hosting and website platform/CMS, payment provider, analytics, email delivery services, and IT support. We do not have group companies that receive your data.

We may also share data with event sponsors, professional advisers (e.g., solicitors, accountants, insurers), authorities and regulators where required by law, and third parties in connection with a business transaction (e.g., merger or asset sale).

For sponsored events, we may share attendee data with the relevant sponsors where appropriate and compatible with expectations; we will make this clear at the point of registration.

  1. International data transfers

We do not generally store personal data outside the UK ourselves. However, some of our service providers (for example, hosting or payment providers) may process data outside the UK. Our providers may change from time to time. Where data is transferred outside the UK, we take appropriate steps to ensure that your data remains protected, including the use of the UK International Data Transfer Agreement (IDTA), the UK Addendum to the EU Standard Contractual Clauses, or reliance on UK adequacy regulations. Details are available on request.

  1. Data security

We implement technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction. These include access controls, encryption in transit, and secure development and monitoring practices appropriate to our services.

  1. Data retention

To facilitate members and practices being able to access information as and when required and to support the reasonable operation of our organisation, we retain personal data for as long as reasonably necessary for those purposes. In practice, this often means we keep certain records indefinitely unless a shorter period applies in law or we no longer need the data for the purposes set out in this policy.

  • You may request deletion of your personal data at any time by contacting us in writing. Subject to any legal or regulatory requirements that oblige us to retain data (for example, tax/audit obligations and limitation periods), we will delete it.
  • We review retention on a periodic basis to ensure ongoing necessity and proportionality.
  1. Your rights

Under UK data protection law, you have rights over your personal data; the summary below explains each one and how to use it — just contact us (see Section 15) to make a request.

  • Access — obtain a copy of your personal data and information about how we process it.
  • Rectification — have inaccurate or incomplete data corrected.
  • Erasure — request deletion of your data in certain circumstances.
  • Restriction — ask us to suspend processing in certain circumstances.
  • Objection — object to processing based on legitimate interests and to direct marketing.
  • Data portability — receive your data in a structured, commonly used format and transmit it to another controller where applicable.
  • Withdraw consent — where we rely on consent, you can withdraw it at any time.
  • Complain — you can complain to the UK Information Commissioner’s Office (ICO) at www.ico.org.uk.

To exercise your rights, please contact us at info@essexlmc.org.uk. We may request information to verify your identity and will respond within statutory time limits.

  1. Children

Our services and portal are intended for professionals working in or with general practice. We do not knowingly collect personal data from children.

  1. Third‑party links

Our website may include links to third‑party websites, plug‑ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party websites and are not responsible for their privacy statements.

  1. Contact and governance

Privacy Lead: Sarah Bell. We have not appointed a statutory Data Protection Officer (DPO). For all privacy matters, contact info@essexlmc.org.uk.

  1. Changes to this policy

We may update this policy from time to time to reflect changes in law or our practices. We will post the updated version on this page and indicate the date of the latest revision.

 

Last updated: 29 September 2025

Document Library

Close
Cookie Settings

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.