Membership privacy notice

This privacy notice explains how your personal data will be collected, used, and protected by the Royal Devon University Healthcare NHS Foundation Trust during the course of our membership activities.

We are committed to safeguarding your privacy and ensuring that your personal data is processed in accordance with UK data protection legislation including the Data Protection Act 2018 (DPA 2018), the UK General Data Protection Regulation (UK GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and all applicable laws and regulations relating to Processing of Personal Data and privacy, including where applicable the guidance and codes of practice issued by the Information Commissioner.


What is our legal basis for processing personal data about you?

All the personal information that we collect and use is handled in accordance with Data Protection principles. These state that personal data processing must be:

  • Lawful and fair
  • Specified, explicit, and legitimate
  • Adequate, relevant, and not excessive
  • Accurate and kept up to date
  • Kept for no longer than necessary
  • Held securely

Our lawful basis for processing the personal data you supply for membership purposes is that we are carrying out a task in the public interest.

Where you choose to provide sensitive data (special category), as requested in our application form, this is processed with your explicit consent and is not required to become a member.

Collection of personal information

We are processing this information at your request to be a public member of the Royal Devon.

Your data will be collected in our sign-up form and in any future communications you share with us asking us to update your personal information. This will be in accordance with UK data protection legislation.

Personal information

Personal information identifies a living individual, so refers to any of your personal information that can be attributed to you personally in both electronic and paper records.

Organisations that use personal information must do so in line with the provisions of the UK GDPR and Data Protection Act 2018.

When you sign up to be a member of the Royal Devon, we may collect and process the following types of personal data:

  • Personal details - such as full name, date of birth
  • Contact information - such as address and email addresses
  • Sex
  • Gender
  • Whether you are a carer
  • Whether you belong to any community groups

Special categories of personal data

Special categories of personal data we may process, if you choose to provide these, include:

  • Health
  • Race or ethnicity

These are not mandatory and you are under no obligation to provide this information.

Use of your information

We collect and process your personal data for the following purposes:

  • Assessing your eligibility to be a public member
  • Assigning you to one of our public constituencies, as outlined in our Constitution, which relates to voting in our Governor elections, or standing as a Governor
  • Understanding the demographic representation of our membership, so that we can compare to our local population and therefore understand how representative our membership is
  • Communicating with you about membership, which can include communications about:
    • Details of your membership
    • News about the work of the Trust
    • Governor elections
    • Opportunities to get involved

Sharing your information

We do not share personal data outside of the Trust without your express permission.

In the Royal Devon’s Constitution, the Trust states that it will have a register of public members that can be made available for inspection by members of the public. This would contain members’ names and the constituency to which they belong (Eastern, Northern or Southern). This means that if the Trust was asked to provide a list of members, your name and the constituency you are part of would be shared with the person requesting the information. In our sign-up form, we ask if you consent to have your details available as part of the Trust’s register of public members. You do not need to consent to this in order to become a member.

Keeping your information safe and secure

We take the security of your personal information very seriously and have appropriate physical, technical and administrative procedures in place to help protect your personal information from unauthorised access, use or disclosure as required by law in England.

Civica Engagement Services is mandated by the Trust to manage our membership details and membership communication. They are fully compliant with GDPR legislation, are ISO 9001 and ISO 27001 compliant, and are a Data Security and Protection Toolkit (DSPT) accredited supplier.

How long do we keep your data?

When you sign up to be a public member of the Trust, you will continue to be a member and we will continue to hold your membership data until you inform us that you do not wish to be a member, or your membership is cancelled as part of a data cleanse process. We will annually ask you to let us know if you no longer wish to be a member.

Civica undertakes a monthly data cleanse process to remove deceased members from our membership records, checking various databases they have available to them. When we send a letter in the post and we receive a return notice that the letter was undeliverable, we will cancel the membership linked to that address.

For all cancelled memberships, a basic record is retained for reporting purposes which does not contain any identifiable information.

You can request to unsubscribe from our email newsletters and this does not affect your membership – we will no longer send you the newsletter emails, but you will continue to be a member and continue to receive Governor election information, unless you tell us otherwise.

We rely on you to let the Trust know if your contact details change and will annually ask you to let us know if your details have changed.

Cancellation of your membership

You may request that your membership is cancelled, which will result in your information being removed from our database. To cancel your membership you can:


Tel: 01392 403977

Write to us:

Royal Devon Membership
Room 422, Noy Scott House
Royal Devon and Exeter Hospital (Wonford)
Barrack Road


The information you provided will be managed as required by Data Protection law.

You have the following rights:

  • The right of access – You have the right to Request access to the personal data we hold about you and/or copies of your personal information.
  • The right to rectification – You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
  • The right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
  • The right to restriction of processing – You have the right to ask us to restrict the processing of your personal information in certain circumstances.
  • The right to object to processing – You have the right to object to the processing of your personal information in certain circumstances.
  • The right to data portability – You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.

How do I obtain a copy of my personal information?

Our contact details:

Royal Devon Membership
Room 422, Noy Scott House
Royal Devon and Exeter Hospital (Wonford)
Barrack Road


Tel: 01392 403977

Data Protection Officer

If you have any questions or concerns about how we manage your information, then please contact the Data Protection Officer for our Trust:

Data Protection Officer – Rhiannon Platt
Royal Devon University Healthcare NHS Foundation Trust
Information Governance Office
Royal Devon and Exeter Hospital (Wonford)
Barrack Road,


The Information Commissioner’s Office (ICO)

The Information Commissioner’s Office (ICO) is the body that regulates Data Protection and Freedom of Information

If you are not satisfied with our DPO response or believe we are not processing your personal data in accordance with the law, you can complain to the ICO at:

Information Commissioner's Office
Wycliffe House
Water Lane

Tel: 0303 123 1113


Changes to the privacy notice

This privacy notice may be updated to reflect changes in our data processing practices. Any updates will be communicated through our website or other appropriate channels and have the updated effective date.

This privacy notice was last updated on 26 February 2024 and is available on the Trust website.

Last updated: February 26, 2024


Our site uses cookies to help give you a better experience. By continuing to use it you consent to the use of cookies as set out in our privacy policy.