Privacy Policy

The Strategy Unit, MLCSU: Privacy Policy

The Strategy Unit part of Midlands and Lancashire CSU (MLCSU) is committed to protecting and respecting your privacy.  This policy explains when and why we collect personal information about people who visit our conference registration and submit abstracts via our websites and forms, how we use this information, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you are happy with any changes.  By using our conference registration and abstract submission which is powered and supported by Eventbrite and MS Forms, you are agreeing to be bound by this policy.
A number of pages throughout this site invite users to complete forms including their personal details. There is no requirement to fill in these forms in order to view general material on this site. If you do wish to complete a form with your details in order to make contact  you should note the following:
  • Information submitted to the Midlands and Lancashire CSU via this web site will be used solely for the purpose for which it is collected, and will not be passed on to other areas of the Trust, nor to any other organisation, without your explicit permission. The purpose for which the information is collected will be made clear.
We have implemented security procedures and technical measures to protect any personal data which is kept by the Midlands and Lancashire CSU from:
  • Unauthorised access
  • Improper use or disclosure
  • Unauthorised modification
  • Unlawful destruction or accidental loss
Midlands and Lancashire CSU employees who have access to personal data are obliged to respect confidentiality; they are bound by confidentiality contract clauses and the duties of common law.
Midlands and Lancashire CSU abide by the Data Protection Act of 1998 and UK General Data Protection Regulation (UK GDPR)  in the holding and processing of your personal data. The Head of Information Governance is happy to answer any enquiries.
If you are using a public computer and do not wish others to be able to go back to view the details you have typed into a form on the web it is advisable to clear the contents of the form and your cache (temporary internet files) before leaving the computer.
Some information is collected automatically by the web server and is used by the organisation, in aggregate form, for statistical analysis of visits to the site. If you have concerns or questions about this, you can contact the communications and engagement team.
Further information on Data Protection issues can be found at

Who Are We?

MLCSU has been appointed by the HACA conference committee to process delegate registrations, research presentation proposals and session proposals.

How do we Collect Your Information?

We collect information from you when you register to attend the HACA Conference or when you submit abstracts for presentation proposal or session proposal to the Conference.

What Type of Information is Collected from you?

The personal information that we collect may include your name, your email address, you contact number, your address, your place of work, your job title and your IP address.

How is Your Information Used?

We may use your information to:
  • Process your registration to attend the HACA Conference;
  • Update you on plans and arrangements for the HACA Conference;
  • Seek you views or comments on the HACA Conference;
  • Process your abstract presentation submission or session proposal submission
  • Update you on your abstract presentation submission or session proposal submission and any associated arrangements.
We review our data retention periods on a regular basis and will hold your personal information on our systems for as long as is necessary for the relevant activity. We retain personal information in accordance with data protection legislation and in line with the NHS Records Management Code of Practice 2021.  We may sometimes retain information longer than the minimum retention periods but only where there is a business requirement to do so.
We may contact you about future HACA Conferences unless you have opted out of receiving this information at the point of registration.

How is your information stored?

Your personal data is always kept secure, and all NHS organisations are required to provide assurances, every year, that controls are in place to manage personal data. These controls include access controls, encryption, and physical controls.
Your personal data will be kept under strict conditions within the UK, being protected by suitable access controls ensuring that only people with an authorised professional need can access your data and encrypting your data, when necessary, to ensure it is protected from inappropriate access.  Where exceptions to this process are undertaken you will be informed.
Where we provide an invoice validation service for our client organisations the processing activity is within a Controlled Environment for Finance.
All organisations that have access to NHS patient data and systems must use the Data Security and Protection Toolkit to provide assurance that they are practising good data security and that personal information is handled correctly. This is to measure their performance against the National Data Guardian’s 10 data security standards.
Our publication history on the Data Security and Protection Toolkit is available here.

Who has Access to Your Information?

We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: we may pass on your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks associated with your registration and/or poster abstract submission.  When we use third party service providers we will only disclose the personal information necessary to deliver the service.

Accessing and Updating Your Information

The accuracy of your information is important to us.  If you change email address or any of the information we hold is inaccurate or out of date please contact us at:
You have the right to ask for a copy of the information MLCSU holds about you.
Requesting your information from us is known as a Subject Access Request.
We must respond and provide you with your information within one month of receiving your request, although we may extend this time in certain circumstances.
If you wish to request your information you may use the details below:
By telephone – 01782 916875 (Monday to Friday, 9am-5pm)
By email –

Security Precautions

When you give us personal information, we take steps to ensure that it is treated securely.
Our websites may contain links to websites run by other organisations.  This privacy policy applies only to our website.  If you linked to our website from a third party site, we cannot be responsible for the privacy policies and practices of third party sites.

If I have a concern regarding how my personal information is being used, who should I contact?

Our Data Protection Officer is Hayley Gidman.  Should you wish to contact them you can do so by:
Telephone: 01782 916875
Post:  Heron House, 120 Grove Road, Fenton, Stoke-on-Trent, Staffordshire   ST4 4LX
MLCSU also has a senior member of staff responsible for protecting the confidentiality of patient information. This person is called the Caldicott Guardian. Our Caldicott Guardian is Elizabeth Miller.
A further senior member of staff is responsible for information risk and information security and is accountable to the Managing Director; this person is called the Senior Information Risk Owner (SIRO). Our SIRO is John Uttley.
Further information on NHS England may be found on their website:
For independent advice about data protection, privacy, data sharing issues and your rights you can contact:
Information Commissioner’s Office
Wycliffe House
Water Lane
Telephone: 0303 123 1113 (local rate) or 01625 545 745
Email:  or visit the ICO website.
We keep our privacy notice under regular review, and we will place any updates on this web page. This notice was last updated on 25/01/2024