The Association of Occupational Health Nurse Practitioners of the United Kingdom, and their affiliates (together “AOHNP”) are the data controllers of your information under the General Data Protection Regulations 2018 (“the GDPR”)

1.     All AOHNP employees and representatives, whether permanent or temporary, must be aware of the requirements of the GDPR when they collect or handle data about an individual.

2.     They must not disclose data except where the disclosure complies with the requirements of the GDPR, or, where relevant, statutory guidance issued by the Information Commissioner’s Office (“the ICO”). Data sent to outside agencies to process on AOHNP’s behalf must always be protected by a written contract.

3.     The AOHNP will only collect personal data that is relevant to the carrying out of the legitimate purposes and function of the AOHNP.

4.     Members have the opportunity of opting out of marketing material from the AOHNP and of explicitly opting into receiving offers and other information from other organisations with whom the AOHNP have negotiated favourable member rates.  This will be done by using the provided tick box option.  These third party operated services may generate income, and other benefits, for the AOHNP in pursuit of our aims to improve the quality and delivery of services to Members.

5.     Information is never passed onto third parties for marketing purposes.

6.     AOHNP web pages use cookies if the visiting User Agent is set to accept them. For more information on our use of cookies and how to opt out, visit

7.     We will strive to ensure that data collected is as accurate as possible. Individuals about whom data is held have the right to the amendment or deletion of incorrect entries within a reasonable time.

8.     Appropriate technical and organisational measures will be adopted to protect the security of all personal data held by AOHNP.

9.     Information will be held in an environment as secure as possible.  AOHNP employees and representatives will be responsible for ensuring that all regular data care procedures are fully and conscientiously followed.

10.   All ordered manual files and databases will be kept up-to-date and will have an agreed archiving policy.

11.   Data no longer required for the legitimate purposes of AOHNP will be regularly purged.  A clear rationale will be supplied for personal data to be kept beyond six years.

12.   Where data is passed to a third party for processing, the AOHNP will ensure that a written contract is in place that states that the agent will:

1.     process the data transferred only on the express instructions of AOHNP;

2.     ensure data is used in full compliance with the GDPR; and

3.     implement appropriate security measures to protect the information transferred.

13.   Any request for data based on a legal requirement e.g. from police or other bodies, must, where possible, be put in writing and will be checked against the advice of the AOHNP’s Data Protection Officer, before data is disclosed.

14.   All employees and representatives have a duty to protect individuals’ data from accidental disclosure and are required to comply with the following obligations:

1.     not to give our passwords to other people, who will then have access to the data you are entitled to view;

2.     not to recycle reports that contain personal data;

3.     to take due care to ensure that data is not left about on laptops or in files either in or out of the office, where they can be accessed by unauthorised personnel.

15.   The AOHNP will provide data subjects access to their personal information on request.  The data will be provided within 30 days of receipt of written request unless it does not need to be disclosed under the GDPR.

16.   We may make changes to this privacy charter from time to time.  If we do make any such changes, we will post the changes on this page.  Please revisit this charter each time you consider giving AOHNP personal information.

17.   Requests about the AOHNP’s data protection and privacy policy should be sent to the: Data Protection Officer. Email: