COVID-19 VACCINATIONS: If, in addition to indemnity for your main employment, you would like cover for delivering COVID-19 Vaccinations please apply for our standalone extension Apply Today

Home   »   Legal   »   Data Protection Policy

Data Protection Policy

This policy lets you know what happens to any personal data that you give to us, or any that we may collect from, or about you. It applies to all products and services, and instances where we collect your personal data.

This policy explains

  • when and why we collect personal information
  • how we use it
  • the conditions under which we may disclose it to others and;
  • how we keep it secure.

We take your privacy seriously and information provided to us will be used and stored in accordance with the General Data Protection Regulations (GDPR).

We may change this policy from time to time so please check this page occasionally to ensure that you’re happy with any changes.

Any questions regarding this policy and our privacy practices should be sent in writing to the Data Protection Officer.

Head of Operations and Improvement
The Old Fire Station
69 Albion Street
B1 3EA

Phone: 0121 694 7000

Review of this policy

This policy was last updated in April 2018.

What is a data controller?

An organisation who (either alone, jointly, or in common with other organisations) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Who is the data controller?

 (The PDA, PDA Union and PIA known jointly as “the data controller”)

The PDA (The Pharmacists’ Defence Association) is a not-for-profit membership organisation that aims to act upon and support the needs of individual pharmacists and, when necessary, defend their reputation. The Pharmacy Insurance Agency Ltd (PIA) arrange and administer insurance products and are authorised and regulated by the Financial Conduct Authority.  All PDA members are automatically entitled to free PDA Union membership.

The PDA Union is the only trade union in the UK exclusively for pharmacists. It has a certificate of independence and is a member of Unions21 and EPhEU. The PDA and the PDA Union have more than 27,000 members.

The PIA (The Pharmacy Insurance Agency) is an independent insurance intermediary, with expertise in providing a wide range of insurance products and is authorised and regulated by the Financial Conduct Authority (Register No 307063).

How do we collect information from you?

We obtain information about you when you use our website, call or email us for support, or complete a contact form at an event.

What kinds of personal information about you do we hold?

Personal information that we’ll process in connection with your membership includes:

  • Personal and contact details, such as title, full name, contact details, employment details and contact details history
  • Your date of birth, gender and/or age
  • Records of your contact with us such as:
    • Contact via telephone or email to our membership helpdesk
    • Contact via telephone or email to our legal and professional advice or claims team
    • Contact via our online services for example, completing a contact us form
    • IP address and/or MAC address
  • Membership you hold with us or have held with us and the associated payment methods used
  • Marketing sent to you and analysis of that data, including history of communications, whether you open them or click on links
  • Information we obtained from third parties, such as the GPhC or PSNI

How is your information used?

We will use your information to:

  • process your membership applications that you have submitted
  • to carry out our obligations arising from any insurance contracts entered into by you and us
  • seek your views or comments on the services we provide
  • notify you of changes to our services
  • send you communications which you have requested and that may be of interest to you. These may include information about sector news, PDA led campaigns, events or training opportunities or promotions of our carefully selected partners goods and services
  • to process a donation that you have made to Pharmacists Support.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example for union notices or insurance claims). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

What are the legal grounds for processing of your personal information?

We rely on the following legal bases to use your personal data:

1. Where it is needed to provide you with our products or services,

Such as:

  • Managing your membership and insurance service
  • Assessing an application for membership
  • Managing products and services you hold with us, or an application for one
  • All stages and activities relevant to managing the membership or adviceline including enquiry, application and administration of the membership and case management service.

2. Where it is in our legitimate interests to do so

Such as:

  • To perform and/or test the performance of our products, services and internal processes
  • To follow guidance and recommended best practice of government and regulatory bodies
  • For management and audit of our business operations including accounting
  • To carry out monitoring and to keep records of our communications with you and our staff (see below)
  • Where we need to share your personal information with people or organisations in order to run our operations or comply with any legal and/or regulatory obligations, for example the requirements placed upon us by the underwriters or the certification office.

3. To comply with our legal obligations

How long is your personal information retained by us?

Unless we explain otherwise to you, we’ll hold your personal information based on the following criteria:

  • For as long as we have reasonable business needs, such as managing our relationship with you and managing our operations
  • For as long as we provide membership and/or services to you and then for as long as someone could bring a claim against you; and/or
  • Retention periods in line with legal and regulatory requirements or guidance.

Do you have to provide your personal information to us?

We’re unable to provide you with our membership or services if you do not provide certain information to us. In cases where providing some personal information is optional, we’ll make this clear.

Who has access to your information?

We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.

When do we share your personal information with other organisations?

We may share information with the following third parties for the purposes listed above:

  • Underwriters, insurers, or others who are a part of providing your products and services or operating our business
  • Governmental and regulatory bodies such as HMRC, the Financial Conduct Authority, the Prudential Regulation Authority, the Ombudsman, the Information Commissioner’s Office and under the Financial Services Compensation Scheme
  • Other organisations and businesses who provide services to us such as, back up and server hosting providers, IT software and maintenance providers, document storage providers and suppliers of other back office functions.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about the work we do for our members, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone or text message, unless you have given your prior consent. We will not contact you for marketing purposes by post, if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time on our website.

What are your rights under data protection laws?

Here is a list of the rights that all individuals have under data protection laws. They don’t apply in all circumstances. If you wish to use any of them, we will explain at that time if they apply or not.

  • The right to be informed about the processing of your personal information
  • The right to have your personal information corrected if it is inaccurate and to have incomplete personal information completed
  • The right to object to processing of your personal information
  • The right to restrict processing of your personal information
  • The right to have your personal information erased (the “right to be forgotten”)
  • The right to request access to your personal information and to obtain information about how we process it
  • The right to move, copy or transfer your personal information (“data portability”)
  • The right to complain to the Information Commissioner’s Office, which enforces data protection laws. For further information, please visit:

How you can access and update your information

The accuracy of your information is important to us. You can access the information we hold for you and update your communication preferences at any time by visiting and logging in using your username and password.

You have the right to ask for a copy of the information the PDA hold about you by contacting our Data Protection Officer.

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it’s treated securely. Any sensitive information (such as credit or debit card details) is encrypted and protected with the software encryption on SSL. When you are on a secure page, a lock icon will appear on your web browsers.

Non-sensitive details (your email address etc.) are transmitted normally over the internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where you have chosen a password, which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.


We may analyse your personal information to create a profile which may include your employment details, age and location, so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources, such as your professional registration data, to help us do this effectively.

Use of ‘cookies’

Like many other websites, the PDA website uses ‘cookies’. Cookies are small pieces of information that are sent to your computer to allow that website to recognise you when you visit. Cookies are also used to collect aggregated statistical data about how users interact with a website. For example, we use cookies to allow you to log into our website, and to monitor how various parts of our website are used. This information helps us to improve our website and deliver a better, more personalised service in future.

It is possible to switch off cookies by setting your browser preferences, however turning this off will result in a loss of functionality when using our website. For more information on how we use cookies, please read our full Cookies Policy.

Links to other websites

Our website may contain links to other websites run by other organisations. This privacy policy only applies to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites, even if you access them using links from our website.

In addition, if you link to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third-party site.

The Pharmacists' Defence Association is a company limited by guarantee. Registered in England; Company No 4746656.

The Pharmacists' Defence Association is an appointed representative in respect of insurance mediation activities only of
The Pharmacy Insurance Agency Limited which is registered in England and Wales under company number 2591975
and is authorised and regulated by the Financial Conduct Authority (Register No 307063)

The PDA Union is recognised by the Certification Officer as an independent trade union.

Cookie Use

This website uses cookies to help us provide the best user experience. If you continue browsing you are giving your consent to our use of cookies.

General Guidance Resources Surveys PDA Campaigns Regulations Locums Indemnity Arrangements Pre-Regs & Students FAQs Coronavirus (COVID-19)